www.ffxiah.com Open in urlscan Pro
158.69.250.98 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.ffxiah.com/
Effective URL:
https://www.ffxiah.com/
Submission: On December 01 via api (December 1st 2023, 4:49:37 am UTC) from US — Scanned from CA

Summary HTTP 165 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 16 IPs in 3 countries across 10 domains to perform 165 HTTP transactions. The main IP is 158.69.250.98, located in Montreal, Canada and belongs to OVH, FR. The main domain is www.ffxiah.com.
TLS certificate: Issued by R3 on November 27th 2023. Valid for: 3 months.

This is the only time www.ffxiah.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 51	158.69.250.98 158.69.250.98	16276 (OVH) (OVH)
2	172.253.63.95 172.253.63.95	15169 (GOOGLE) (GOOGLE)
12	104.21.33.198 104.21.33.198	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	172.253.63.155 172.253.63.155	15169 (GOOGLE) (GOOGLE)
4	172.253.122.155 172.253.122.155	15169 (GOOGLE) (GOOGLE)
4	172.253.62.132 172.253.62.132	15169 (GOOGLE) (GOOGLE)
34	142.251.16.157 142.251.16.157	15169 (GOOGLE) (GOOGLE)
16	142.251.16.132 142.251.16.132	15169 (GOOGLE) (GOOGLE)
6 12	142.251.167.156 142.251.167.156	15169 (GOOGLE) (GOOGLE)
3 7	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	68.67.179.87 68.67.179.87	29990 (ASN-APPNEX) (ASN-APPNEX)
2	142.251.16.99 142.251.16.99	15169 (GOOGLE) (GOOGLE)
17	172.253.62.148 172.253.62.148	15169 (GOOGLE) (GOOGLE)
2 2	172.253.122.100 172.253.122.100	15169 (GOOGLE) (GOOGLE)
1	74.125.0.40 74.125.0.40	15169 (GOOGLE) (GOOGLE)
1	74.125.0.42 74.125.0.42	15169 (GOOGLE) (GOOGLE)
165	16

51 158.69.250.98 (Montreal, Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ns547292.ip-158-69-250.net

www.ffxiah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.ffxiah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.ffxiah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.63.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f95.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.21.33.198 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn-b2.ffxipro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.253.63.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f155.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.253.122.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f155.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.253.62.132 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f132.1e100.net

8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 142.251.16.157 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f157.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.251.16.132 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f132.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.251.167.156 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: ww-in-f156.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.64.151.101 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 68.67.179.87 (North Bergen, United States) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.16.99 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f99.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 172.253.62.148 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f148.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.122.100 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: bh-in-f100.1e100.net

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.0.40 (United States)

ASN15169 (GOOGLE, US)
PTR: yyz10s23-in-f8.1e100.net

r3---sn-tt1e7nls.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.0.42 (United States)

ASN15169 (GOOGLE, US)
PTR: yyz10s23-in-f10.1e100.net

r5---sn-tt1e7nls.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	googlesyndication.com 8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148 ade.googlesyndication.com — Cisco Umbrella Rank: 293	338 KB
51	ffxiah.com 1 redirects www.ffxiah.com static.ffxiah.com ads.ffxiah.com	925 KB
21	2mdn.net 2 redirects s0.2mdn.net — Cisco Umbrella Rank: 300 gcdn.2mdn.net — Cisco Umbrella Rank: 1193 r3---sn-tt1e7nls.c.2mdn.net — Cisco Umbrella Rank: 301702 r5---sn-tt1e7nls.c.2mdn.net — Cisco Umbrella Rank: 302507	820 KB
20	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 515	369 KB
12	ffxipro.com cdn-b2.ffxipro.com	48 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	5 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	5 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	187 KB
2	google.com www.google.com — Cisco Umbrella Rank: 2	2 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 340	88 KB
165	10

	Domain	Requested by
45	static.ffxiah.com	www.ffxiah.com static.ffxiah.com
34	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com s0.2mdn.net www.googletagservices.com
17	s0.2mdn.net	www.ffxiah.com s0.2mdn.net
16	tpc.googlesyndication.com	securepubads.g.doubleclick.net 8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com tpc.googlesyndication.com www.ffxiah.com a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com s0.2mdn.net
12	cdn-b2.ffxipro.com	www.ffxiah.com
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
4	googleads4.g.doubleclick.net	www.ffxiah.com
4	googleads.g.doubleclick.net	8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com pagead2.googlesyndication.com a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com
4	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
4	www.googletagservices.com	ads.ffxiah.com 8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com
4	www.ffxiah.com	1 redirects www.ffxiah.com
2	ade.googlesyndication.com
2	gcdn.2mdn.net	2 redirects
2	www.google.com	tpc.googlesyndication.com
2	a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	ads.ffxiah.com	www.ffxiah.com
2	ajax.googleapis.com	www.ffxiah.com
1	r5---sn-tt1e7nls.c.2mdn.net
1	r3---sn-tt1e7nls.c.2mdn.net
165	22

This site contains links to these domains. Also see Links.

Domain
discordapp.com
www.bg-wiki.com
www.discordapp.com
www.ffxidb.com
www.ffxivpro.com
www.guildwork.com
www.windower.net
jp.ffxiah.com
de.ffxiah.com
fr.ffxiah.com
www.playonline.com
forum.square-enix.com
sqex.to

Subject Issuer	Validity	Valid
*.ffxiah.com R3	`2023-11-27` - `2024-02-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
ffxipro.com E1	`2023-10-19` - `2024-01-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh

This page contains 19 frames:

Primary Page: https://www.ffxiah.com/
Frame ID: 4B9D3168ED7C477B8C8B72BA78B91C63
Requests: 63 HTTP requests in this frame

Frame: https://ads.ffxiah.com/ffxiah.com/gAd_728x90.html
Frame ID: A07F448968E7CFC6CEB003B88563B427
Requests: 7 HTTP requests in this frame

Frame: https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html
Frame ID: C53A271C5D165E18E0727290ACA981A8
Requests: 7 HTTP requests in this frame

Frame: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 193FF5C7A574CC45B1BF71D86D618E0A
Requests: 1 HTTP requests in this frame

Frame: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: B27142C77A72ED189E86164072A05C0C
Requests: 1 HTTP requests in this frame

Frame: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: B5BE945A9B1D0D162F89ECE06B8558DB
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjKg5j9ATAB&v=APEucNUFCYu-5-qO1B1ms4fkWka1ywSNL3lq4k0aG0MWlfXDpeg5EA3GiZ6myVSL7e0zkQhV5eXOkm95Dycv5XkwP7g_cC6n0g
Frame ID: FE707CF248409C84A6C46E6672317839
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 71D2A09B750B34B0E467AFC46963D42E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B3B785A3F4AA82CA52AD807B10D64098
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 91852F9337BA143761175F47CAC7ADB7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D243C7D3DEFBA4AF22D82A32099691DB
Requests: 2 HTTP requests in this frame

Frame: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 012184312EC5E2E773728761B3F485BA
Requests: 20 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 7B73AD9FE32E8823D7E21B90AB69B893
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhii0Yj9ATAB&v=APEucNUy6Ar5CS2NCqoiDu5p8q0nkXxlLRF8efbxmmEeDABv_xETfULqkOz90OgYe-WeBYzf6RovKYUsuO2yghKseduZ704NUA
Frame ID: E7F05BF5B013821D615E9797F71D9F0E
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/1692609877992151298/index.html?e=69&leftOffset=0&topOffset=0&c=E4LQdalPTp&t=1&renderingType=2&ev=01_250
Frame ID: B1DF4A7334A0E90909CE66D7912CBA9D
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 8F116A62300328FE8AFDE9FF30E24DA0
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5757561835950501153/index.html?e=69&leftOffset=0&topOffset=0&c=Ws2fDvuSOc&t=1&renderingType=2&ev=01_250
Frame ID: EE7E5705F9283C4254CA05C9E406B7FE
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Frame ID: 492E27FFAE0760FFFCBEFEF30B2B3103
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Frame ID: 4981C29E55344BED906F97582E60EB24
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FFXIAH.com

Page URL History Show full URLs

http://www.ffxiah.com/ HTTP 302
https://www.ffxiah.com/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

165
Requests

94 %
HTTPS

0 %
IPv6

10
Domains

22
Subdomains

16
IPs

3
Countries

2779 kB
Transfer

5216 kB
Size

10
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://discordapp.com/invite/0bUAApcl86UNdbI7?username=
Title: Chat

Search URL Search Domain Scan URL

URL: http://www.bg-wiki.com/
Title: BG Wiki

Search URL Search Domain Scan URL

URL: https://www.discordapp.com/
Title: Discord

Search URL Search Domain Scan URL

URL: http://www.ffxidb.com/
Title: FFXIDB

Search URL Search Domain Scan URL

URL: https://www.ffxivpro.com/
Title: FFXIVPro

Search URL Search Domain Scan URL

URL: http://www.guildwork.com/
Title: Guildwork

Search URL Search Domain Scan URL

URL: http://www.windower.net/
Title: Windower

Search URL Search Domain Scan URL

URL: https://jp.ffxiah.com/
Title: JP

Search URL Search Domain Scan URL

URL: https://de.ffxiah.com/
Title: DE

Search URL Search Domain Scan URL

URL: https://fr.ffxiah.com/
Title: FR

Search URL Search Domain Scan URL

URL: http://www.playonline.com/pcd/topics/ff11us/detail/21025/detail.html

Search URL Search Domain Scan URL

URL: http://forum.square-enix.com/ffxi/threads/38761?p=482612&viewfull=1&_gl=1*186ndyp*_gcl_au*MTg3ODcxODc4Ni4xNjk3NTA2MDk3&_ga=2.177408421.1425756399.1700639946-1016275474.1686037765#post482612
Title: Read on

Search URL Search Domain Scan URL

URL: http://www.playonline.com/pcd/topics/ff11us/detail/20964/detail.html

Search URL Search Domain Scan URL

URL: http://www.playonline.com/ff11us/campaign/login/login125.html
Title: Read on

Search URL Search Domain Scan URL

URL: https://sqex.to/M5Xhv

Search URL Search Domain Scan URL

URL: https://forum.square-enix.com/ffxi/threads/61239

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.ffxiah.com/ HTTP 302
https://www.ffxiah.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 84

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1

Request Chain 85

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWll3OhuUVZ8yzGXOyg3ewAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1

Request Chain 86

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOGMRojXEHFka3YWWbDFWfU&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOGMRojXEHFka3YWWbDFWfU%26google_cver%3D1

Request Chain 87

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MDYwNDIzNDEwMDAyMzYwNA%3D%3D

Request Chain 116

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1

Request Chain 117

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWll3OhuUVZ8yzGXOyg3ewAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1

Request Chain 118

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOGMRojXEHFka3YWWbDFWfU&google_cver=1

Request Chain 119

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDA3ODY1NzMwMDE3NDQ3NTA4MQ%3D%3D

Request Chain 140

https://gcdn.2mdn.net/videoplayback/id/41f3ef6e225da1c2/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942172/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/3A2D16CC10AB47CFAE9F25EE20BCD1BB58AFB182.6D5CE74F558EEA9A424AFACC8C458D38DFDB3BEB/key/ck2/file/file.mp4 HTTP 302
https://r3---sn-tt1e7nls.c.2mdn.net/videoplayback/id/41f3ef6e225da1c2/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942172/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/12CFFC59EC5287A28AB31D84A4CFAFF30F7F1EF5.7901C0540F309719A8195E99103B0EEFEEB25C12/key/cms1/cms_redirect/yes/mh/ZG/mip/153.92.40.66/mm/42/mn/sn-tt1e7nls/ms/onc/mt/1701405869/mv/m/mvi/3/pl/25/file/file.mp4

Request Chain 155

https://gcdn.2mdn.net/videoplayback/id/64eecf67e1a93b98/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942173/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/28DDBDD5AF1637B81D68D049E33739866FCA41C8.51F1F51AD5E377E102878952C353E68F491873C6/key/ck2/file/file.mp4 HTTP 302
https://r5---sn-tt1e7nls.c.2mdn.net/videoplayback/id/64eecf67e1a93b98/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942173/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/28A092BDAE4DA5A8D3A8F30D10B5E2FA6CB12D6E.4D33E473F4493B7D891C84CF9700AF452E115A7A/key/cms1/cms_redirect/yes/mh/sD/mip/153.92.40.66/mm/42/mn/sn-tt1e7nls/ms/onc/mt/1701405869/mv/m/mvi/5/pl/25/file/file.mp4

165 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.ffxiah.com/
Redirect Chain

http://www.ffxiah.com/
https://www.ffxiah.com/

86 KB
15 KB

155ms
99ms

Document
text/html

158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 168000b77c1c0a48920d1bf454369c68e6b4eb4a250bd9bcb3ed8c121c75217a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 01 Dec 2023 04:49:31 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked
X-No-Cache: Y

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Fri, 01 Dec 2023 04:49:31 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: https://www.ffxiah.com/
Pragma: no-cache
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked
X-No-Cache: Y

GET
H/1.1 200
OK main-bundle.v1665767188.css
static.ffxiah.com/css/ 220 KB
221 KB 106ms
43ms Stylesheet
text/css 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/css/main-bundle.v1665767188.css
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b4931eddbb10292330d2d8b29833a4e56f86475bbea197e0f5256089c75adaba

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 14 Oct 2022 17:06:28 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63499714-371e1"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 225761
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK index.v1608652921.css
static.ffxiah.com/css/ffxi/app/ 1 KB
2 KB 89ms
26ms Stylesheet
text/css 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/css/ffxi/app/index.v1608652921.css
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c30acbe09855d6826349bcae54ae027698a7d08e19bd4348ec914d4b9bfffceb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 14 Oct 2022 17:06:16 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63499708-595"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1429
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.0.0/ 81 KB
29 KB 156ms
65ms Script
text/javascript 172.253.63.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.0.0/jquery.min.js

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f95.1e100.net

Software

sffe /

Resource Hash

d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 15:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 393109
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29195
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2024 15:37:42 GMT

GET
H2 200 jquery-ui.min.js Show response
ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/ 223 KB
60 KB 129ms
38ms Script
text/javascript 172.253.63.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f95.1e100.net

Software

sffe /

Resource Hash

9671f8be70ad94a5362e60f4656d5d53ba214d32ab70a3f9d1603d7dadf9d1c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 13:19:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 401372
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60529
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2024 13:19:59 GMT

GET
H/1.1 200
OK sockjs-0.3.min.js Show response
www.ffxiah.com/js/vendor/ 32 KB
32 KB 33ms
32ms Script
application/javascript 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ffxiah.com/js/vendor/sockjs-0.3.min.js
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 328f0490c1cb33e8591121a3137010d723185c7cb296d6e31972a53eecc2ad8b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 14 Oct 2022 17:05:57 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "634996f5-7e95"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32405
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK main-bundle.v1665767188.js Show response
static.ffxiah.com/js/ 226 KB
227 KB 106ms
44ms Script
application/javascript 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/js/main-bundle.v1665767188.js
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a68e054693be4a1d12da204ae67abab74a0c5fe24d97345cb9dfa9da4fcfb26d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 14 Oct 2022 17:06:28 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63499714-388c6"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 231622
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK AH.v1608652921.js Show response
static.ffxiah.com/js/lib/ 13 KB
13 KB 95ms
33ms Script
application/javascript 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/js/lib/AH.v1608652921.js
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b83a14fe83bbf97fa965c43c7014232f9441aa51b16d5a87a41c8677f1b6ddf0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 14 Oct 2022 17:06:10 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63499702-333b"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13115
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK index.v1608652921.js Show response
static.ffxiah.com/js/ffxi/app/ 2 KB
2 KB 88ms
26ms Script
application/javascript 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/js/ffxi/app/index.v1608652921.js
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 392810e795ba3482d649e3f16a116a5082de8f869167ab5f1802cf03a2014bd1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 14 Oct 2022 17:05:42 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "634996e6-880"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2176
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK FFXIAH_top_2.jpg
static.ffxiah.com/images/ffxiah/ 33 KB
34 KB 105ms
44ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/ffxiah/FFXIAH_top_2.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3a98fe4d4e958523b23c2e683d10cc5f9f011ecf00f8e8cd2f5aa252d00d2850

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Wed, 01 Jan 2020 23:45:13 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2f09-84f6"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 34038
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK ffxivprobox.jpg
static.ffxiah.com/images/ 2 KB
2 KB 31ms
30ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/ffxivprobox.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 77a8904df780875e356b196bb3c8b55067185b8b42a2b6363875b5ce7eded29e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Wed, 01 Jan 2020 23:45:56 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2f34-84c"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2124
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK guildwork-logo-120.png
static.ffxiah.com/images/ 6 KB
6 KB 30ms
28ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/guildwork-logo-120.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b4b1f3c5233a55d42fda178b57bd8f10492a77bd93daf35054e144d99b9b7761

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Wed, 01 Jan 2020 23:45:56 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2f34-1789"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6025
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 21028.jpg
static.ffxiah.com/images/polnews/ 26 KB
26 KB 31ms
30ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/21028.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 864b879364dd7e794d316365d8ce8348860acd7cfdd6e58d6ca17fc37d2a9171

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 01 Dec 2023 04:45:02 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "656964ce-6800"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 26624
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK spacer.gif
static.ffxiah.com/images/polnews/ 43 B
361 B 26ms
26ms Image
image/gif 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/spacer.gif
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 01 Dec 2023 04:45:07 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "656964d3-2b"
Content-Type: image/gif
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 21025.jpg
static.ffxiah.com/images/polnews/ 35 KB
35 KB 34ms
33ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/21025.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2a9e99afc921593b294f7f2d12cc3c851b80ae7511deeb8354b12629fc932e44

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 01 Dec 2023 04:45:02 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "656964ce-8c00"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35840
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 21009.jpg
static.ffxiah.com/images/polnews/ 55 KB
55 KB 29ms
29ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/21009.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 1a2be098a151c2d2472fa52dbafd1b3e7c6549708c5bcb596d4eb58f00991101

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 01 Dec 2023 04:45:02 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "656964ce-dc00"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 56320
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 21006.jpg
static.ffxiah.com/images/polnews/ 35 KB
35 KB 33ms
26ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/21006.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 4e082f9a66b047b072d5bb6ac07d0ea007ebcdd6258d706084e9ce4b496801b2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 01 Dec 2023 04:45:02 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "656964ce-8c00"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35840
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 20964.jpg
static.ffxiah.com/images/polnews/ 40 KB
40 KB 37ms
30ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/20964.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a9027b40f692e2db0c712a6c7a94e83e76e90ef01438b1f1627ba37695849f91

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 01 Dec 2023 04:45:02 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "656964ce-a000"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 40960
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 20949.jpg
static.ffxiah.com/images/polnews/ 30 KB
30 KB 33ms
27ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/20949.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a2198d66fa644d6fa9958bec0e99792366bd06afa074594b788e76cd27a6f042

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 01 Dec 2023 04:45:02 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "656964ce-7800"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30720
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 20951.jpg
static.ffxiah.com/images/polnews/ 75 KB
75 KB 39ms
33ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/20951.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 5190177518baa8261d3dfe414359909403696a1a7f50d3dbf7e63840030adeb9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 01 Dec 2023 04:45:02 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "656964ce-12c00"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 76800
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 20946.jpg
static.ffxiah.com/images/polnews/ 24 KB
24 KB 40ms
34ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/20946.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 43bef3a32b943fef4cd3f077b6fa0cdde39d43bad337ae248166de1ae2d05d42

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Fri, 01 Dec 2023 04:45:03 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "656964cf-6000"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 24576
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 26359.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 26ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/26359.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 9ce649755ae3d29428d4c1bbe31f7827a90adfbe3bf835953de981ac9b44b147

