fr.ffxiah.com Open in urlscan Pro
158.69.250.98 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://fr.ffxiah.com/
Effective URL:
https://fr.ffxiah.com/
Submission: On October 25 via api (October 25th 2023, 12:49:08 am UTC) from US — Scanned from CA

Summary HTTP 163 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 22 IPs in 3 countries across 14 domains to perform 163 HTTP transactions. The main IP is 158.69.250.98, located in Montreal, Canada and belongs to OVH, FR. The main domain is fr.ffxiah.com.
TLS certificate: Issued by R3 on September 27th 2023. Valid for: 3 months.

This is the only time fr.ffxiah.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 45	158.69.250.98 158.69.250.98	16276 (OVH) (OVH)
2	172.253.122.95 172.253.122.95	15169 (GOOGLE) (GOOGLE)
12	104.21.33.198 104.21.33.198	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	142.251.16.156 142.251.16.156	15169 (GOOGLE) (GOOGLE)
6 12	142.251.163.154 142.251.163.154	15169 (GOOGLE) (GOOGLE)
4	142.251.163.132 142.251.163.132	15169 (GOOGLE) (GOOGLE)
24	172.253.122.156 172.253.122.156	15169 (GOOGLE) (GOOGLE)
14	142.251.16.132 142.251.16.132	15169 (GOOGLE) (GOOGLE)
2	172.253.62.99 172.253.62.99	15169 (GOOGLE) (GOOGLE)
3	172.253.63.155 172.253.63.155	15169 (GOOGLE) (GOOGLE)
17	172.253.62.149 172.253.62.149	15169 (GOOGLE) (GOOGLE)
6	23.222.5.79 23.222.5.79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	142.251.111.155 142.251.111.155	15169 (GOOGLE) (GOOGLE)
1	99.84.208.113 99.84.208.113	16509 (AMAZON-02) (AMAZON-02)
6 10	104.18.26.193 104.18.26.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 8	68.67.160.114 68.67.160.114	29990 (ASN-APPNEX) (ASN-APPNEX)
5	34.117.228.201 34.117.228.201	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	54.160.99.39 54.160.99.39	14618 (AMAZON-AES) (AMAZON-AES)
2	104.112.1.174 104.112.1.174	16625 (AKAMAI-AS) (AKAMAI-AS)
4	23.52.160.99 23.52.160.99	16625 (AKAMAI-AS) (AKAMAI-AS)
2	44.214.196.83 44.214.196.83	14618 (AMAZON-AES) (AMAZON-AES)
4 4	172.253.122.149 172.253.122.149	() ()
163	22

45 158.69.250.98 (Montreal, Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ns547292.ip-158-69-250.net

fr.ffxiah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.ffxiah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.ffxiah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.122.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f95.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.21.33.198 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn-b2.ffxipro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.16.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f156.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.251.163.154 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: wv-in-f154.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.163.132 (United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f132.1e100.net

bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 172.253.122.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f156.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.251.16.132 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f132.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.62.99 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f99.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.63.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f155.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 172.253.62.149 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f149.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.222.5.79 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-222-5-79.deploy.static.akamaitechnologies.com

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.111.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f155.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.208.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-208-113.iad79.r.cloudfront.net

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.18.26.193 (None, ) 6 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 68.67.160.114 (Fairfield, United States) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.117.228.201 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 201.228.117.34.bc.googleusercontent.com

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpsc-ue1.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.160.99.39 (United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-160-99-39.compute-1.amazonaws.com

adobe.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.112.1.174 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-112-1-174.deploy.static.akamaitechnologies.com

servedby.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.52.160.99 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-160-99.deploy.static.akamaitechnologies.com

cdn.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.214.196.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-214-196-83.compute-1.amazonaws.com

d9.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.253.122.149 (None, ) 4 redirects

ASN- ()

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	ffxiah.com 1 redirects fr.ffxiah.com static.ffxiah.com ads.ffxiah.com	1 MB
42	googlesyndication.com bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	244 KB
21	doubleclick.net 10 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 214 googleads.g.doubleclick.net — Cisco Umbrella Rank: 45 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 443 cm.g.doubleclick.net — Cisco Umbrella Rank: 255 ad.doubleclick.net	342 KB
17	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 344	415 KB
12	ffxipro.com cdn-b2.ffxipro.com	51 KB
11	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 541 rtb0.doubleverify.com — Cisco Umbrella Rank: 941 tps.doubleverify.com — Cisco Umbrella Rank: 562 tpsc-ue1.doubleverify.com	231 KB
10	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 716	6 KB
8	flashtalking.com servedby.flashtalking.com — Cisco Umbrella Rank: 1143 cdn.flashtalking.com — Cisco Umbrella Rank: 1384 d9.flashtalking.com — Cisco Umbrella Rank: 2029 secure.flashtalking.com — Cisco Umbrella Rank: 2734	127 KB
8	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 261	6 KB
4	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com	2 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 223	176 KB
2	demdex.net 1 redirects adobe.demdex.net — Cisco Umbrella Rank: 6244	2 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 405	88 KB
1	agkn.com d.agkn.com — Cisco Umbrella Rank: 796	628 B
163	14

	Domain	Requested by
39	static.ffxiah.com	fr.ffxiah.com static.ffxiah.com
24	pagead2.googlesyndication.com	securepubads.g.doubleclick.net fr.ffxiah.com bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com tpc.googlesyndication.com a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
17	s0.2mdn.net	fr.ffxiah.com s0.2mdn.net bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
14	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com fr.ffxiah.com bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com googleads.g.doubleclick.net
12	cdn-b2.ffxipro.com	fr.ffxiah.com
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
8	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
6	cdn.doubleverify.com	a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com cdn.doubleverify.com cdn.flashtalking.com fr.ffxiah.com
4	ad.doubleclick.net	4 redirects
4	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
4	www.googletagservices.com	ads.ffxiah.com bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
4	fr.ffxiah.com	1 redirects fr.ffxiah.com
3	googleads.g.doubleclick.net	bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com pagead2.googlesyndication.com
2	tpsc-ue1.doubleverify.com	cdn.doubleverify.com
2	adservice.google.com
2	tps.doubleverify.com	cdn.doubleverify.com
2	secure.flashtalking.com	a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
2	d9.flashtalking.com	cdn.flashtalking.com d9.flashtalking.com
2	cdn.flashtalking.com	servedby.flashtalking.com a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
2	servedby.flashtalking.com	a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
2	adobe.demdex.net	1 redirects a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	fr.ffxiah.com
2	www.google.com	tpc.googlesyndication.com
2	a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	ads.ffxiah.com	fr.ffxiah.com
2	ajax.googleapis.com	fr.ffxiah.com
1	rtb0.doubleverify.com	cdn.doubleverify.com
1	d.agkn.com	bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
163	30

This site contains links to these domains. Also see Links.

Domain
discordapp.com
www.bg-wiki.com
www.discordapp.com
www.ffxidb.com
www.ffxivpro.com
www.guildwork.com
www.windower.net
jp.ffxiah.com
www.ffxiah.com
de.ffxiah.com
sqex.to
www.playonline.com

Subject Issuer	Validity	Valid
*.ffxiah.com R3	`2023-09-27` - `2023-12-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
ffxipro.com E1	`2023-10-19` - `2024-01-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
*.agkn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2023-09-07` - `2024-09-29`	a year	crt.sh
servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-14` - `2024-09-14`	a year	crt.sh
cdn.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-04` - `2024-05-03`	a year	crt.sh
tag.device9.com Go Daddy Secure Certificate Authority - G2	`2023-07-19` - `2024-08-19`	a year	crt.sh
*.tps.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2023-09-29` - `2024-09-28`	a year	crt.sh

This page contains 18 frames:

Primary Page: https://fr.ffxiah.com/
Frame ID: 8688C908366CCDA47B4DD26950BC459E
Requests: 57 HTTP requests in this frame

Frame: https://ads.ffxiah.com/ffxiah.com/gAd_728x90.html
Frame ID: 4A8B43DDF8CC449442C7582067287FE4
Requests: 7 HTTP requests in this frame

Frame: https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html
Frame ID: 299C723B0D9873095AC188B8C0E85849
Requests: 7 HTTP requests in this frame

Frame: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 377CE586B1D87FC6DB9941B0B525738D
Requests: 1 HTTP requests in this frame

Frame: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 5608201FD79454E03596BBE7965CCEDD
Requests: 1 HTTP requests in this frame

Frame: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: FE672E270FB51A243A648DA5D2824546
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E981131F623545745065DBC1FED18099
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7206F8B55EADD1992271A424D2B4D3DB
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 87D9374A05B4B8452A51322CD130CD3C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7987DF31555E2556B739291338960E2E
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIG4RxCxzGkYqc7R-gEwAQ&v=APEucNVAeKotbyGDflqRwOs1XkzI0183VwmtYVbxtMsqJz5w7mDCIFs7q1SSADYV_oC9yyaQqgryDTBvv3_b-zJ_oGHsNrJlDA
Frame ID: 46E7176B2E505526D34837F5628E7EEA
Requests: 5 HTTP requests in this frame

Frame: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 8F1EF5AB6F5C2A58BDA2A021E0ACC9CA
Requests: 29 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 7E346ACC387240115DB60670EE82A8DD
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARig84pkMAE&v=APEucNU8NyvG6aO8aw70YMjCOXQWlqoYVU3yNXasHk-Oqkzupz4Tdo579riM45RgXlCyoExGkh3G1TOuuXz26P6ytZpTLwXUkA
Frame ID: 3ADB1DE1B2047AC510A27D10A3DC1557
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
Frame ID: 4E7617676453AB7C660A5C44EBD15788
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: C014D8E4041507D988625698EB4E02FE
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements4829.js
Frame ID: C4756EF7308B4CA578326271E7E27BF4
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements4829.js
Frame ID: 4E10430C06BC4BF7F36A8890E0D013B0
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FFXIAH.com

Page URL History Show full URLs

http://fr.ffxiah.com/ HTTP 302
https://fr.ffxiah.com/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

163
Requests

93 %
HTTPS

0 %
IPv6

14
Domains

30
Subdomains

22
IPs

3
Countries

2743 kB
Transfer

5324 kB
Size

16
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://discordapp.com/invite/0bUAApcl86UNdbI7?username=
Title: Tchat

Search URL Search Domain Scan URL

URL: http://www.bg-wiki.com/
Title: BG Wiki

Search URL Search Domain Scan URL

URL: https://www.discordapp.com/
Title: Discord

Search URL Search Domain Scan URL

URL: http://www.ffxidb.com/
Title: FFXIDB

Search URL Search Domain Scan URL

URL: https://www.ffxivpro.com/
Title: FFXIVPro

Search URL Search Domain Scan URL

URL: http://www.guildwork.com/
Title: Guildwork

Search URL Search Domain Scan URL

URL: http://www.windower.net/
Title: Windower

Search URL Search Domain Scan URL

URL: https://jp.ffxiah.com/
Title: JP

Search URL Search Domain Scan URL

URL: https://www.ffxiah.com/
Title: EN

Search URL Search Domain Scan URL

URL: https://de.ffxiah.com/
Title: DE

Search URL Search Domain Scan URL

URL: http://sqex.to/LUq

Search URL Search Domain Scan URL

URL: http://www.playonline.com/ff11eu/index.shtml
Title: page anglaise

Search URL Search Domain Scan URL

URL: http://www.playonline.com/ff11fr/guide/mogbon/index.html
Title: cliquez ici

Search URL Search Domain Scan URL

URL: http://sqex.to/nx7

Search URL Search Domain Scan URL

URL: http://sqex.to/NJY

Search URL Search Domain Scan URL

URL: http://sqex.to/iNm

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://fr.ffxiah.com/ HTTP 302
https://fr.ffxiah.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&C=1

Request Chain 105

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZThmAPRNIn..EBf6JbrwKwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&google_hm=2

Request Chain 106

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEO_3mKUycIKuvbJUtQKYAcg&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO_3mKUycIKuvbJUtQKYAcg%26google_cver%3D1

Request Chain 107

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYyMTYxNDc2MzUzNDU5NjkyNg%3D%3D

Request Chain 108

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&C=1

Request Chain 109

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZThmAICj8b0FSg.MFEaAKgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&google_hm=2

Request Chain 110

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEO_3mKUycIKuvbJUtQKYAcg&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO_3mKUycIKuvbJUtQKYAcg%26google_cver%3D1

Request Chain 111

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYyMTYxNDc2MzUzNDU5NjkyNg%3D%3D

Request Chain 140

https://adobe.demdex.net/event?d_stuff=1&d_rtbd=json&d_cb=fltk HTTP 302
https://adobe.demdex.net/firstevent?d_stuff=1&d_rtbd=json&d_cb=fltk

Request Chain 161

https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;ord=1?&cbust=1698194947485289 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CIru8JT9j4IDFQcXigMd0_8BQw;src=1295336;type=cs;cat=Viewa0;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;ord=1?&cbust=1698194947485289 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CIru8JT9j4IDFQcXigMd0_8BQw;src=1295336;type=cs;cat=Viewa0;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;ord=1?&cbust=1698194947485289

Request Chain 162

https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?%20&cbust=1698194947485517 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=1295336;dc_pre=CPjo8JT9j4IDFSkCigMdtYwH5Q;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?%20&cbust=1698194947485517 HTTP 302
https://adservice.google.com/ddm/fls/z/src=1295336;dc_pre=CPjo8JT9j4IDFSkCigMdtYwH5Q;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?%20&cbust=1698194947485517

163 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
fr.ffxiah.com/
Redirect Chain

http://fr.ffxiah.com/
https://fr.ffxiah.com/

83 KB
14 KB

135ms
95ms

Document
text/html

158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: ea0a0fa3b7fc80904ee0e96cbcdeb91a2d3ba058d5d0cc926001c357a08f8b11

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 25 Oct 2023 00:49:02 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked
X-No-Cache: Y

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 25 Oct 2023 00:49:01 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: https://fr.ffxiah.com/
Pragma: no-cache
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked
X-No-Cache: Y

GET
H/1.1 200
OK main-bundle.v1665767188.css
static.ffxiah.com/css/ 220 KB
221 KB 70ms
23ms Stylesheet
text/css 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/css/main-bundle.v1665767188.css
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b4931eddbb10292330d2d8b29833a4e56f86475bbea197e0f5256089c75adaba

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Fri, 14 Oct 2022 17:06:28 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63499714-371e1"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 225761
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK index.v1608652921.css
static.ffxiah.com/css/ffxi/app/ 1 KB
2 KB 65ms
18ms Stylesheet
text/css 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/css/ffxi/app/index.v1608652921.css
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c30acbe09855d6826349bcae54ae027698a7d08e19bd4348ec914d4b9bfffceb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Fri, 14 Oct 2022 17:06:16 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63499708-595"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1429
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.0.0/ 81 KB
29 KB 101ms
33ms Script
text/javascript 172.253.122.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.0.0/jquery.min.js

Requested by

Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f95.1e100.net

Software

sffe /

Resource Hash

d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Fri, 20 Oct 2023 13:51:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 385030
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29195
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Oct 2024 13:51:52 GMT

GET
H2 200 jquery-ui.min.js Show response
ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/ 223 KB
59 KB 123ms
55ms Script
text/javascript 172.253.122.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js

Requested by

Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f95.1e100.net

Software

sffe /

Resource Hash

9671f8be70ad94a5362e60f4656d5d53ba214d32ab70a3f9d1603d7dadf9d1c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Fri, 20 Oct 2023 14:04:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 384287
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60529
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Oct 2024 14:04:15 GMT

GET
H/1.1 200
OK sockjs-0.3.min.js Show response
fr.ffxiah.com/js/vendor/ 32 KB
32 KB 26ms
24ms Script
application/javascript 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://fr.ffxiah.com/js/vendor/sockjs-0.3.min.js
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 328f0490c1cb33e8591121a3137010d723185c7cb296d6e31972a53eecc2ad8b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Fri, 14 Oct 2022 17:05:57 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "634996f5-7e95"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32405
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK main-bundle.v1665767188.js Show response
static.ffxiah.com/js/ 226 KB
227 KB 70ms
24ms Script
application/javascript 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/js/main-bundle.v1665767188.js
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a68e054693be4a1d12da204ae67abab74a0c5fe24d97345cb9dfa9da4fcfb26d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Fri, 14 Oct 2022 17:06:28 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63499714-388c6"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 231622
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK AH.v1608652921.js Show response
static.ffxiah.com/js/lib/ 13 KB
13 KB 69ms
23ms Script
application/javascript 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/js/lib/AH.v1608652921.js
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b83a14fe83bbf97fa965c43c7014232f9441aa51b16d5a87a41c8677f1b6ddf0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Fri, 14 Oct 2022 17:06:10 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63499702-333b"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13115
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK index.v1608652921.js Show response
static.ffxiah.com/js/ffxi/app/ 2 KB
2 KB 65ms
19ms Script
application/javascript 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/js/ffxi/app/index.v1608652921.js
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 392810e795ba3482d649e3f16a116a5082de8f869167ab5f1802cf03a2014bd1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Fri, 14 Oct 2022 17:05:42 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "634996e6-880"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2176
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK FFXIAH_top_2.jpg
static.ffxiah.com/images/ffxiah/ 33 KB
34 KB 70ms
23ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/ffxiah/FFXIAH_top_2.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3a98fe4d4e958523b23c2e683d10cc5f9f011ecf00f8e8cd2f5aa252d00d2850

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 01 Jan 2020 23:45:13 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2f09-84f6"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 34038
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK ffxivprobox.jpg
static.ffxiah.com/images/ 2 KB
2 KB 19ms
18ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/ffxivprobox.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 77a8904df780875e356b196bb3c8b55067185b8b42a2b6363875b5ce7eded29e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 01 Jan 2020 23:45:56 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2f34-84c"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2124
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK guildwork-logo-120.png
static.ffxiah.com/images/ 6 KB
6 KB 20ms
20ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/guildwork-logo-120.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b4b1f3c5233a55d42fda178b57bd8f10492a77bd93daf35054e144d99b9b7761

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 01 Jan 2020 23:45:56 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2f34-1789"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6025
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 12739.jpg
static.ffxiah.com/images/polnews/ 65 KB
65 KB 24ms
23ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/12739.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 359c7e9bcc15025028fc35ec624d007417113d392f3aebfb7d629989ae357181

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 25 Oct 2023 00:45:21 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "65386521-10400"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 66560
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK spacer.gif
static.ffxiah.com/images/polnews/ 43 B
361 B 18ms
18ms Image
image/gif 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/spacer.gif
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 25 Oct 2023 00:45:25 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "65386525-2b"
Content-Type: image/gif
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 12740.jpg
static.ffxiah.com/images/polnews/ 53 KB
53 KB 26ms
26ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/12740.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 02df53d394793673f8e3166c3bda210773d7ca3342971844d1f089e5ee72ce15