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-581"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1409
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 2488.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 27ms
27ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/2488.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f27a3de45c93a746283c29d651bd08d927e0a21f9b13d0a29ca11bd7dea1c6c5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-523"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1315
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 26867.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 102ms
30ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/26867.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b3293f7240af471b5da6ce1bff979760ec98218888b03e43da162852ff16cb8f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:32 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-525"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1317
Expires: Mon, 25 Nov 2024 04:49:32 GMT

GET
H/1.1 200
OK 4060.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 61ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/4060.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6282db7dcb04dec66f5b2d0d20ec9f67600ffe524d2fa130fa994762f9bdf2eb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-524"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1316
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 4061.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 82ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/4061.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 84822498a486d6aeaf029ffc01181e5c249905b26f4e8299cdc06bd6a237d6c0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-4bc"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1212
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 489.png
static.ffxiah.com/images/mini-icons/ 857 B
1 KB 75ms
25ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/489.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 117d4b2f7a60f95417e38a06a7579164258b72be6ed701e7b75d39d6ce5d0879

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:24 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbc-359"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 857
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 26214.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 34ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/26214.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 8d2732434196037afa3ddcc0497ab1ca688331c8ab3e54f3c3eb08fd257fd2a4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-55b"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1371
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 3509.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 72ms
27ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/3509.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 65b4e02ee5f344762605747ba70399c918cabf5d00a87c4750d1211e947ec250

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-423"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1059
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 9875.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 87ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/9875.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3a13573a1b2c472ee5d48e92d169e4bd34e116e9171a4e0085f531f6b8dca598

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:24 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbc-4b9"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1209
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 26221.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 108ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/26221.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 860c11bbc5156902ec680d9fbfd22c0efeddd92a3702e4b282a04a2e74d7d8d1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:32 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-564"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1380
Expires: Mon, 25 Nov 2024 04:49:32 GMT

GET
H/1.1 200
OK 17440.png
static.ffxiah.com/images/mini-icons/ 907 B
1 KB 70ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/17440.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 39a3c7d6b04b4831a00b92c85004e2d2f17db8e5579a761244385e80e61d3663

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:22 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dba-38b"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 907
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 145.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 56ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/145.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: cb09c804861e20b0c6868b4a2074fa8d3a8b4482574ceda7b0212f0abd9e6610

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:21 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7db9-4e8"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1256
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 21581.png
static.ffxiah.com/images/mini-icons/ 965 B
1 KB 99ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/21581.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: aa3b597c9da82a7154b0d8c5a5642388fa0954f60116934722d488499f244ab9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:32 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:22 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dba-3c5"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 965
Expires: Mon, 25 Nov 2024 04:49:32 GMT

GET
H/1.1 200
OK 4059.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 101ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/4059.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 982cb597efd3459628548f6b4c867cf0f4f2735e92dae36a73834209b65f60b9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:32 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-549"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1353
Expires: Mon, 25 Nov 2024 04:49:32 GMT

GET
H/1.1 200
OK 2302.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 29ms
27ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/2302.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 13d6dd6c88a3946b2d95cb67eca016a25253d0b54a6fd2da9de03d5a0877de9a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:22 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dba-4b7"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1207
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 3499.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 42ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/3499.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 4e3906d8dc79180448f00eef6b79c92db81c213c574780a6614dcdb3d739e9d1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-4ac"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1196
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 26033.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 127ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/26033.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 84acd925830f07c4a2cdccb13e10dd109e508d45a3bbe9c8eae56584a063ba7c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:32 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-4c5"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1221
Expires: Mon, 25 Nov 2024 04:49:32 GMT

GET
H/1.1 200
OK 1450.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 113ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/1450.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f03639ff553a6465d4e50348b632f3d169a81f851e38092e8dd88d436ef088d0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:32 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:21 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7db9-4ee"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1262
Expires: Mon, 25 Nov 2024 04:49:32 GMT

GET
H/1.1 200
OK 9543.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 44ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/9543.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 83b4948264e784579eeac8d462a2ef2049f6c7f7ea9b9466368853b59cb3ea6d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:24 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbc-541"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1345
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 8798.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 126ms
27ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/8798.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: cff2f88fb91e98375fb31702a21673b5fd6e6713215ab7602609c839c270b0b9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:32 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:24 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbc-4b8"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1208
Expires: Mon, 25 Nov 2024 04:49:32 GMT

GET
H/1.1 200
OK 9539.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 100ms
27ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/9539.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c084c6026ba9ab3c60b5397e4c9d84dbf538eeecc3ba2aa09c658367c68abccb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:32 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:24 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbc-54b"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1355
Expires: Mon, 25 Nov 2024 04:49:32 GMT

GET
H2 200 0be7c6e5ef7088703816e10ae0e806df.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 6 KB
6 KB 110ms
56ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/0be7c6e5ef7088703816e10ae0e806df.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90c6bc2c1f4635cb34e0c1e8555f47656ba4771964b53311d18ea06db9515689

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f11825eaf2d93dde4_d20231123_m065833_c000_v0001057_t0029_u01700722713823
age: 561966
x-bz-content-sha1: unverified:473cc13f7cd5e7c0adce4053fd97f4b898706960
x-bz-file-name: images/ss/sqtn/0be7c6e5ef7088703816e10ae0e806df.jpg
alt-svc: h3=":443"; ma=86400
content-length: 5788
x-bz-upload-timestamp: 1700722713823
last-modified: Thu, 23 Nov 2023 09:42:26 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PlirI4cSa9hXpDevYcY5n%2FEwX7qPOe4yTRElH7wBHzyLy5ZjD2tNODaMuGuTtFBnQE1FHYYObI8CG2gq5UWdV7U8TPf%2FQEsialavRXb6b8H20qWjKrVulu0hlaJq1b8I2FTE%2Bkk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 82e8b43ebe9fa252-YYZ

GET
H2 200 f7b0a998d3b0cd0fc9f0e49bd9428a4e.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 5 KB
5 KB 105ms
51ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/f7b0a998d3b0cd0fc9f0e49bd9428a4e.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 960da6ca352f948b7050955e9c07a5a77dede92a4d045227339f53f5ffeeef49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f10190f7ba382d319_d20231116_m160831_c000_v0001400_t0023_u01700150911129
age: 235453
x-bz-content-sha1: unverified:43828bad5a42182af9af7cf0900fb1b27606d932
x-bz-file-name: images/ss/sqtn/f7b0a998d3b0cd0fc9f0e49bd9428a4e.jpg
alt-svc: h3=":443"; ma=86400
content-length: 5022
x-bz-upload-timestamp: 1700150911129
last-modified: Thu, 23 Nov 2023 16:19:30 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJVFVGEzYu2KJsghFaQosdnI36wcgP6NiY0llVtRQLtcKBmhr%2Bqt3fSx%2FtORPkT%2FRsTp03nmQoyKVUJaJS6j%2Bq9X4jGKMgFZ4qkXC48yrMCZBSt15F1Dnfm9ZOLMRzDDNdCO7Mk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 82e8b43ebe9da252-YYZ

GET
H2 200 79b6423c59b0dbc3488b6b3624febb58.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 4 KB
5 KB 107ms
53ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/79b6423c59b0dbc3488b6b3624febb58.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 594a09c7bc2aecfd1cd47e647919682eef7f82f10093150903bc54ed3feb26b7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f117e4681b9571806_d20231113_m025144_c000_v0001067_t0011_u01699843904954
age: 227046
x-bz-content-sha1: unverified:dc9f8e38f01c865573f322c9c167fc9b8e9dd664
x-bz-file-name: images/ss/sqtn/79b6423c59b0dbc3488b6b3624febb58.jpg
alt-svc: h3=":443"; ma=86400
content-length: 4131
x-bz-upload-timestamp: 1699843904954
last-modified: Tue, 28 Nov 2023 13:45:25 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RzOz3TicMCf5D1Nfq%2BVNO%2Bz1Z%2BeQR%2F9wrysNNJmpwk%2Bplax3H%2BnA5I%2BE171HneA%2BTSW6PAbEA9QOzVqVo6G1l%2BdNUFPnV3GM0zsEM6%2BSVueruNbasVjNShw1HJWErh6DpPrGW3w%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 82e8b43ebe9ca252-YYZ

GET
H2 200 1518bdc33e116a25ee48b9d0a56ab9c7.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 3 KB
4 KB 111ms
57ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/1518bdc33e116a25ee48b9d0a56ab9c7.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e20381716ab6965b04f4f00715ed3a59f4ddc1b033d5ca9e20327bf88e6de45e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f1005dee8e6f20f32_d20231110_m073857_c000_v0001088_t0011_u01699601937389
age: 579802
x-bz-content-sha1: unverified:c730ab8c97a07fd905a262d65c1e58b5098b04ed
x-bz-file-name: images/ss/sqtn/1518bdc33e116a25ee48b9d0a56ab9c7.jpg
alt-svc: h3=":443"; ma=86400
content-length: 3346
x-bz-upload-timestamp: 1699601937389
last-modified: Fri, 17 Nov 2023 11:02:32 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qQrKUI1XwacTToh9%2B4sFijWZC3X%2BF7yVBRzS0KeelhXM0BQSisqS2jPLgXMcxAR49xUp65ogFzYe4JHWi1SsF79XAd8NAVvAbHV58QLf%2BliePoePhDJ2cantPQ0E1855ARPiDtM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 82e8b43ebea0a252-YYZ

GET
H2 200 e2d1ff584541f9916cf17e34da99697a.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 2 KB
3 KB 54ms
27ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/e2d1ff584541f9916cf17e34da99697a.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5dd63f7c69eb1e1a521f7eb9d40265c948eeccbc922b1b4a8d7a5f0c26309cf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f1194f0a4561b8764_d20231107_m195819_c000_v0001401_t0011_u01699387099507
age: 62875
x-bz-content-sha1: unverified:6d5881f4b989c9ea2287f2b3b7f94150a3906706
x-bz-file-name: images/ss/sqtn/e2d1ff584541f9916cf17e34da99697a.jpg
alt-svc: h3=":443"; ma=86400
content-length: 2102
x-bz-upload-timestamp: 1699387099507
last-modified: Thu, 30 Nov 2023 10:26:19 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2FcM9W%2BP4Gvq6TG%2BCXK0jWXbtSgGjhc3jsSVaEFKCEwW89L7evQH%2FtKH%2FJudaPSd7MxFOEWdwTxAAxUa85wrnQa9Fp4i8YGIuvjNOWJOjvt%2B9W7aVBZkCDvmaE4ff%2F6GyGXR6A8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 82e8b43eae86a252-YYZ

GET
H2 200 f0ae79edeed14cf45fe00bbb463ad1b7.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 3 KB
4 KB 62ms
46ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/f0ae79edeed14cf45fe00bbb463ad1b7.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c15d2ac4db3f019a45835d2f8fcf5a3644779185181f7fe0b6080568ee63906e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f1102327508401849_d20231105_m184216_c000_v0001059_t0042_u01699209735999
age: 358989
x-bz-content-sha1: unverified:c331d632e14bfd1ae9054033af3bff094704f94c
x-bz-file-name: images/ss/sqtn/f0ae79edeed14cf45fe00bbb463ad1b7.jpg
alt-svc: h3=":443"; ma=86400
content-length: 3027
x-bz-upload-timestamp: 1699209735999
last-modified: Sat, 25 Nov 2023 17:31:00 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LwU9DR0PSyF%2BKdPYaAKiZEJdnKpfe%2F91kYA7Brwx3Ko8ha0kywxI1wGUty%2B%2FWUKcyKkXQpfDpFrfzqU2F7%2FCEx1LePKwcT0qk0HvavHyZTj50XdY9CH1aYvtEJ6vsHWMm05jp%2Fc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 82e8b43eae89a252-YYZ

GET
H2 200 ca440a0e638aeed3959b0d95fb25631e.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 4 KB
4 KB 44ms
28ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ca440a0e638aeed3959b0d95fb25631e.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a0466388eb44d3be3f3ad7853bae037a0fa2d52bbf07ee02c8c41127aee0124

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f111f4582bfaab86e_d20231105_m012455_c000_v0001075_t0028_u01699147495468
age: 356596
x-bz-content-sha1: unverified:30d41f3930b960c45f68a3cd9fe4b42b2fa758c1
x-bz-file-name: images/ss/sqtn/ca440a0e638aeed3959b0d95fb25631e.jpg
alt-svc: h3=":443"; ma=86400
content-length: 4095
x-bz-upload-timestamp: 1699147495468
last-modified: Mon, 20 Nov 2023 15:29:23 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bDjGIizEAFWerjCn6NA1StfZ%2BtdJq%2Fjz2PEtTkZiJ%2FblomXPdiLxMDyvvssVgVyqjjNhqsnuGu6e88IPdfhC4%2FJEgwUXNi0zLhe8KCxiG6%2FeDkH0ilEKU6hBlvLtQ6AI28nWqB4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 82e8b43eae84a252-YYZ

GET
H2 200 a3907793f015c545d4f6da4de41cdbfe.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 6 KB
6 KB 48ms
32ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/a3907793f015c545d4f6da4de41cdbfe.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2322829258c6cd7abadb484fb0460676b79f0a84cde8262f04b278cb685a26f6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f111993d5496c0e60_d20231103_m233413_c000_v0001078_t0012_u01699054453017
age: 52753
x-bz-content-sha1: unverified:3dd2e067688052ba07fb1bb7dff201e794067177
x-bz-file-name: images/ss/sqtn/a3907793f015c545d4f6da4de41cdbfe.jpg
alt-svc: h3=":443"; ma=86400
content-length: 5679
x-bz-upload-timestamp: 1699054453017
last-modified: Wed, 29 Nov 2023 14:48:51 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2FAxD3RuO8RH%2FdzEPllJRvn5QuA5rmwGVcWMVVhuU%2FceWo9BHNyrfVYKKIeAB7sl4hwWnJqfIoQlsbCVrKSMbFu4snK962Byh2VHdJVA6QL03bcR4k53PUpn%2B9yFtIdNCNfpdsU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 82e8b43eae81a252-YYZ

GET
H2 200 3306b5bce841ff745d1b7ec1c613ad80.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 2 KB
3 KB 67ms
50ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/3306b5bce841ff745d1b7ec1c613ad80.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1234d25b9f9921cbf0a7dadb25d8ba39f9525b6d95994a0ac6fe5a8c2f6bff3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f11525e532a5e5f1e_d20231103_m072647_c000_v0001089_t0023_u01698996407414
age: 69772
x-bz-content-sha1: unverified:dd78bfd0cc277973f8a46c9f3d5381ca3e35861e
x-bz-file-name: images/ss/sqtn/3306b5bce841ff745d1b7ec1c613ad80.jpg
alt-svc: h3=":443"; ma=86400
content-length: 2440
x-bz-upload-timestamp: 1698996407414
last-modified: Sun, 26 Nov 2023 19:43:53 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CF4QHGL42ZIZYLpcOWwFUFxf5g2RvPV1t3GE9nzE%2Fj%2B1WofK156bud0jqqys2%2BduNC7U81AI7sNWkv0fBnNn6jq%2Bvu5kdew5aomAcru%2BWzZ7ueULwkbslrZx5bEEcoegNPX2urI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 82e8b43eae80a252-YYZ

GET
H2 200 70b17cac37d88b210f1fc6b7f9e71874.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 4 KB
4 KB 64ms
48ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/70b17cac37d88b210f1fc6b7f9e71874.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12e2b54e646b8aaa809adc2022cf17c2c16874b9a60b4e412cd572cd38e5cc2d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f106658cba760ec28_d20231103_m041258_c000_v0001081_t0016_u01698984778553
age: 235453
x-bz-content-sha1: unverified:f255d3be8edcb2dff12f1b91a03ad968b914f7bb
x-bz-file-name: images/ss/sqtn/70b17cac37d88b210f1fc6b7f9e71874.jpg
alt-svc: h3=":443"; ma=86400
content-length: 4038
x-bz-upload-timestamp: 1698984778553
last-modified: Sun, 26 Nov 2023 19:58:40 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=52a2HfRoJ8ikaWp7MRR2gBtHou2QzSGrOQj5sAbOP5RXi1jgUdRugp6e4jYe5OaX6kRA%2B%2FRzVTeVIFHw5h%2B4rVf%2FYX2xokAd8JB%2BDGGTKt1fDjB%2BOpbdUakvD1mLLTYuwfwAFSo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 82e8b43eae87a252-YYZ

GET
H2 200 3bb21100e545c2bb1831890289ebd9fa.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 1 KB
2 KB 61ms
45ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/3bb21100e545c2bb1831890289ebd9fa.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 431ea1374d2082060185a3a560ed36653036ab9abf175c5c1d4beb802aeae491

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f108c290b46261199_d20231031_m145401_c000_v0001056_t0017_u01698764041250
age: 52753
x-bz-content-sha1: unverified:90c283ebce684dd04f534a460952bf2598d888c4
x-bz-file-name: images/ss/sqtn/3bb21100e545c2bb1831890289ebd9fa.jpg
alt-svc: h3=":443"; ma=86400
content-length: 1453
x-bz-upload-timestamp: 1698764041250
last-modified: Wed, 29 Nov 2023 16:45:42 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNMl1z5NMy1c1Aju3iNkEAkgja63ar1FKE8CNiGod7LmvTtNUlGa70ZdHmA5IsHkrl7dPlKMoU2bT5Dta8FrN69iKTrgRSDYDBYMXOVd2N8IugcBql5o%2BCXjpo7Z3S7q8fYWRPM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 82e8b43eae8aa252-YYZ

GET
H/1.1 200
OK mini-noavatar.jpg
www.ffxiah.com/images/ 649 B
970 B 26ms
26ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ffxiah.com/images/mini-noavatar.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: afecc80369c60a81fb5ef1dc95125f8f602e5a571fea2b2b67ac5df53ac8dc16

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Wed, 01 Jan 2020 23:48:52 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2fe4-289"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 649
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK gAd_728x90.html Show response
ads.ffxiah.com/ffxiah.com/ Frame A07F 875 B
752 B 86ms
26ms Document
text/html 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.ffxiah.com/ffxiah.com/gAd_728x90.html
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2e6550ca6c5ca20106cda53ee4781dabfec2750dab8b11211e7259d9cdd3910b

Request headers

Referer: https://www.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 01 Dec 2023 04:49:31 GMT
ETag: W/"5de5cac8-36b"
Last-Modified: Tue, 03 Dec 2019 02:39:04 GMT
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked

GET
H/1.1 200
OK spacer.gif
static.ffxiah.com/images/polnews/ 43 B
361 B 26ms
26ms Image
image/gif 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/polnews/spacer.gif
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:32 GMT
Last-Modified: Fri, 01 Dec 2023 04:45:07 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "656964d3-2b"
Content-Type: image/gif
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 25 Nov 2024 04:49:32 GMT

GET
DATA 200
OK truncated
/ 539 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de9238a6076601f98a67bf7c628a8847a4856991edb81bbb23d3c0016241a059

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H/1.1 200
OK rss_icon.jpg
static.ffxiah.com/images/ 4 KB
4 KB 45ms
26ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/rss_icon.jpg
Requested by: Host: static.ffxiah.com
URL: https://static.ffxiah.com/css/ffxi/app/index.v1608652921.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a6e3909fb7002fb69091cb9acab3ea585a5436c11d46ac166f0bda1880d377a1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://static.ffxiah.com/css/ffxi/app/index.v1608652921.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Wed, 01 Jan 2020 23:49:03 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2fef-f32"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3890
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK gAd_160x600.html Show response
ads.ffxiah.com/ffxiah.com/ Frame C53A 877 B
749 B 80ms
26ms Document
text/html 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 820082abc59342f47489e47ede1b727d4ea2a258af6752d96d88fd84f2dfe35c

Request headers

Referer: https://www.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 01 Dec 2023 04:49:31 GMT
ETag: W/"5de5cac8-36d"
Last-Modified: Tue, 03 Dec 2019 02:39:04 GMT
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked

GET
H/1.1 200
OK 9875.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 45ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/9875.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3a13573a1b2c472ee5d48e92d169e4bd34e116e9171a4e0085f531f6b8dca598