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 25 Oct 2023 00:45:20 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "65386520-d400"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 54272
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 12746.jpg
static.ffxiah.com/images/polnews/ 40 KB
40 KB 22ms
22ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/12746.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: eb9c87cecc7117d87ba99d269f8de005142eb5569bda94836f88831f30c9f0c4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 25 Oct 2023 00:45:20 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "65386520-a000"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 40960
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 12714.jpg
static.ffxiah.com/images/polnews/ 67 KB
67 KB 19ms
19ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/12714.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 9e1a7cf53dc3664030c5839d00433ffbe60213b9e05f1b7b83e0d97838800197

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 25 Oct 2023 00:45:22 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "65386522-10c00"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68608
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 12715.jpg
static.ffxiah.com/images/polnews/ 59 KB
59 KB 24ms
20ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/12715.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 0f48967d8607109e7f091b257aae388393dd4b751f60fbaf1e2c6d0298309531

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 25 Oct 2023 00:45:21 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "65386521-ec00"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 60416
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 12705.jpg
static.ffxiah.com/images/polnews/ 65 KB
65 KB 23ms
19ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/12705.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e8ddfaeaa07dfa0becc91e5bbbc49fda89f64bc5a24c233831dcde6dadb843d5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 25 Oct 2023 00:45:22 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "65386522-10400"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 66560
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 12695.jpg
static.ffxiah.com/images/polnews/ 64 KB
64 KB 29ms
25ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/12695.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 708701b1d3fc25b42b99e342ca95c57d81018edce2cd1d603165ffc2eb7750cf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 25 Oct 2023 00:45:24 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "65386524-10000"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 65536
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 12683.jpg
static.ffxiah.com/images/polnews/ 54 KB
54 KB 28ms
23ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/12683.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b399f8d30d1ab1461b156b3d6908596436d8c9667c3c5a9d532a4dab5c476c0c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 25 Oct 2023 00:45:24 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "65386524-d800"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 55296
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 2488.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 18ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/2488.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f27a3de45c93a746283c29d651bd08d927e0a21f9b13d0a29ca11bd7dea1c6c5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:05 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a1-523"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1315
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 9875.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 19ms
19ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/9875.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3a13573a1b2c472ee5d48e92d169e4bd34e116e9171a4e0085f531f6b8dca598

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:07 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a3-4b9"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1209
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 4060.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 19ms
19ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/4060.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6282db7dcb04dec66f5b2d0d20ec9f67600ffe524d2fa130fa994762f9bdf2eb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:06 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a2-524"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1316
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 17440.png
static.ffxiah.com/images/mini-icons/ 907 B
1 KB 18ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/17440.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 39a3c7d6b04b4831a00b92c85004e2d2f17db8e5579a761244385e80e61d3663

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:05 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a1-38b"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 907
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 4273.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 18ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/4273.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2f705d57f1efdf31bbb9f8f841e1ba312eb38fa81fd3c41cd8e0bc74a5db5a03

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:06 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a2-54b"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1355
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 4061.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 18ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/4061.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 84822498a486d6aeaf029ffc01181e5c249905b26f4e8299cdc06bd6a237d6c0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:06 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a2-4bc"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1212
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 25987.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 64ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/25987.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3fbb25ace81b6a3408e075f931adf7aec7dc6a4655a234a861146ae935e57fae

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:06 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a2-4d8"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1240
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 1456.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 45ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/1456.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3e081a9ba7632221e383ac07312b8953fb87f1219329e4b4d43a9f6e4f08eeb2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:04 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a0-4d7"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1239
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 9541.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 46ms
19ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/9541.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 8f65a4f441ed0a18b9074dc228e02724a11c0b6bb1fe277ed6a6dd751257bdd1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:07 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a3-53e"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1342
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 3509.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 26ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/3509.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 65b4e02ee5f344762605747ba70399c918cabf5d00a87c4750d1211e947ec250

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:06 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a2-423"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1059
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 10317.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 35ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/10317.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: bcebab95c9c10370f0aa0301bb5f6d7a2f0a6241f5a84e6f14f952fb50c0999e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:04 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a0-4ef"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1263
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 9539.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 35ms
19ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/9539.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c084c6026ba9ab3c60b5397e4c9d84dbf538eeecc3ba2aa09c658367c68abccb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:07 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a3-54b"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1355
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 3498.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 48ms
19ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/3498.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 7311f00e9cc4ab639f9a91936d4946cf4dfb02bc9afc4a42cc95f66521eacc1e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:06 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a2-489"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1161
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 21630.png
static.ffxiah.com/images/mini-icons/ 938 B
1 KB 49ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/21630.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 96ac118e8560683883ee01f3e2409acddc6cef9f74710b1073c46d162d572c5d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:05 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a1-3aa"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 938
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 1453.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 26ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/1453.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 0b82cbee25704461baa21bcf6bbabad11e8a80d664e8b24eba7c3238bffb8ceb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:04 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a0-4b7"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1207
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 1450.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 29ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/1450.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f03639ff553a6465d4e50348b632f3d169a81f851e38092e8dd88d436ef088d0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:04 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a0-4ee"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1262
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 9543.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 64ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/9543.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 83b4948264e784579eeac8d462a2ef2049f6c7f7ea9b9466368853b59cb3ea6d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:07 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a3-541"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1345
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 8798.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 54ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/8798.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: cff2f88fb91e98375fb31702a21673b5fd6e6713215ab7602609c839c270b0b9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:07 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a3-4b8"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1208
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 21581.png
static.ffxiah.com/images/mini-icons/ 965 B
1 KB 31ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/21581.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: aa3b597c9da82a7154b0d8c5a5642388fa0954f60116934722d488499f244ab9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:05 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a1-3c5"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 965
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK 145.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 54ms
18ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/145.png
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: cb09c804861e20b0c6868b4a2074fa8d3a8b4482574ceda7b0212f0abd9e6610

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 12 Jul 2023 14:33:04 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64aeb9a0-4e8"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1256
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H2 200 836efbfb89389e42745aeb617b8abe61.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 3 KB
4 KB 193ms
64ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/836efbfb89389e42745aeb617b8abe61.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5dd5566f6b750cdc235f7881b64d751e355ffae898c7bf3a863a3db197ac213

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f114fc11d57a9f55a_d20231009_m015624_c000_v0001059_t0039_u01696816584036
age: 68453
x-bz-content-sha1: unverified:ce5dd4acd724da9ef4d03bf2795525683fdad456
x-bz-file-name: images/ss/sqtn/836efbfb89389e42745aeb617b8abe61.jpg
alt-svc: h3=":443"; ma=86400
content-length: 3140
x-bz-upload-timestamp: 1696816584036
last-modified: Mon, 23 Oct 2023 03:45:51 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ITAHWRCje%2FuD3zL5K9DvVQgjZ56VxxpSXJlKnyV6QQL7agkQ%2Bf0BWKhKsZ%2FRrtY%2FMixJMfkbHQgzx%2F%2B3wC96WTYbmDT0RPqOjtOBUVj1p8miFmjq8V%2FxEXun9QgDxtO%2FcLmaug%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 81b67519ce275401-YYZ

GET
H2 200 8ecf29ee28c5b3a423f243988649400e.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 2 KB
2 KB 192ms
63ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/8ecf29ee28c5b3a423f243988649400e.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdcda5c99c151940034ba1e7b60fc09acbe9907310e7175fadaa40a058896c10

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f1019aa42bcc7232e_d20231002_m174816_c000_v0001073_t0051_u01696268896660
age: 101574
x-bz-content-sha1: unverified:4590373d0c835cf40f6276cb69481b99af633994
x-bz-file-name: images/ss/sqtn/8ecf29ee28c5b3a423f243988649400e.jpg
alt-svc: h3=":443"; ma=86400
content-length: 1751
x-bz-upload-timestamp: 1696268896660
last-modified: Thu, 19 Oct 2023 09:14:07 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E12Vz4KI0%2BXhsRJTjIucniumbqNnxlm7Rj4CHxscANtWL5stW%2Ftj7IisyNJa5lRCNA%2BAfQitvtQaJRqkI5exJtvN9%2FfN%2BN6RaiGlWW%2FIYnnbrZB48OHbYDjAmityXNWOuJRcepc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 81b67519ce255401-YYZ

GET
H2 200 3407e9aed635ebee9162a464a37974ea.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 2 KB
2 KB 167ms
38ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/3407e9aed635ebee9162a464a37974ea.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97be13dc1b4aa63075cce57b157e99216a15e1a03f05fc7791e2c31e40912c80

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:02 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f1022f19571482071_d20231002_m174746_c000_v0001401_t0053_u01696268866894
age: 541590
x-bz-content-sha1: unverified:cb7bc01d6b404cdf7033a39738f6100ae43b193d
x-bz-file-name: images/ss/sqtn/3407e9aed635ebee9162a464a37974ea.jpg
alt-svc: h3=":443"; ma=86400
content-length: 1702
x-bz-upload-timestamp: 1696268866894
last-modified: Thu, 12 Oct 2023 07:56:20 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cJ483m4Epx%2BnKubILV%2B2TAPdOfCwi%2BQw31JtWZEkPp9p0f%2Bka6phZ9CgLXFm088xlszf%2F99jUmS3upcduJ5%2BmiNw6pE7ZbtSs4xxIAVplWBA%2FzkAhiPbbpz4WQyYCiWOiTOzPsU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 81b67519ae0b5401-YYZ

GET
H2 200 4f01af7f139a86e581cb8cc477ca6b73.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 5 KB
6 KB 170ms
42ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/4f01af7f139a86e581cb8cc477ca6b73.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4951797101135017e064c43f77ba7b1dd180532cf0cd88d6f02cb52d2b1e5ce7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f1073fdb8226ea2f4_d20231002_m174601_c000_v0001089_t0042_u01696268761968
age: 108396
x-bz-content-sha1: unverified:81f7ab60edec5c5962be9ddbc4e228d543d50c7f
x-bz-file-name: images/ss/sqtn/4f01af7f139a86e581cb8cc477ca6b73.jpg
alt-svc: h3=":443"; ma=86400
content-length: 5239
x-bz-upload-timestamp: 1696268761968
last-modified: Thu, 19 Oct 2023 08:42:04 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a2iGAddiIGS4p0WImah2%2B4ivZusSeMbfUrYE8yIXznxG%2B%2BgvH2QVrRUMk7IzchuEFQ4%2Bt1sxgaY5Z%2B8jrKHi847zMrdGSTZODCSG%2BLLMSXys69EwhJOBd4%2B3TN2aPETQ2iEBjFo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 81b67519ae095401-YYZ

GET
H2 200 b5557a5ecf288321587ec86e6a8f25f5.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 5 KB
6 KB 134ms
40ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/b5557a5ecf288321587ec86e6a8f25f5.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28e08ecf2fdb486e785067341cdc8aa0fdc8d2b3a92972cb0c48461bc6b52c60

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f1170405ce6c100ef_d20230930_m120209_c000_v0001410_t0034_u01696075329158
age: 295959
x-bz-content-sha1: unverified:22ca903a7e3fdb6fcc02322113e04b824d23f9f4
x-bz-file-name: images/ss/sqtn/b5557a5ecf288321587ec86e6a8f25f5.jpg
alt-svc: h3=":443"; ma=86400
content-length: 5459
x-bz-upload-timestamp: 1696075329158
last-modified: Sat, 14 Oct 2023 14:08:58 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OnvKOrXj9hBBmPKbLuIHW6Ab7E7H5bSogB%2BjPIfSFgF8m040%2FJzN6BSgZjd%2FNMOEP5cw9fJv3kuEOEMYXrmLX39vS2hRrt9%2FyVtSLS6%2BzqMwaqui477Zo3N17H1wLyMGb9Czf78%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 81b67519adfd5401-YYZ

GET
H2 200 5b4ffca83bebd9e753c9011cb763736c.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 3 KB
3 KB 132ms
39ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/5b4ffca83bebd9e753c9011cb763736c.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f9df2d0663cd1087671e864010ebfaeb85b74aa85a8754e3b563c98c79477ae

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:02 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f1091ff1a25a9eb13_d20230930_m104841_c000_v0001410_t0039_u01696070921496
age: 240907
x-bz-content-sha1: unverified:dd89b857b37e604560329cacc2ab1666f675f069
x-bz-file-name: images/ss/sqtn/5b4ffca83bebd9e753c9011cb763736c.jpg
alt-svc: h3=":443"; ma=86400
content-length: 2763
x-bz-upload-timestamp: 1696070921496
last-modified: Thu, 19 Oct 2023 21:00:24 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hOjFVUNTnWourSAqMwecgveyCK8O1rc%2FZnCG%2Bjqh8DpPhXH4%2B1Tmwykv6u%2BuIQeMn0xadwA%2FTVHprbolIKIJwdZkkYVBoQH4QrQJeRnJdhoR9Eeu0xVCmt4pbFZF0RSiRtoyNSI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 81b67519ae005401-YYZ

GET
H2 200 e985add89b7c557ebd22bc4ee048bf10.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 3 KB
4 KB 151ms
58ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/e985add89b7c557ebd22bc4ee048bf10.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08e4ad5c011c15d48768d69b83069d68c284e74b37754e07ba8186950b8d0f48

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f1177d9f71c358481_d20230923_m165025_c000_v0001410_t0005_u01695487825402
age: 240908
x-bz-content-sha1: unverified:de59995ba768eac41692b52814fe677b34406869
x-bz-file-name: images/ss/sqtn/e985add89b7c557ebd22bc4ee048bf10.jpg
alt-svc: h3=":443"; ma=86400
content-length: 3504
x-bz-upload-timestamp: 1695487825402
last-modified: Sat, 21 Oct 2023 21:46:37 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TjEDWNeFpuV2aN5DKT5Cq%2BOjOqXpVrVd7rJjfe9DN8njCgrkxB11PxivzG%2FxVGYKgVB00Rf985TqDAvPrrxuqamcJdksv%2BiBoR%2BalojIbPYh5zObEVw95oK41mhk3R4PzyA9NZg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 81b67519ae055401-YYZ

GET
H2 200 672a858f380d14989fae28e97ab84e45.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 6 KB
6 KB 155ms
61ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/672a858f380d14989fae28e97ab84e45.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb03a9f4eaf794041c7fa3f2f19a660e43474e4cfeae204f5115325a9fba80c3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f107bd12bff64e428_d20230914_m061221_c000_v0001060_t0019_u01694671941124
age: 193553
x-bz-content-sha1: unverified:a73318c6b11bc6d3fc073c6fc760c6bacb8796ac
x-bz-file-name: images/ss/sqtn/672a858f380d14989fae28e97ab84e45.jpg
alt-svc: h3=":443"; ma=86400
content-length: 5737
x-bz-upload-timestamp: 1694671941124
last-modified: Mon, 16 Oct 2023 19:49:51 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0HptIsXCrlKkpujlCO9JfISL5apcqrRzVY9vJQnBTDKcKJTCF3Lz0ZM%2BdNW%2BBSlRIoTPbjM4OngjndyA2vkvl3PdQBPnbb24FKoiO0imLo%2BVq24TolhH%2FTmcl2ZYZsWfiY%2BVH8k%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 81b67519ae065401-YYZ

GET
H2 200 40364d0ffa92fcfef7f033b545921855.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 2 KB
3 KB 166ms
73ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/40364d0ffa92fcfef7f033b545921855.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3832f8f7d4dd7ab6bdb2a446bf4e3d9f72d41fd56d056c845139a60f9e4265d2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f118a94ec577b3b87_d20230913_m011220_c000_v0001066_t0024_u01694567540967
age: 446514
x-bz-content-sha1: unverified:929f375ebce317e9d8d3ad357036d71c89f88758
x-bz-file-name: images/ss/sqtn/40364d0ffa92fcfef7f033b545921855.jpg
alt-svc: h3=":443"; ma=86400
content-length: 2497
x-bz-upload-timestamp: 1694567540967
last-modified: Wed, 18 Oct 2023 21:03:01 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D5gIfPDOgeG7KDV5wIEh31ZNZ0mTsk%2ByXxf8fOEO30VFD9orvGH2DLLda%2FJrkZAnUSmv7qQGCf3qs%2B3bEAHbOMNBwiFAAUnrMEtq%2Fozr84ysg%2BQjbA3JPkJqpUAg7U0aRq0Nz5k%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 81b67519ce2a5401-YYZ

GET
H2 200 7e21dab0d17b235ae3f674004b099436.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 7 KB
7 KB 159ms
66ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/7e21dab0d17b235ae3f674004b099436.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac9a0f9ff5a0d4bcd738abfdb02f2ae3ab42a919b74e49f1396faccf272b71e2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f117f511a4327a9a2_d20230911_m121039_c000_v0001058_t0016_u01694434239604
age: 195501
x-bz-content-sha1: unverified:3f6ede483fc5cc989dd547063851dd9a69a0a8fe
x-bz-file-name: images/ss/sqtn/7e21dab0d17b235ae3f674004b099436.jpg
alt-svc: h3=":443"; ma=86400
content-length: 7090
x-bz-upload-timestamp: 1694434239604
last-modified: Sat, 21 Oct 2023 05:13:03 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nxexn8%2FwqWAgdJs93UBbQK8fwFYtxZ7ZlLdE1ouMLJYcswZmcts%2F7wZHwX%2BOtJU6chdVvN7hfRAd4XyLjaQTjtOZQmsSeCOTtO22%2B6xoPL89YoXhpMlHqLKYyeoIBaMEWHxaHh8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 81b67519ce295401-YYZ

GET
H2 200 e1f65be5b373317e4ed6dac2f216592c.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 3 KB
4 KB 152ms
59ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/e1f65be5b373317e4ed6dac2f216592c.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 820453ffe11baeec9f6551f77507b816e88dd2dfad8832ce82bdc48c817b9d9c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f102164880405799b_d20230910_m221106_c000_v0001401_t0030_u01694383866743
age: 30512
x-bz-content-sha1: unverified:8591740f345d2e8361cc99a2a9c1e652fddda693
x-bz-file-name: images/ss/sqtn/e1f65be5b373317e4ed6dac2f216592c.jpg
alt-svc: h3=":443"; ma=86400
content-length: 3198
x-bz-upload-timestamp: 1694383866743
last-modified: Mon, 23 Oct 2023 00:10:07 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VQ2AO5soHZdp4%2F3%2FFhBdOCM5CgcWXgWca%2FveqO2NvMXbVhIj5%2F2UyH%2Fd8biHwR1AgNvRJMxf4D8SCFdsAsufVkj3Gw2b52zVpkXmYoWbC6FuIAxch67Jc6jc6xKBo4Jdvayz0fs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 81b67519ae015401-YYZ

GET
H2 200 be1020cc4e4bb227cbb472d6a4896725.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 3 KB
4 KB 149ms
56ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/be1020cc4e4bb227cbb472d6a4896725.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f35d5de98ace816ce6d3333f4512b9bde7978c760dc60acac7220b99deec89a8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f1078fc233f201e15_d20230910_m035711_c000_v0001087_t0059_u01694318231648
age: 289173
x-bz-content-sha1: unverified:f31e53e43405fb1875afc7320918e770780170d0
x-bz-file-name: images/ss/sqtn/be1020cc4e4bb227cbb472d6a4896725.jpg
alt-svc: h3=":443"; ma=86400
content-length: 3553
x-bz-upload-timestamp: 1694318231648
last-modified: Wed, 18 Oct 2023 16:29:20 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Qk3kwnIkFDp0k8gbhHAOzs2K4OLYUE9P7EMTnpon47ZwdWDKieSy8Clv4WdwPxOaOrAAjQ6%2BQXnxRl2V0SfdVFuSdm6H5zUhoprN5DpOXFiy36WRynXkvEcqo%2FrSrn3k2w0uGw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 81b67519ae025401-YYZ

GET
H/1.1 200
OK mini-noavatar.jpg
fr.ffxiah.com/images/ 649 B
970 B 19ms
19ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fr.ffxiah.com/images/mini-noavatar.jpg
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: afecc80369c60a81fb5ef1dc95125f8f602e5a571fea2b2b67ac5df53ac8dc16

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 01 Jan 2020 23:48:52 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2fe4-289"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 649
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H/1.1 200
OK gAd_728x90.html Show response
ads.ffxiah.com/ffxiah.com/ Frame 4A8B 875 B
752 B 75ms
19ms Document
text/html 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.ffxiah.com/ffxiah.com/gAd_728x90.html
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2e6550ca6c5ca20106cda53ee4781dabfec2750dab8b11211e7259d9cdd3910b

Request headers

Referer: https://fr.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 25 Oct 2023 00:49:02 GMT
ETag: W/"5de5cac8-36b"
Last-Modified: Tue, 03 Dec 2019 02:39:04 GMT
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked

GET
DATA 200
OK truncated
/ 539 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de9238a6076601f98a67bf7c628a8847a4856991edb81bbb23d3c0016241a059

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H/1.1 200
OK gAd_160x600.html Show response
ads.ffxiah.com/ffxiah.com/ Frame 299C 877 B
749 B 65ms
18ms Document
text/html 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 820082abc59342f47489e47ede1b727d4ea2a258af6752d96d88fd84f2dfe35c

Request headers

Referer: https://fr.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 25 Oct 2023 00:49:02 GMT
ETag: W/"5de5cac8-36d"
Last-Modified: Tue, 03 Dec 2019 02:39:04 GMT
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked

GET
H/1.1 200
OK rss_icon.jpg
static.ffxiah.com/images/ 4 KB
4 KB 67ms
19ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/rss_icon.jpg
Requested by: Host: static.ffxiah.com
URL: https://static.ffxiah.com/css/ffxi/app/index.v1608652921.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a6e3909fb7002fb69091cb9acab3ea585a5436c11d46ac166f0bda1880d377a1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://static.ffxiah.com/css/ffxi/app/index.v1608652921.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:02 GMT
Last-Modified: Wed, 01 Jan 2020 23:49:03 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2fef-f32"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3890
Expires: Sat, 19 Oct 2024 00:49:02 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 299C 89 KB
29 KB 154ms
87ms Script
text/javascript 142.251.16.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: ads.ffxiah.com
URL: https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f156.1e100.net

Software

cafe /

Resource Hash

6b0bd30e2f20ed4ba098ebb97cbd3929d6c6461b736d85c60c76baa34cc76b16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29165
x-xss-protection: 0
server: cafe
etag: 805 / 19655 / m202310190101 / config-hash: 6386123563653736403
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 25 Oct 2023 00:49:03 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 4A8B 89 KB
29 KB 128ms
62ms Script
text/javascript 142.251.16.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: ads.ffxiah.com
URL: https://ads.ffxiah.com/ffxiah.com/gAd_728x90.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f156.1e100.net

Software

cafe /

Resource Hash

e3d9ccc01f0db5f8a2931aee0d29705808aa70128450322c229eb12b35abcbaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29170
x-xss-protection: 0
server: cafe
etag: 248 / 19655 / 31079110 / config-hash: 6386123563653736403
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 25 Oct 2023 00:49:03 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180103/ Frame 4A8B 422 KB
133 KB 100ms
31ms Script
text/javascript 142.251.163.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180103/pubads_impl.js?cb=31079110

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

3f6a0baf7dbbc5ac8a75e413c851d73bb484b8d368f02c28ab08865b98b3b3bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 23:37:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4320
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135481
x-xss-protection: 0
server: cafe
etag: 17406217098004719733
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 23 Oct 2024 23:37:03 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/ Frame 299C 422 KB
132 KB 138ms
86ms Script
text/javascript 142.251.163.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

49db66ae1889e3ae58a38124422c4d6648b19cf9f233b12412db9b565b5d85b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 13:59:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38955
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135316
x-xss-protection: 0
server: cafe
etag: 9779678222609117831
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 23 Oct 2024 13:59:48 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4A8B 108 KB
44 KB 347ms
347ms Fetch
text/plain 142.251.163.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2520063513922080&correlator=3101269917030699&eid=31079090%2C31079110%2C31078931%2C31077697&output=ldjh&gdfp_req=1&vrg=202310180103&ptt=17&impl=fifs&iu_parts=1031700%2CMidBottomLeaderboard_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&cdm=ads.ffxiah.com&abxe=1&dt=1698194943297&lmt=1575369544&adxs=0&adys=0&biw=-12245933&bih=-12245933&isw=728&ish=90&scr_x=-12245933&scr_y=-12245933&ucis=8j0shkv548n9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nhd=1&url=https%3A%2F%2Fads.ffxiah.com%2Fffxiah.com%2FgAd_728x90.html&ref=https%3A%2F%2Ffr.ffxiah.com%2F&top=https%3A%2F%2Ffr.ffxiah.com%2F&vis=1&psz=728x90&msz=728x-1&fws=256&ohw=0&ea=0&ga_vid=83443588.1698194943&ga_sid=1698194943&ga_hid=1439780251&ga_fc=false&dlt=1698194942936&idt=335&adks=1741596969&frm=24

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180103/pubads_impl.js?cb=31079110

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

b6856a6cf373c7b2da0d4be9454068fc86371d7a5f9c47ffc511915db61c3173

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44234
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ads.ffxiah.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 377C 6 KB
3 KB 110ms
33ms Document
text/html 142.251.163.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180103/pubads_impl.js?cb=31079110

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 25 Oct 2023 00:49:03 GMT
expires: Thu, 24 Oct 2024 00:49:03 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 299C 28 KB
12 KB 414ms
414ms Fetch
text/plain 142.251.163.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2972598295071746&correlator=1151857668613981&eid=31079089%2C31078934&output=ldjh&gdfp_req=1&vrg=202310190101&ptt=17&impl=fifs&iu_parts=1031700%2CRight_BigSkyScraper_160x600&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&cdm=ads.ffxiah.com&abxe=1&dt=1698194943340&lmt=1575369544&adxs=0&adys=0&biw=-12245933&bih=-12245933&isw=160&ish=600&scr_x=-12245933&scr_y=-12245933&ucis=20usrdx4rjle&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nhd=1&url=https%3A%2F%2Fads.ffxiah.com%2Fffxiah.com%2FgAd_160x600.html&ref=https%3A%2F%2Ffr.ffxiah.com%2F&top=https%3A%2F%2Ffr.ffxiah.com%2F&vis=1&psz=160x600&msz=160x-1&fws=256&ohw=0&ea=0&ga_vid=1381349652.1698194943&ga_sid=1698194943&ga_hid=1571685672&ga_fc=false&dlt=1698194942934&idt=388&adks=4037978123&frm=24

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

57af936c40e5a273a71c101ec49bd2e6962cea662bc04a98e496bd1e43783a8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11752
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ads.ffxiah.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5608 6 KB
3 KB 111ms
33ms Document
text/html 142.251.163.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 25 Oct 2023 00:49:03 GMT
expires: Thu, 24 Oct 2024 00:49:03 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4A8B 16 KB
12 KB 125ms
55ms XHR
application/json 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310180103&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180103/pubads_impl.js?cb=31079110

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

c43ddd18aa9399dea283db1a9e12d9b209cc158e4e3901d544bcca4f85a238b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12041
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 299C 16 KB
12 KB 87ms
60ms XHR
application/json 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310190101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

f7b29eb2016e70ee3b9c6f8d256f94d25950300b606c554c464e852e5387f36b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12291
x-xss-protection: 0

GET
H/1.1 200
OK syndicate.v20190214.css
static.ffxiah.com/css/shared/ 3 KB
3 KB 19ms
18ms Stylesheet
text/css 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/css/shared/syndicate.v20190214.css
Requested by: Host: static.ffxiah.com
URL: https://static.ffxiah.com/js/lib/AH.v1608652921.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2953f313f04d1977820ca1a332c2bb7c76aa4c0313c16d0dec37cfd73ae832f0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fr.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:03 GMT
Last-Modified: Fri, 14 Oct 2022 17:06:22 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6349970e-b5e"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2910
Expires: Sat, 19 Oct 2024 00:49:03 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4A8B 17 KB
7 KB 102ms
33ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180103/pubads_impl.js?cb=31079110

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 25 Oct 2023 00:49:03 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 299C 17 KB
6 KB 103ms
35ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 25 Oct 2023 00:49:03 GMT

GET
H2 200 container.html Show response
bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FE67 6 KB
3 KB 33ms
32ms Document
text/html 142.251.163.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180103/pubads_impl.js?cb=31079110

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 25 Oct 2023 00:49:03 GMT
expires: Thu, 24 Oct 2024 00:49:03 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E981 13 KB
5 KB 35ms
33ms Document
text/html 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 385962
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 20 Oct 2023 13:36:21 GMT
expires: Sat, 19 Oct 2024 13:36:21 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7206 829 B
1 KB 114ms
48ms Document
text/html 172.253.62.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f99.1e100.net

Software

GSE /

Resource Hash

09107a1465458a977499288512e87adaa5f7f4f492426c9c6a3512d336a8c96d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AUhpUicZ7U9O4pa8i8EGyQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-AUhpUicZ7U9O4pa8i8EGyQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 25 Oct 2023 00:49:03 GMT
expires: Wed, 25 Oct 2023 00:49:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 87D9 13 KB
5 KB 35ms
33ms Document
text/html 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 385962
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 20 Oct 2023 13:36:21 GMT
expires: Sat, 19 Oct 2024 13:36:21 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7987 829 B
771 B 112ms
48ms Document
text/html 172.253.62.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f99.1e100.net

Software

GSE /

Resource Hash

f68fb454001a77bf595748a2e046ebd9e4afc798c5123e09b96b5fc45c497460

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-skvUKV1vjNYaL15y4LLs7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-skvUKV1vjNYaL15y4LLs7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 25 Oct 2023 00:49:03 GMT
expires: Wed, 25 Oct 2023 00:49:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 46E7 624 B
825 B 186ms
53ms Document
text/html 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIG4RxCxzGkYqc7R-gEwAQ&v=APEucNVAeKotbyGDflqRwOs1XkzI0183VwmtYVbxtMsqJz5w7mDCIFs7q1SSADYV_oC9yyaQqgryDTBvv3_b-zJ_oGHsNrJlDA

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 25 Oct 2023 00:49:03 GMT
expires: Wed, 25 Oct 2023 00:49:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame FE67 111 KB
39 KB 101ms
32ms Script
text/javascript 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
Origin: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 10:40:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50903
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 25 Oct 2023 10:40:40 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231023/r20110914/elements/html/ Frame FE67 7 KB
3 KB 118ms
53ms Script
text/javascript 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231023/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 23:34:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4485
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 23:34:18 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231023/r20110914/ Frame FE67 23 KB
9 KB 94ms
35ms Script
text/javascript 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231023/r20110914/abg_lite_fy2021.js

Requested by

Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

45edbc85483b4cde24376ffc1a6b93969f8e51cd2e73547f84824c8f54fb79f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 23:34:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4485
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9137
x-xss-protection: 0
server: cafe
etag: 5200559654007170660
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 23:34:18 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame FE67 41 KB
14 KB 36ms
35ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 10:40:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50903
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Oct 2024 10:40:40 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231023/r20110914/client/ Frame FE67 3 KB
1 KB 40ms
39ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231023/r20110914/client/window_focus_fy2021.js

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 23:32:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4622
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 23:32:01 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231023/r20110914/client/ Frame FE67 20 KB
9 KB 32ms
32ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231023/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

cafe /

Resource Hash

a198f092051a356c1e62c1296f628da5732045abafbd974eb7fff157e14ff042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 23:32:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4622
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8426
x-xss-protection: 0
server: cafe
etag: 17696348727749479825
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 23:32:01 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE67 42 B
63 B 109ms
53ms Image
image/gif 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DIIT3UGBZ-Og2SM6cRb2NyTAuRw63DEGCXWtWqsXCv0z6aSxk8TTWlLKpS34gFnADgMcaH9RJyCU5HwLskDaoNjfteln1_SbplJg0eSWL1haCfg1U

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FE67 187 KB
59 KB 34ms
34ms Script
text/javascript 142.251.16.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f156.1e100.net

Software

sffe /

Resource Hash

b9525cf1689e64d66e6f6976db0f3f438a0390479356f50d3b691f09b79e28c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60190
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698060838547238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Oct 2023 00:49:03 GMT

GET
H3 200 container.html Show response
a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8F1E 6 KB
3 KB 32ms
32ms Document
text/html 142.251.163.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 25 Oct 2023 00:49:03 GMT
expires: Thu, 24 Oct 2024 00:49:03 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 nTQUR4KHlv49nBPfQffhBm9MtHMFcf5hwb1qyN9-gvo.js Show response
pagead2.googlesyndication.com/bg/ Frame E981 39 KB
15 KB 55ms
44ms Script
text/javascript 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nTQUR4KHlv49nBPfQffhBm9MtHMFcf5hwb1qyN9-gvo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

sffe /

Resource Hash

9d341447828796fe3d9c13df41f7e1066f4cb4730571fe61c1bd6ac8df7e82fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 09:20:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15187
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 23 Oct 2024 09:20:45 GMT

GET
H3 200 nTQUR4KHlv49nBPfQffhBm9MtHMFcf5hwb1qyN9-gvo.js Show response
pagead2.googlesyndication.com/bg/ Frame 87D9 39 KB
15 KB 44ms
33ms Script
text/javascript 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nTQUR4KHlv49nBPfQffhBm9MtHMFcf5hwb1qyN9-gvo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

sffe /

Resource Hash

9d341447828796fe3d9c13df41f7e1066f4cb4730571fe61c1bd6ac8df7e82fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 09:20:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15187
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 23 Oct 2024 09:20:45 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 7E34 38 KB
13 KB 33ms
32ms Document
text/html 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 50903
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 24 Oct 2023 10:40:40 GMT
expires: Wed, 23 Oct 2024 10:40:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame FE67 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06aa81f62ca79fba27e2f1a2fa9224a6818a05cf7a7396fba6c12297ac05b04a

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3ADB 624 B
505 B 55ms
53ms Document
text/html 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARig84pkMAE&v=APEucNU8NyvG6aO8aw70YMjCOXQWlqoYVU3yNXasHk-Oqkzupz4Tdo579riM45RgXlCyoExGkh3G1TOuuXz26P6ytZpTLwXUkA

Requested by

Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 25 Oct 2023 00:49:03 GMT
expires: Wed, 25 Oct 2023 00:49:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 8F1E 89 KB
31 KB 55ms
54ms Script
text/javascript 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 25 Oct 2023 00:49:03 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F1E 42 B
63 B 48ms
46ms Image
image/gif 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AMu_h_MdrtHk1zsT5kfFQEz4maZ3a7MpShscZ2nymHIUwCblVzfSZHgRX_njF2Q5FVkiUPkfowD3lFmmBx4Ha5VHtQRM4U0zi04UAQMKzOZlEXgnM

Requested by

Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F1E 0
20 B 48ms
46ms Image
image/gif 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15026628353361724617&x=1&ct=77

Requested by

Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 8F1E 2 KB
1 KB 117ms
32ms Script
application/javascript 23.222.5.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115844&plc=4196922&sid=18330&DVP_PROG_REP=1&prr=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVP_PP_IMP_ID=ABAjH0iRvJZK9y_EWgnwubAxDKfc&DVP_DBM_1=3060631&DVP_DBM_2=11814982&DVP_DBM_3=35279202&DVP_DBM_4=209893792&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=49809186452&turl=https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html&DVP_PP_BUNDLE_ID=&dvregion=0&unit=160x600
Requested by: Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.222.5.79 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-222-5-79.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: 5aceb9edcea34bb69cbce4ff713f96f5d62f70bbd4bf5ef766bf058bed0fa21c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:03 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2023 09:51:44 GMT
Server: UploadServer
ETag: "56f95dec40f6402642b5537aa29ad91c"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 932
Expires: Thu, 26 Oct 2023 00:49:03 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 8F1E 9 KB
4 KB 118ms
33ms Script
application/javascript 23.222.5.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVPX_PP_IMP_ID=ABAjH0iRvJZK9y_EWgnwubAxDKfc&DVP_DBM_1=3060631&DVP_DBM_2=11814982&DVP_DBM_3=35279202&DVP_DBM_4=209893792&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=49809186452&turl=https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html&DVP_PP_BUNDLE_ID=
Requested by: Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.222.5.79 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-222-5-79.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: a2ad6edbc8f10efbb4f3a2313dc9766201926b44bfb286a264d331630317c495

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:03 GMT
Content-Encoding: gzip
Last-Modified: Sun, 22 Oct 2023 08:27:39 GMT
Server: UploadServer
ETag: "f605396c64de2c7d7d363393d81136bf"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3640
Expires: Wed, 25 Oct 2023 01:04:03 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231023/r20110914/client/ Frame 8F1E 3 KB
1 KB 33ms
32ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231023/r20110914/client/window_focus_fy2021.js

Requested by

Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 23:32:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4622
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 23:32:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231023/r20110914/client/ Frame 8F1E 20 KB
8 KB 34ms
33ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231023/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

cafe /

Resource Hash

a198f092051a356c1e62c1296f628da5732045abafbd974eb7fff157e14ff042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 23:32:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4622
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8426
x-xss-protection: 0
server: cafe
etag: 17696348727749479825
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 23:32:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8F1E 187 KB
59 KB 35ms
34ms Script
text/javascript 142.251.16.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f156.1e100.net