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:24 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbc-4b9"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1209
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 3509.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 70ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/3509.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 65b4e02ee5f344762605747ba70399c918cabf5d00a87c4750d1211e947ec250

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-423"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1059
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H/1.1 200
OK 4061.png
static.ffxiah.com/images/mini-icons/ 1 KB
1 KB 127ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/4061.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 84822498a486d6aeaf029ffc01181e5c249905b26f4e8299cdc06bd6a237d6c0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:32 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-4bc"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1212
Expires: Mon, 25 Nov 2024 04:49:32 GMT

GET
H/1.1 200
OK 4060.png
static.ffxiah.com/images/mini-icons/ 1 KB
2 KB 49ms
26ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/mini-icons/4060.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6282db7dcb04dec66f5b2d0d20ec9f67600ffe524d2fa130fa994762f9bdf2eb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:31 GMT
Last-Modified: Sun, 19 Nov 2023 21:27:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "655a7dbb-524"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1316
Expires: Mon, 25 Nov 2024 04:49:31 GMT

GET
H2 200 e2d1ff584541f9916cf17e34da99697a.jpg
cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/ 2 KB
2 KB 44ms
28ms Image
image/jpeg 104.21.33.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-b2.ffxipro.com/file/ffxiah/images/ss/sqtn/e2d1ff584541f9916cf17e34da99697a.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5dd63f7c69eb1e1a521f7eb9d40265c948eeccbc922b1b4a8d7a5f0c26309cf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-bz-file-id: 4_zba25c1481093079c722d0f15_f1194f0a4561b8764_d20231107_m195819_c000_v0001401_t0011_u01699387099507
age: 62875
x-bz-content-sha1: unverified:6d5881f4b989c9ea2287f2b3b7f94150a3906706
x-bz-file-name: images/ss/sqtn/e2d1ff584541f9916cf17e34da99697a.jpg
alt-svc: h3=":443"; ma=86400
content-length: 2102
x-bz-upload-timestamp: 1699387099507
last-modified: Thu, 30 Nov 2023 10:26:19 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C19qzAcTzBpiegpSMwm8Ga9buxiWpVY4Vwft3447n8ZkdUVFNcyIcCgiDa7ZioorPfSjwS1B2Umghe%2FXKXgibBpK1VVVc7fwzKPwMsSMY5fRuolVu7Q6F1yL9WUozTdNxpJHdCE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 82e8b43eae83a252-YYZ

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame A07F 91 KB
30 KB 141ms
62ms Script
text/javascript 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: ads.ffxiah.com
URL: https://ads.ffxiah.com/ffxiah.com/gAd_728x90.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

4075356ba4d6eb181ae4ff18c64408b0797342a162fa9c9898fe82541c9901b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29980
x-xss-protection: 0
server: cafe
etag: 80 / 19692 / m202311150101 / config-hash: 11152387477177976423
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 04:49:32 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame C53A 91 KB
29 KB 138ms
85ms Script
text/javascript 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: ads.ffxiah.com
URL: https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

a43363b9294af8031ab7fa160b1a78928d4f1dcd874ab3bdd51a4cb0f4012d3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29980
x-xss-protection: 0
server: cafe
etag: 29 / 19692 / m202311150101 / config-hash: 11152387477177976423
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 04:49:32 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/ Frame A07F 431 KB
135 KB 119ms
38ms Script
text/javascript 172.253.122.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f155.1e100.net

Software

cafe /

Resource Hash

b033f59e4ffeaa6f3e4f2e839c035a14811d5469d3f772eda6056d7d5782c53f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:14:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2075
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138149
x-xss-protection: 0
server: cafe
etag: 11558412289700915514
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 30 Nov 2024 04:14:57 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/ Frame C53A 431 KB
135 KB 153ms
95ms Script
text/javascript 172.253.122.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f155.1e100.net

Software

cafe /

Resource Hash

b033f59e4ffeaa6f3e4f2e839c035a14811d5469d3f772eda6056d7d5782c53f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:14:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2075
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138149
x-xss-protection: 0
server: cafe
etag: 11558412289700915514
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 30 Nov 2024 04:14:57 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A07F 22 KB
10 KB 253ms
253ms Fetch
text/plain 172.253.122.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1058168004151596&correlator=2312681717801845&eid=31078987&output=ldjh&gdfp_req=1&vrg=202311150101&ptt=17&impl=fifs&iu_parts=1031700%2CMidBottomLeaderboard_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&cdm=ads.ffxiah.com&abxe=1&dt=1701406172366&lmt=1575340744&adxs=0&adys=0&biw=-12245933&bih=-12245933&isw=728&ish=90&scr_x=-12245933&scr_y=-12245933&ucis=5d63khwz31ay&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-480&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fads.ffxiah.com%2Fffxiah.com%2FgAd_728x90.html&ref=https%3A%2F%2Fwww.ffxiah.com%2F&top=https%3A%2F%2Fwww.ffxiah.com%2F&vis=1&psz=728x90&msz=728x-1&fws=256&ohw=0&ea=0&ga_vid=1255032321.1701406172&ga_sid=1701406172&ga_hid=1972614853&ga_fc=false&dlt=1701406171971&idt=372&adks=1741596969&frm=24

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f155.1e100.net

Software

cafe /

Resource Hash

f8ed92620950aec6899147d4100c51e4934ef34126107c510d647656104a4e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:32 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10220
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ads.ffxiah.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 193F 6 KB
3 KB 132ms
46ms Document
text/html 172.253.62.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 04:49:32 GMT
expires: Sat, 30 Nov 2024 04:49:32 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame C53A 22 KB
10 KB 603ms
603ms Fetch
text/plain 172.253.122.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2650679493355731&correlator=207146663577604&eid=31077978%2C31079832&output=ldjh&gdfp_req=1&vrg=202311150101&ptt=17&impl=fifs&iu_parts=1031700%2CRight_BigSkyScraper_160x600&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&cdm=ads.ffxiah.com&abxe=1&dt=1701406172397&lmt=1575340744&adxs=0&adys=0&biw=-12245933&bih=-12245933&isw=160&ish=600&scr_x=-12245933&scr_y=-12245933&ucis=nzy6xxwmn5z2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-480&dmc=8&bc=31&nvt=1&bz=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fads.ffxiah.com%2Fffxiah.com%2FgAd_160x600.html&ref=https%3A%2F%2Fwww.ffxiah.com%2F&top=https%3A%2F%2Fwww.ffxiah.com%2F&vis=1&psz=160x600&msz=160x-1&fws=256&ohw=0&ea=0&ga_vid=1971656688.1701406172&ga_sid=1701406172&ga_hid=235299915&ga_fc=false&dlt=1701406171997&idt=390&adks=4037978123&frm=24

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f155.1e100.net

Software

cafe /

Resource Hash

5e274e094d8d76e0f61c474f58f6013afee119f873c2444a4534f68024e4de16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:32 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10203
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ads.ffxiah.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B271 6 KB
3 KB 131ms
49ms Document
text/html 172.253.62.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 04:49:32 GMT
expires: Sat, 30 Nov 2024 04:49:32 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A07F 16 KB
12 KB 139ms
58ms XHR
application/json 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202311150101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

1b7b4027c90f19e75268825d4952776c85f0de90855fab7ef17327069a8c1528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12335
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C53A 16 KB
12 KB 123ms
63ms XHR
application/json 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202311150101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

3431b041d6131cfae83bdeec67ed7125f2dbeeb8acfb4dc3f8cacbf3584a0fb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12245
x-xss-protection: 0

GET
H/1.1 200
OK syndicate.v20190214.css
static.ffxiah.com/css/shared/ 3 KB
3 KB 26ms
26ms Stylesheet
text/css 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/css/shared/syndicate.v20190214.css
Requested by: Host: static.ffxiah.com
URL: https://static.ffxiah.com/js/lib/AH.v1608652921.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2953f313f04d1977820ca1a332c2bb7c76aa4c0313c16d0dec37cfd73ae832f0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:32 GMT
Last-Modified: Fri, 14 Oct 2022 17:06:22 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6349970e-b5e"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2910
Expires: Mon, 25 Nov 2024 04:49:32 GMT

GET
H2 200 container.html Show response
8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B5BE 6 KB
3 KB 41ms
40ms Document
text/html 172.253.62.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 04:49:32 GMT
expires: Sat, 30 Nov 2024 04:49:32 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A07F 17 KB
6 KB 225ms
146ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 04:49:32 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C53A 17 KB
7 KB 205ms
144ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 04:49:32 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FE70 624 B
661 B 59ms
58ms Document
text/html 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjKg5j9ATAB&v=APEucNUFCYu-5-qO1B1ms4fkWka1ywSNL3lq4k0aG0MWlfXDpeg5EA3GiZ6myVSL7e0zkQhV5eXOkm95Dycv5XkwP7g_cC6n0g

Requested by

Host: 8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com
URL: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 04:49:32 GMT
expires: Fri, 01 Dec 2023 04:49:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B5BE 89 KB
31 KB 144ms
69ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com
URL: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 04:49:32 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B5BE 42 B
63 B 136ms
62ms Image
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BM4xfzmtIwMbmWu8sa-Bg3N16ngW1p5NO9vlNnuPKCxaR3m6e-PCBkpcyU8LHULSodNeXLo9ExRAEf3E_kq2b7A96bDb9DHmAL86SGn8IKwbXJ-RI

Requested by

Host: 8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com
URL: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B5BE 0
20 B 135ms
61ms Image
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=8643179181922922781&x=1&ct=119

Requested by

Host: 8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com
URL: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame B5BE 3 KB
2 KB 83ms
39ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com
URL: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:53:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32146
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:53:46 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame B5BE 20 KB
8 KB 83ms
39ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com
URL: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

cafe /

Resource Hash

09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:53:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32146
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8544
x-xss-protection: 0
server: cafe
etag: 17124069415086231762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:53:46 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame B5BE 202 KB
64 KB 129ms
128ms Script
text/javascript 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com
URL: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

sffe /

Resource Hash

1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65067
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701261208926228"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 04:49:32 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame FE70
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1

43 B
776 B

46ms
46ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjKg5j9ATAB&v=APEucNUFCYu-5-qO1B1ms4fkWka1ywSNL3lq4k0aG0MWlfXDpeg5EA3GiZ6myVSL7e0zkQhV5eXOkm95Dycv5XkwP7g_cC6n0g
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rSMIunjzPUbgWn2WcmSmtNIT%2B9QRl4W0WBnZVtfERnLs9GYaNvo5wEZ%2BWFHX0LDxDas%2FffvZo5Bp9Klvmiez%2F3iQd546B8Kkf3I%2Fu6N%2By%2FpSwrDJvqXCOS5kUL63kYhKOPFjdmLbFw7QrA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82e8b444afdc39f9-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame FE70
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWll3OhuUVZ8yzGXOyg3ewAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1

43 B
739 B

44ms
44ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjKg5j9ATAB&v=APEucNUFCYu-5-qO1B1ms4fkWka1ywSNL3lq4k0aG0MWlfXDpeg5EA3GiZ6myVSL7e0zkQhV5eXOkm95Dycv5XkwP7g_cC6n0g
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hU3u8xQXu%2BDp4mElJxd%2BdXqxI1bvlYdyE2vjsWIy676fhRQ%2F8j0Og1y%2BVDMG3KgH1j3SAFplMbRXFAHZozzGOGN8UMgo%2B%2FddSOCSokq6PIHCxU6Sltyh4Ss829oR4njLZucrHr50UxclJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82e8b445084539f9-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame FE70
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOGMRojXEHFka3YWWbDFWfU&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOGMRojXEHFka3YWWbDFWfU%26google_cver%3D1

43 B
888 B

86ms
86ms

Image
image/gif

68.67.179.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOGMRojXEHFka3YWWbDFWfU%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjKg5j9ATAB&v=APEucNUFCYu-5-qO1B1ms4fkWka1ywSNL3lq4k0aG0MWlfXDpeg5EA3GiZ6myVSL7e0zkQhV5eXOkm95Dycv5XkwP7g_cC6n0g

Protocol

Server

68.67.179.87 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
an-x-request-uuid: b05caca8-f6a2-4d35-ac74-54c2082a8824
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 153.92.40.66; 153.92.40.66; 585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:32 GMT
an-x-request-uuid: c044cdeb-ce03-4262-a66e-bb09ed40d299
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOGMRojXEHFka3YWWbDFWfU%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 153.92.40.66; 153.92.40.66; 585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FE70
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MDYwNDIzNDEwMDAyMzYwNA%3D%3D

170 B
188 B

52ms
50ms

Image
image/png

142.251.167.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MDYwNDIzNDEwMDAyMzYwNA%3D%3D

Requested by

Protocol

Server

142.251.167.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:32 GMT
an-x-request-uuid: f5370716-ecf7-4a1f-9246-8ce4fbb18b78
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2MDYwNDIzNDEwMDAyMzYwNA%3D%3D
x-proxy-origin: 153.92.40.66; 153.92.40.66; 585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B5BE 0
20 B 63ms
62ms Ping
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6957408531763&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B5BE 0
20 B 62ms
61ms Ping
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6957408531763&version=m202309260101&ct=119&x=1&cor=8643179181922922000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B5BE 92 KB
38 KB 83ms
83ms Script
text/javascript 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BFbqqyg5AcWlaUxhdHIE_rOjlLibpPf14O1wskWRqLrjVcoAuxHvsgjrdNWEN4zFZ6w4y9Q_BG4OYhVdMoTfl8RY87Nrjw1ea6hFCPdgPMnKM5RmYdWsCnEIpgBh9iTxgCoPe6skdsP7HdSRTB414K1d8IoCfxOsvQ8tBQuo4TxDASifI&cry=1&dbm_d=AKAmf-DeU1nczGVoUJbbuJs-FSTVinD9y4GUZX9dzULcuIBJ57-Y-xaqnGhUx8HZnqlIrFKwJUU2O6j8mdlZBzFmWMGD66xeuhvJVbbbTxNJow5AecoyshJZkrAaxIBlTgIIm7zstoYPE_TvB0nDjIQH9Z2hPYsmrxFPgzn4C9416MetyN9iae3z5Jl4fLf1m535fY6QhCcHWAVW4tUrVF0KKub9RxFo0HQjb5hnbetBcc6iYgW48NQKzC2oQbtQSf63A75-RORLmcDurLasoD7VRr1MIJ-SqC2WBySMi7bmvWNlQuamsgRNqwGhA_kD7q3AT4CK5kN21ujeuv_klcYFBjloa0NT7lyoNn2oneZvxHF4i-T041R6DFFk5kIHLYZYyhVMstvvlIeMW5niMtnxzCC-B1owpVG8eMohkt7_4McoRch-sjjTjacxksitUuvW56Df8J_jLW180ivNYrES4ZsDILRpJeqxmtXOAfBLQiMrcKYflqwDy8qvfpFzCMy5aQVa1iJPoIFMFdTcxctj1RjnCcYYQWE6KnCOn5IuU-usOMZTuPJjO5JvRnDmujG58oGWZjZAgTYN51TvZrmJj1wBogMYZkn5MqzOTKsF3oRLWRxpBPYl2-mUJ-z5EchLakDxWtwkbn1sd9sGXzt1am7d2sSu9uM7mfXseg1PDipKGzkB3F1XxKUnMTwfLP9UOAQ4Li2lt4Dtd7bWpDn8YD0Y5NB6uv8fUMjJMcXrbFswZ5TpdTY6CucGW5jqOrscbVsgP-vK7S9VFMUSpQso11sEfqbpanzG_7u_4sUHC52Ws0nm_u5gFcNYxunizurBkl9AtynmeFwZ3bdYna6usP8FjCVuhj_aLOK3qMRv4rX5CwYaefvFweHsjH8diY3Zi8zufjuqYs9lSqd9YjDsfyYCYSBVfP9d0nAvbTuczPoxtPGeK8Ic7pCzB_B4-qNPrlklk7buonL5er0dxXdphSysCDrkCiOBsnLHCPm_slogfO7hK0mxY8JnvieWi53mKxA4-FnC-bwNp2QYR71jaNW0jPG2YCfG7_2_efodr8KzsehNuioOlgfJs1x4YJJctBO1CIRuTuyUl6oJfmEA3lBwH8k8WzuwUyF41gok1r8Nf58FOIfEcgFfLDyb8qOxVVSFtc-It8nFzpwMjBBtrbqwsrT03u1GpXZ8dWDV4J3UljXhtGmMWLa8dRwXNaZkqOGaPjhgcR_Y9RSeRXB0WLPLxV-1Nd3bYEclugJXno8q5b5-wknzwf679ak9BVbxlm_oEQMUXYpNzhwulY5xrJXCeLlYjjGCpN5iqaQ_5cDKfo6Qa28ZsLDAVV5UlA3ylMGnYW0fpJ9uO3ThH_s2eyjtsqBiHw5HTYaivi7ZdPhriv6AYvSPSOIyaNdxh2UmlSL8WeO8T6mnIK979iPWwbAlX29dzLIEIlvamPivzRqqyMvMFCm_PZjShBXIC7VRnN_zi1flM6EC3tmG22R-DTJ7Ob9hOpX0Rg5tWUujMblrGOoptA81xYxCJBSaoFzBFRsgZLKFdYrVk3piajHFUfgs6R74FA0kKVbxmCmBEb3c3Q3maqHTFfaYYs0DuBcGDbNzuSNy1Y8H2Zprf8TF1v9qKEMz5bWvDq8vlgaqxYILnBRLYxJlVSMgSB5w0dZtIixhJBygglrTtOQ7xAbp6G19ny-HMMvJZ4z5KjrUKnarUg19fviS-UE8hCK3h--6m580ZFX8XM5bKNSQvka6dnE9kzjKrheeBVrAqfjbRz7m68kOHL51yU6JFTOnKZFBaazW8MSYaCaUEZ1035sY5ZOlryqHL_g8lwdbj75uT84ivvWjd17clZjItGGlFN6Vii94QywOZJp3ujZYwoKRpKUpM2T6epWm7zuPbQn8gKe8bRm-j2vZ7bnZ58xQS_0XC5wLEHkXX_qKzmyrZZugb-2z_WlFuxKI3vnuByc6dh-zeQqHgkMO_I12D6xbqOdT8_lv6iTsnMvGykWh9phjhz9a34oUBRpOVBQ-28WiEcaWqehfqJAahaZo9pHtcNqLADWDydc4xa3LjUCaJsZFK8mkxnKleOwozGD4IgcDSIuR0QsXJ3DLeconU7TmKFaicvKLM4Kl0GGgrxAM4I1F6pURc6rfKdY0K7bFkymXMRRBDJcunudMk8hDRzwyLyNJWQvowhFmgRMj163sTPWHodTgvyRy8vpRvHjWgKA5hPAjoVRGMccpThToZ6FptS1z_FFSIYvTdPDUYML3G4TRoN61G38IDk1YqF1wUxEfLsSLq5XamBKBPkO9RcbU63KnxCMFXOaWUBIYLRs4j8t1d0ov0Xx8_NlRzmBcjafLPkJGb6ZJKLmFWwjdtSGrsTSZOq14m6KP6RGI8-18-1LvK2uAzy65HB-JaSwF8KKyaavEroSraI3WsJfKLTzcQRzarcNEWXsp0yezGT-lZdL0IsZJk1dP9Fo_Az3jYCqF9iGS0eHxKzpkMEGg_I6Mo35oFIej9mWqdzxbQp_vuxwgsWB6qc5QtxkzDT3sLPEmVeHJ9-P6ox7kxkQznEnF98HalugZb9Pu2f_0yY6wEN-rTdMAbMi2Es3BMWaiWVjVYK4JBWZxK-YNY4UBziwuQJ3ghYHYze4uCUW-hpg_laMxb6iCjOv2D0nlYeBFNAzAEb1xi3BCjR0kUUrZ2PmUdEvNjzUkVo6CwreSypAXGYAXswZsSpKtPnZ7Adh62WgFNYJwlorgey7wdLk_TH65-ebO2kpeUIA_QPwzYeDBcapZumK1LTeayCCUTPR2PkIyhlyadtPMHW4Ivst7qgWy2RZ9Nfv04MpD5cBir89ocH6VWPuCKWHw2zMQA_ZtyAUJOr68oiUpQoPB9fMLlhKZbMHpvr0HHiGDohAfHPvtweTp1gcFSwjtZZKLnOUbJYIcvvU8_pZxaonVMUYqIUsSFAUSG62Z5Yya6sUsl_U86dCvyPTq6hP18XkZlCXD8beWEJ3oOy-Ocx-oUwgp3cgwot0RZHSNdq3RYu2Pea57E_OzZILz18E20jBwum_75rFzfVO_Z9Gh3oQPWR5yW-aCnbw48YvKchWixxI9ObbN4MKFHq42L4mRLStJIdGOs-EFMF4e7fCKT0sSylYroaMQbYsH6VpjIWo03AzXAkKu9NROWfG0v9gxytxqBzN9hfzGejOKMReUY4qVOsM-dHDxTHEx_Yh4L_WELN7XaGcT5cXt8ZgKPhsAptru-VMgvkpy_ydpqKMW1-mF1hOEF4TNgv78eFqdcGxxYyeHWpcxu8zShKPGb_QG7wEgJHKkWpxsTtfSACPl7wlYZnRDtf3EXs4WplSiHZTS2OndORWY9zm_HswipPP5gkgBI1t7dUu-CbcF9IzuM_V8Luog2l23OPP_PvDIs753EuUsbx1bBuf920anCwiKQ98kfXxNYKfQupZBRlMcPBuE9K3gFaZk06j5E3N37FoNq0r9307WcflzRDO9zFZ02ydVQz837rYMNzk22gwMxg9lkLfdnvGwN-oGkkHl2HRgVfJp_DgdOuGiGkAWfpIQ7GuzuIbQu8RcuU3RPqMJxUZZJtubWHcXNZgApKN6uFH_n664smJpCiBnu3f-zYM5wqCD5HClWTz9EPn7PCp3LvW5D8FSV-3AACDFD1U1jlErxprlclvweY2DrTeqMAh0IPfTlAk1cjTTCn0T_NGs9Mv1AhNZgaNhfhwl_20Fz511h_KvzaHK8rgKsGaysVVmoJFTvRsKFW8t7-9AJ5ueYmTecUXZnA4eFxZEh4K7eWiJxJhnPaj68868tg_gEQJbtXew-c87WLuv9k-CxhumMNcWlVha0aJ6u-0mmjxxomO85Ss_sZipX64-bPUCpiGM3l4ChaH45bMH3ChZX_zer_zLUXUi4IlogE8qKt3e_yGH_nfKx8b9agTOxRB9FPxaVQKPtcscBUgY6L5fuLBTONGIMWE4lcOq6heQokJm1AVc&cid=CAQSTgDICaaNaPa51vLV5Nd8yT3NC6M9dxnSiJbrK5SVjXSVpjNH-G2zt_8MvkSu5hgzATuWouj6tH3gvXWqu4qkYPCJRSB0NBFORCAyBHkjNhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.ffxiah.com&ds=l&xdt=1&iif=1&cor=8643179181922922000&adk=2111686228&idt=168&cac=0&dtd=11