Software

sffe /

Resource Hash

b9525cf1689e64d66e6f6976db0f3f438a0390479356f50d3b691f09b79e28c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60190
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698060838547238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Oct 2023 00:49:03 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 98 KB
22 KB 96ms
32ms Document
text/html 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

f3681081a06654476df54e56b78343bdce6c1ffea076bd33e81e1aeeeeb8c07f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 42154
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22480
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 24 Oct 2023 13:06:30 GMT
expires: Wed, 23 Oct 2024 13:06:30 GMT
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame FE67 0
0 128ms
59ms Fetch
image/gif 142.251.111.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstaOyL82BHpckenPnxOp0X4sx7--sH8His8V7kXgIEN6F-JvFoNUAQj5_JrRElmHwkLf18pMhnmA9FipdCnO1vKYtyC7o4Fp527FZ4h5IqGPiiO4p-7blDnxD_uGCUTZFqB7ehFkbXfBovLy_TOV0wt7DVdSnjR4rxuzENlF2Rss4IajvnDt_e3Utvjz5tKG-Uw1KYq4PeuDxWcm-aKL7FBAIy4R7cfPFlYtyLpFZbJWiPQ3ajfC_DLz83Gwai4n-x_6cyAEFSAWLaxAM2iPMJ3lTgf8ws9u82wOWdrVEOPk68CVAOe1YJqWU5wo0RVG5dATC47PrSZ_wi_AtEAmOHK7XNAiIuhwHckUjZBhDTELv5uLPQT1d70M4BN9y4CNqFTFpLEpW_4EvUp1OuLOz3-B3zdBwk7JYOAfyCET6CmTEIQQ5CIU_eOb_y1_qAejVS6c5OTs8nqsPEuuSoiq6otTtvUa4INaybq7psIXMScCOD0gse2t3mLNGBgQQglUuhvuSXGPG3-su4jc8iY13OpCeftO_jgRw52tu4FS3ddbbI7SXKkB74XGkCSVOf6ib2UKPgi_nbjqzCB93laP5EpUp86qrFbYIqfUU7CtQoqPnj1B4rV5eA_ffTYrQnHWcu-YpELu01wozaWX9aDrOc00A1nR3jlSyM7MRVlNXhVgSyImpiz8UJ1QmJRPakiBQJDE8nDYbgFZWdjLBivbXXz4qM3sFqta-qPuAUn0iNufKp6e1GdqxNuTovtMLgM4P21kDoi4P0gZog_Q4grX8D0hsXWMM5xrRJJXPlquI1nOH3d92tiUAbZ8vtKBYCKrytzxUrps2VkRTjBwiWzk1zRnz4L9_BlBi1wPKCDcegYlbnfEF6kUlucVwjOzHgS4Ulh3G8YGb8LoYJ9eEdjsmj6Fv7Jk_Rs9HabnzvKK0o454bRbuJN2RDxfaG5_9XOoMLMsO0Rk-a1vgj7xrOdrO8hPPQCyBXEqBtQ7wwuFo7VCAvUyO9o0sSM87fE66cHmhotYBA0vh--KUNyJ4ryo5e-LNzUvp18tuhhAAyroRyr98_xd3tZOcAh1ShyPxDW4NeJmD3Hv1EYNHsJnI6Qw-yovi1LSSDNf0X9MFbFPbXmtwLrMn7K_OsA5oBb3QOhc3ixzuVvCo6_be8eHEoZB-ELNBZn5TCntT6Oa6JEaoP6j5ix980BVlBMBQgs_AQqoXTf7mRCg5h4aBYyUIC_mwkHlRzfdKWbSJSVm0PNziGBQT2Yj52_wRiUNDKJtJfX4QD42T3jbg70VobRooOHBAN7N-8fRwtis1l2qy_TXUG9gfj9rCjoFaF8sOVORVcI46pWLg&sai=AMfl-YTny-MUDC0Lo8lG8-e4MBDwx1t1TlAFR-h30PaHp0NblcsGNPXIRW_lc54IzkdHeOVWH1eHIO80TPvNsPscleboDJDoQE3HlIysTKSlBNBR4QVcioXhXF65sRNV9WMgQ-FVkvzbiXc9qhcujbOvxbDDeVNf3HX68vaNjwIH6OruKJ-HjM1GTA2zepqZihJY812nkDLP2woSfwf3eVLRd99xWZi6ZWDEx3bvDmiDYPD9W6iyv10z0bgLfRLkaVV70wyuUXivypHQgEYEEslqb_i_0CDDWG4FYHVatpIlQ_7N-66sePibU3ULdLdXUUQkrllP6zyPegyBIE0pdwCWQQxhHGG3GU2kecdbR226NjYh8JzZFohqgVOei_giml4Fcq0QZ2eCbyAch5dD-uQ0RwB-KNaryNw2Cbk7gaQjSvNqdqE-zZo7VXzkO8L5RSEQx3oZNN-MwD9w7LZEY03aCOXMMby8ksNDWuS_GWuJ6Kzb1EQ&sig=Cg0ArKJSzAGiVui9skJLEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=202&cbvp=1&cstd=199&cisv=r20231023.20762&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 25 Oct 2023 00:49:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 /
d.agkn.com/pixel/2387/ Frame FE67 43 B
628 B 118ms
33ms Image
image/gif 99.84.208.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/2387/?ct=CA&st=QC&city=1827&dma=0&zp=&bw=4&che=571265440&col=30778121,3083823,378849711,569640831,202315397
Requested by: Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.208.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-208-113.iad79.r.cloudfront.net
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:03 GMT
via: 1.1 e811c1e9e6ed756b98bfcf15c74f6bea.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD79-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: image/gif
cache-control: no-cache, must-revalidate
content-length: 43
x-amz-cf-id: qmCPcE0vz9bjaiA1ph9ETjvcl39P9XcXrM8gdZx-Ha424HgIOma-KA==
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7206 0
0 48ms
47ms Image
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202310180103&jk=2520063513922080&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.253.122.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bh-in-f156.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7987 0
0 46ms
46ms Image
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202310190101&jk=2972598295071746&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.253.122.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bh-in-f156.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

GET
H3 200 oPn6O887CyeqmcRGJ9UyaII03mK9IujXfexCk6ukzmw.js Show response
pagead2.googlesyndication.com/bg/ Frame 7E34 38 KB
15 KB 32ms
32ms Script
text/javascript 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oPn6O887CyeqmcRGJ9UyaII03mK9IujXfexCk6ukzmw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

sffe /

Resource Hash

a0f9fa3bcf3b0b27aa99c44627d532688234de62bd22e8d77dec4293aba4ce6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:51:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557878
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14996
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Oct 2024 13:51:05 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 46E7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&C=1

43 B
430 B

78ms
77ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIG4RxCxzGkYqc7R-gEwAQ&v=APEucNVAeKotbyGDflqRwOs1XkzI0183VwmtYVbxtMsqJz5w7mDCIFs7q1SSADYV_oC9yyaQqgryDTBvv3_b-zJ_oGHsNrJlDA
Protocol: H2
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AQm1t3G2lCjku3W2KWdkw5IbeD5U6YzU6bYLX4si%2FrxWKLGXI55XNlZj3GAlRsaS1anjv0iyUa5wPhTCrD31Pn1C4FR4dlUOFiJ7K1dYGM4yxWUnaK483cuQFWeMKxQYvDRJPd50wvW3EA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81b67520a94f3704-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tjbXq2d8STxphEzFNLmTBEVLyvtq%2FrEVTcDErHOt9mdBbIjL8lYWjJa8P3W0x72dgb%2B9O3dnoTrIsx4DZJdJ%2FopbJdikspJsGo%2BDDj3iqIE2bClT6JDOfEYaIngB8lyQ6ijc7rBtddg3SA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&C=1
cache-control: no-cache
cf-ray: 81b67520388b3704-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 46E7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZThmAPRNIn..EBf6JbrwKwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&google_hm=2

43 B
739 B

73ms
73ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIG4RxCxzGkYqc7R-gEwAQ&v=APEucNVAeKotbyGDflqRwOs1XkzI0183VwmtYVbxtMsqJz5w7mDCIFs7q1SSADYV_oC9yyaQqgryDTBvv3_b-zJ_oGHsNrJlDA
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cNS3aenZ%2B4SF%2FALW2n7b91n0w6eQ5cSFh0V9%2FTquj9%2FUaSUqQd%2B4vma3Muq8fKoiYU%2BI5mNByc3iJ5Av9xV3LrLZdANA%2FSZRiUt321JZes%2Ff%2FsnuHqDi%2BOuAp55uDrIs4PY0uEe6VvmjoA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81b675215f0936be-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 46E7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEO_3mKUycIKuvbJUtQKYAcg&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO_3mKUycIKuvbJUtQKYAcg%26google_cver%3D1

43 B
889 B

53ms
52ms

Image
image/gif

68.67.160.114
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO_3mKUycIKuvbJUtQKYAcg%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIG4RxCxzGkYqc7R-gEwAQ&v=APEucNVAeKotbyGDflqRwOs1XkzI0183VwmtYVbxtMsqJz5w7mDCIFs7q1SSADYV_oC9yyaQqgryDTBvv3_b-zJ_oGHsNrJlDA

Protocol

Server

68.67.160.114 Fairfield, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
an-x-request-uuid: 7e408c29-f58f-4522-a447-3c2a03da5509
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.199.101.36; 185.199.101.36; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
an-x-request-uuid: fe4624ed-6dce-4aaf-aaf7-bb3f4c575e90
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO_3mKUycIKuvbJUtQKYAcg%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 185.199.101.36; 185.199.101.36; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 46E7
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYyMTYxNDc2MzUzNDU5NjkyNg%3D%3D

170 B
188 B

41ms
40ms

Image
image/png

142.251.163.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYyMTYxNDc2MzUzNDU5NjkyNg%3D%3D

Requested by

Protocol

Server

142.251.163.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
an-x-request-uuid: 668b4726-73af-4d0e-ba98-55b17eeeb5da
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYyMTYxNDc2MzUzNDU5NjkyNg%3D%3D
x-proxy-origin: 185.199.101.36; 185.199.101.36; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 3ADB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&C=1

43 B
336 B

58ms
57ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARig84pkMAE&v=APEucNU8NyvG6aO8aw70YMjCOXQWlqoYVU3yNXasHk-Oqkzupz4Tdo579riM45RgXlCyoExGkh3G1TOuuXz26P6ytZpTLwXUkA
Protocol: H2
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HZgYggwsGlydiU9FL84p8%2BVGQDk1wZcqVzkIz8AdypYxYK5uu3e2T1RNdHcZoHToh1MvsZaah4P7lGW%2F28ZOgBe%2FhpkoSM138yYI9nVAHv978FHjgLlgMsmYGNhSvFo3OQnAdAPig6k9aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81b67520b97c3704-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=buHpJagUfs0JUW7MIoXLrbeNx6zpv4mMfQofWpVWCt2Bs5UXmddzCkLq%2BUzc6cBAovir6kK5NQ3yW7LEaKQvABRuybtRMhPk9R349wzKjBhxGYsjQY1ekpWsGKvYVjkiYlbxqRoJwlBWxg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&C=1
cache-control: no-cache
cf-ray: 81b67520388a3704-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 3ADB
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZThmAICj8b0FSg.MFEaAKgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&google_hm=2

43 B
769 B

63ms
62ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARig84pkMAE&v=APEucNU8NyvG6aO8aw70YMjCOXQWlqoYVU3yNXasHk-Oqkzupz4Tdo579riM45RgXlCyoExGkh3G1TOuuXz26P6ytZpTLwXUkA
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sbiq88H7500T7oluS%2BE03uB%2FP06ojoEnYU0zvIBOIPSvXvufBtU%2BjzWj2RAQvaO2baCLxa7UyzNlpq%2BiomcP1VcNZNsIpm6YjFAcL6nndi2cflHzwK%2FSDk98Zp6hhBn5N2GcioyXHRs4Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81b675215f0e36be-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPOGgkilMswgrZ0z_4t7znw&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 3ADB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEO_3mKUycIKuvbJUtQKYAcg&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO_3mKUycIKuvbJUtQKYAcg%26google_cver%3D1

43 B
889 B

26ms
26ms

Image
image/gif

68.67.160.114
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO_3mKUycIKuvbJUtQKYAcg%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARig84pkMAE&v=APEucNU8NyvG6aO8aw70YMjCOXQWlqoYVU3yNXasHk-Oqkzupz4Tdo579riM45RgXlCyoExGkh3G1TOuuXz26P6ytZpTLwXUkA

Protocol

Server

68.67.160.114 Fairfield, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
an-x-request-uuid: 92a2b950-d080-4edb-89f8-edbb5d70b443
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.199.101.36; 185.199.101.36; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
an-x-request-uuid: 8a36e23a-3cfe-4283-b6ae-e33f10bef646
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO_3mKUycIKuvbJUtQKYAcg%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 185.199.101.36; 185.199.101.36; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3ADB
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYyMTYxNDc2MzUzNDU5NjkyNg%3D%3D

170 B
188 B

43ms
43ms

Image
image/png

142.251.163.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYyMTYxNDc2MzUzNDU5NjkyNg%3D%3D

Requested by

Protocol

Server

142.251.163.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
an-x-request-uuid: 8632f98b-e703-49d8-a341-2ed971faf9f1
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYyMTYxNDc2MzUzNDU5NjkyNg%3D%3D
x-proxy-origin: 185.199.101.36; 185.199.101.36; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F1E 0
20 B 47ms
47ms Ping
image/gif 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8788310969989&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F1E 0
20 B 46ms
46ms Ping
image/gif 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8788310969989&version=m202309260101&ct=77&x=1&cor=15026628353361725000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8F1E 30 KB
18 KB 76ms
76ms Script
text/javascript 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cj8qPHS7s78fOUYCIhMm-GxQW6j1Sr9CnDi3yeflGfGpUlTgVR129NJzqReJ0KH8Yg0HxexcVVU834S8hAx3Xq0aILHpRjYx3zwndgSJBWqybrq1jklqLBzMiDmZ46AjmUiJKRDrHLHQm-S0q4Mk6mPd0JNgvqs8WpIkZcC2uJK4BYVT8&cry=1&dbm_d=AKAmf-Ac_dOsk0nynY_rHNob0nUndz_R1_mErUyc1ruci9VChsV88P97JYLf4Ilxth2-_RKmI_ax9GqwzAuBLI5ByKQj_UEz1Jx2WL3aSY2-ouKhx2Nrg8HEJrHgYJt_PRJjEF_lAvLqewsaw0KTlJAlJ427X8cVePyz1E2dSFD9s_yymLe_M_Vc9Doso7o3zbHZGa5afVAIkR3CEXEDyU1ZnNa_DGBrvNLbb5ozONE_wbr65QRLsF2N_W5gRnBs1rJ5swzqluLLkpBWJChhlw-lJmNhLRVl5lmWYqANkMQ-6ci8kZXNdSUHLBQUzEhixnN_LPOb4L26Qya7-yDsi9XLWtvf4E18kEan-CFmDImGknIAGr8c9l-RY12DCNG3XRr9Vz9M0w2g1iAUIe_ai0EdiRY15AAeTBara6dgRoZPkaZgagrn8Ec5aaVVPbLUqx5LRjQOasXDeXMSMbQ7lhBPHd2YR5whvIdq44lvbLlyyckuVN8kzx4K6vZmOLOunh7X4dMV6C-9wfxIWgdUdVPziD_JzJNuvDVWrMxOJur6DPen3NTgD5DQW5oO3UXdeja4KA8LdNxmYTXIOjJFVrPaSDXqi1v8Xhk12inYfVuIda2GWkG7AWYay0VlPdITSdtD6Qi8lOKEboeLlwsQm5BhEBWQQg6bs9l2Ebb_Q86ateFxnwgMmUWV9sCu__HOvH7ShorB9GHT_iLcdEgck1v-O3wEV9FOGxITiR7lk2yCk6K8jxQARp1_4mEXI8C3nIc4btLPZqzj4j8yiRgSKOR1fiJaK4h9rOKYtzG_OOGuNIbQFZdlxPgovXZOyAcMyK5NDxmLJDb___tsd8_cu8vkOZusb3cpSwNLdECxHXq5_gVxFAUChc-Izzik7qfbhZ7JkFOQilUUNSKK_n8Qy3BSNJwe3k0h0GtF5UUiWlUfsv5_1f2h6dB_4b6LAMlrPm58fnqqfWGonRl2c5DKE-7JW4N4zSiKiQYMMMB4IkTx4bzzzME24tUgz2c4rbszXe45lhcRGN_KkuSdzkXM66dScXJsYqQ_8AQTevc4v-m-wub1BiyHekKeEl0GCiK87aX-lXqPcogxUROJmU6O2LiqfHk6BkTtN_aV124bNOUw1p4RPwMbiadZQ8gKAeJcjE7s8tDVoedykNKHuQdBrbFw1187xu3qzuihDebfmP97fbTRmOCygJ8ZC6ZzH2QrwY-Zvu7rl4sr1c1kU0DE7bLsyL9xvLfwG9xhHeX-tu-F6oE8-_LyAbSxecvOzIGA60nb3WwWfIUyRAhIp9l5BD4I-JcB6XRHfoOaDq3gMKcN_TEfQgkPo1kVyoP3ipwXqFMRXpgtiKF3I-kHwT3OrM9u6z_xnxKBUHUchd9rzdv8cqmK494WRWRkeg8tLkwHOIwXjzP9z1doo_Lg2EzEKbHWfD75_57-_1tDkz70xo_jl_tXyz45qLW3vBrD0sVZKRMyySoEVzmHnOPNY6tCfQuxUNSlxR6p8bFDC1o0q0leDLfDp3IqWMvWyZ51SAKq-S1D-UnjwRAsli1BlXf4JCq7p_ZK3f_DV8cd-0npXg5A1v_96T34Ox7KDNP3tdrnc0qOvB4PwdTloNhG97Ad1uU7Dsrdx0n0ndzrcaTHHJQl7wfmnkbCfDlhRB6eHKnMPLNiKPPLhSWzdcbuzIYVXx8P7_XUsV3Ma04ODUhPdFDsOO024qz81fndnAwyYnh8ozl2Yh1b05YVS0d1e-hK091B7HPButgmDGaqZP5ETzOW8YssaoLhijFP3zS2Wg0SDBe-41qtZ1LSZ1XdEPVWH_BxJXUoc9ke54Se1YKf-HkdcbMKcrYJe_vNArK9GofbpyLgYLnP56yazh4f9CJHlPfezZImnuQEfNTg1nlz9YdEsK5ujRVDRat13bUx7Nk4eOeUQrnF1FmrzgP7mYIPqKIYugs4xM9cGREMzzvpUIn2eaOhngQ_lgfcCxnKPgtTqOA0gu-0P_8CBg9hf7MiptIBco4it-6kkLjFMv_unVGKQf9zxLh5C4DQfnDxwzoJWsZiJpvtJ0aDvH9lTI-L6ubb2UXWpCuo-F8BWHLcUfBq_lKg39yXAoYiAAudVsMT0lm8rjuORB8yZkNjYoq7LTquJV6AhNMrVWeRR6DPGegJwzo2-fOc2QEHK6Ml5Y49FkUnzBH00RqM5d8_Iqdxz_rlU4pIFFcR2XlROIv3H2MXWGWTuqUTTz6oIjO4di1sIu1RKrQodVv7uGdzvcL3eZThMiAZBV844pECsO6ul0-76q6MQ4IgjOxCUtcc6jGUSRITI7NRlcY2Dyv908qGj_zsmrMuK3ocfH7MTZu2KJs4VadEaoLgLq7x_jcc20q4if5bul4ryvMOo4QKyCOkQIlu8xIje5a8ft51QR9tqcMMmccGIJfjCHIbSi0KiwLf816B9_e3XilTHl99VTHqvIseqGm-R5CneyJH0NxfaZQuzdgJgjYokuzbZU_QTjlFQaCfbCfPBXtDve2ntIdpE7-ZgdX1CJnzwS3hvD_tiJ08qr1LMCR8dsw5gSoFieczNS4KJA_24Pw5K2e3sC8x6jxoD70_bRzhfDzYg7Lc-ndiDm1dE87w5bs_vqZLL2fovpSr0ILwEdpBfH-8D4TRPqTdKbDtVfrH3OPT6hoprluvtzRp_GAAE23o5a3Fo0fV9oPkz8Qd7_ak9QFxw9BfsGLUknwy3O92tm9J26Ixx-gOG0Mzg_2U1rgjH4v8DQEhik_updVoheaFqGbSigyTmQg2CX9WORzjHEMsFw3QlvGKMR3d_r8yYLbY9pmuCAXmP2MMoAqCjA51arNCeVOatzVusIy_9qa7uu4L58HpOr_s5gBi44tp6QfdyTOgtVozkiUknJ0arvSQdFstiAcYSii1b27phm0M3jBvPahzHs7ixVT1qTbGd8_3PMr-ZPFPfIuFi6hRy-F0q5_JE0GrhaY9rsvuN2-JstK8Q7dVz9Kg3ioqZpISi1GLtD4R9jISf2bL6In79aniO7RT_R-aGuGScLAaXcqROM3uVihVHq7SFJGXf2swkFzVaImvTQAcODicl4xQCOrQaK3RJurwNgEyWkZvHzFCKVF-HB7sFZasVWWb7oyvQipSFF7y7yH7-UwbuL8ThenDpg2AImGDzTfYfRu74d6_ppG8B1zl1M8T4TOAnK5pSRtrW_VWpvj58yi3BN6dbU21JQg76km2Fcg-ulsXJ0Si8t-Xi7fTsoucBRNBjFnowajCQXxHkyexjPiQwWbJE6vblYW0eZvtzGhCDvxrkzItPFPJD4Pz5fKGeGul6CSA5sc5oWhP4g6tCDrJE95FLs5QsERlxHifImojBPeHvVjOYgp9oygfycCaL3lR4HkJypg7ediP7kL8Gx2G3qm4AvpLh1yur-2xJE3OsNcsemy-LA7TjMHpAZXL_kD-e1gazdnbGRRzLzmdY0CG-gwa9B1G2OA17DaUtSSInfNGBV9TAEhqD7TT5xbJR-LACgfgscs8JpP5_riBO73vxSZU1WtPB5lcs5D29a7u7x-5u-GAZozcAKV97iYaIM0mJwUKKCuvRMct1TfarexTo8F6Kn4U79v_-peNCYjKk9_2shdXSkgzysBDnThYen0F1DRsDUWvRg39mqYYY1hAhw_tt5-5fGQ1axFj-f8dSbFdLTmy3hOYK9-U8nFkJ7Ef07SaM-V0y93SCtcnuNpjVRSosXxH4F6ULg7N--dokUcaudY3ZyZ3qvoX67F2x7wX6HVdqBx5AX7kdcip8swIGq7bbxQRa_1aTdReHvAqvfH9jrs0wkEe0m4jm9gzd5B0mPt19uU&cid=CAQSSwDICaaNKKtBcGXBOBEZz3dnPQimEluN-d2A6VRpL1Jr0tGxrR6IW-iCAnNnCbDlVWPDROf8KmYlXIo-55Omtnzfz5hOU5AZsp7E-BgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Ffr.ffxiah.com&ds=l&xdt=1&iif=1&cor=15026628353361725000&adk=1996670923&idt=68&cac=0&dtd=18

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

41f230c1777cd8cc4cd42572c9a8532dc3a5edd2ab0ce9c554a3fead1bbfc46d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18078
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 4E76 32 KB
11 KB 32ms
32ms Script
text/javascript 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 18:10:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23891
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 25 Oct 2023 18:10:53 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231023/r20110914/ Frame 8F1E 30 KB
11 KB 32ms
31ms Script
text/javascript 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231023/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cj8qPHS7s78fOUYCIhMm-GxQW6j1Sr9CnDi3yeflGfGpUlTgVR129NJzqReJ0KH8Yg0HxexcVVU834S8hAx3Xq0aILHpRjYx3zwndgSJBWqybrq1jklqLBzMiDmZ46AjmUiJKRDrHLHQm-S0q4Mk6mPd0JNgvqs8WpIkZcC2uJK4BYVT8&cry=1&dbm_d=AKAmf-Ac_dOsk0nynY_rHNob0nUndz_R1_mErUyc1ruci9VChsV88P97JYLf4Ilxth2-_RKmI_ax9GqwzAuBLI5ByKQj_UEz1Jx2WL3aSY2-ouKhx2Nrg8HEJrHgYJt_PRJjEF_lAvLqewsaw0KTlJAlJ427X8cVePyz1E2dSFD9s_yymLe_M_Vc9Doso7o3zbHZGa5afVAIkR3CEXEDyU1ZnNa_DGBrvNLbb5ozONE_wbr65QRLsF2N_W5gRnBs1rJ5swzqluLLkpBWJChhlw-lJmNhLRVl5lmWYqANkMQ-6ci8kZXNdSUHLBQUzEhixnN_LPOb4L26Qya7-yDsi9XLWtvf4E18kEan-CFmDImGknIAGr8c9l-RY12DCNG3XRr9Vz9M0w2g1iAUIe_ai0EdiRY15AAeTBara6dgRoZPkaZgagrn8Ec5aaVVPbLUqx5LRjQOasXDeXMSMbQ7lhBPHd2YR5whvIdq44lvbLlyyckuVN8kzx4K6vZmOLOunh7X4dMV6C-9wfxIWgdUdVPziD_JzJNuvDVWrMxOJur6DPen3NTgD5DQW5oO3UXdeja4KA8LdNxmYTXIOjJFVrPaSDXqi1v8Xhk12inYfVuIda2GWkG7AWYay0VlPdITSdtD6Qi8lOKEboeLlwsQm5BhEBWQQg6bs9l2Ebb_Q86ateFxnwgMmUWV9sCu__HOvH7ShorB9GHT_iLcdEgck1v-O3wEV9FOGxITiR7lk2yCk6K8jxQARp1_4mEXI8C3nIc4btLPZqzj4j8yiRgSKOR1fiJaK4h9rOKYtzG_OOGuNIbQFZdlxPgovXZOyAcMyK5NDxmLJDb___tsd8_cu8vkOZusb3cpSwNLdECxHXq5_gVxFAUChc-Izzik7qfbhZ7JkFOQilUUNSKK_n8Qy3BSNJwe3k0h0GtF5UUiWlUfsv5_1f2h6dB_4b6LAMlrPm58fnqqfWGonRl2c5DKE-7JW4N4zSiKiQYMMMB4IkTx4bzzzME24tUgz2c4rbszXe45lhcRGN_KkuSdzkXM66dScXJsYqQ_8AQTevc4v-m-wub1BiyHekKeEl0GCiK87aX-lXqPcogxUROJmU6O2LiqfHk6BkTtN_aV124bNOUw1p4RPwMbiadZQ8gKAeJcjE7s8tDVoedykNKHuQdBrbFw1187xu3qzuihDebfmP97fbTRmOCygJ8ZC6ZzH2QrwY-Zvu7rl4sr1c1kU0DE7bLsyL9xvLfwG9xhHeX-tu-F6oE8-_LyAbSxecvOzIGA60nb3WwWfIUyRAhIp9l5BD4I-JcB6XRHfoOaDq3gMKcN_TEfQgkPo1kVyoP3ipwXqFMRXpgtiKF3I-kHwT3OrM9u6z_xnxKBUHUchd9rzdv8cqmK494WRWRkeg8tLkwHOIwXjzP9z1doo_Lg2EzEKbHWfD75_57-_1tDkz70xo_jl_tXyz45qLW3vBrD0sVZKRMyySoEVzmHnOPNY6tCfQuxUNSlxR6p8bFDC1o0q0leDLfDp3IqWMvWyZ51SAKq-S1D-UnjwRAsli1BlXf4JCq7p_ZK3f_DV8cd-0npXg5A1v_96T34Ox7KDNP3tdrnc0qOvB4PwdTloNhG97Ad1uU7Dsrdx0n0ndzrcaTHHJQl7wfmnkbCfDlhRB6eHKnMPLNiKPPLhSWzdcbuzIYVXx8P7_XUsV3Ma04ODUhPdFDsOO024qz81fndnAwyYnh8ozl2Yh1b05YVS0d1e-hK091B7HPButgmDGaqZP5ETzOW8YssaoLhijFP3zS2Wg0SDBe-41qtZ1LSZ1XdEPVWH_BxJXUoc9ke54Se1YKf-HkdcbMKcrYJe_vNArK9GofbpyLgYLnP56yazh4f9CJHlPfezZImnuQEfNTg1nlz9YdEsK5ujRVDRat13bUx7Nk4eOeUQrnF1FmrzgP7mYIPqKIYugs4xM9cGREMzzvpUIn2eaOhngQ_lgfcCxnKPgtTqOA0gu-0P_8CBg9hf7MiptIBco4it-6kkLjFMv_unVGKQf9zxLh5C4DQfnDxwzoJWsZiJpvtJ0aDvH9lTI-L6ubb2UXWpCuo-F8BWHLcUfBq_lKg39yXAoYiAAudVsMT0lm8rjuORB8yZkNjYoq7LTquJV6AhNMrVWeRR6DPGegJwzo2-fOc2QEHK6Ml5Y49FkUnzBH00RqM5d8_Iqdxz_rlU4pIFFcR2XlROIv3H2MXWGWTuqUTTz6oIjO4di1sIu1RKrQodVv7uGdzvcL3eZThMiAZBV844pECsO6ul0-76q6MQ4IgjOxCUtcc6jGUSRITI7NRlcY2Dyv908qGj_zsmrMuK3ocfH7MTZu2KJs4VadEaoLgLq7x_jcc20q4if5bul4ryvMOo4QKyCOkQIlu8xIje5a8ft51QR9tqcMMmccGIJfjCHIbSi0KiwLf816B9_e3XilTHl99VTHqvIseqGm-R5CneyJH0NxfaZQuzdgJgjYokuzbZU_QTjlFQaCfbCfPBXtDve2ntIdpE7-ZgdX1CJnzwS3hvD_tiJ08qr1LMCR8dsw5gSoFieczNS4KJA_24Pw5K2e3sC8x6jxoD70_bRzhfDzYg7Lc-ndiDm1dE87w5bs_vqZLL2fovpSr0ILwEdpBfH-8D4TRPqTdKbDtVfrH3OPT6hoprluvtzRp_GAAE23o5a3Fo0fV9oPkz8Qd7_ak9QFxw9BfsGLUknwy3O92tm9J26Ixx-gOG0Mzg_2U1rgjH4v8DQEhik_updVoheaFqGbSigyTmQg2CX9WORzjHEMsFw3QlvGKMR3d_r8yYLbY9pmuCAXmP2MMoAqCjA51arNCeVOatzVusIy_9qa7uu4L58HpOr_s5gBi44tp6QfdyTOgtVozkiUknJ0arvSQdFstiAcYSii1b27phm0M3jBvPahzHs7ixVT1qTbGd8_3PMr-ZPFPfIuFi6hRy-F0q5_JE0GrhaY9rsvuN2-JstK8Q7dVz9Kg3ioqZpISi1GLtD4R9jISf2bL6In79aniO7RT_R-aGuGScLAaXcqROM3uVihVHq7SFJGXf2swkFzVaImvTQAcODicl4xQCOrQaK3RJurwNgEyWkZvHzFCKVF-HB7sFZasVWWb7oyvQipSFF7y7yH7-UwbuL8ThenDpg2AImGDzTfYfRu74d6_ppG8B1zl1M8T4TOAnK5pSRtrW_VWpvj58yi3BN6dbU21JQg76km2Fcg-ulsXJ0Si8t-Xi7fTsoucBRNBjFnowajCQXxHkyexjPiQwWbJE6vblYW0eZvtzGhCDvxrkzItPFPJD4Pz5fKGeGul6CSA5sc5oWhP4g6tCDrJE95FLs5QsERlxHifImojBPeHvVjOYgp9oygfycCaL3lR4HkJypg7ediP7kL8Gx2G3qm4AvpLh1yur-2xJE3OsNcsemy-LA7TjMHpAZXL_kD-e1gazdnbGRRzLzmdY0CG-gwa9B1G2OA17DaUtSSInfNGBV9TAEhqD7TT5xbJR-LACgfgscs8JpP5_riBO73vxSZU1WtPB5lcs5D29a7u7x-5u-GAZozcAKV97iYaIM0mJwUKKCuvRMct1TfarexTo8F6Kn4U79v_-peNCYjKk9_2shdXSkgzysBDnThYen0F1DRsDUWvRg39mqYYY1hAhw_tt5-5fGQ1axFj-f8dSbFdLTmy3hOYK9-U8nFkJ7Ef07SaM-V0y93SCtcnuNpjVRSosXxH4F6ULg7N--dokUcaudY3ZyZ3qvoX67F2x7wX6HVdqBx5AX7kdcip8swIGq7bbxQRa_1aTdReHvAqvfH9jrs0wkEe0m4jm9gzd5B0mPt19uU&cid=CAQSSwDICaaNKKtBcGXBOBEZz3dnPQimEluN-d2A6VRpL1Jr0tGxrR6IW-iCAnNnCbDlVWPDROf8KmYlXIo-55Omtnzfz5hOU5AZsp7E-BgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Ffr.ffxiah.com&ds=l&xdt=1&iif=1&cor=15026628353361725000&adk=1996670923&idt=68&cac=0&dtd=18

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

a860e393a22f7cd34a28120e6b5f9bdc433a1eeda614b995c6c22b395afcfbe6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 23:31:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4641
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11591
x-xss-protection: 0
server: cafe
etag: 12161711247934188981
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 23:31:43 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 8F1E 41 KB
14 KB 33ms
33ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 10:40:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50904
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Oct 2024 10:40:40 GMT

GET
H/1.1 200
OK dvbs_src_internal122.js Show response
cdn.doubleverify.com/ Frame 8F1E 60 KB
20 KB 38ms
38ms Script
application/javascript 23.222.5.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal122.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115844&plc=4196922&sid=18330&DVP_PROG_REP=1&prr=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVP_PP_IMP_ID=ABAjH0iRvJZK9y_EWgnwubAxDKfc&DVP_DBM_1=3060631&DVP_DBM_2=11814982&DVP_DBM_3=35279202&DVP_DBM_4=209893792&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=49809186452&turl=https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html&DVP_PP_BUNDLE_ID=&dvregion=0&unit=160x600
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.222.5.79 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-222-5-79.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: b59e0c0d1cf93db01c65f1357aedb1b27cf41998f06af03d1039bb18e83b5f86

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:04 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2023 09:51:46 GMT
Server: UploadServer
ETag: "676309fe6e3823d28d9b38e6462bb025"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19669
Expires: Thu, 24 Oct 2024 00:49:04 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame E981 0
10 B 31ms
31ms Image
text/plain 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?BzhTEQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.16.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bl-in-f132.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:04 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 87D9 0
10 B 31ms
31ms Image
text/plain 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?NUwkJw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.16.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bl-in-f132.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:04 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame FE67 0
0 52ms
51ms Fetch
image/gif 142.251.111.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstaOyL82BHpckenPnxOp0X4sx7--sH8His8V7kXgIEN6F-JvFoNUAQj5_JrRElmHwkLf18pMhnmA9FipdCnO1vKYtyC7o4Fp527FZ4h5IqGPiiO4p-7blDnxD_uGCUTZFqB7ehFkbXfBovLy_TOV0wt7DVdSnjR4rxuzENlF2Rss4IajvnDt_e3Utvjz5tKG-Uw1KYq4PeuDxWcm-aKL7FBAIy4R7cfPFlYtyLpFZbJWiPQ3ajfC_DLz83Gwai4n-x_6cyAEFSAWLaxAM2iPMJ3lTgf8ws9u82wOWdrVEOPk68CVAOe1YJqWU5wo0RVG5dATC47PrSZ_wi_AtEAmOHK7XNAiIuhwHckUjZBhDTELv5uLPQT1d70M4BN9y4CNqFTFpLEpW_4EvUp1OuLOz3-B3zdBwk7JYOAfyCET6CmTEIQQ5CIU_eOb_y1_qAejVS6c5OTs8nqsPEuuSoiq6otTtvUa4INaybq7psIXMScCOD0gse2t3mLNGBgQQglUuhvuSXGPG3-su4jc8iY13OpCeftO_jgRw52tu4FS3ddbbI7SXKkB74XGkCSVOf6ib2UKPgi_nbjqzCB93laP5EpUp86qrFbYIqfUU7CtQoqPnj1B4rV5eA_ffTYrQnHWcu-YpELu01wozaWX9aDrOc00A1nR3jlSyM7MRVlNXhVgSyImpiz8UJ1QmJRPakiBQJDE8nDYbgFZWdjLBivbXXz4qM3sFqta-qPuAUn0iNufKp6e1GdqxNuTovtMLgM4P21kDoi4P0gZog_Q4grX8D0hsXWMM5xrRJJXPlquI1nOH3d92tiUAbZ8vtKBYCKrytzxUrps2VkRTjBwiWzk1zRnz4L9_BlBi1wPKCDcegYlbnfEF6kUlucVwjOzHgS4Ulh3G8YGb8LoYJ9eEdjsmj6Fv7Jk_Rs9HabnzvKK0o454bRbuJN2RDxfaG5_9XOoMLMsO0Rk-a1vgj7xrOdrO8hPPQCyBXEqBtQ7wwuFo7VCAvUyO9o0sSM87fE66cHmhotYBA0vh--KUNyJ4ryo5e-LNzUvp18tuhhAAyroRyr98_xd3tZOcAh1ShyPxDW4NeJmD3Hv1EYNHsJnI6Qw-yovi1LSSDNf0X9MFbFPbXmtwLrMn7K_OsA5oBb3QOhc3ixzuVvCo6_be8eHEoZB-ELNBZn5TCntT6Oa6JEaoP6j5ix980BVlBMBQgs_AQqoXTf7mRCg5h4aBYyUIC_mwkHlRzfdKWbSJSVm0PNziGBQT2Yj52_wRiUNDKJtJfX4QD42T3jbg70VobRooOHBAN7N-8fRwtis1l2qy_TXUG9gfj9rCjoFaF8sOVORVcI46pWLg&sai=AMfl-YTny-MUDC0Lo8lG8-e4MBDwx1t1TlAFR-h30PaHp0NblcsGNPXIRW_lc54IzkdHeOVWH1eHIO80TPvNsPscleboDJDoQE3HlIysTKSlBNBR4QVcioXhXF65sRNV9WMgQ-FVkvzbiXc9qhcujbOvxbDDeVNf3HX68vaNjwIH6OruKJ-HjM1GTA2zepqZihJY812nkDLP2woSfwf3eVLRd99xWZi6ZWDEx3bvDmiDYPD9W6iyv10z0bgLfRLkaVV70wyuUXivypHQgEYEEslqb_i_0CDDWG4FYHVatpIlQ_7N-66sePibU3ULdLdXUUQkrllP6zyPegyBIE0pdwCWQQxhHGG3GU2kecdbR226NjYh8JzZFohqgVOei_giml4Fcq0QZ2eCbyAch5dD-uQ0RwB-KNaryNw2Cbk7gaQjSvNqdqE-zZo7VXzkO8L5RSEQx3oZNN-MwD9w7LZEY03aCOXMMby8ksNDWuS_GWuJ6Kzb1EQ&sig=Cg0ArKJSzAGiVui9skJLEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=453&vt=11&dtpt=251&dett=3&cstd=199&cisv=r20231023.20762&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 00:49:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame 8F1E 443 B
577 B 183ms
58ms Script
text/javascript 34.117.228.201
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_144665611215&jsTagObjCallback=__tagObject_callback_144665611215&num=6&ctx=1828362&cmp=115844&plc=4196922&sid=18330&advid=&adsrv=&unit=160x600&isdvvid=&uid=144665611215&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.40&dvpx_strhd=0.40&brid=3&brver=118&bridua=3&dup=null&turl=https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html&srcurlD=1&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVP_PP_IMP_ID=ABAjH0iRvJZK9y_EWgnwubAxDKfc&DVP_DBM_1=3060631&DVP_DBM_2=11814982&DVP_DBM_3=35279202&DVP_DBM_4=209893792&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=49809186452&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=4&fcifrms=2&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=169&eparams=DC4FC%3Dl9EEADTbpTauTau25D%5D77I%3A29%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau7C%5D77I%3A29%5D4%40%3ETar9EEADTbpTauTau25D%5D77I%3A29%5D4%40%3ETar9EEADTbpTauTau2_73f554_b64_cc3g5eag44eghh%603h65%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTau25D%5D77I%3A29%5D4%40%3ETau77I%3A29%5D4%40%3ETau8p50%60e_Ie__%5D9E%3E%3D&dvp_exetime=7.80&callbackName=__verify_callback_144665611215
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal122.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 201.228.117.34.bc.googleusercontent.com
Software: /
Resource Hash: c35088bb2ca8e6184d4eb8f6d6efa4f189fe8a4a241be1cdded07ff5f12edaf6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 25 Oct 2023 00:49:04 GMT
Content-Encoding: br
X-DV-Response: 0
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 10/24/2023 00:49:04