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

1f44d7fe50ba32b1d947adb8a022b5217f038c8d153dd93dd3abbb98f57bb9e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38952
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 71D2 13 KB
5 KB 41ms
39ms Document
text/html 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 165027
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 06:59:05 GMT
expires: Thu, 28 Nov 2024 06:59:05 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B3B7 829 B
770 B 135ms
54ms Document
text/html 142.251.16.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f99.1e100.net

Software

GSE /

Resource Hash

90f0a62dd7e0c7ba95619a4755d4959b381d347addb11a7d8173c035962cf6a5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Wyhb2xjL5BMYKncXNNau7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Wyhb2xjL5BMYKncXNNau7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 04:49:33 GMT
expires: Fri, 01 Dec 2023 04:49:33 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9185 13 KB
5 KB 40ms
39ms Document
text/html 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 165027
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 06:59:05 GMT
expires: Thu, 28 Nov 2024 06:59:05 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D243 829 B
1 KB 131ms
53ms Document
text/html 142.251.16.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f99.1e100.net

Software

GSE /

Resource Hash

1efdeb32db0b3e6968cff91b3c5401cbfe1e001bf14f9feae060d90dd4aff4ea

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-xnLS3vTcq1TFE0CdbwwrOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-xnLS3vTcq1TFE0CdbwwrOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 04:49:33 GMT
expires: Fri, 01 Dec 2023 04:49:33 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 71D2 39 KB
15 KB 37ms
37ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 00:47:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14548
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 00:47:04 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 9185 39 KB
15 KB 38ms
38ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 00:47:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14548
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 00:47:04 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame B5BE 172 KB
61 KB 119ms
39ms Script
text/javascript 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
Origin: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 13:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56437
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 13:08:56 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame B5BE 11 KB
4 KB 37ms
37ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BFbqqyg5AcWlaUxhdHIE_rOjlLibpPf14O1wskWRqLrjVcoAuxHvsgjrdNWEN4zFZ6w4y9Q_BG4OYhVdMoTfl8RY87Nrjw1ea6hFCPdgPMnKM5RmYdWsCnEIpgBh9iTxgCoPe6skdsP7HdSRTB414K1d8IoCfxOsvQ8tBQuo4TxDASifI&cry=1&dbm_d=AKAmf-DeU1nczGVoUJbbuJs-FSTVinD9y4GUZX9dzULcuIBJ57-Y-xaqnGhUx8HZnqlIrFKwJUU2O6j8mdlZBzFmWMGD66xeuhvJVbbbTxNJow5AecoyshJZkrAaxIBlTgIIm7zstoYPE_TvB0nDjIQH9Z2hPYsmrxFPgzn4C9416MetyN9iae3z5Jl4fLf1m535fY6QhCcHWAVW4tUrVF0KKub9RxFo0HQjb5hnbetBcc6iYgW48NQKzC2oQbtQSf63A75-RORLmcDurLasoD7VRr1MIJ-SqC2WBySMi7bmvWNlQuamsgRNqwGhA_kD7q3AT4CK5kN21ujeuv_klcYFBjloa0NT7lyoNn2oneZvxHF4i-T041R6DFFk5kIHLYZYyhVMstvvlIeMW5niMtnxzCC-B1owpVG8eMohkt7_4McoRch-sjjTjacxksitUuvW56Df8J_jLW180ivNYrES4ZsDILRpJeqxmtXOAfBLQiMrcKYflqwDy8qvfpFzCMy5aQVa1iJPoIFMFdTcxctj1RjnCcYYQWE6KnCOn5IuU-usOMZTuPJjO5JvRnDmujG58oGWZjZAgTYN51TvZrmJj1wBogMYZkn5MqzOTKsF3oRLWRxpBPYl2-mUJ-z5EchLakDxWtwkbn1sd9sGXzt1am7d2sSu9uM7mfXseg1PDipKGzkB3F1XxKUnMTwfLP9UOAQ4Li2lt4Dtd7bWpDn8YD0Y5NB6uv8fUMjJMcXrbFswZ5TpdTY6CucGW5jqOrscbVsgP-vK7S9VFMUSpQso11sEfqbpanzG_7u_4sUHC52Ws0nm_u5gFcNYxunizurBkl9AtynmeFwZ3bdYna6usP8FjCVuhj_aLOK3qMRv4rX5CwYaefvFweHsjH8diY3Zi8zufjuqYs9lSqd9YjDsfyYCYSBVfP9d0nAvbTuczPoxtPGeK8Ic7pCzB_B4-qNPrlklk7buonL5er0dxXdphSysCDrkCiOBsnLHCPm_slogfO7hK0mxY8JnvieWi53mKxA4-FnC-bwNp2QYR71jaNW0jPG2YCfG7_2_efodr8KzsehNuioOlgfJs1x4YJJctBO1CIRuTuyUl6oJfmEA3lBwH8k8WzuwUyF41gok1r8Nf58FOIfEcgFfLDyb8qOxVVSFtc-It8nFzpwMjBBtrbqwsrT03u1GpXZ8dWDV4J3UljXhtGmMWLa8dRwXNaZkqOGaPjhgcR_Y9RSeRXB0WLPLxV-1Nd3bYEclugJXno8q5b5-wknzwf679ak9BVbxlm_oEQMUXYpNzhwulY5xrJXCeLlYjjGCpN5iqaQ_5cDKfo6Qa28ZsLDAVV5UlA3ylMGnYW0fpJ9uO3ThH_s2eyjtsqBiHw5HTYaivi7ZdPhriv6AYvSPSOIyaNdxh2UmlSL8WeO8T6mnIK979iPWwbAlX29dzLIEIlvamPivzRqqyMvMFCm_PZjShBXIC7VRnN_zi1flM6EC3tmG22R-DTJ7Ob9hOpX0Rg5tWUujMblrGOoptA81xYxCJBSaoFzBFRsgZLKFdYrVk3piajHFUfgs6R74FA0kKVbxmCmBEb3c3Q3maqHTFfaYYs0DuBcGDbNzuSNy1Y8H2Zprf8TF1v9qKEMz5bWvDq8vlgaqxYILnBRLYxJlVSMgSB5w0dZtIixhJBygglrTtOQ7xAbp6G19ny-HMMvJZ4z5KjrUKnarUg19fviS-UE8hCK3h--6m580ZFX8XM5bKNSQvka6dnE9kzjKrheeBVrAqfjbRz7m68kOHL51yU6JFTOnKZFBaazW8MSYaCaUEZ1035sY5ZOlryqHL_g8lwdbj75uT84ivvWjd17clZjItGGlFN6Vii94QywOZJp3ujZYwoKRpKUpM2T6epWm7zuPbQn8gKe8bRm-j2vZ7bnZ58xQS_0XC5wLEHkXX_qKzmyrZZugb-2z_WlFuxKI3vnuByc6dh-zeQqHgkMO_I12D6xbqOdT8_lv6iTsnMvGykWh9phjhz9a34oUBRpOVBQ-28WiEcaWqehfqJAahaZo9pHtcNqLADWDydc4xa3LjUCaJsZFK8mkxnKleOwozGD4IgcDSIuR0QsXJ3DLeconU7TmKFaicvKLM4Kl0GGgrxAM4I1F6pURc6rfKdY0K7bFkymXMRRBDJcunudMk8hDRzwyLyNJWQvowhFmgRMj163sTPWHodTgvyRy8vpRvHjWgKA5hPAjoVRGMccpThToZ6FptS1z_FFSIYvTdPDUYML3G4TRoN61G38IDk1YqF1wUxEfLsSLq5XamBKBPkO9RcbU63KnxCMFXOaWUBIYLRs4j8t1d0ov0Xx8_NlRzmBcjafLPkJGb6ZJKLmFWwjdtSGrsTSZOq14m6KP6RGI8-18-1LvK2uAzy65HB-JaSwF8KKyaavEroSraI3WsJfKLTzcQRzarcNEWXsp0yezGT-lZdL0IsZJk1dP9Fo_Az3jYCqF9iGS0eHxKzpkMEGg_I6Mo35oFIej9mWqdzxbQp_vuxwgsWB6qc5QtxkzDT3sLPEmVeHJ9-P6ox7kxkQznEnF98HalugZb9Pu2f_0yY6wEN-rTdMAbMi2Es3BMWaiWVjVYK4JBWZxK-YNY4UBziwuQJ3ghYHYze4uCUW-hpg_laMxb6iCjOv2D0nlYeBFNAzAEb1xi3BCjR0kUUrZ2PmUdEvNjzUkVo6CwreSypAXGYAXswZsSpKtPnZ7Adh62WgFNYJwlorgey7wdLk_TH65-ebO2kpeUIA_QPwzYeDBcapZumK1LTeayCCUTPR2PkIyhlyadtPMHW4Ivst7qgWy2RZ9Nfv04MpD5cBir89ocH6VWPuCKWHw2zMQA_ZtyAUJOr68oiUpQoPB9fMLlhKZbMHpvr0HHiGDohAfHPvtweTp1gcFSwjtZZKLnOUbJYIcvvU8_pZxaonVMUYqIUsSFAUSG62Z5Yya6sUsl_U86dCvyPTq6hP18XkZlCXD8beWEJ3oOy-Ocx-oUwgp3cgwot0RZHSNdq3RYu2Pea57E_OzZILz18E20jBwum_75rFzfVO_Z9Gh3oQPWR5yW-aCnbw48YvKchWixxI9ObbN4MKFHq42L4mRLStJIdGOs-EFMF4e7fCKT0sSylYroaMQbYsH6VpjIWo03AzXAkKu9NROWfG0v9gxytxqBzN9hfzGejOKMReUY4qVOsM-dHDxTHEx_Yh4L_WELN7XaGcT5cXt8ZgKPhsAptru-VMgvkpy_ydpqKMW1-mF1hOEF4TNgv78eFqdcGxxYyeHWpcxu8zShKPGb_QG7wEgJHKkWpxsTtfSACPl7wlYZnRDtf3EXs4WplSiHZTS2OndORWY9zm_HswipPP5gkgBI1t7dUu-CbcF9IzuM_V8Luog2l23OPP_PvDIs753EuUsbx1bBuf920anCwiKQ98kfXxNYKfQupZBRlMcPBuE9K3gFaZk06j5E3N37FoNq0r9307WcflzRDO9zFZ02ydVQz837rYMNzk22gwMxg9lkLfdnvGwN-oGkkHl2HRgVfJp_DgdOuGiGkAWfpIQ7GuzuIbQu8RcuU3RPqMJxUZZJtubWHcXNZgApKN6uFH_n664smJpCiBnu3f-zYM5wqCD5HClWTz9EPn7PCp3LvW5D8FSV-3AACDFD1U1jlErxprlclvweY2DrTeqMAh0IPfTlAk1cjTTCn0T_NGs9Mv1AhNZgaNhfhwl_20Fz511h_KvzaHK8rgKsGaysVVmoJFTvRsKFW8t7-9AJ5ueYmTecUXZnA4eFxZEh4K7eWiJxJhnPaj68868tg_gEQJbtXew-c87WLuv9k-CxhumMNcWlVha0aJ6u-0mmjxxomO85Ss_sZipX64-bPUCpiGM3l4ChaH45bMH3ChZX_zer_zLUXUi4IlogE8qKt3e_yGH_nfKx8b9agTOxRB9FPxaVQKPtcscBUgY6L5fuLBTONGIMWE4lcOq6heQokJm1AVc&cid=CAQSTgDICaaNaPa51vLV5Nd8yT3NC6M9dxnSiJbrK5SVjXSVpjNH-G2zt_8MvkSu5hgzATuWouj6tH3gvXWqu4qkYPCJRSB0NBFORCAyBHkjNhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.ffxiah.com&ds=l&xdt=1&iif=1&cor=8643179181922922000&adk=2111686228&idt=168&cac=0&dtd=11

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:57:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31912
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:57:41 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame B5BE 31 KB
12 KB 38ms
37ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

43c9555701d17579571d962cfee37868f4769995820a96abf451623b0528c92c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 03:38:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4254
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11894
x-xss-protection: 0
server: cafe
etag: 8278194740845609983
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 03:38:39 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame B5BE 41 KB
14 KB 40ms
39ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 09:08:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 157240
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 09:08:53 GMT

GET
DATA 200
OK truncated
/ Frame B5BE 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb44760205333974494cb54b08de65d871e2b9466e85bc90a82626f611901cd1

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0121 6 KB
3 KB 40ms
39ms Document
text/html 172.253.62.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ads.ffxiah.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 04:49:33 GMT
expires: Sat, 30 Nov 2024 04:49:33 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 7B73 38 KB
13 KB 40ms
40ms Document
text/html 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 162289
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 07:44:44 GMT
expires: Thu, 28 Nov 2024 07:44:44 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E7F0 624 B
245 B 62ms
60ms Document
text/html 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhii0Yj9ATAB&v=APEucNUy6Ar5CS2NCqoiDu5p8q0nkXxlLRF8efbxmmEeDABv_xETfULqkOz90OgYe-WeBYzf6RovKYUsuO2yghKseduZ704NUA

Requested by

Host: a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com
URL: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 04:49:33 GMT
expires: Fri, 01 Dec 2023 04:49:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0121 89 KB
31 KB 58ms
57ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com
URL: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

cf940bd2489897434455528323cf66c4e3aecd5eea963f1d99d96acd452d6dd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31498
x-xss-protection: 0
server: cafe
etag: 4296746511219988724
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 04:49:33 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0121 42 B
63 B 67ms
66ms Image
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D4D6wuL-VX5d1M3ML6rvpEULxhN48DSj68oZkHRr52UZjaxp0ljdOp_nB2VNtlgxDWiyo4DTOWR3XXBx0ieWqqVP061DzY6CEY-LiGHmPFquS03Eg

Requested by

Host: a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com
URL: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0121 0
20 B 67ms
66ms Image
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12998587517227971789&x=1&ct=119

Requested by

Host: a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com
URL: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 0121 3 KB
1 KB 40ms
39ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js

Requested by

Host: a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com
URL: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:53:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32147
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:53:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 0121 20 KB
8 KB 40ms
39ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com
URL: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

cafe /

Resource Hash

09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:53:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32147
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8544
x-xss-protection: 0
server: cafe
etag: 17124069415086231762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:53:46 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0121 202 KB
64 KB 41ms
40ms Script
text/javascript 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com
URL: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

sffe /

Resource Hash

1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65067
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701261208926228"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 04:49:33 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D243 0
0 63ms
63ms Image
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202311150101&jk=1058168004151596&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.16.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bl-in-f157.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B3B7 0
0 64ms
63ms Image
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202311150101&jk=2650679493355731&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.16.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bl-in-f157.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/1692609877992151298/ Frame B1DF 86 KB
22 KB 125ms
48ms Document
text/html 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1692609877992151298/index.html?e=69&leftOffset=0&topOffset=0&c=E4LQdalPTp&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

28d938ea6f9e0cee45e5fd1caf3cf19bd23d92d57e38928bab7df697af52d34e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 04:49:33 GMT
expires: Sat, 30 Nov 2024 04:49:33 GMT
last-modified: Mon, 06 Nov 2023 23:51:23 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B5BE 0
0 65ms
62ms Fetch
image/gif 142.251.167.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsugJiBzSzoelK-Ix15hkIOm8LFO7Exg_DtNvprdCz4wm8tAeO-PqSnMfc8VTfQ-FtuX0ERt1XUb59fDdHinrmID1o5-Ors-zEfG-n7qf3BK2k6PMYeEphawhZasGuyjcwGaYmZMT6XD-SO82_JL5G3Y_HkUNUrP_-49cpwYjntVEZGfJlNmZVhbw8Fjp6hXsWLyiS4cwj6GAeuJuHhOCKzZBihVsIyTNN7AJsSBTD1Ae62fqUa58bCLH1dkeO3K02BiVpHsGIXcdJL-3JahHK9sEc7AoO8n5YmJPDRqEe7RELmhSEMfoQA4kOhnqRCAOgVtL9mXr1llkQvWj7vadXkPqtqKMW6h6Q57QlNn4nVa66VzS5OuNO0VVRArazBt4qYyrriy2xHuwFzcvrEIKJXD91QiIYr_NfAI2xGozGmEluFzFMksgZIvl1SplzUK30XA83iSdEz9eyUOBhf3hsr9LBYXKPwfp6Cq7ax_npd9dq0Cc-LNa5jTuCfkr7y2SXBHnS0i6BaPsxIhGf7H7cFGfNih6GhzQ84RLC9JC5Z821ML2FXYxiO0YDmHQIvrRDggfBqoMqdg_X4NQ8gjql7_3Y9KzvTAyFHvoW0YWuWg3C9jIbXQrde-qJ7IR5Vq3Wm5MgNoWuauWtOEkeoMOPyU3NqD2dpKpAWUHY1UPAVGHGD0YJrzIxRjqbWZiPb80EPIGHl1COWnMoHwlpSdzXU_OGuu2oj8zuSMVC7NU5gTn4ZINkvh1AsVS0IcO2RUAWKG4YTCrtLZYIjjnUvp0lJgT__6BAExExA0COVxhXtqzogM7v3BMoy9Fqp7pmXaXF3e5YuOS3CeRstUlLHrcaXSd-XP9DUOEnxBksfDGY5zJO6mDAT7JgTAlSi_2aRVd7A96fczbcBak8NGvuNK4ax1jmnEWzw7kZLcgsSSTZdj9035KBaBxw2beS-5AaDPYyEyEeklNTNgcoOr58C_seuEK03tC42FvlCXjRRktsveIqGZeHxTaguZlMgtdYBBi3Jz5uU8j0Uy_SAYj_6AkUzGR3TTnrCdh3VPbsCRYf0B5stUvQwyZk5dCfDE76SGyCuLEn3ccQCJpbhXG_GVjX9fMkXqiu9iMqVjGJspzbRHc5XEyKNFBdvs_c_Ouxr4KOQlKikWfueuJ6yjQYQvYkUzmJheVueo3y2G5nCOwTVP2vE0uxbZNEJQFGO0C0au_1sobasgcgWTxeDd5waisHzJCMfYGk5_K9YnnInTlyTq85VrOMAyihg-uneE-hImLhSfF4fgcHn0EYKZYcHimHtl81nf4hyIG2L21WKWDhtT2n1Md7miHsCyi966WdVAM9EY4hjRO6zk9xL3WyYjFQ&sai=AMfl-YRqy2M-0y8tP4Af67QTtqJ23dFVA5Y_7mR7xGwr1llMTb8tab6kjMQIvx_Xq6gyyRmP6riU67TZ2vXGAdyARVXgC66cgurGWed_0vRCQKV0GE1zav7JlJKNkhoCkv6B1WaEBx9SAK-2McFpIqEFCoedkacQS5UeqRILyaWbdE3aHniQNyxtPSXuHONNBC3R9LfbMWOXHdN4XOHSr1WfOfYdX70I4a_50HtQosQ3ttKRDm0LQl6A0bTLS_fPfKOUscztxnwvZfZQ-zV977i-xc_bOsrnmfU29zCt9g&sig=Cg0ArKJSzPEVuhlf_OopEAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=209&cbvp=1&cstd=196&cisv=r20231129.81771&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 7B73 39 KB
15 KB 38ms
38ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 00:47:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 00:47:04 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame E7F0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1

43 B
732 B

45ms
45ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhii0Yj9ATAB&v=APEucNUy6Ar5CS2NCqoiDu5p8q0nkXxlLRF8efbxmmEeDABv_xETfULqkOz90OgYe-WeBYzf6RovKYUsuO2yghKseduZ704NUA
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=heQ4qCcJ9fQyUNC3z2Lkn41WLR9leHOBdIkQJGD0ZLUbb%2FV96uv2R12p5SJXAKabyTxaQdECzZp2cscPhJ77pbvToRSRQUMR8bolv128Z9fTSQfsdoiwMC%2FWar8cqLlgxmYVMzeJ31vqkg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82e8b4473acb39f9-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame E7F0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWll3OhuUVZ8yzGXOyg3ewAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1

43 B
740 B

46ms
45ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhii0Yj9ATAB&v=APEucNUy6Ar5CS2NCqoiDu5p8q0nkXxlLRF8efbxmmEeDABv_xETfULqkOz90OgYe-WeBYzf6RovKYUsuO2yghKseduZ704NUA
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ouU0NYLht%2BwRr4jHeOrdIvmw10AVXWTFmzimgdiDSf8EodQLR%2FTSiL%2BdpY%2B7yVmTcUgM%2BjMU5PPRph8kfsrOjmv2A8bpyKG4%2B9P0FbrxnZHxgIiPCLR1%2FMpfmi2aWTg5EpQIbynbkX6UKw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82e8b4479b4639f9-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG09riUPMsC-zIBm1cJ9YVY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame E7F0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOGMRojXEHFka3YWWbDFWfU&google_cver=1

43 B
838 B

46ms
45ms

Image
image/gif

68.67.179.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOGMRojXEHFka3YWWbDFWfU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhii0Yj9ATAB&v=APEucNUy6Ar5CS2NCqoiDu5p8q0nkXxlLRF8efbxmmEeDABv_xETfULqkOz90OgYe-WeBYzf6RovKYUsuO2yghKseduZ704NUA

Protocol

Server

68.67.179.87 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
an-x-request-uuid: a9bbaec7-afe8-495b-9faa-2462dbf2724e
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 153.92.40.66; 153.92.40.66; 585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOGMRojXEHFka3YWWbDFWfU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E7F0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDA3ODY1NzMwMDE3NDQ3NTA4MQ%3D%3D

170 B
188 B

50ms
49ms

Image
image/png

142.251.167.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDA3ODY1NzMwMDE3NDQ3NTA4MQ%3D%3D

Requested by

Protocol

Server

142.251.167.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
an-x-request-uuid: 94814c5c-bef2-404f-ac3d-73188f380eca
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDA3ODY1NzMwMDE3NDQ3NTA4MQ%3D%3D
x-proxy-origin: 153.92.40.66; 153.92.40.66; 585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0121 0
20 B 62ms
61ms Ping
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7296450219393&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0121 0
20 B 62ms
61ms Ping
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7296450219393&version=m202309260101&ct=119&x=1&cor=12998587517227973000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0121 91 KB
38 KB 94ms
93ms Script
text/javascript 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AFH9gWeKtU8sw4XKvrUN_8GQKvcZUXKXVUqtT0IvuI47Onn1521nN-k7-dndvgKQ2u8NdtnG_DbkRBFn0JoXUpYswDvL8YSSqwyegztxobRmGW-I1zLXe6hi9V_wUt-2g3be2rlh_H5HH5FxDV5dI_2Ud6jt-68y04hgHad4TCgry5yeY&cry=1&dbm_d=AKAmf-B8oIPfy76j6KjBM-SUCKWradgsxzk4yhVusAMQ23zzzs7Ygz7HNMpbibZfT3qQ3KJDG-yu2I6fh9uKCPRZvirivgM1z_YqQ59HsyTZtS-Vy1Eqj43ajuGV6OugQYfTQ0y4egnG6Kk5tSM5-qqC9G1jUT7doMQyg7JwQcJdswlRCI6saJ2d-0ULz61yNgwfzaeGPc0ryZwhiD6iTOa1c_HUD3LAGh8tCjNcuVNTdl4EZbgVpxWXwlT_UomNLGUkmWundxVSeextAvS9tUpt-MvC_2ugh2xnzDEYJj_Ae4yCeF737zrDL8_4hZh2ig6qyl3-4AeWYXooRHJxeMbln5Hmy69YPCgJduRF8WxH90pX_Q0k4epSBhiqOWAR8Wzh8lkJKsPJPg3ZjFL8QKoREq3QFFf0p-CV7jBlKXCU3QzG_vlB6oXokRBDMgja1cJqRhpajU_S0qlUY0Ee7GJK_dqqBsDL8yHUuUfOwiPiuY99ZIcXWO5Jlb1DqgkP6K_LCPI74gzDpHKZXaB7BBb8ppMpcDx_e5j-aB1o1_baB59buZvhrfjZgs1m0RmSaZhL2euqAEMMujVaibSHkhWCyiAvkD9m78LOFT9N0ih2dtQL1svRmtdfQDfpPtGSbAvlS0o9Ycc5jCCKrj-QcChM9_iP6ZmH4NAYzppD9kJT5zRFFw4w2boBk9oWwAoaBBVbyQU2ZFUrRzS5kU4Z86-ugvQqTXrTnxVENHV4ys5sOgj5XBwSkZabnC9Oxi1tMcwAJMJnnRlw0x6ALKJlvnX1vV3d_5rgcmN1NUcFYmIlOKOigzhjzHIfZiE-F95khJezCFztzHkMjWZbi5uLdculouWRTSq2h7CoB9jcFWooBSmdMBq5l6Tr5QcoVsBX4cIs5hZfaQJH3JL2DCBdMWSpcdFeUJiPX1KsqZE5fXeBRqRyKrRmmr35NWSwDIIahXqfNasaZ4Wb6e9wjWOiQcCp6t4V2882Zth_HRjhzSKhokorbWQoTrlLk3l3h7BqjgRR9UBtq9tbZH2t1wLwdIp24aDJeAVwZh33NJjihkxYbXpjoK-JQwqp1uj7Z2Ym1aMFWv--c2Ib8fyJdjKnadr6WRj03Jm6B6rJKitkZRJXCtPmF_vc_TOZFFiHBxXhTBcw3bHdnBGOGeNmIcyQ_uDsnbyRDFMr0o_erpWaeMFB3dj4mub8gRy5WkPuuT0jARyjAVztER8-Zbq9qmZYI6JEmnWsiGr72JjJDLMV4lRPd5nPgbD5OvwdSI_cbgtUUETpoTRRT95xoN8IypsEi-i0XiMoDse-Q4MnVW2Zjaw2hdklZ1h_wgflRRvQyJFu136J2PRLChsR2GRgk-4FAa_Lz058F2zgyKHsU_0qEyIlkSH2gAEWvO-FZIKNGYjZtvDkeAqWMF-8c9qNR32kHy7vtD3oHbNUjumhRsUNOX-LWrSbJH3_ksZcOhUyx0eRlWJNxZTaNjd_uyYsB15rQMHCie6wAKRU2hhzQ89BpNEkeQUTf8NYXWOXSUelkfJ_c9KCU7MVXWHyb7IaWsg7A6VK06EUUmDeLnw-LTxo1zp-TpClHG9mbjzaShfMbMP3MvdoF2pi58KiUVoO2CnDgyP05u9piMWzJh2BXxtRShzVqixSN35kYpQPsFsZm7HXZ5bs8FYqa-vXOU2aOYKgV6JEZKQCh6a2FatWaP8rq9XaRQmFqqJI3uACHMl_DsgO3lj4B84sJVufJwUxARp5judlFpKNoq-9btyxh7EkDL_z4cZkeV_EWD8cGzVOjq1qFOuM54t7Z8M-w5DG_LUOV8Jy68dfT6c8lLu6WXFCgiFs4Xl4xAYHm9wx8DSPe1wopgXLVn7mVQk9tWGR5sJcDq0FbidbSJ_5Z8QZowLuBttechxYPZAXzvQzHFQT1dFy8nV_n59Y_QDfgQ3pqWjy7kss41ePERzkREOQDHGLqS--RqiGMtdJQhbJhovKEPyp2ybNs2pZzdmrVuAlJHNQ7WRs00CtMlEsp4RXeYDdlwzBQR-fZnRwptJkLRoCoe8ynOh8hG7WYRWidOP10Dlu4p3R0pqn0S6-0joURmEkW9BYhYX1EEjX1aNLdopMKC2O6mKIc6Y5DZq_Q2rW92AAXLbykFLVwewS_CxhU9SZfohJeknK2Y5N9WsnLxid52yDH6bqGBETF0mWNWLjnjQZIO06lYqiJ-g8rrXHzIl5kR6PmgVE-wpFINO86ci7LO-btlw8Hvqdz9ddtvR967ZMf2kOtmKm7zEI79tCdvhbHO-oYtKCzJGXAQALo3AQ_zJ_6bngZWZ8iQKTzCeki1pg9x_ACTAZIBGwdvqbnTOqYPGulNBNWbIfSrhCqlim0wNVfAn8IXZgeahrgXYdbf1ZHFcqs_0GcOLG32Myip3YwrGRWb4Vec4eIIJXJmO6RaPHUpPfLeYgurNxLVwd31yrtwRfsFX2x_dLAQaDoFEGMbardYEXKqb400BT50W1-96WqsF8kT9cVNS4K5o1J-gsy69IWgZNvf-XhDAABF24bxMevPalq3foAWj_zIm8P7ztAZHg6wv_OIXcskpK7aOakMuUhw9iFriTthSX4NbPSTnHLI-o_TDg4rJ95ofX4lyoCPcKI_949Fii4xWLb_w4XO5GV6jUqOOkdNf5f8FhEUFaDsNRFdkeMOSFgQcYw_2dgRYxp3yoyYkjHnaTupgaIvO9Cx_BSP-msha36H5ZQwmy4S6FBPOzq0nvFWjUCfRxywbEcZ2BznHxG1afIZ8re_gwPCwiCsrN5-hMAkeCSPOi-NguDRUGa0cerJrbqX1UyCGclRTfpgHJZlagLJTA1JySa2O9UnISKaKDiFQzRuqfCne8ShzJEKbGx4icPIYsJWm-eJdfoWo-t-EyEhRj7Wa4XYkQvBbAq2ja6djW8scXg463YrMS6KkRyouuoANhIBiWZnz8-BD_PGoQG8BMJb_hea2CcE3Jb1Yzar9tS6mmnCV26lX-0G1HA1ckednDNSTX2eNA0DGIYbpQWzD81TcPGitSw5rK7eq3lcCP9n_xJiorzFBJ1T2MSF18p0OHd0nASsyjhf_oCjYKf7waAMrohg4XZTi5XM72PwlDrO3oZq2RrFzYf2l1Qq9Cq1MZIP7FhasLuLPcFSw6LLXMid8QXNHkSvmQUHyq_yr5xbLjEUkqhFIyy0MhpqOHBTlDJkyXHjWy5q2BBt7gesekh1tV7RIfiot0C6dJaEFh2dSWY1geRMLAvNRDkfAYnJ6CPlYJCsIvRxuo5SdkrZXrTod19v_wuLnhACiLS0tDumAF0PEO80dluEvZ5o8INm8aCd2M2qki_agu0qeTYN2jDClhNcw7WxRZBfvu0h3SBm9hS-0HzEhaN5ZgQuEjojm5xQNaUyn5-Fgzkk9slAcylclPS9t9_jixhLXs7vY6QVY6tR-0kxzY5AI4ypO-oykAfc7PMVOr9-E2UDgfdziYdbYiiHK0frLc8XPsiZi2if3X0DOLCuS29tJwAbt6qecjTVCufVMwkReG-d_zxFvxVrmokEP6s1phN0xk831kXHsrvhkn1ITasJDxBFDlzhMw47WifTLwloqw8Av29e-wh2P-zGsQWo8yahhw3txpcZb3sXAptNgJ_pTB00-RPUYPddtcoe9gGgmUM7yGf9_YBd5cO9dbHkb4pscCtxp_FLJup4vNqh1D3xXkOpS5NXULQZooBV0dvxVM2Od8wPpwUC-FmPFEOOaLiEOMsmdbH3CBLQq7ZMIu7iDv87Mx0HbPro8kcuSgIFyHP0sQX8jVjBEVimmsF7LnqXoAWGTiOC5IxSXHHJXjxrN0L_CaJQ1rrNMypJAFWfZkkoxpv4iLYfXKpJC7zjYIJqR2D1bo_3nferfk6evFhyyoFp7dt2dDSL1SlwdlurJOfDV4G_Im9pIQUGO0n1A2lejkZ2CV0C8Ax6NJC5yM7fYED69GPM3CMkfyPMT3W32cdPDxrIrzdLaapQHJL3at-w&cid=CAQSTwDICaaNpgOrfU71kkbnNT9mTu9qXrypVOda2g4jjXv9Pk3uxIYeGneUrQmcmTEfRJFO-gCGD9N0O7EU2qdE3UviDww9q6pdSkBTNdf6TFkYAQ&dc_eid=31079495&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.ffxiah.com&ds=l&xdt=1&iif=1&cor=12998587517227973000&adk=1996670923&idt=68&cac=0&dtd=13