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame C014 38 KB
13 KB 35ms
35ms Document
text/html 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 50904
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 24 Oct 2023 10:40:40 GMT
expires: Wed, 23 Oct 2024 10:40:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 shop_en_hover.png
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 3 KB
3 KB 35ms
34ms Image
image/png 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/shop_en_hover.png

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

ec3a25a4e89bf0f30ddbed85fe564b7dd2132928aec9b293eff71318048330de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3441
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 shop_en_still.png
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 3 KB
3 KB 40ms
37ms Image
image/png 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/shop_en_still.png

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

0e04ffd3a1b7d668885b064866f1801dd96daace1ca9843ce15fb1bea9b3792a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2918
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 shop_en.gif
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 9 KB
9 KB 106ms
103ms Image
image/gif 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/shop_en.gif

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

3024440ef5bd879be6454acf579de6d80fbace8f0b6b0d77ff41fff457342db8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9229
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 border-728x90.png
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 2 KB
2 KB 108ms
105ms Image
image/png 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/border-728x90.png

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

9b119ba53ff179b102e5bca55b013a9ea5c95753f985225637079294edf736b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2432
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 headline_728x90_1.png
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 9 KB
9 KB 103ms
101ms Image
image/png 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/headline_728x90_1.png

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

38d10938a10f0e33bd3573db8ddf0e738f5bb3e02ec218aff2fa0766e8a85031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9251
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 headline_160x600_1.png
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 25 KB
25 KB 93ms
91ms Image
image/png 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/headline_160x600_1.png

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

c5a6520d925a85e3d43502a6461c57c0be5d0c799bccb11daf24322c2d9bcff9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25486
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 headline_160x600_2.png
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 25 KB
25 KB 108ms
105ms Image
image/png 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/headline_160x600_2.png

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

1b89bc5e121609c1ea7536579404ec3e62064f1aed8eecd76809ca26fcd64820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25197
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 headline_160x600_3.png
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 24 KB
24 KB 98ms
96ms Image
image/png 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/headline_160x600_3.png

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

6a18270c33d32c05ab094a6f82f5b765008ea4854068032a2e6af191cddd8fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24985
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 banner_4_still.png
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 15 KB
15 KB 72ms
70ms Image
image/png 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/banner_4_still.png

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

72330477adb934690b483fc457e51ee8cd8318b38390bc4322b9c05a4387e468

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15805
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 banner_4.gif
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 126 KB
127 KB 82ms
80ms Image
image/gif 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/banner_4.gif

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

eb408dc130120ff6da78b123fdf494cbcfb8ce68e4c81910ea8a9e2223aa2026

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129496
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 26 KB
26 KB 62ms
59ms Image
image/png 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/logo.png

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

2010238e0246053611fe06eda40490c23a0b15259effcc29078d4dc4cd49bfb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26453
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 Images_728x90_3.jpg
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 24 KB
24 KB 41ms
39ms Image
image/jpeg 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/Images_728x90_3.jpg

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

fc98d8d52a073f2703fad98da54c576ef1e5d7eccb76424f199677b78b122689

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24678
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 Images_728x90_2.jpg
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 25 KB
25 KB 49ms
47ms Image
image/jpeg 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/Images_728x90_2.jpg

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

ac549355cd8d0a62026c1975e67b3a962940b60f6aa98d97ae843a5e2ee8013a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25418
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 200 Images_728x90_1.jpg
s0.2mdn.net/sadbundle/9747550231200845669/ Frame 4E76 25 KB
25 KB 115ms
113ms Image
image/jpeg 172.253.62.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9747550231200845669/Images_728x90_1.jpg

Requested by

Host: bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
URL: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f149.1e100.net

Software

sffe /

Resource Hash

0bf88dcca00e9858eae851f10ce8abd0a93184c248366ff582c3d60802c94bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9747550231200845669/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:03:07 GMT
x-content-type-options: nosniff
age: 121557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25705
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 14:41:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Oct 2024 15:03:07 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7E34 0
20 B 49ms
49ms Image
image/gif 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BemgS_2U4ZfX3FZOFxAON_IHgDAAAAAA4AeAEAg&bg=!o6CloO_NAAao7_3LiO87ADQBe5WfOLQ0NMhJlMTOiMHJq8qzsXz9gHVKEA_y6Vou5B8XdvKAh0USdh0RS1I9R5D4BG7-AgAAAONSAAAAAmgBB5kDGI4YGG0aRvDhzARksK2TSA71lZ9CIdcZotbOeYe3o1_hF0IFDkxwcDqeEHRc1p5PF0aIu7xAoZpytynRajm57x_OSNkkTfQa0oSErCoJqN5otVpUMuj_HK08Uf6R9jnAyTW3j82g8StxPQl_mjfMNTHlHZLnyG2LphV3dt_1NbQI3Yqv7d_ysK8xe8T2ddtV0f3o3xsUZswu7oW2y8fhv4hfaxJtA4F0l2ynKNqAcSqD48idFSo6i0usNaZzUspWEsKT6mSC0pEDBtfVoUEPxZn6f7Vk08RYCtQk2U1uOfNB_VGmaDMx_NV-FbDlTSfA5Y3Smq_F7F92W3NRNkiw96YTQMnsChQWbotcC5cTrfxcRPt2EeD_7bGzfj6uo69u7C9MMNFP-XE9g5ZdNGB5Qi6pzWGpnrA5OT5c4c2MiNvylWeDSHBdCCSzKcefFhRYlpoekS5ZGWvWFrYgSv3WDn7rKMBNA2Xb4Xgzy3Ks1RnWVRmCehrOMVU14tth9kDMU-ILBwiwuvB6FyetGpYwZ-wfh5inRyvo9y7Cya8raQHOXusbL-hzRji34T2OP5Vpamqih0irwgYK8_d1XU2acKyNCoUf2xhFFbklSs3yslhQxzaKLiOuyXFnV0AruQdGtA6Bqmbtboazxf7e2za3Dk3lbTS345Z0hvAo9h_ku6ulIGa9MMzKZLU0atVc_mlfItE3zTllQYCOgaeGMooUhcLkVFnf2o9SoUoryC7iX2mCApc-BKm8gC94gTj-eNBEdXT3T92xzdkRDyppFsxMBOyBnMIkjBpb4SUpy80A49l-J-caC934lBbDRERSKZvTEo2IF81Gm6kD_tjB2T-ErMu8X8o25qkFaY6Nna23DogxGYK14lZuDYZ_2MPnk3XEVWiETGYzaCvaE5pHe1GetZF5WdCvNvwaR4Y42qVs4a_m8zZ-MY75HO283T825fPXAS-Lf5-eEs2dJtAp4mbJFDv3Kujb827zntpZQDcibZ6m55IuU12RQWh463Gwg_qnLsZa4VQFNK5OwL86oXA5LYbiwDuIRHifAg

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 oPn6O887CyeqmcRGJ9UyaII03mK9IujXfexCk6ukzmw.js Show response
pagead2.googlesyndication.com/bg/ Frame C014 38 KB
15 KB 33ms
32ms Script
text/javascript 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oPn6O887CyeqmcRGJ9UyaII03mK9IujXfexCk6ukzmw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

sffe /

Resource Hash

a0f9fa3bcf3b0b27aa99c44627d532688234de62bd22e8d77dec4293aba4ce6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:51:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557879
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14996
x-xss-protection: 0
last-modified: Tue, 17 Oct 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Oct 2024 13:51:05 GMT

GET
H/1.1

200
OK

firstevent Show response
adobe.demdex.net/ Frame 8F1E
Redirect Chain

https://adobe.demdex.net/event?d_stuff=1&d_rtbd=json&d_cb=fltk
https://adobe.demdex.net/firstevent?d_stuff=1&d_rtbd=json&d_cb=fltk

102 B
1005 B

38ms
38ms

Script
application/javascript

54.160.99.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://adobe.demdex.net/firstevent?d_stuff=1&d_rtbd=json&d_cb=fltk

Requested by

Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Server

54.160.99.39 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-160-99-39.compute-1.amazonaws.com

Software

Resource Hash

265102bb071ac969672e2ff9bfa564479cbf846c3d05b6d039b4fb026f980b8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS: dcs-prod-va6-1-v051-036a03071.edge-va6.demdex.com 7 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: wV9dsMwQTYk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: application/javascript;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 125
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-va6-1-v051-03143dd3f.edge-va6.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: hv/aV4TMQjI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://adobe.demdex.net/firstevent?d_stuff=1&d_rtbd=json&d_cb=fltk
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C014 0
20 B 49ms
49ms Image
image/gif 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BviiDAGY4ZdL3Ar2ToPMPqv6pyAMAAAAAOAHgBAI&bg=!nZ6lntHNAAao7_3LiO87ADQBe5WfOBH7_SE8I_enTu8_lphcm14jSD6fZFvqcCEy2JkN6wnEhHrOiMBMLDcBLiLfCOX_AgAAAEFSAAAAAmgBB5kDE2ksqla1dGejI6Ao8GIAychz1fxxc_OG_04W6WngQO-zvIyLgCtV1-bmeE2qgD-pGOt8isw8qkQfuVpUrIkEIIlisDUIlOzKWV7mOARmtlnRmOFvsECUu6WRi9JIeyWEuwmtPkzEK6z23PZw2IWlyhQJDJLIN3eN1am13PucICyFot4XeKyKllxj-b8k-vtQM1NUqNmqd37qf44kfFpCjoGsRkdTZZSZYFhPxE0uXzirAJb9NdPnWXGnsgiTZ4K1fbtGQFK1YSmNv9e-6xsXRwj1evU1EFwGXqiB_bKvqHkebIs1789MZi_2Pkb8M997Y0zNjbL3ul1aqJ20N0csZ_u9rJNpnYDeDbS9k4CMVFcF1hXWZYYH54OIITGM2oNYyv5OiCE5t2ftIdYb8hmR_a2zo7bC-azdGwEi3Sk4Rz9y7j3zE5drsy2wuBTmAedOaqw_sCsEwQliHhaSUCMKcYN1EsEOQDqULZPGA32oOC4u1rAtgX6H5IV0HcZr32yAgXPBi_aiPtaTBDktvo460YAaa_dh_UAcyJpZ0ZZoUw9MoSdnOIpmoP19lF4F7M4-idv0s_4pk0-uduatPhRm1N-L0jerIUjz_-3aCuUb6-im7CYfr6j9c_Bmz3KjbaHbTrrXRm-LWtcufnTb-3sxi_jBVvwiUct-bmALHns3H-A2Ib_3IYs3Z-PhhxtwMVwadC79VtUSN_yaiDiFvOIyYsA7b_lw-LgxrAYWTWlwprTIasAKGOFlZy7j1M3lVRqAZ-6Sl9LZvjWEZbjWgRJkVKz39fzafC27i3mgggcQYyAzrXq1bgLx1gU-jnve1f3Zh_gwWxALWpD6ZHhPyYnSUxfGttVEKA3cMcbYB_C2lGZCBWqlRVZfjoTQ9twQPrrmyoCOhHRAY7hSURN8gk0r1UYJVN_nTcA96itKYZzaPTfhjmZJ_kgsn2WIphqgHxzC4DxumFov9RovH7YrqpVrHGVPXe3v5c__EiJsjfRdOGAdA__3NgFdVCR5KuBGiFHjSJTj9IuAuSkQrNoirAjUfzpSFak

Requested by

Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK / Show response
servedby.flashtalking.com/imp/8/115844;4196922;201;js;DV360;DV360FY20CCBEHCustomAffinityCADSKBAN160x600/ Frame 8F1E 2 KB
1 KB 114ms
38ms Script
text/javascript 104.112.1.174
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://servedby.flashtalking.com/imp/8/115844;4196922;201;js;DV360;DV360FY20CCBEHCustomAffinityCADSKBAN160x600/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_ifb=1&ft_domain=ads.ffxiah.com&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fads.ffxiah.com%2F&ft_section=__01918425959712886530824968188822479775&cachebuster=19052.9321332773

Requested by

Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.112.1.174 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-112-1-174.deploy.static.akamaitechnologies.com

Software

prod-xre-app57.ash11 /

Resource Hash

caae78cb10248237676c425612d83ac046c37543d4482a303b3f9d0e256b4ed8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 25 Oct 2023 00:49:04 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=86400
Server: prod-xre-app57.ash11
Vary: Accept-Encoding
Content-Type: text/javascript;charset=ISO-8859-1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 682
Expires: Wed, 25 Oct 2023 00:49:04 GMT

GET
H/1.1 200
OK j-4196922-4449328.js Show response
cdn.flashtalking.com/xre/419/4196922/4449328/js/ Frame 8F1E 54 KB
16 KB 157ms
61ms Script
text/javascript 23.52.160.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/xre/419/4196922/4449328/js/j-4196922-4449328.js
Requested by: Host: servedby.flashtalking.com
URL: https://servedby.flashtalking.com/imp/8/115844;4196922;201;js;DV360;DV360FY20CCBEHCustomAffinityCADSKBAN160x600/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_ifb=1&ft_domain=ads.ffxiah.com&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fads.ffxiah.com%2F&ft_section=__01918425959712886530824968188822479775&cachebuster=19052.9321332773
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.160.99 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-160-99.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: c8556ae42db7b28a405039e78e2f4d8f8de161ffd6d42e878ae8b22de8f118ec