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

1a4f9dd13fb0ba2dbe11533f7cdd6aa423a3bc7c24e196ce4ceaf5c72de2ff16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38936
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 71D2 0
10 B 39ms
38ms Image
text/plain 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?fV6SyQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.16.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bl-in-f132.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:33 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9185 0
10 B 39ms
39ms Image
text/plain 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?EiCCpw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.16.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bl-in-f132.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:33 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame B1DF 120 KB
41 KB 40ms
39ms Script
text/javascript 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1692609877992151298/index.html?e=69&leftOffset=0&topOffset=0&c=E4LQdalPTp&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1692609877992151298/index.html?e=69&leftOffset=0&topOffset=0&c=E4LQdalPTp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 13:27:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55331
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 13:27:22 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 0121 172 KB
60 KB 39ms
39ms Script
text/javascript 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
Origin: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 13:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56437
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 13:08:56 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame 0121 11 KB
4 KB 38ms
37ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AFH9gWeKtU8sw4XKvrUN_8GQKvcZUXKXVUqtT0IvuI47Onn1521nN-k7-dndvgKQ2u8NdtnG_DbkRBFn0JoXUpYswDvL8YSSqwyegztxobRmGW-I1zLXe6hi9V_wUt-2g3be2rlh_H5HH5FxDV5dI_2Ud6jt-68y04hgHad4TCgry5yeY&cry=1&dbm_d=AKAmf-B8oIPfy76j6KjBM-SUCKWradgsxzk4yhVusAMQ23zzzs7Ygz7HNMpbibZfT3qQ3KJDG-yu2I6fh9uKCPRZvirivgM1z_YqQ59HsyTZtS-Vy1Eqj43ajuGV6OugQYfTQ0y4egnG6Kk5tSM5-qqC9G1jUT7doMQyg7JwQcJdswlRCI6saJ2d-0ULz61yNgwfzaeGPc0ryZwhiD6iTOa1c_HUD3LAGh8tCjNcuVNTdl4EZbgVpxWXwlT_UomNLGUkmWundxVSeextAvS9tUpt-MvC_2ugh2xnzDEYJj_Ae4yCeF737zrDL8_4hZh2ig6qyl3-4AeWYXooRHJxeMbln5Hmy69YPCgJduRF8WxH90pX_Q0k4epSBhiqOWAR8Wzh8lkJKsPJPg3ZjFL8QKoREq3QFFf0p-CV7jBlKXCU3QzG_vlB6oXokRBDMgja1cJqRhpajU_S0qlUY0Ee7GJK_dqqBsDL8yHUuUfOwiPiuY99ZIcXWO5Jlb1DqgkP6K_LCPI74gzDpHKZXaB7BBb8ppMpcDx_e5j-aB1o1_baB59buZvhrfjZgs1m0RmSaZhL2euqAEMMujVaibSHkhWCyiAvkD9m78LOFT9N0ih2dtQL1svRmtdfQDfpPtGSbAvlS0o9Ycc5jCCKrj-QcChM9_iP6ZmH4NAYzppD9kJT5zRFFw4w2boBk9oWwAoaBBVbyQU2ZFUrRzS5kU4Z86-ugvQqTXrTnxVENHV4ys5sOgj5XBwSkZabnC9Oxi1tMcwAJMJnnRlw0x6ALKJlvnX1vV3d_5rgcmN1NUcFYmIlOKOigzhjzHIfZiE-F95khJezCFztzHkMjWZbi5uLdculouWRTSq2h7CoB9jcFWooBSmdMBq5l6Tr5QcoVsBX4cIs5hZfaQJH3JL2DCBdMWSpcdFeUJiPX1KsqZE5fXeBRqRyKrRmmr35NWSwDIIahXqfNasaZ4Wb6e9wjWOiQcCp6t4V2882Zth_HRjhzSKhokorbWQoTrlLk3l3h7BqjgRR9UBtq9tbZH2t1wLwdIp24aDJeAVwZh33NJjihkxYbXpjoK-JQwqp1uj7Z2Ym1aMFWv--c2Ib8fyJdjKnadr6WRj03Jm6B6rJKitkZRJXCtPmF_vc_TOZFFiHBxXhTBcw3bHdnBGOGeNmIcyQ_uDsnbyRDFMr0o_erpWaeMFB3dj4mub8gRy5WkPuuT0jARyjAVztER8-Zbq9qmZYI6JEmnWsiGr72JjJDLMV4lRPd5nPgbD5OvwdSI_cbgtUUETpoTRRT95xoN8IypsEi-i0XiMoDse-Q4MnVW2Zjaw2hdklZ1h_wgflRRvQyJFu136J2PRLChsR2GRgk-4FAa_Lz058F2zgyKHsU_0qEyIlkSH2gAEWvO-FZIKNGYjZtvDkeAqWMF-8c9qNR32kHy7vtD3oHbNUjumhRsUNOX-LWrSbJH3_ksZcOhUyx0eRlWJNxZTaNjd_uyYsB15rQMHCie6wAKRU2hhzQ89BpNEkeQUTf8NYXWOXSUelkfJ_c9KCU7MVXWHyb7IaWsg7A6VK06EUUmDeLnw-LTxo1zp-TpClHG9mbjzaShfMbMP3MvdoF2pi58KiUVoO2CnDgyP05u9piMWzJh2BXxtRShzVqixSN35kYpQPsFsZm7HXZ5bs8FYqa-vXOU2aOYKgV6JEZKQCh6a2FatWaP8rq9XaRQmFqqJI3uACHMl_DsgO3lj4B84sJVufJwUxARp5judlFpKNoq-9btyxh7EkDL_z4cZkeV_EWD8cGzVOjq1qFOuM54t7Z8M-w5DG_LUOV8Jy68dfT6c8lLu6WXFCgiFs4Xl4xAYHm9wx8DSPe1wopgXLVn7mVQk9tWGR5sJcDq0FbidbSJ_5Z8QZowLuBttechxYPZAXzvQzHFQT1dFy8nV_n59Y_QDfgQ3pqWjy7kss41ePERzkREOQDHGLqS--RqiGMtdJQhbJhovKEPyp2ybNs2pZzdmrVuAlJHNQ7WRs00CtMlEsp4RXeYDdlwzBQR-fZnRwptJkLRoCoe8ynOh8hG7WYRWidOP10Dlu4p3R0pqn0S6-0joURmEkW9BYhYX1EEjX1aNLdopMKC2O6mKIc6Y5DZq_Q2rW92AAXLbykFLVwewS_CxhU9SZfohJeknK2Y5N9WsnLxid52yDH6bqGBETF0mWNWLjnjQZIO06lYqiJ-g8rrXHzIl5kR6PmgVE-wpFINO86ci7LO-btlw8Hvqdz9ddtvR967ZMf2kOtmKm7zEI79tCdvhbHO-oYtKCzJGXAQALo3AQ_zJ_6bngZWZ8iQKTzCeki1pg9x_ACTAZIBGwdvqbnTOqYPGulNBNWbIfSrhCqlim0wNVfAn8IXZgeahrgXYdbf1ZHFcqs_0GcOLG32Myip3YwrGRWb4Vec4eIIJXJmO6RaPHUpPfLeYgurNxLVwd31yrtwRfsFX2x_dLAQaDoFEGMbardYEXKqb400BT50W1-96WqsF8kT9cVNS4K5o1J-gsy69IWgZNvf-XhDAABF24bxMevPalq3foAWj_zIm8P7ztAZHg6wv_OIXcskpK7aOakMuUhw9iFriTthSX4NbPSTnHLI-o_TDg4rJ95ofX4lyoCPcKI_949Fii4xWLb_w4XO5GV6jUqOOkdNf5f8FhEUFaDsNRFdkeMOSFgQcYw_2dgRYxp3yoyYkjHnaTupgaIvO9Cx_BSP-msha36H5ZQwmy4S6FBPOzq0nvFWjUCfRxywbEcZ2BznHxG1afIZ8re_gwPCwiCsrN5-hMAkeCSPOi-NguDRUGa0cerJrbqX1UyCGclRTfpgHJZlagLJTA1JySa2O9UnISKaKDiFQzRuqfCne8ShzJEKbGx4icPIYsJWm-eJdfoWo-t-EyEhRj7Wa4XYkQvBbAq2ja6djW8scXg463YrMS6KkRyouuoANhIBiWZnz8-BD_PGoQG8BMJb_hea2CcE3Jb1Yzar9tS6mmnCV26lX-0G1HA1ckednDNSTX2eNA0DGIYbpQWzD81TcPGitSw5rK7eq3lcCP9n_xJiorzFBJ1T2MSF18p0OHd0nASsyjhf_oCjYKf7waAMrohg4XZTi5XM72PwlDrO3oZq2RrFzYf2l1Qq9Cq1MZIP7FhasLuLPcFSw6LLXMid8QXNHkSvmQUHyq_yr5xbLjEUkqhFIyy0MhpqOHBTlDJkyXHjWy5q2BBt7gesekh1tV7RIfiot0C6dJaEFh2dSWY1geRMLAvNRDkfAYnJ6CPlYJCsIvRxuo5SdkrZXrTod19v_wuLnhACiLS0tDumAF0PEO80dluEvZ5o8INm8aCd2M2qki_agu0qeTYN2jDClhNcw7WxRZBfvu0h3SBm9hS-0HzEhaN5ZgQuEjojm5xQNaUyn5-Fgzkk9slAcylclPS9t9_jixhLXs7vY6QVY6tR-0kxzY5AI4ypO-oykAfc7PMVOr9-E2UDgfdziYdbYiiHK0frLc8XPsiZi2if3X0DOLCuS29tJwAbt6qecjTVCufVMwkReG-d_zxFvxVrmokEP6s1phN0xk831kXHsrvhkn1ITasJDxBFDlzhMw47WifTLwloqw8Av29e-wh2P-zGsQWo8yahhw3txpcZb3sXAptNgJ_pTB00-RPUYPddtcoe9gGgmUM7yGf9_YBd5cO9dbHkb4pscCtxp_FLJup4vNqh1D3xXkOpS5NXULQZooBV0dvxVM2Od8wPpwUC-FmPFEOOaLiEOMsmdbH3CBLQq7ZMIu7iDv87Mx0HbPro8kcuSgIFyHP0sQX8jVjBEVimmsF7LnqXoAWGTiOC5IxSXHHJXjxrN0L_CaJQ1rrNMypJAFWfZkkoxpv4iLYfXKpJC7zjYIJqR2D1bo_3nferfk6evFhyyoFp7dt2dDSL1SlwdlurJOfDV4G_Im9pIQUGO0n1A2lejkZ2CV0C8Ax6NJC5yM7fYED69GPM3CMkfyPMT3W32cdPDxrIrzdLaapQHJL3at-w&cid=CAQSTwDICaaNpgOrfU71kkbnNT9mTu9qXrypVOda2g4jjXv9Pk3uxIYeGneUrQmcmTEfRJFO-gCGD9N0O7EU2qdE3UviDww9q6pdSkBTNdf6TFkYAQ&dc_eid=31079495&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.ffxiah.com&ds=l&xdt=1&iif=1&cor=12998587517227973000&adk=1996670923&idt=68&cac=0&dtd=13

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:57:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31912
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:57:41 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame 0121 31 KB
12 KB 38ms
37ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

43c9555701d17579571d962cfee37868f4769995820a96abf451623b0528c92c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 03:38:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4254
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11894
x-xss-protection: 0
server: cafe
etag: 8278194740845609983
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 03:38:39 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 0121 41 KB
14 KB 40ms
39ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 09:08:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 157240
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 09:08:53 GMT

GET
DATA 200
OK truncated
/ Frame 0121 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd54b5f834cae3e2013dcd1886bc42ff534dbba1f75a16126384464f1cb5cdf0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/1692609877992151298/ Frame B1DF 2 KB
2 KB 39ms
38ms Image
image/jpeg 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1692609877992151298/preload.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1692609877992151298/index.html?e=69&leftOffset=0&topOffset=0&c=E4LQdalPTp&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

c64bc40632fa695cc9d2625524e1708a17f7c331fab12a9cc46a78eddc362257

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1692609877992151298/index.html?e=69&leftOffset=0&topOffset=0&c=E4LQdalPTp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 09:48:15 GMT
x-content-type-options: nosniff
age: 68478
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2255
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:51:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Nov 2024 09:48:15 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 8F11 38 KB
13 KB 40ms
40ms Document
text/html 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 162289
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 07:44:44 GMT
expires: Thu, 28 Nov 2024 07:44:44 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/5757561835950501153/ Frame EE7E 87 KB
22 KB 48ms
48ms Document
text/html 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5757561835950501153/index.html?e=69&leftOffset=0&topOffset=0&c=Ws2fDvuSOc&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

4afbc2f86feea66d940fa671983bef7371793ef53bf1cc8dd98aa9cf861efc18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 04:49:33 GMT
expires: Sat, 30 Nov 2024 04:49:33 GMT
last-modified: Sat, 04 Nov 2023 18:30:33 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0121 0
0 64ms
63ms Fetch
image/gif 142.251.167.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvyt1U0wqUnqrwGk4XMsc0iVCFxDfYZ_vRfibRUAD-Mc-gsRbQ19NGeB4bNjGQhoT03S9G37ekJtmMhkNPFgQSkHdpD7QOwJk2JWFm2ufL7RqTTK69SP5ijbyGx8CZP3uiBeFtoQlSug7rIJfz3bf_wc_-OZPCqjV1S6W5EiYiZo9Z-pjUSYiaBcpgbCla-I1zCbLkGCjB4JULDJ_abwo4NDpIXveG91kcjkTJ7OD9_xuFrjCbwCh9-NWhcDPoK-U6KtHI4dVhdAMWmEzedcq710mU6Z6kzz5DFhnbd3it09cNqRICkGQMWFbISbMFZNWUibYX-hVQNH7gMYw6hDDUpSdWji5nnIIBkyuYy512IU25BB5ZStzr2hQRgXjfPy39wpnrgd6nKb6v5LvfkPem6fH73elPVg5bvQB3Xs_xH3ySTrJQ_G_70YU9hu3fqzSatuRk_l2Z2uyn-3Orrsp2_hx8sbNPATT8ZB55Gk4NytQlcTeXfALd8idyRGIglI8QMEH61wPGH4Z5QR2CiXeWSlDMRAlTx7N1vBCMfzjIVUJtMTAp_U3XP29t2EmwkzbsC9Be7nNdTh9m564duSDobtlxfq664wYR4IUJf0aTx8nthMLCs5UHHqer9qLYTX8Bo51b6maBDch7hSgSH60TJdvpQckFlXfDzj1EkeCVF3VVBOclylUNyG0yi9daFc2w9fOh9nkio1dfYRZNzfFlaDyTQGbLurWhkbpzIeUsGlUxUmJ0svbA1QonMj_yw6UCyOgPtP7OuLe4_lc8JLmZDzmTL7C94CWgUJZtnPjm-tdPSprPi_owNDiQfCz9jX9jxtoR_OMhrKec7d5jeWBoyTidxuabQUN3u6-Shzx9dhpOh1Zlj3lJHlHSECrr0HLkXDW8KWTp2VbjlSckOV8umSSleX8jCH_7nQIHwvKuDqDqe9KgPOWAgjpo3RVwTW6vpwOgFLOL4umR4pSe9koydt_UgF5IXeJ4WiiMi1URcBNTpIDFCmsmNo_FxB_mecgmt_sXz-N9-c6b01fjjjmGeDi_ZzpLiMtv9v5zS-iwdk6qxf29IWQcgZLtdSZdsGWmIK9BgwEpBDliip5tHfUeq0A1aEjcTlCcRQB_PGdXaxkFjc1xCOFl-mohaAjYSAvPqLbXOtN-Wnj0-O8eCUnCWPjMZRtXXawfMoQIZEMw6veuqaiMFagYpcfLs3PHbTbYFHSRrlqGxxPdK8AGgeFXb3AfrDRqRYS07cbsGI7PJSC09aW2gclVOONCxcNucwkGWc6_qACUSxf-XC77rdxcDrtOpU7g_yy7-gZpGGyWah3jI7BCeeptJNFF2ZcIHZaBgUdwN3MzuyxtqenexTuN65mceaR4&sai=AMfl-YSw0ib291QAhnS8zgUP7A-Q3nDR69_gd4fzY0QhQ_A_VD4e2oKMFFZN9ciG8-DcIxk7qKFRCoAJ-TWIWzVC9pg0dRE8PvMIKElfvwMxQsiRli7gKTyqS45tp8gB5Jd50aX7_xptoKM44lh2pxHmJdK9v5llOK7QTEf3Axr--IXBa5gC31H4zM1yntZuoKpEeuH86B_kF4pzc4bmatyHqYbxlEJWEzYz3b274rA4cculW78cqqKVtQEY8EV57Ufnr0isue2ZFf_QK9SFgMgOHtmaqEma4eXyEpLUUoJcRA&sig=Cg0ArKJSzO3YbDsnofRNEAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=103&cbvp=1&cstd=96&cisv=r20231129.12044&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B1DF 8 KB
6 KB 57ms
57ms XHR
application/json 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

e53529a0fabd0c58df5528e80dce6332e94fcdf153b0c2739edeee218310d22d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5834
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B5BE 0
0 56ms
55ms Fetch
image/gif 142.251.167.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsugJiBzSzoelK-Ix15hkIOm8LFO7Exg_DtNvprdCz4wm8tAeO-PqSnMfc8VTfQ-FtuX0ERt1XUb59fDdHinrmID1o5-Ors-zEfG-n7qf3BK2k6PMYeEphawhZasGuyjcwGaYmZMT6XD-SO82_JL5G3Y_HkUNUrP_-49cpwYjntVEZGfJlNmZVhbw8Fjp6hXsWLyiS4cwj6GAeuJuHhOCKzZBihVsIyTNN7AJsSBTD1Ae62fqUa58bCLH1dkeO3K02BiVpHsGIXcdJL-3JahHK9sEc7AoO8n5YmJPDRqEe7RELmhSEMfoQA4kOhnqRCAOgVtL9mXr1llkQvWj7vadXkPqtqKMW6h6Q57QlNn4nVa66VzS5OuNO0VVRArazBt4qYyrriy2xHuwFzcvrEIKJXD91QiIYr_NfAI2xGozGmEluFzFMksgZIvl1SplzUK30XA83iSdEz9eyUOBhf3hsr9LBYXKPwfp6Cq7ax_npd9dq0Cc-LNa5jTuCfkr7y2SXBHnS0i6BaPsxIhGf7H7cFGfNih6GhzQ84RLC9JC5Z821ML2FXYxiO0YDmHQIvrRDggfBqoMqdg_X4NQ8gjql7_3Y9KzvTAyFHvoW0YWuWg3C9jIbXQrde-qJ7IR5Vq3Wm5MgNoWuauWtOEkeoMOPyU3NqD2dpKpAWUHY1UPAVGHGD0YJrzIxRjqbWZiPb80EPIGHl1COWnMoHwlpSdzXU_OGuu2oj8zuSMVC7NU5gTn4ZINkvh1AsVS0IcO2RUAWKG4YTCrtLZYIjjnUvp0lJgT__6BAExExA0COVxhXtqzogM7v3BMoy9Fqp7pmXaXF3e5YuOS3CeRstUlLHrcaXSd-XP9DUOEnxBksfDGY5zJO6mDAT7JgTAlSi_2aRVd7A96fczbcBak8NGvuNK4ax1jmnEWzw7kZLcgsSSTZdj9035KBaBxw2beS-5AaDPYyEyEeklNTNgcoOr58C_seuEK03tC42FvlCXjRRktsveIqGZeHxTaguZlMgtdYBBi3Jz5uU8j0Uy_SAYj_6AkUzGR3TTnrCdh3VPbsCRYf0B5stUvQwyZk5dCfDE76SGyCuLEn3ccQCJpbhXG_GVjX9fMkXqiu9iMqVjGJspzbRHc5XEyKNFBdvs_c_Ouxr4KOQlKikWfueuJ6yjQYQvYkUzmJheVueo3y2G5nCOwTVP2vE0uxbZNEJQFGO0C0au_1sobasgcgWTxeDd5waisHzJCMfYGk5_K9YnnInTlyTq85VrOMAyihg-uneE-hImLhSfF4fgcHn0EYKZYcHimHtl81nf4hyIG2L21WKWDhtT2n1Md7miHsCyi966WdVAM9EY4hjRO6zk9xL3WyYjFQ&sai=AMfl-YRqy2M-0y8tP4Af67QTtqJ23dFVA5Y_7mR7xGwr1llMTb8tab6kjMQIvx_Xq6gyyRmP6riU67TZ2vXGAdyARVXgC66cgurGWed_0vRCQKV0GE1zav7JlJKNkhoCkv6B1WaEBx9SAK-2McFpIqEFCoedkacQS5UeqRILyaWbdE3aHniQNyxtPSXuHONNBC3R9LfbMWOXHdN4XOHSr1WfOfYdX70I4a_50HtQosQ3ttKRDm0LQl6A0bTLS_fPfKOUscztxnwvZfZQ-zV977i-xc_bOsrnmfU29zCt9g&sig=Cg0ArKJSzPEVuhlf_OopEAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=560&vt=11&dtpt=351&dett=3&cstd=196&cisv=r20231129.81771&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/1692609877992151298/ Frame B1DF 2 KB
2 KB 38ms
38ms Image
image/jpeg 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1692609877992151298/preload.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

c64bc40632fa695cc9d2625524e1708a17f7c331fab12a9cc46a78eddc362257

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1692609877992151298/index.html?e=69&leftOffset=0&topOffset=0&c=E4LQdalPTp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 09:48:15 GMT
x-content-type-options: nosniff
age: 68478
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2255
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:51:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Nov 2024 09:48:15 GMT

GET
H3 200 replay.png
s0.2mdn.net/sadbundle/1692609877992151298/ Frame B1DF 457 B
484 B 39ms
38ms Image
image/png 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1692609877992151298/replay.png

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

c4701179c17827a7d417dbc7d9a40cdd6fbb0112d29e90b822bbf5b2a33d63af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1692609877992151298/index.html?e=69&leftOffset=0&topOffset=0&c=E4LQdalPTp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 14:15:42 GMT
x-content-type-options: nosniff
age: 52431
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 457
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:51:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Nov 2024 14:15:42 GMT

GET
H3 200 poster.jpg
s0.2mdn.net/sadbundle/1692609877992151298/ Frame B1DF 22 KB
22 KB 40ms
39ms Image
image/jpeg 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1692609877992151298/poster.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

8e48fc150837e34593b0b9b8a28e083ff20662e87d8f3f813887c62b82a50193

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1692609877992151298/index.html?e=69&leftOffset=0&topOffset=0&c=E4LQdalPTp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 13:08:57 GMT
x-content-type-options: nosniff
age: 574836
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22928
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:51:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 23 Nov 2024 13:08:57 GMT

GET
H/1.1

206
Partial Content

file.mp4
r3---sn-tt1e7nls.c.2mdn.net/videoplayback/id/41f3ef6e225da1c2/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942172/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame B1DF
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/41f3ef6e225da1c2/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942172/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signat...
https://r3---sn-tt1e7nls.c.2mdn.net/videoplayback/id/41f3ef6e225da1c2/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942172/sparams/acao,ctier,expire,id,ip,ipbits,itag...

260 KB
261 KB

77ms
20ms

Media
video/mp4

74.125.0.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-tt1e7nls.c.2mdn.net/videoplayback/id/41f3ef6e225da1c2/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942172/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/12CFFC59EC5287A28AB31D84A4CFAFF30F7F1EF5.7901C0540F309719A8195E99103B0EEFEEB25C12/key/cms1/cms_redirect/yes/mh/ZG/mip/153.92.40.66/mm/42/mn/sn-tt1e7nls/ms/onc/mt/1701405869/mv/m/mvi/3/pl/25/file/file.mp4

Protocol

HTTP/1.1

Server

74.125.0.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yyz10s23-in-f8.1e100.net

Software

gvs 1.0 /

Resource Hash

a7f981f4089eaac7c16f9da4e5f98c022587ea718246ff26432d082372355147

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 06 Nov 2023 23:51:56 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-266469/266470
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 266470
Expires: Fri, 01 Dec 2023 04:49:33 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r3---sn-tt1e7nls.c.2mdn.net/videoplayback/id/41f3ef6e225da1c2/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942172/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/12CFFC59EC5287A28AB31D84A4CFAFF30F7F1EF5.7901C0540F309719A8195E99103B0EEFEEB25C12/key/cms1/cms_redirect/yes/mh/ZG/mip/153.92.40.66/mm/42/mn/sn-tt1e7nls/ms/onc/mt/1701405869/mv/m/mvi/3/pl/25/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 641
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame EE7E 120 KB
41 KB 39ms
39ms Script
text/javascript 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5757561835950501153/index.html?e=69&leftOffset=0&topOffset=0&c=Ws2fDvuSOc&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5757561835950501153/index.html?e=69&leftOffset=0&topOffset=0&c=Ws2fDvuSOc&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 13:27:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55331
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 13:27:22 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 8F11 39 KB
15 KB 38ms
37ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 00:47:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 00:47:04 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B1DF 17 KB
6 KB 42ms
42ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 04:49:33 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B73 0
20 B 63ms
63ms Image
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BwJmU3GVpZeH4N5qyoPMP7ZeQkAUAAAAAOAHgBAI&bg=!dnWldTrNAAY3kmNgF5I7ADQBe5WfOJa3QDZy8Lew38bjf3gZHsN9a-jGuqw8Al56gDTHPIe19l2RW9qRjrt51WmixlQOAgAAANlSAAAAA2gBB5kDIYOsY-j0q4UytekiLZh7vP5sHCEZyfAskBmZFInd0FFsjTRTB23njvVAhKYVScR_fsYblwPdQJRT3bCP_s4rIKyT7DQAb2emC1wgbj37x6E0_CcBTg9uqENxtdy3YVB1n8oZ0xY9vnMa0nBCWIfMkbVZ41GK8fWb3Z-i0uILtyhaJTqLa_YDKjts-OyNfVIw7jLBlNRjXuj8UvcFijPnSPgtDyMIgNdoDRrWxracR4YQLRZEyPsyis-0BwA2Um0PImXQe26AY9ImUKVCNFVmywuTuI9TYLTBZIhReRvHLh85IK3dxpY3XPix1jzdRrkC2JEIpa7JUX3JewQAw3pwRSUbzLCXaYYmbIYKPg3nt5632styEH4dGk5dzvUgtrtIH0DRwk3e6wSsCzCvtiib3pl8B6OpEnH2aQjucbxZ4Tr7_o_cQjp3oznn7mUgXVSuRIcnqq2XelHcYOS-z9Z03sWX7ZfVzlGkM1Fgeee1hgUv84kT3R4qUmCVUs_g1Ohy5HjGpVxnhp4uLcNPDGS8aGkU_lFXX6GvNuArE7xEcPU42LUE8MyXqvVgdDzcvciCDJDdlg2qRGOGTK-tvdwGzlu52Y2JRo2uyoXuqJ6lbjPqjIsJ6Spss_E_-XMeJN4o6tQVO7w6FdECQLFPwKSt3ZH3h0xGBrj_mmm1Cqn5ZV_k7-Y2Zj0Lq2t2qyih0AJVY2I-7vzNo6J5MqdHk6cZ5ro3Ee2QQ5qLBdmzYM7XHZO3yjapx1xBIdBE5UOf8NbuLcJQp-AeJ9Clz804v6VRlO3X4ETY7lXKH0SOfU_jEFh0d3MO7IEYJYvn_78hwwlBvACgkKN7P2zOc27PiUMApyD3j56kpeM9rldH1f3yTV3ahB8nkuUfRzb4Y9y9qBAXmuZgtlP16ysUd3M-rHzTmDladLas1WzM_L_e5Nd4oD7E1QD5If6LWr5M41Xg6PRu-npMIebIw8PHtCFKEDAcNKsevFDHLnBln0dvt39N6h-EjO52qO2Mm7FVOxdukVS1e6uL_bzYrm_EgmOOanWj-Gy8v6IkjjjAn_J3Y4h8kFcGYw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame B1DF 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 replay.png
s0.2mdn.net/sadbundle/1692609877992151298/ Frame B1DF 457 B
484 B 40ms
40ms Image
image/png 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1692609877992151298/replay.png

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

c4701179c17827a7d417dbc7d9a40cdd6fbb0112d29e90b822bbf5b2a33d63af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1692609877992151298/index.html?e=69&leftOffset=0&topOffset=0&c=E4LQdalPTp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 14:15:42 GMT
x-content-type-options: nosniff
age: 52431
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 457
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:51:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Nov 2024 14:15:42 GMT

GET
H3 200 prod_studio_01_250_videomodule.js Show response
s0.2mdn.net/879366/ Frame B1DF 13 KB
5 KB 39ms
38ms Script
text/javascript 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_250_videomodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1692609877992151298/index.html?e=69&leftOffset=0&topOffset=0&c=E4LQdalPTp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 13:27:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55331
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4955
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 13:27:22 GMT

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/5757561835950501153/ Frame EE7E 2 KB
3 KB 39ms
39ms Image
image/jpeg 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5757561835950501153/preload.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5757561835950501153/index.html?e=69&leftOffset=0&topOffset=0&c=Ws2fDvuSOc&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

6c69a4b26de0151dc5a9ed26766a4f9dacfd5df6522c2c757145e3a0de22bad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5757561835950501153/index.html?e=69&leftOffset=0&topOffset=0&c=Ws2fDvuSOc&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:02:28 GMT
x-content-type-options: nosniff
age: 121625
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2540
x-xss-protection: 0
last-modified: Sat, 04 Nov 2023 18:30:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Nov 2024 19:02:28 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 492E 39 KB
15 KB 38ms
37ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 00:47:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 00:47:04 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0121 0
0 56ms
56ms Fetch
image/gif 142.251.167.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvyt1U0wqUnqrwGk4XMsc0iVCFxDfYZ_vRfibRUAD-Mc-gsRbQ19NGeB4bNjGQhoT03S9G37ekJtmMhkNPFgQSkHdpD7QOwJk2JWFm2ufL7RqTTK69SP5ijbyGx8CZP3uiBeFtoQlSug7rIJfz3bf_wc_-OZPCqjV1S6W5EiYiZo9Z-pjUSYiaBcpgbCla-I1zCbLkGCjB4JULDJ_abwo4NDpIXveG91kcjkTJ7OD9_xuFrjCbwCh9-NWhcDPoK-U6KtHI4dVhdAMWmEzedcq710mU6Z6kzz5DFhnbd3it09cNqRICkGQMWFbISbMFZNWUibYX-hVQNH7gMYw6hDDUpSdWji5nnIIBkyuYy512IU25BB5ZStzr2hQRgXjfPy39wpnrgd6nKb6v5LvfkPem6fH73elPVg5bvQB3Xs_xH3ySTrJQ_G_70YU9hu3fqzSatuRk_l2Z2uyn-3Orrsp2_hx8sbNPATT8ZB55Gk4NytQlcTeXfALd8idyRGIglI8QMEH61wPGH4Z5QR2CiXeWSlDMRAlTx7N1vBCMfzjIVUJtMTAp_U3XP29t2EmwkzbsC9Be7nNdTh9m564duSDobtlxfq664wYR4IUJf0aTx8nthMLCs5UHHqer9qLYTX8Bo51b6maBDch7hSgSH60TJdvpQckFlXfDzj1EkeCVF3VVBOclylUNyG0yi9daFc2w9fOh9nkio1dfYRZNzfFlaDyTQGbLurWhkbpzIeUsGlUxUmJ0svbA1QonMj_yw6UCyOgPtP7OuLe4_lc8JLmZDzmTL7C94CWgUJZtnPjm-tdPSprPi_owNDiQfCz9jX9jxtoR_OMhrKec7d5jeWBoyTidxuabQUN3u6-Shzx9dhpOh1Zlj3lJHlHSECrr0HLkXDW8KWTp2VbjlSckOV8umSSleX8jCH_7nQIHwvKuDqDqe9KgPOWAgjpo3RVwTW6vpwOgFLOL4umR4pSe9koydt_UgF5IXeJ4WiiMi1URcBNTpIDFCmsmNo_FxB_mecgmt_sXz-N9-c6b01fjjjmGeDi_ZzpLiMtv9v5zS-iwdk6qxf29IWQcgZLtdSZdsGWmIK9BgwEpBDliip5tHfUeq0A1aEjcTlCcRQB_PGdXaxkFjc1xCOFl-mohaAjYSAvPqLbXOtN-Wnj0-O8eCUnCWPjMZRtXXawfMoQIZEMw6veuqaiMFagYpcfLs3PHbTbYFHSRrlqGxxPdK8AGgeFXb3AfrDRqRYS07cbsGI7PJSC09aW2gclVOONCxcNucwkGWc6_qACUSxf-XC77rdxcDrtOpU7g_yy7-gZpGGyWah3jI7BCeeptJNFF2ZcIHZaBgUdwN3MzuyxtqenexTuN65mceaR4&sai=AMfl-YSw0ib291QAhnS8zgUP7A-Q3nDR69_gd4fzY0QhQ_A_VD4e2oKMFFZN9ciG8-DcIxk7qKFRCoAJ-TWIWzVC9pg0dRE8PvMIKElfvwMxQsiRli7gKTyqS45tp8gB5Jd50aX7_xptoKM44lh2pxHmJdK9v5llOK7QTEf3Axr--IXBa5gC31H4zM1yntZuoKpEeuH86B_kF4pzc4bmatyHqYbxlEJWEzYz3b274rA4cculW78cqqKVtQEY8EV57Ufnr0isue2ZFf_QK9SFgMgOHtmaqEma4eXyEpLUUoJcRA&sig=Cg0ArKJSzO3YbDsnofRNEAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=288&vt=11&dtpt=185&dett=3&cstd=96&cisv=r20231129.12044&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EE7E 8 KB
6 KB 57ms
57ms XHR
application/json 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

43bf91443039ae125eae5e45bfecdb2cc18cd344e2ca600a42606e3c037b86e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5909
x-xss-protection: 0

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/5757561835950501153/ Frame EE7E 2 KB
3 KB 38ms
38ms Image
image/jpeg 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5757561835950501153/preload.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

6c69a4b26de0151dc5a9ed26766a4f9dacfd5df6522c2c757145e3a0de22bad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5757561835950501153/index.html?e=69&leftOffset=0&topOffset=0&c=Ws2fDvuSOc&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:02:28 GMT
x-content-type-options: nosniff
age: 121625
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2540
x-xss-protection: 0
last-modified: Sat, 04 Nov 2023 18:30:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Nov 2024 19:02:28 GMT

GET
H3 200 replay.png
s0.2mdn.net/sadbundle/5757561835950501153/ Frame EE7E 495 B
522 B 39ms
39ms Image
image/png 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5757561835950501153/replay.png

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

3a885ae8bc493ef43773599589eb12042f1b26b3274db161945da334d0b05a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5757561835950501153/index.html?e=69&leftOffset=0&topOffset=0&c=Ws2fDvuSOc&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:56:02 GMT
x-content-type-options: nosniff
age: 17611
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 495
x-xss-protection: 0
last-modified: Sat, 04 Nov 2023 18:30:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Nov 2024 23:56:02 GMT

GET
H3 200 poster.jpg
s0.2mdn.net/sadbundle/5757561835950501153/ Frame EE7E 30 KB
30 KB 39ms
39ms Image
image/jpeg 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5757561835950501153/poster.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

1edf7dc0737a36192490dd03d90ae4933468d95562b7eb9bb0dc4aacf4adf651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5757561835950501153/index.html?e=69&leftOffset=0&topOffset=0&c=Ws2fDvuSOc&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 11:44:22 GMT
x-content-type-options: nosniff
age: 493511
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31092
x-xss-protection: 0
last-modified: Sat, 04 Nov 2023 18:30:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 24 Nov 2024 11:44:22 GMT

GET
H/1.1

206
Partial Content

file.mp4
r5---sn-tt1e7nls.c.2mdn.net/videoplayback/id/64eecf67e1a93b98/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942173/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame EE7E
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/64eecf67e1a93b98/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942173/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signat...
https://r5---sn-tt1e7nls.c.2mdn.net/videoplayback/id/64eecf67e1a93b98/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942173/sparams/acao,ctier,expire,id,ip,ipbits,itag...

236 KB
237 KB

92ms
20ms

Media
video/mp4

74.125.0.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r5---sn-tt1e7nls.c.2mdn.net/videoplayback/id/64eecf67e1a93b98/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942173/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/28A092BDAE4DA5A8D3A8F30D10B5E2FA6CB12D6E.4D33E473F4493B7D891C84CF9700AF452E115A7A/key/cms1/cms_redirect/yes/mh/sD/mip/153.92.40.66/mm/42/mn/sn-tt1e7nls/ms/onc/mt/1701405869/mv/m/mvi/5/pl/25/file/file.mp4

Protocol

HTTP/1.1

Server

74.125.0.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yyz10s23-in-f10.1e100.net

Software

gvs 1.0 /

Resource Hash

f3af3f9e202230bfd5ec6fd22da12754af83b5e7d1d37fe9a50d168426351c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 04:49:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 04 Nov 2023 18:30:47 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-241735/241736
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 241736
Expires: Fri, 01 Dec 2023 04:49:33 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r5---sn-tt1e7nls.c.2mdn.net/videoplayback/id/64eecf67e1a93b98/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732942173/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/28A092BDAE4DA5A8D3A8F30D10B5E2FA6CB12D6E.4D33E473F4493B7D891C84CF9700AF452E115A7A/key/cms1/cms_redirect/yes/mh/sD/mip/153.92.40.66/mm/42/mn/sn-tt1e7nls/ms/onc/mt/1701405869/mv/m/mvi/5/pl/25/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 641
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 prod_studio_01_250_videomodule.js Show response
s0.2mdn.net/879366/ Frame EE7E 13 KB
5 KB 39ms
39ms Script
text/javascript 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_250_videomodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