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 26 Sep 2023 22:57:10 GMT
Server: Flashtalking (AKA)
ETag: W/"27a6233604d60122e7611854fa82fdd2"
X-FT-Origin: us
Vary: Accept-Encoding
X-Varnish: 451180270
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=1156
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15437
Expires: Wed, 25 Oct 2023 01:08:20 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4A8B 0
0 50ms
50ms Image
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202310180103&jk=2520063513922080&bg=!j4yljMPNAAaMkNwkrJA7ADQBe5WfOED2zCxz6akLRy7EiQHEc-jTRKaugD7AoxwdpE12ihDI21btRkCzDNgrgXYQ_0NZAgAAAT9SAAAAA2gBBwoAIMgderZMfg5BsZuvCTyxNm8YZcsh2HOpJkRe2hFQcDyQmQLS-TsduOKc1x52BGMwg2GXsaBclnyIvdGCUzelWBznTmIcw2SMTt6wlbI87-8qzxjYH-Oxj5drmI0e6Z-Ufyp4bqbW3P3B8nJ-gihPPvL4-ArhhPnEff4O2dBIkDlVfOyIIkgHGB6bc5kv9hmHO6dH6S3ZKSkKnpLzVr525PSGANovcpf-25tV7xeOzso0OUSDwIOb97LWFGInNIywgvg7pHsTtzvdnR310QZCd-Wb0s39M63P3I81_PqQ3n5KZc95Tt7xMyiVJDQ5-ziK0t0b4D5HBp7GJsPP1B8nYX1iW9TjyQzRMk-EEUVzG75IdE0AIGZw7LNNXLJ6mbqOCUxv3PRvEshYbzAZp5jg6Vq4RG14gsNT00vJ8NHzqgGWBGrDbBq6R46K4j0SDFaaZQNDO6fuXUIWWERZjmi5ztJRt7z7cL8kyQ30yo1B6WT0xQ0w-4afcuE-RUQiVysFjviavsHoQnbPQ7t4I8YNuoGVNH-8riWgAX1FGFUytdDU7E9LgxykmzsQpLQDp9HWJomfdqwN3BEqi7KrWJewutyqKGN4tYB4pTBTjzoVItXCs3BJ2xs_BXwMKybnr_V7YllbMRjUwyKMb5Se56H5tgd0MYaN7p-JmK7d_tJhzWDkYgcNPVez3KXSsiSq4wc2CQF-Pv8jFX6zGprkHQPk3GFdKYgo0yszvPDaWHOB1oS38TPZj9ACGLKzxGpdzi_uzeOePd2MWTRI9vRYGN3z7YNitsLmdqwlXSaeu1WfnbGacw9oblFIPJUzX5cuV7zPw3661f_o9zD0dSqb_vrVHqXKO8rYajC8tSIjBqUsPrMvaHpKnrqPMTZJWh7qInzIg3Fv-iqj0HfXkvMMb4pnQQqLmOuM9GIlpbX-2QguRvr8bBf5avHINl1-3DeJRsQ1GOKCiUwwwssqXaGSt2CsXwRoGMFKPjQL3S5S2CH7UBOgtd7mQpU
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.253.122.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bh-in-f156.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 299C 0
0 51ms
50ms Image
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202310190101&jk=2972598295071746&bg=!7O-l76DNAAaMkNwkrJA7ADQBe5WfOCxrBO2bxGbB7ytk2dgZK-cgXh5bixOeHJIsbfH60LCFnmKpVwBiXF8Un34uvWn_AgAAAT9SAAAABmgBBwoAhYedgTKuquSAWUexQ7gqsCzCbWCVD880kxwbY2aA6KaJwLoRekjM-IegHBUgkJK-MxFbA1YW5YRimaDhQqhg4G0T8aw3Yk6B7ZxQhf6Qgof3sX44R3wbKvCkDWSOi4wLAb1U0WEtbYxacGXg2abp299Su3u3seForFgp78-hmoz8bkSXRDmZAskMmYfk9Yj3kDup96FHxDsHBXJgFIEATApmqoT15J1RJhKNuvuStp8V5H5stufD11_M1G0dVToGXAdv__ixkP1A3bMptT9aGmtFDxObjEMZppgS-tIQg0I-scWlO2cHdyVXh9JzZA6MFORduH-Iad9y6jYSJIs2kjP8zcS8RI_F9vC733y1BK-uBmLi8rNDTevcfFT_z9o4peOl8rPKteCz1ThlYyvdGkXMaoLYuwvQVnmCC61k8yIQQPHhw6hy01PtoPOlUJKR1MesD5sUQbuqHs_j2QiILv6dbIjaMJhqRZb2hap4CEYQzXVejzAwdR4aGsA_gky0TUtqUcBQWpQMG30KZfsI-w74tOtV1hw2GucsTb5P4r5VQuDKHSzN-FC3Jm322JJC6csNvaiCidAePEWq5afyM_9BIEITeYAK_f29JB40W05cF4J9mVz6hFDQz3OVzyXFsL841Z0a_xs7YZ-KxzKRww0takZ4_82_QKZXyJO_JTiBoOVpDXrxhgJv8DamOMZ7mmAnvAqZgIgKeqEQEAQ1gfmBEppMK_Z5qlwypa7SioaAN6g71Gzkdv8UAijLFKpuxFyyc9imEY60O384M6aqN3O_-UYmdF4bD0ERoZxcg86U4I6bnKyMSp9SbQzsJM_1y8sludYeW6OtOvsx5mOgLu9YVo93VhQ-TO2nKxVghKT7x5Rc3v-dD653A2CeNHvlk8fS1Z3SReBNAqo1Jo3vyVSoe2qZKS5tjqZLJgf8Q39DvjeLDjM82HmYqR2doy2RG28Pu-HSUVRLa1PhFYMo0Ake0nmQF0XTFL93oRfQPtqce4HxoITSlu8TrWZEK3bBpGbwzR_BNW2yd1LtO8EiTjaj_ROzNKiXnsswGh4bQHrsIZq8E217iqVm9FwVY-myKkLnctdxbmySde0AFP9QY8fqewEDc7f4doKcyoN8yZQQWw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.253.122.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bh-in-f156.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FE67 42 B
174 B 58ms
57ms Fetch
image/gif 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvLHbcGw2v0uZ5j9hhcNvMO15oiBMxmu7IJYnslSaanOH1z1p_Tx9wc6oosn7ConkEa0Y8j_7tq8R3YdkZhzvZMCYwCGvu4MkYe5J9tbR2MmI87VxlTm1ng-QtpxaEhd0aotRVj6ySF4Q&sai=AMfl-YQd9DrghZ1Ghq4LFFE3iDD1S_Y3629Lo2xys7B2WSz_cPV0926wdyrMM1K-zFs8ZJD_35BiCF4feNldhSM41wXsriOQx5ooLp2XO4RHJ4TyrAyccx8aqCjZ2uKcb_OTENyDgoxKq5Cb9L_ahA&sig=Cg0ArKJSzDkKn-1q_7gqEAE&cid=CAQSTADICaaNZOgzoP_fZLUag2qqAEpCSRWarYk52DVt6SPnXImGTbmMRlX1oDoOpPiXyf0j1rhHNf_uiSCTP46UtBDy0J5sUOP5ZRnCmaIYAQ&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231023&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1741596969&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1698194943689&rpt=153&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200 d9core Show response
d9.flashtalking.com/ Frame 8F1E 11 KB
11 KB 143ms
36ms Script
application/javascript 44.214.196.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://d9.flashtalking.com/d9core
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/xre/419/4196922/4449328/js/j-4196922-4449328.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.214.196.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-214-196-83.compute-1.amazonaws.com
Software: Apache/2.4.52 () OpenSSL/1.0.2k-fips /
Resource Hash: 244d88716a54a9038f21a2a2948d70b2d82caa09bc8ee6cd7999f8d09d556184

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:04 GMT
Server: Apache/2.4.52 () OpenSSL/1.0.2k-fips
ETag: 5bc31bf7d4a298e1bef9d35fce222bfc
Access-Control-Allow-Methods: GET,POST,SERVER
P3P: policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Access-Control-Allow-Origin: d9.flashtalking.com
Content-Type: application/javascript;charset=utf-8
Cache-Control: private, must-revalidate, proxy-revalidate, max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 10814

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 8F1E 9 KB
4 KB 32ms
32ms Script
application/javascript 23.222.5.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=115844&sid=18330&plc=4196922&num=&adid=&advid=&adsrv=29&btreg=4196922&btadsrv=flashtalking&crt=4449328&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=F6806745-FC8C-9F2B-B12C-C95B1F486F8A&auevent=&849462106
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/xre/419/4196922/4449328/js/j-4196922-4449328.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.222.5.79 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-222-5-79.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: a2ad6edbc8f10efbb4f3a2313dc9766201926b44bfb286a264d331630317c495

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:04 GMT
Content-Encoding: gzip
Last-Modified: Sun, 22 Oct 2023 08:27:39 GMT
Server: UploadServer
ETag: "f605396c64de2c7d7d363393d81136bf"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3640
Expires: Wed, 25 Oct 2023 01:04:04 GMT

GET
H/1.1 200
OK 4449328.gif
cdn.flashtalking.com/xre/419/4196922/4449328/image/ Frame 8F1E 90 KB
91 KB 36ms
36ms Image
image/gif 23.52.160.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.flashtalking.com/xre/419/4196922/4449328/image/4449328.gif?734174181
Requested by: Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.160.99 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-160-99.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: db8aa8bb598b83dda40acccb524e128bf1c33c708b938ea92a50bd3119df8567

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:04 GMT
Last-Modified: Mon, 11 Sep 2023 19:27:19 GMT
Server: Flashtalking (AKA)
ETag: W/"08a651427e81bd1caf48ab049d3660dc"
X-FT-Origin: us
X-Varnish: 617186503
Content-Type: image/gif
Cache-Control: max-age=1156
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 92328
Expires: Wed, 25 Oct 2023 01:08:20 GMT

GET
H/1.1 200
OK iconc.png
secure.flashtalking.com/oba/icon/ Frame 8F1E 1 KB
2 KB 121ms
44ms Image
image/png 23.52.160.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
Requested by: Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.160.99 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-160-99.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:05 GMT
Last-Modified: Sat, 12 Apr 2014 19:14:31 GMT
Server: Flashtalking (AKA)
ETag: W/"db320ef6f3c45ab5c90887ef618de2bb"
X-FT-Origin: us
X-Varnish: 115182319 88014371
Content-Type: image/png
Cache-Control: max-age=2161614
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1308
Expires: Sun, 19 Nov 2023 01:15:59 GMT

GET
H/1.1 200
OK dv-measurements4829.js Show response
cdn.doubleverify.com/ Frame C475 421 KB
99 KB 39ms
38ms Script
application/javascript 23.222.5.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements4829.js
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.222.5.79 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-222-5-79.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: 1e4f73af0a5465472a772470bbc453043b88dd8647e1d4e5a07196fe80067dbf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:04 GMT
Content-Encoding: gzip
Last-Modified: Sun, 22 Oct 2023 06:47:28 GMT
Server: UploadServer
ETag: "631ae5e9af684209917bc909141afe82"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 101116
Expires: Thu, 24 Oct 2024 00:49:04 GMT

GET
DATA 200
OK truncated
/ Frame 8F1E 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 554a0fcca86a3cb92c37bf7471db9f8c834efedf21b2ea03f9d30eaeff22e8d1

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK dv-measurements4829.js Show response
cdn.doubleverify.com/ Frame 4E10 421 KB
99 KB 38ms
37ms Script
application/javascript 23.222.5.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements4829.js
Requested by: Host: fr.ffxiah.com
URL: https://fr.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.222.5.79 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-222-5-79.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: 1e4f73af0a5465472a772470bbc453043b88dd8647e1d4e5a07196fe80067dbf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:04 GMT
Content-Encoding: gzip
Last-Modified: Sun, 22 Oct 2023 06:47:28 GMT
Server: UploadServer
ETag: "631ae5e9af684209917bc909141afe82"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 101116
Expires: Thu, 24 Oct 2024 00:49:04 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame C475 694 B
730 B 298ms
56ms Script
text/javascript 34.117.228.201
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=137&ttfrms=26&brid=3&brver=118.0.5993.88&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau25D%5D77I%3A29%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau7C%5D77I%3A29%5D4%40%3ETar9EEADTbpTauTau25D%5D77I%3A29%5D4%40%3ETar9EEADTbpTauTau2_73f554_b64_cc3g5eag44eghh%603h65%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTau25D%5D77I%3A29%5D4%40%3ETau77I%3A29%5D4%40%3ETau8p50%60e_Ie__%5D9E%3E%3D&srcurlD=1&aUrlD=-1&ssl=https:&dfs=1114&ddur=34&uid=1698194945068194&jsCallback=dvCallback_1698194945068180&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F118.0.5993.88%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=600&winw=160&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=4829&tgjsver=4829&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2Fa0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&fcifrms=2&brh=2&dvp_epl=351&noc=4&nav_pltfrm=Win32&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVPX_PP_IMP_ID=ABAjH0iRvJZK9y_EWgnwubAxDKfc&DVP_DBM_1=3060631&DVP_DBM_2=11814982&DVP_DBM_3=35279202&DVP_DBM_4=209893792&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=49809186452&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=1443588226.3673785&ee_dp_sukv=1443588226.3673785&dvp_tukv=26067675767.24946&ee_dp_tukv=26067675767.24946&dvp_strhd=0.3000001907348633&dvpx_strhd=0.3000001907348633&dvp_tuid=846799442869&jurtd=1365504713
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements4829.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 201.228.117.34.bc.googleusercontent.com
Software: /
Resource Hash: c7dc68d292dba9d17814043ac13d67954cd5446dfd27fa63426b1c25f71c8f63

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 25 Oct 2023 00:49:05 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 10/24/2023 00:49:05

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 4E10 2 KB
1 KB 184ms
59ms Script
text/javascript 34.117.228.201
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=223&ttfrms=6&brid=3&brver=118.0.5993.88&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau25D%5D77I%3A29%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau7C%5D77I%3A29%5D4%40%3ETar9EEADTbpTauTau25D%5D77I%3A29%5D4%40%3ETar9EEADTbpTauTau2_73f554_b64_cc3g5eag44eghh%603h65%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTau25D%5D77I%3A29%5D4%40%3ETau77I%3A29%5D4%40%3ETau8p50%60e_Ie__%5D9E%3E%3D&srcurlD=1&aUrlD=-1&ssl=https:&dfs=1114&ddur=34&uid=1698194945187119&jsCallback=dvCallback_1698194945187951&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F118.0.5993.88%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=600&winw=160&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=4829&tgjsver=4829&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2Fa0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&fcifrms=2&brh=2&dvp_epl=351&noc=4&nav_pltfrm=Win32&ctx=1828362&cmp=115844&sid=18330&plc=4196922&crt=4449328&btreg=4196922&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=F6806745-FC8C-9F2B-B12C-C95B1F486F8A&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=1443588226.3673785&ee_dp_sukv=1443588226.3673785&dvp_tukv=659847864.1579198&ee_dp_tukv=659847864.1579198&dvp_strhd=0.10000038146972656&dvpx_strhd=0.10000038146972656&dvp_tuid=11395572716&jurtd=2973613018
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements4829.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 201.228.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 960011740c37770f5316d08d9ab309e9301c09734607a8f59083e606368af83a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 25 Oct 2023 00:49:05 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 10/24/2023 00:49:05

GET
H/1.1 200
OK consumer-privacy-logo.png
secure.flashtalking.com/oba/icon/ Frame 8F1E 6 KB
6 KB 39ms
39ms Image
image/png 23.52.160.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
Requested by: Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.160.99 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-160-99.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: 49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 25 Oct 2023 00:49:05 GMT
Last-Modified: Thu, 11 Feb 2021 15:39:51 GMT
Server: Flashtalking (AKA)
ETag: W/"d675694ab4d4d2eb56cca854c25d9c36"
X-FT-Origin: us
X-Varnish: 977502517 975897158
Content-Type: image/png
Cache-Control: max-age=1161
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5953
Expires: Wed, 25 Oct 2023 01:08:26 GMT

POST
H/1.1 200 lgc Show response
d9.flashtalking.com/ Frame 8F1E 103 B
759 B 91ms
91ms XHR
application/json 44.214.196.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://d9.flashtalking.com/lgc
Requested by: Host: d9.flashtalking.com
URL: https://d9.flashtalking.com/d9core
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.214.196.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-214-196-83.compute-1.amazonaws.com
Software: Apache/2.4.52 () OpenSSL/1.0.2k-fips /
Resource Hash: 4ad11978235d30d3630188823a137db155e59b15a62b00c41cdb2bedf4056103

Request headers

Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Wed, 25 Oct 2023 00:49:04 GMT
Server: Apache/2.4.52 () OpenSSL/1.0.2k-fips
Access-Control-Allow-Methods: GET,POST,SERVER
P3P: policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Access-Control-Allow-Origin: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
Content-Type: application/json;charset=ISO-8859-1
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 103

GET
H/1.1 200
OK /
servedby.flashtalking.com/state/4196922;4449328;0;401;F6806745-FC8C-9F2B-B12C-C95B1F486F8A/ Frame 8F1E 42 B
343 B 33ms
33ms Image
image/gif 104.112.1.174
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://servedby.flashtalking.com/state/4196922;4449328;0;401;F6806745-FC8C-9F2B-B12C-C95B1F486F8A/?ft_data=d9:f373daabf0754bd7a91282ed40785427;d9s:f373daabf0754bd7a91282ed40785427&cachebuster=814837634

Requested by

Host: a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
URL: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.112.1.174 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-112-1-174.deploy.static.akamaitechnologies.com

Software

prod-xre-app38.ash11 /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 25 Oct 2023 00:49:05 GMT
Strict-Transport-Security: max-age=86400
Server: prod-xre-app38.ash11
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 42
Expires: Wed, 25 Oct 2023 00:49:05 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8F1E 42 B
64 B 50ms
49ms Fetch
image/gif 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvlg5iFKJYsr8neMJcdGQKhPr9cfbtvmhFGGSJkcujn2fhQbWAQcCg6WEGrDsvzFxnot9M50Jz4NTKWqL7j78d-MJ5uL0-oQt0S2-vrchBihrh117RUTZZQi7jt2cqc861Tl_UR0H3gGg&sai=AMfl-YS6NzJQ9CIA2ToP8JJkgDn_O8mYWPFhzOmUJ-88lQ8_kcJ2ZAnZYIJWwC6zVKkDXliNoeDGZ0Xizg__LFOjJfSxy7E53Z7S7o4AflICzPrUxosShbX05uL5eWwIvBYrrmsC0ydCOz67gdGq&sig=Cg0ArKJSzHM98WpftPOkEAE&cid=CAQSSwDICaaNKKtBcGXBOBEZz3dnPQimEluN-d2A6VRpL1Jr0tGxrR6IW-iCAnNnCbDlVWPDROf8KmYlXIo-55Omtnzfz5hOU5AZsp7E-BgB&id=lidar2&mcvt=1025&p=0,0,600,160&mtos=1025,1025,1025,1025,1025&tos=1025,0,0,0,0&v=20231023&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=4037978123&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1698194943785&rpt=1256&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F1E 0
20 B 47ms
47ms Ping
image/gif 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8788310969989&version=m202309260101&ct=77&x=1&cor=15026628353361725000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

dc_pre=CIru8JT9j4IDFQcXigMd0_8BQw;src=1295336;type=cs;cat=Viewa0;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;ord=1
adservice.google.com/ddm/fls/z/ Frame 4E10
Redirect Chain

https://ad.doubleclick.net/activity;src=1295336;type=cs;cat=Viewa0;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;ord=1?&cbust=1698194947485289
https://ad.doubleclick.net/activity;dc_pre=CIru8JT9j4IDFQcXigMd0_8BQw;src=1295336;type=cs;cat=Viewa0;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;ord=1?&cbust=1698194947485289
https://adservice.google.com/ddm/fls/z/dc_pre=CIru8JT9j4IDFQcXigMd0_8BQw;src=1295336;type=cs;cat=Viewa0;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;ord=1?&cbust=1698194947485289

42 B
401 B

336ms
93ms

Image
image/gif

142.251.111.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIru8JT9j4IDFQcXigMd0_8BQw;src=1295336;type=cs;cat=Viewa0;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;ord=1?&cbust=1698194947485289

Protocol

Server

142.251.111.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:07 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CIru8JT9j4IDFQcXigMd0_8BQw;src=1295336;type=cs;cat=Viewa0;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;ord=1?&cbust=1698194947485289
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

src=1295336;dc_pre=CPjo8JT9j4IDFSkCigMdtYwH5Q;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u...
adservice.google.com/ddm/fls/z/ Frame 4E10
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_3...
https://ad.doubleclick.net/ddm/activity/src=1295336;dc_pre=CPjo8JT9j4IDFSkCigMdtYwH5Q;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5...
https://adservice.google.com/ddm/fls/z/src=1295336;dc_pre=CPjo8JT9j4IDFSkCigMdtYwH5Q;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5B...