sffe /

Resource Hash

03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5757561835950501153/index.html?e=69&leftOffset=0&topOffset=0&c=Ws2fDvuSOc&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 13:27:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55331
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4955
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 13:27:22 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EE7E 17 KB
6 KB 41ms
41ms Script
text/javascript 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:49:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 04:49:33 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F11 0
20 B 63ms
63ms Image
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BnDUU3WVpZa-ME-qFoPMP6cmYwAwAAAAAOAHgBAI&bg=!V1SlVBvNAAY3kmNgF5I7ADQBe5WfOJM97t1hWnq8qPf7won8HpzigW0kW0uSHVsfMbhR4wKfp9Sr43_U6TlK_ryRa7v2AgAAAHdSAAAAA2gBB5kDGF81_QmNMJbwlvmk17_6lbZ3v4N521hqBALUGGFrG13pFA71UTdFDgkI9rha85d5NXoJ6o5t7HpcW8BMqC3zvUZyTtzrZoLPzHpdXuygrndt-uEb1Sh-eg-pWDnyjskpHgbzvlNvQTxk10-ABdGK4cYwjptFS3YeFO9bGIJjlLOUNTJFX8ZxQkP_bNqEAXJf7KQY3yv08YB31WTC5CqegAeU33ujZ6a_K2lzus_PmFBH5nTqwIXira5kWyc0B-wjCuTkEKJ90Dtk-sGwCkU_Y8cpkZHAwsqxHta0xdnm-GstlbT6DTRNRHCL_PsCDrZZaDojKzLB0rs6UX8IIdMONFtJxsmCUzjq5n97N3oZsXE6fgXBd4lGvur45zLwyHIegjZB-sOYOncGctO_oNXY_lhhoCQCWrCWNczY827h4J7_4S0ev9RTZxj7ZzjPyVPXY-z5KWkU7MhBMh0wyPl7HuUwy4d3n9tC3gd7yOJbL8BlU6nW79EhdpqBJPNIr5U3om4uVRg_FHhe5y2dicth9n-mBlxZVWs6DrBoAvTIr1z17d808765iRsaswSQgzzLmBE5JN0VPYsO0zAgAdULAskKj4Qwxiu6-mUxsLPVOREptfoTaZHY711pStaugXMpV_zhicYc49idUugHpyetUFQ0RXP0OtinKScIKQUVwyB7qnBj_vPYn5WtGs47b4VY64BOojO--q385YkbeJWsUFQnu4Z2C93juqhwQtWvNgpWBzGQ5vejLQj-rtlvuEu8eaanxZJOYPSjW4WKCmy6rnjxe6Eq59QhtaAGqvGIb2X-WgdfCNI5kUtuK8KlShVtWJPKs9mwnMGuvax-XQe_LjBdkDgtch9kgrqMsFkdskkrJhjjxwaxXqUl2Q7PWz7HWeTXDzDCyO9uzTmVyzIlim1MKoqrqiZLFLV8xbNi5lasNwzjCisnmHd9GTB2vuYxCmELahXMFhyAqtGk_2U7g0jVH8ZXlb5AXPOBCzep2W9rpmaniPsFIv3lEGEc17x2k-pCK-ZvhBHS_cyXiklN7D-5004e_7i1sQ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI4da49LftggMVGhloCB3tCwRSEAAYACCsgathQhMI1pmb9LftggMV79IoBR0rIwzk;dc_eps=AHas8cBqUuA1JDNDRBFrWf3uNwmP7pWz6WO73jgaEv-HeK9ian_BewuAty5Sw2M2jMOablJq7Roz;met=1;&timestamp=1701406173845;eid1=87...
ade.googlesyndication.com/ddm/activity/ Frame B5BE 42 B
173 B 67ms
65ms Image
image/gif 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI4da49LftggMVGhloCB3tCwRSEAAYACCsgathQhMI1pmb9LftggMV79IoBR0rIwzk;dc_eps=AHas8cBqUuA1JDNDRBFrWf3uNwmP7pWz6WO73jgaEv-HeK9ian_BewuAty5Sw2M2jMOablJq7Roz;met=1;&timestamp=1701406173845;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 4981 39 KB
15 KB 38ms
38ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 00:47:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 00:47:04 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C53A 0
0 64ms
63ms Image
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202311150101&jk=2650679493355731&bg=!KyilKGfNAAY3kmNgF5I7ADQBe5WfOGWTHoN11xzIcmg5iXIr2ind_qzK7ZWL7560feOMmRKYZB6E7y-gv66drFa5R8ZkAgAAATZSAAAAA2gBBwoAIcnolnqcCf046MB7Y6f6ZSfiSSdYa2m8eLE7Bfcnqc0X9JkCvEWUsPfpXCxfObKOZ1zHuUdc_4C-zudkHljr27B3G_d_7aLfXjC70q4XkraWBOjA2HyC0j7AR-wjPJA6USJ2DDnHGWaTipxS5a14J3yH3wYP0Oj5j89NniM5qVxWrGOnQGiguQTJJm_E2lDjOCKwB7GN3lNGw6acZEfwYrufws7hmuTMBQXBgpWcOE8PRwkY-TCwxgrLMoK1DN_0L4HZLtBtmFUMXOI36iczbzjFXnzZ1HESzoj8WLn2ccwepHGaCDgMHNsJTeJfqBb-nDWifL-nIFnP-qHmW8BPXbqI5h_gHL2nHkP47BxIhRw_Zr51iRxe-7EDHZCX97R5yniysP0lLJ4HSC_cfk_XHzhN16r9XBs-q9ggtM7bLnr1u5lTV7GNBeaMprDOBJ7F6h8030ilszbsc6gHXgnDiei7ihSxvpEUtpoQSbhrgPRtKIOdsE9Hog_V5w_kwlKhouMtEi45Je12l_uvjFpKeIcToo3Nb4JkdCEXSFCEwKWHIHRtR0pOi7lZhZnidUEeVDxKkpXWd9dTOvU8xbMt8SMO5Ogy60uNo3kEe2DtSCobxdKplgKs8GbeRnKjX-3axPdZWTUT0Tzfe6u6n7IZTzzKpNr5TSbOIJpdh2sN8WvHdqYDBEMWtx5kNMmWJBvz0I6u_bCiDzBLpkRswhjLjJFnjTHwlHXOu1LdKjTa8fbNGJgQ9pEkUkE_246ERBRtkOVDsaiifBCrKdCubQkz_2Qn3K3m_mOyIfvp8aZyiq4yG6vYNUUZ30SzS6DnFimAFapKOYP9p0ULBXnmvdPT0--XVNWnPnGrJXEGeG1L3vwgXlNJIeIUrIbaThTHtQL1kWgUxHYZRfXwkrFipT16G7Kgti-NUm_0mOQAd4dMx5JXk7pwCiKotu2lspy6iN3TGZvWaA0-RGbg1CnA47lDIgs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.16.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bl-in-f157.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 200 dc_oe=ChMI7-7Q9LftggMV6gJoCB3pJAbIEAAYACDCoNFhQhMI9qec9LftggMV8dIoBR3h-w0P;dc_eps=AHas8cDDusQoQwv55uy8wllNYG6RhuRUsfZGw5PmiHHCCO3zTGiXztN5oPZkEeX6ko59_lOMAWIg;met=1;&timestamp=1701406173962;eid1=87...
ade.googlesyndication.com/ddm/activity/ Frame 0121 42 B
63 B 66ms
66ms Image
image/gif 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI7-7Q9LftggMV6gJoCB3pJAbIEAAYACDCoNFhQhMI9qec9LftggMV8dIoBR3h-w0P;dc_eps=AHas8cDDusQoQwv55uy8wllNYG6RhuRUsfZGw5PmiHHCCO3zTGiXztN5oPZkEeX6ko59_lOMAWIg;met=1;&timestamp=1701406173962;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A07F 0
0 63ms
62ms Image
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202311150101&jk=1058168004151596&bg=!UVKlUh3NAAY3kmNgF5I7ADQBe5WfOOOZgChXnOznwQIQVBD0qsu8gi_VXK1GFRsIxfgTWC3YKA0yPbhWkP7A9OdoVsKLAgAAATNSAAAAAmgBBwoAQZo0onl2UlggpBkPQlhyMAd3Yb-Qw7x2U6cCMgSd1JoEuKhhVoHCUCrV5u8X995d9O6V9yNFRN_RS05Vp7KYG-MgmQLP49eFpfec6TN8jS63X2G7AVVKSoA3r82oLdU8YqbyhzlCizv5dXn1h1GJQiqjWg-rdaCndh6WLExgT9fRvFPH2lm33Zp5VDy_2MQqSkiO0gDhzCLfBWBPcnxN0MptxcNaWLQ5OoBDb1cRHfzfpjs3EYpBNGJN-s1eYCQ9gNcL6WpIlFs21H_QBlgAWPfvV-qupJXCO5yWbkcFkrg5WUpL7Qa8ub1N3Pnkx7mTL-PY3U-_rZcYK1GneiTEXQHtxMuIRlnNPw3aytzKKnub8uw_XqDsc63-x6jqQwFhzKws4xKgzo3tXsmsDa1LCMvsKebDDEls6npHPf02hnzPjdictDaN2tDQXNeScBv3VZXs8jqmkAY7GGPsHnd59IFM6vMB-nWaLeNSvqGH_MSB2gA1fYZ0jZrBlzhNdvqNssJDgsI2qA29OpWpErfbLAvrYastBID0TrRoaGHLoDGPnY_o0f0Sbq_LVRixCYsBFNeX_GepjVtsRYvOmdKZn42B0HJPJmOLVrQ7fOYzR8VzRHkE2uPeFyqiLrZ79MTCZNNH7BJrpfCKSzeRtBBD3gqBIFLDn0Gc0dfbq5W7AVg4dKfdHx6W-jvDTHdG5bn0BC8bff06-Q8TikQq-JlK_OFldAyD_eciCa_7dyj0rIKCuhR8zvw9NYTv6xhUfXlZ8iJsAj6Vs_W9Cco1GtAGYa0w6A9OMFnSu7qVKkLFdMne5xmUbEsgGSDZOc9qcQfvFRv5v7eSZQqcmNALhTFd-FLQkgosapOqqkd_0C62U4YHgy6zlmMf0AA_g0Y3N_K6H82ougFi0AYNhY2oG6eRgR8P0QFT52djL8hLrPFGfwM6x9lp7Higr_ddhQUuRvlLNDaQGQxeH8rJWAp4RZdav4mu25gY9rwM8rk0Tf3o0IKC2a12y78zaZuZmO33MRUZsVwh2Wz5uKRfGFl9r3m1HSgV4UQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.16.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bl-in-f157.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B5BE 42 B
64 B 66ms
66ms Fetch
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstSC5eZU0p59l7Zi-3Led6czWRVkfURLjDyEkPT1r1qjSkDbVvpFA7HlkKvqMAXRHKqEDwgMBVeY4LhqFEgt9F_NV58FHUTa5nBjjsOWjoMdKn2tTl9QxoqJQVCAs4pU4qLImb6ZB7x2w&sai=AMfl-YTszlKEiFGFWeBIqEUNtpMFn7VTHZSLnYLo9B1CgBmt_XeUFIynp37Py6hrKChLtDFKg45DDxM3y6TkemuX2Yrm0tzgTjmVpOzQHKjAZd4jg_ALPMn_DhCjljQIYFT9cjD2zitJN5uQUluSeMVehZI7OXyrf-PiXac&sig=Cg0ArKJSzNhG6dXMMUVoEAE&cid=CAQSTgDICaaNaPa51vLV5Nd8yT3NC6M9dxnSiJbrK5SVjXSVpjNH-G2zt_8MvkSu5hgzATuWouj6tH3gvXWqu4qkYPCJRSB0NBFORCAyBHkjNhgB&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231129&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1741596969&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701406172647&rpt=397&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0121 42 B
64 B 68ms
67ms Fetch
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstRndOZKJdvnGVmIZP2shL9-MO5d4vj35uxYnrVHP1OnQ8pBNf5MIUqqB0w6dUN8w1gif3QKnMJ1p0KFsAQNKjZjQTG9m8lF5pgf7GaaI1DCeG-YpFGVVpzt1riFDvLu2X3aw0ZD56mLQ&sai=AMfl-YQdAzmBfXLr0cwzSHm7o7kB0bamg6MYDaaWWqpihgPF4-phhVDdC2Y3WClikLFrKPSeHMwl4VI22tKA6cQwstSkRT4HUZy4Xfj_jrXbSuGyN8xHnqntFQC9pjFy0BhSfbLCXJdzft-ndpC0PlF3qgYBwGtSkIAUZRqd&sig=Cg0ArKJSzJPS86UaoXmKEAE&cid=CAQSTwDICaaNpgOrfU71kkbnNT9mTu9qXrypVOda2g4jjXv9Pk3uxIYeGneUrQmcmTEfRJFO-gCGD9N0O7EU2qdE3UviDww9q6pdSkBTNdf6TFkYAQ&id=lidar2&mcvt=1000&p=0,119,40,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231129&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4037978123&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701406173067&rpt=405&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B5BE 0
20 B 62ms
62ms Ping
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6957408531763&version=m202309260101&ct=119&x=1&cor=8643179181922922000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0121 0
20 B 63ms
62ms Ping
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7296450219393&version=m202309260101&ct=119&x=1&cor=12998587517227973000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 04:49:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.ffxiah.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: hq71ah947dfepihesu5s02r7lf
.doubleclick.net/	1970-01-21 02:12:46	Name: IDE Value: AHWqTUluPHpiKk0ENEQhaHT3WQ7gW-966IQRQDAitiFTG2rPVgmKaOtS5E80PFfq
.casalemedia.com/	1970-01-21 01:22:22	Name: CMID Value: ZWll3OhuUVZ8yzGXOyg3ewAA
.casalemedia.com/	1970-01-20 18:46:22	Name: CMPS Value: 1450
.casalemedia.com/	1970-01-20 18:46:22	Name: CMPRO Value: 1450
.doubleclick.net/	1970-01-20 20:55:58	Name: APC Value: AfxxVi7V_VWmwESWFi1460EhwWJlRBkfkp_TnKT89E-sMQQc2-uV8A
.adnxs.com/	1970-01-20 18:46:22	Name: uuid2 Value: 4078657300174475081
.ffxiah.com/	1970-01-21 01:58:22	Name: __gads Value: ID=f67b1041c3a0e296:T=1701406172:RT=1701406172:S=ALNI_MYRfosVnNGcgQ2NKo3uplQkgobMtg
.ffxiah.com/	1970-01-21 01:58:22	Name: __gpi Value: UID=00000da4f3346156:T=1701406172:RT=1701406172:S=ALNI_Mawa7Jj15JX_oHdWRIeCuS_b5qJHg
.adnxs.com/	1970-01-20 18:46:22	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTuv[Zh]!]tcV8i_iqf!oN/@E'zz<Z0QMx=jGw5c3-('Grso5le_/X!w__vzAhZoJTzTD._PlZ[C[-kX-7JDt'

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8030b8effc9f0104a9061cb7425f7baf.safeframe.googlesyndication.com
a0ace725e2640db47d02e894e704e732.safeframe.googlesyndication.com
ade.googlesyndication.com
ads.ffxiah.com
ajax.googleapis.com
cdn-b2.ffxipro.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
r3---sn-tt1e7nls.c.2mdn.net
r5---sn-tt1e7nls.c.2mdn.net
s0.2mdn.net
securepubads.g.doubleclick.net
static.ffxiah.com
tpc.googlesyndication.com
www.ffxiah.com
www.google.com
www.googletagservices.com
104.21.33.198
142.251.16.132
142.251.16.157
142.251.16.99
142.251.167.156
158.69.250.98
172.253.122.100
172.253.122.155
172.253.62.132
172.253.62.148
172.253.63.155
172.253.63.95
172.64.151.101
68.67.179.87
74.125.0.40
74.125.0.42
03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d
09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
117d4b2f7a60f95417e38a06a7579164258b72be6ed701e7b75d39d6ce5d0879
12e2b54e646b8aaa809adc2022cf17c2c16874b9a60b4e412cd572cd38e5cc2d
13d6dd6c88a3946b2d95cb67eca016a25253d0b54a6fd2da9de03d5a0877de9a
168000b77c1c0a48920d1bf454369c68e6b4eb4a250bd9bcb3ed8c121c75217a
1a2be098a151c2d2472fa52dbafd1b3e7c6549708c5bcb596d4eb58f00991101
1a4f9dd13fb0ba2dbe11533f7cdd6aa423a3bc7c24e196ce4ceaf5c72de2ff16
1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0
1b7b4027c90f19e75268825d4952776c85f0de90855fab7ef17327069a8c1528
1edf7dc0737a36192490dd03d90ae4933468d95562b7eb9bb0dc4aacf4adf651
1efdeb32db0b3e6968cff91b3c5401cbfe1e001bf14f9feae060d90dd4aff4ea
1f44d7fe50ba32b1d947adb8a022b5217f038c8d153dd93dd3abbb98f57bb9e5
2322829258c6cd7abadb484fb0460676b79f0a84cde8262f04b278cb685a26f6
28d938ea6f9e0cee45e5fd1caf3cf19bd23d92d57e38928bab7df697af52d34e
2953f313f04d1977820ca1a332c2bb7c76aa4c0313c16d0dec37cfd73ae832f0
2a9e99afc921593b294f7f2d12cc3c851b80ae7511deeb8354b12629fc932e44
2e6550ca6c5ca20106cda53ee4781dabfec2750dab8b11211e7259d9cdd3910b
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
328f0490c1cb33e8591121a3137010d723185c7cb296d6e31972a53eecc2ad8b
3431b041d6131cfae83bdeec67ed7125f2dbeeb8acfb4dc3f8cacbf3584a0fb5
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
392810e795ba3482d649e3f16a116a5082de8f869167ab5f1802cf03a2014bd1
39a3c7d6b04b4831a00b92c85004e2d2f17db8e5579a761244385e80e61d3663
3a13573a1b2c472ee5d48e92d169e4bd34e116e9171a4e0085f531f6b8dca598
3a885ae8bc493ef43773599589eb12042f1b26b3274db161945da334d0b05a65
3a98fe4d4e958523b23c2e683d10cc5f9f011ecf00f8e8cd2f5aa252d00d2850
4075356ba4d6eb181ae4ff18c64408b0797342a162fa9c9898fe82541c9901b0
431ea1374d2082060185a3a560ed36653036ab9abf175c5c1d4beb802aeae491
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43bef3a32b943fef4cd3f077b6fa0cdde39d43bad337ae248166de1ae2d05d42
43bf91443039ae125eae5e45bfecdb2cc18cd344e2ca600a42606e3c037b86e4
43c9555701d17579571d962cfee37868f4769995820a96abf451623b0528c92c
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
4afbc2f86feea66d940fa671983bef7371793ef53bf1cc8dd98aa9cf861efc18
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e082f9a66b047b072d5bb6ac07d0ea007ebcdd6258d706084e9ce4b496801b2
4e3906d8dc79180448f00eef6b79c92db81c213c574780a6614dcdb3d739e9d1
5190177518baa8261d3dfe414359909403696a1a7f50d3dbf7e63840030adeb9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
594a09c7bc2aecfd1cd47e647919682eef7f82f10093150903bc54ed3feb26b7
5e274e094d8d76e0f61c474f58f6013afee119f873c2444a4534f68024e4de16
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6282db7dcb04dec66f5b2d0d20ec9f67600ffe524d2fa130fa994762f9bdf2eb
65b4e02ee5f344762605747ba70399c918cabf5d00a87c4750d1211e947ec250
6c69a4b26de0151dc5a9ed26766a4f9dacfd5df6522c2c757145e3a0de22bad2
77a8904df780875e356b196bb3c8b55067185b8b42a2b6363875b5ce7eded29e
820082abc59342f47489e47ede1b727d4ea2a258af6752d96d88fd84f2dfe35c
83b4948264e784579eeac8d462a2ef2049f6c7f7ea9b9466368853b59cb3ea6d
84822498a486d6aeaf029ffc01181e5c249905b26f4e8299cdc06bd6a237d6c0
84acd925830f07c4a2cdccb13e10dd109e508d45a3bbe9c8eae56584a063ba7c
860c11bbc5156902ec680d9fbfd22c0efeddd92a3702e4b282a04a2e74d7d8d1
864b879364dd7e794d316365d8ce8348860acd7cfdd6e58d6ca17fc37d2a9171
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a0466388eb44d3be3f3ad7853bae037a0fa2d52bbf07ee02c8c41127aee0124
8d2732434196037afa3ddcc0497ab1ca688331c8ab3e54f3c3eb08fd257fd2a4
8e48fc150837e34593b0b9b8a28e083ff20662e87d8f3f813887c62b82a50193
90c6bc2c1f4635cb34e0c1e8555f47656ba4771964b53311d18ea06db9515689
90f0a62dd7e0c7ba95619a4755d4959b381d347addb11a7d8173c035962cf6a5
960da6ca352f948b7050955e9c07a5a77dede92a4d045227339f53f5ffeeef49
9671f8be70ad94a5362e60f4656d5d53ba214d32ab70a3f9d1603d7dadf9d1c1
982cb597efd3459628548f6b4c867cf0f4f2735e92dae36a73834209b65f60b9
9ce649755ae3d29428d4c1bbe31f7827a90adfbe3bf835953de981ac9b44b147
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2198d66fa644d6fa9958bec0e99792366bd06afa074594b788e76cd27a6f042
a43363b9294af8031ab7fa160b1a78928d4f1dcd874ab3bdd51a4cb0f4012d3d
a68e054693be4a1d12da204ae67abab74a0c5fe24d97345cb9dfa9da4fcfb26d
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a6e3909fb7002fb69091cb9acab3ea585a5436c11d46ac166f0bda1880d377a1
a7f981f4089eaac7c16f9da4e5f98c022587ea718246ff26432d082372355147
a9027b40f692e2db0c712a6c7a94e83e76e90ef01438b1f1627ba37695849f91
aa3b597c9da82a7154b0d8c5a5642388fa0954f60116934722d488499f244ab9
afecc80369c60a81fb5ef1dc95125f8f602e5a571fea2b2b67ac5df53ac8dc16
b033f59e4ffeaa6f3e4f2e839c035a14811d5469d3f772eda6056d7d5782c53f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3293f7240af471b5da6ce1bff979760ec98218888b03e43da162852ff16cb8f
b4931eddbb10292330d2d8b29833a4e56f86475bbea197e0f5256089c75adaba
b4b1f3c5233a55d42fda178b57bd8f10492a77bd93daf35054e144d99b9b7761
b83a14fe83bbf97fa965c43c7014232f9441aa51b16d5a87a41c8677f1b6ddf0
bb44760205333974494cb54b08de65d871e2b9466e85bc90a82626f611901cd1
bd54b5f834cae3e2013dcd1886bc42ff534dbba1f75a16126384464f1cb5cdf0
c084c6026ba9ab3c60b5397e4c9d84dbf538eeecc3ba2aa09c658367c68abccb
c15d2ac4db3f019a45835d2f8fcf5a3644779185181f7fe0b6080568ee63906e
c30acbe09855d6826349bcae54ae027698a7d08e19bd4348ec914d4b9bfffceb
c4701179c17827a7d417dbc7d9a40cdd6fbb0112d29e90b822bbf5b2a33d63af
c64bc40632fa695cc9d2625524e1708a17f7c331fab12a9cc46a78eddc362257
cb09c804861e20b0c6868b4a2074fa8d3a8b4482574ceda7b0212f0abd9e6610
cf940bd2489897434455528323cf66c4e3aecd5eea963f1d99d96acd452d6dd4
cff2f88fb91e98375fb31702a21673b5fd6e6713215ab7602609c839c270b0b9
d1234d25b9f9921cbf0a7dadb25d8ba39f9525b6d95994a0ac6fe5a8c2f6bff3
d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c
de9238a6076601f98a67bf7c628a8847a4856991edb81bbb23d3c0016241a059
e20381716ab6965b04f4f00715ed3a59f4ddc1b033d5ca9e20327bf88e6de45e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53529a0fabd0c58df5528e80dce6332e94fcdf153b0c2739edeee218310d22d
e5dd63f7c69eb1e1a521f7eb9d40265c948eeccbc922b1b4a8d7a5f0c26309cf
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f03639ff553a6465d4e50348b632f3d169a81f851e38092e8dd88d436ef088d0
f27a3de45c93a746283c29d651bd08d927e0a21f9b13d0a29ca11bd7dea1c6c5
f3af3f9e202230bfd5ec6fd22da12754af83b5e7d1d37fe9a50d168426351c9c
f8ed92620950aec6899147d4100c51e4934ef34126107c510d647656104a4e1c

www.ffxiah.com Open in urlscan Pro 158.69.250.98 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

165 Requests

94 %HTTPS

0 %IPv6

10 Domains

22 Subdomains

16 IPs

3 Countries

2779 kBTransfer

5216 kBSize

10 Cookies

16 Outgoing links

Page URL History

Redirected requests

165 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.ffxiah.com Open in urlscan Pro
158.69.250.98 Public Scan

Screenshot
Live screenshot

Full Image

165
Requests

94 %
HTTPS

0 %
IPv6

10
Domains

22
Subdomains

16
IPs

3
Countries

2779 kB
Transfer

5216 kB
Size

10
Cookies

165 HTTP transactions
4 data transactions