42 B
107 B

340ms
94ms

Image
image/gif

142.251.111.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=1295336;dc_pre=CPjo8JT9j4IDFSkCigMdtYwH5Q;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?%20&cbust=1698194947485517

Protocol

Server

142.251.111.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 25 Oct 2023 00:49:07 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/src=1295336;dc_pre=CPjo8JT9j4IDFSkCigMdtYwH5Q;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=115844;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?%20&cbust=1698194947485517
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content event.png
tpsc-ue1.doubleverify.com/ Frame C475 0
345 B 86ms
45ms Ping
text/plain 34.117.228.201
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tpsc-ue1.doubleverify.com/event.png?impid=aa9bae3736414206a705118ff7d0c509&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&pltm=1&ee_dp_asmm=1&vdur=299&eoid=17&te_exec=0&msrjs=4829&sdf=67108868&vit=2&isvelg=1&rmi=16&tltms=34&tetms=10&msltms=76&vltms=299&sei=289&vetms=4&tuviims=164&tuviems=467&engms=1&engisel=1&dvp_dtcov=4&sim=3&msrcanlm=392&msrcannum=3&ee_dp_tmads=2431&ismms=43&isumms=42&nvr=6&isgmmims=43&isgmv4mims=43&elmtp=6&isbxdms=2342&b0=317&b11=2130&adhgt=600&adwdth=160&norwdth=160&norhgt=600&vsos=5&dvp_vsosnmr=16&lftb=2447&sftb=2447&msrdp=2&naral=128&vct=512&vphgt=1200&vpwdth=1600&chgt=600&cwdth=160&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&isiabvms=1263&isuiabvms=1263&isgmpims=342&isgmv4dpims=1263&ispmxpms=1263&engalms=41&engscrlms=263&dvp_pageEng=true&dvp_dpr=1&vstsz=736&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3328&cbust=1698194948373196
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements4829.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 201.228.117.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
Pragma: no-cache
Date: Wed, 25 Oct 2023 00:49:08 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true, true
Connection: keep-alive
Expires: 2023-10-24T00:49:08

POST
H/1.1 204
No Content event.png
tpsc-ue1.doubleverify.com/ Frame 4E10 0
345 B 134ms
71ms Ping
text/plain 34.117.228.201
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tpsc-ue1.doubleverify.com/event.png?impid=4989f54e0dc1465683bda529ae83a343&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&pltm=1&ee_dp_btreg=4196922&ee_dp_btros_64=0&ee_dp_asmm=1&vdur=185&eoid=16&te_exec=0&msrjs=4829&sdf=67108868&vit=2&isvelg=1&rmi=16&tltms=34&tetms=9&msltms=69&vltms=185&sei=290&vetms=9&tuviims=230&tuviems=424&engms=1&engisel=1&dvp_dtcov=4&sim=3&msrcanlm=456&msrcannum=4&ee_dp_tmads=2302&ismms=22&isumms=21&nvr=6&isgmmims=22&isgmv4mims=22&elmtp=6&isbxdms=2222&b0=100&b11=2226&adhgt=600&adwdth=160&norwdth=160&norhgt=600&vsos=5&dvp_vsosnmr=16&lftb=2326&sftb=2326&msrdp=1&naral=192&vct=512&vphgt=1200&vpwdth=1600&chgt=600&cwdth=160&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&isiabvms=1042&isuiabvms=1042&isgmpims=129&isgmv4dpims=1042&ispmxpms=1042&engalms=21&engscrlms=129&dvp_pageEng=true&dvp_dpr=1&vstsz=1141&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3201&cbust=1698194948383642
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements4829.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 201.228.117.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
Pragma: no-cache
Date: Wed, 25 Oct 2023 00:49:08 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true, true
Connection: keep-alive
Expires: 2023-10-24T00:49:08

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
fr.ffxiah.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: jpd0i2ucmqbvpji07firsp79u0
.ffxiah.com/	1970-01-21 01:04:50	Name: __gads Value: ID=643a16abecda697c:T=1698194943:RT=1698194943:S=ALNI_Mbl-A_kcCktAdkMzSd0OxSmfBieUw
.ffxiah.com/	1970-01-21 01:04:50	Name: __gpi Value: UID=00000d9c59a543cd:T=1698194943:RT=1698194943:S=ALNI_Ma3vM6A_MlIsl9rI2GQnv2EpCHRNQ
.doubleclick.net/	1970-01-21 01:19:14	Name: IDE Value: AHWqTUkvPXUdFcBiBaYqIRlmBjRllmUifoqY24S9vbEI7R3N_B4W158U1qJgPcTS
.agkn.com/	1970-01-21 00:28:50	Name: ab Value: 0001%3AmB%2FR5J13cQoiVV6dZIa05E3hwd0ec2vi
.agkn.com/	1970-01-21 00:28:50	Name: u Value: C\|0EAgsyyKALMsigAAAAAAAAgAsAViNXAIAAC0BB-agAgABAAcAAAAAAdWjCf__HgAAAAAALw4vAAAAABaUya8AAAAADA8WhQAAAAAh9Ad_AA
.doubleclick.net/	1970-01-20 20:02:26	Name: APC Value: AfxxVi62l8w0KLGLATHukBVQ7CID2s0GWM66_pSAQQHVTvrh8mc8Cg
.casalemedia.com/	1970-01-20 17:52:50	Name: CMPS Value: 1292
.adnxs.com/	1970-01-20 17:52:50	Name: anj Value: dTM7k!M41.D>6NRF']wIg2H`bo:%Z%!@wnfH8K6pQK`!5=E<L5?%KHmHo.O_slAeb@o052%uWO778nHCl3$do/%R%nugO%v4VB%nm_u**P@I
.adnxs.com/	1970-01-20 17:52:50	Name: uuid2 Value: 3621614763534596926
.casalemedia.com/	1970-01-21 00:28:50	Name: CMID Value: ZThmAICj8b0FSg.MFEaAKgAA
.casalemedia.com/	1970-01-20 17:52:50	Name: CMPRO Value: 3854
.demdex.net/	1970-01-20 20:02:26	Name: demdex Value: 01918425959712886530824968188822479775
.adobe.demdex.net/	1970-01-20 20:02:26	Name: adobe Value: 01918425959712886530824968188822479775
.flashtalking.com/	1970-01-21 01:12:38	Name: flashtalkingad1 Value: "GUID=577640ECA88C80"
.flashtalking.com/	1970-01-21 00:28:50	Name: _D9J Value: 3c06261c25cf4c30be357d29666973a3

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a0fb7ddc03ec044b8d628cc68991b9ed.safeframe.googlesyndication.com
ad.doubleclick.net
adobe.demdex.net
ads.ffxiah.com
adservice.google.com
ajax.googleapis.com
bd378a5adf7ecbeadafe32fbadd56681.safeframe.googlesyndication.com
cdn-b2.ffxipro.com
cdn.doubleverify.com
cdn.flashtalking.com
cm.g.doubleclick.net
d.agkn.com
d9.flashtalking.com
dsum-sec.casalemedia.com
fr.ffxiah.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
rtb0.doubleverify.com
s0.2mdn.net
secure.flashtalking.com
securepubads.g.doubleclick.net
servedby.flashtalking.com
static.ffxiah.com
tpc.googlesyndication.com
tps.doubleverify.com
tpsc-ue1.doubleverify.com
www.google.com
www.googletagservices.com
104.112.1.174
104.18.26.193
104.21.33.198
142.251.111.155
142.251.16.132
142.251.16.156
142.251.163.132
142.251.163.154
158.69.250.98
172.253.122.149
172.253.122.156
172.253.122.95
172.253.62.149
172.253.62.99
172.253.63.155
23.222.5.79
23.52.160.99
34.117.228.201
44.214.196.83
54.160.99.39
68.67.160.114
99.84.208.113
02df53d394793673f8e3166c3bda210773d7ca3342971844d1f089e5ee72ce15
06aa81f62ca79fba27e2f1a2fa9224a6818a05cf7a7396fba6c12297ac05b04a
08e4ad5c011c15d48768d69b83069d68c284e74b37754e07ba8186950b8d0f48
09107a1465458a977499288512e87adaa5f7f4f492426c9c6a3512d336a8c96d
0b82cbee25704461baa21bcf6bbabad11e8a80d664e8b24eba7c3238bffb8ceb
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bf88dcca00e9858eae851f10ce8abd0a93184c248366ff582c3d60802c94bbf
0e04ffd3a1b7d668885b064866f1801dd96daace1ca9843ce15fb1bea9b3792a
0f48967d8607109e7f091b257aae388393dd4b751f60fbaf1e2c6d0298309531
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
1b89bc5e121609c1ea7536579404ec3e62064f1aed8eecd76809ca26fcd64820
1e4f73af0a5465472a772470bbc453043b88dd8647e1d4e5a07196fe80067dbf
2010238e0246053611fe06eda40490c23a0b15259effcc29078d4dc4cd49bfb1
244d88716a54a9038f21a2a2948d70b2d82caa09bc8ee6cd7999f8d09d556184
265102bb071ac969672e2ff9bfa564479cbf846c3d05b6d039b4fb026f980b8b
28e08ecf2fdb486e785067341cdc8aa0fdc8d2b3a92972cb0c48461bc6b52c60
2953f313f04d1977820ca1a332c2bb7c76aa4c0313c16d0dec37cfd73ae832f0
2e6550ca6c5ca20106cda53ee4781dabfec2750dab8b11211e7259d9cdd3910b
2f705d57f1efdf31bbb9f8f841e1ba312eb38fa81fd3c41cd8e0bc74a5db5a03
3024440ef5bd879be6454acf579de6d80fbace8f0b6b0d77ff41fff457342db8
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328f0490c1cb33e8591121a3137010d723185c7cb296d6e31972a53eecc2ad8b
359c7e9bcc15025028fc35ec624d007417113d392f3aebfb7d629989ae357181
3832f8f7d4dd7ab6bdb2a446bf4e3d9f72d41fd56d056c845139a60f9e4265d2
38d10938a10f0e33bd3573db8ddf0e738f5bb3e02ec218aff2fa0766e8a85031
392810e795ba3482d649e3f16a116a5082de8f869167ab5f1802cf03a2014bd1
39a3c7d6b04b4831a00b92c85004e2d2f17db8e5579a761244385e80e61d3663
3a13573a1b2c472ee5d48e92d169e4bd34e116e9171a4e0085f531f6b8dca598
3a98fe4d4e958523b23c2e683d10cc5f9f011ecf00f8e8cd2f5aa252d00d2850
3e081a9ba7632221e383ac07312b8953fb87f1219329e4b4d43a9f6e4f08eeb2
3f6a0baf7dbbc5ac8a75e413c851d73bb484b8d368f02c28ab08865b98b3b3bb
3fbb25ace81b6a3408e075f931adf7aec7dc6a4655a234a861146ae935e57fae
41f230c1777cd8cc4cd42572c9a8532dc3a5edd2ab0ce9c554a3fead1bbfc46d
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
45edbc85483b4cde24376ffc1a6b93969f8e51cd2e73547f84824c8f54fb79f9
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4951797101135017e064c43f77ba7b1dd180532cf0cd88d6f02cb52d2b1e5ce7
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98
49db66ae1889e3ae58a38124422c4d6648b19cf9f233b12412db9b565b5d85b0
4ad11978235d30d3630188823a137db155e59b15a62b00c41cdb2bedf4056103
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
554a0fcca86a3cb92c37bf7471db9f8c834efedf21b2ea03f9d30eaeff22e8d1
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57af936c40e5a273a71c101ec49bd2e6962cea662bc04a98e496bd1e43783a8f
5aceb9edcea34bb69cbce4ff713f96f5d62f70bbd4bf5ef766bf058bed0fa21c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6282db7dcb04dec66f5b2d0d20ec9f67600ffe524d2fa130fa994762f9bdf2eb
65b4e02ee5f344762605747ba70399c918cabf5d00a87c4750d1211e947ec250
6a18270c33d32c05ab094a6f82f5b765008ea4854068032a2e6af191cddd8fd2
6b0bd30e2f20ed4ba098ebb97cbd3929d6c6461b736d85c60c76baa34cc76b16
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
708701b1d3fc25b42b99e342ca95c57d81018edce2cd1d603165ffc2eb7750cf
72330477adb934690b483fc457e51ee8cd8318b38390bc4322b9c05a4387e468
7311f00e9cc4ab639f9a91936d4946cf4dfb02bc9afc4a42cc95f66521eacc1e
77a8904df780875e356b196bb3c8b55067185b8b42a2b6363875b5ce7eded29e
820082abc59342f47489e47ede1b727d4ea2a258af6752d96d88fd84f2dfe35c
820453ffe11baeec9f6551f77507b816e88dd2dfad8832ce82bdc48c817b9d9c
83b4948264e784579eeac8d462a2ef2049f6c7f7ea9b9466368853b59cb3ea6d
84822498a486d6aeaf029ffc01181e5c249905b26f4e8299cdc06bd6a237d6c0
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8f65a4f441ed0a18b9074dc228e02724a11c0b6bb1fe277ed6a6dd751257bdd1
8f9df2d0663cd1087671e864010ebfaeb85b74aa85a8754e3b563c98c79477ae
960011740c37770f5316d08d9ab309e9301c09734607a8f59083e606368af83a
9671f8be70ad94a5362e60f4656d5d53ba214d32ab70a3f9d1603d7dadf9d1c1
96ac118e8560683883ee01f3e2409acddc6cef9f74710b1073c46d162d572c5d
97be13dc1b4aa63075cce57b157e99216a15e1a03f05fc7791e2c31e40912c80
9b119ba53ff179b102e5bca55b013a9ea5c95753f985225637079294edf736b6
9d341447828796fe3d9c13df41f7e1066f4cb4730571fe61c1bd6ac8df7e82fa
9e1a7cf53dc3664030c5839d00433ffbe60213b9e05f1b7b83e0d97838800197
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0f9fa3bcf3b0b27aa99c44627d532688234de62bd22e8d77dec4293aba4ce6c
a198f092051a356c1e62c1296f628da5732045abafbd974eb7fff157e14ff042
a2ad6edbc8f10efbb4f3a2313dc9766201926b44bfb286a264d331630317c495
a68e054693be4a1d12da204ae67abab74a0c5fe24d97345cb9dfa9da4fcfb26d
a6e3909fb7002fb69091cb9acab3ea585a5436c11d46ac166f0bda1880d377a1
a860e393a22f7cd34a28120e6b5f9bdc433a1eeda614b995c6c22b395afcfbe6
aa3b597c9da82a7154b0d8c5a5642388fa0954f60116934722d488499f244ab9
ac549355cd8d0a62026c1975e67b3a962940b60f6aa98d97ae843a5e2ee8013a
ac9a0f9ff5a0d4bcd738abfdb02f2ae3ab42a919b74e49f1396faccf272b71e2
afecc80369c60a81fb5ef1dc95125f8f602e5a571fea2b2b67ac5df53ac8dc16
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b399f8d30d1ab1461b156b3d6908596436d8c9667c3c5a9d532a4dab5c476c0c
b4931eddbb10292330d2d8b29833a4e56f86475bbea197e0f5256089c75adaba
b4b1f3c5233a55d42fda178b57bd8f10492a77bd93daf35054e144d99b9b7761
b59e0c0d1cf93db01c65f1357aedb1b27cf41998f06af03d1039bb18e83b5f86
b6856a6cf373c7b2da0d4be9454068fc86371d7a5f9c47ffc511915db61c3173
b83a14fe83bbf97fa965c43c7014232f9441aa51b16d5a87a41c8677f1b6ddf0
b9525cf1689e64d66e6f6976db0f3f438a0390479356f50d3b691f09b79e28c2
bcebab95c9c10370f0aa0301bb5f6d7a2f0a6241f5a84e6f14f952fb50c0999e
bdcda5c99c151940034ba1e7b60fc09acbe9907310e7175fadaa40a058896c10
c084c6026ba9ab3c60b5397e4c9d84dbf538eeecc3ba2aa09c658367c68abccb
c30acbe09855d6826349bcae54ae027698a7d08e19bd4348ec914d4b9bfffceb
c35088bb2ca8e6184d4eb8f6d6efa4f189fe8a4a241be1cdded07ff5f12edaf6
c43ddd18aa9399dea283db1a9e12d9b209cc158e4e3901d544bcca4f85a238b1
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c5a6520d925a85e3d43502a6461c57c0be5d0c799bccb11daf24322c2d9bcff9
c5dd5566f6b750cdc235f7881b64d751e355ffae898c7bf3a863a3db197ac213
c7dc68d292dba9d17814043ac13d67954cd5446dfd27fa63426b1c25f71c8f63
c8556ae42db7b28a405039e78e2f4d8f8de161ffd6d42e878ae8b22de8f118ec
caae78cb10248237676c425612d83ac046c37543d4482a303b3f9d0e256b4ed8
cb09c804861e20b0c6868b4a2074fa8d3a8b4482574ceda7b0212f0abd9e6610
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cff2f88fb91e98375fb31702a21673b5fd6e6713215ab7602609c839c270b0b9
d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c
db8aa8bb598b83dda40acccb524e128bf1c33c708b938ea92a50bd3119df8567
de9238a6076601f98a67bf7c628a8847a4856991edb81bbb23d3c0016241a059
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d9ccc01f0db5f8a2931aee0d29705808aa70128450322c229eb12b35abcbaf
e8ddfaeaa07dfa0becc91e5bbbc49fda89f64bc5a24c233831dcde6dadb843d5
ea0a0fa3b7fc80904ee0e96cbcdeb91a2d3ba058d5d0cc926001c357a08f8b11
eb03a9f4eaf794041c7fa3f2f19a660e43474e4cfeae204f5115325a9fba80c3
eb408dc130120ff6da78b123fdf494cbcfb8ce68e4c81910ea8a9e2223aa2026
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
eb9c87cecc7117d87ba99d269f8de005142eb5569bda94836f88831f30c9f0c4
ec3a25a4e89bf0f30ddbed85fe564b7dd2132928aec9b293eff71318048330de
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f03639ff553a6465d4e50348b632f3d169a81f851e38092e8dd88d436ef088d0
f27a3de45c93a746283c29d651bd08d927e0a21f9b13d0a29ca11bd7dea1c6c5
f35d5de98ace816ce6d3333f4512b9bde7978c760dc60acac7220b99deec89a8
f3681081a06654476df54e56b78343bdce6c1ffea076bd33e81e1aeeeeb8c07f
f68fb454001a77bf595748a2e046ebd9e4afc798c5123e09b96b5fc45c497460
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025
f7b29eb2016e70ee3b9c6f8d256f94d25950300b606c554c464e852e5387f36b
fc98d8d52a073f2703fad98da54c576ef1e5d7eccb76424f199677b78b122689
fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

fr.ffxiah.com Open in urlscan Pro 158.69.250.98 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

163 Requests

93 %HTTPS

0 %IPv6

14 Domains

30 Subdomains

22 IPs

3 Countries

2743 kBTransfer

5324 kBSize

16 Cookies

16 Outgoing links

Page URL History

Redirected requests

163 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

fr.ffxiah.com Open in urlscan Pro
158.69.250.98 Public Scan

Screenshot
Live screenshot

Full Image

163
Requests

93 %
HTTPS

0 %
IPv6

14
Domains

30
Subdomains

22
IPs

3
Countries

2743 kB
Transfer

5324 kB
Size

16
Cookies

163 HTTP transactions
3 data transactions