urlscan.io logo urlscan.io
SecurityTrails logo

x.gd Open in urlscan Pro
104.21.46.170  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://x.gd/gvZZa
Effective URL: https://x.gd/view/unsafe/gvZZa
Submission: On December 21 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 21 IPs in 2 countries across 14 domains to perform 110 HTTP transactions. The main IP is 104.21.46.170, located in and belongs to CLOUDFLARENET, US. The main domain is x.gd.
TLS certificate: Issued by GTS CA 1P5 on November 17th 2023. Valid for: 3 months.
This is the only time x.gd was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 21 104.21.46.170 13335 (CLOUDFLAR...)
1 151.101.65.26 54113 (FASTLY)
1 172.253.122.97 15169 (GOOGLE)
19 172.253.122.155 15169 (GOOGLE)
8 172.253.62.157 15169 (GOOGLE)
4 172.253.63.138 15169 (GOOGLE)
14 172.253.122.113 15169 (GOOGLE)
13 172.253.122.132 15169 (GOOGLE)
1 172.253.122.105 15169 (GOOGLE)
2 172.253.63.95 15169 (GOOGLE)
3 172.253.63.94 15169 (GOOGLE)
2 172.253.115.155 15169 (GOOGLE)
3 4 142.251.111.154 15169 (GOOGLE)
2 4 104.18.36.155 13335 (CLOUDFLAR...)
2 3 68.67.160.114 29990 (ASN-APPNEX)
2 172.253.115.94 15169 (GOOGLE)
1 2 44.199.149.119 14618 (AMAZON-AES)
6 172.253.115.148 15169 (GOOGLE)
2 54.192.51.19 16509 (AMAZON-02)
8 52.40.12.255 16509 (AMAZON-02)
110 21
21    104.21.46.170 (None, )

ASN13335 (CLOUDFLARENET, US)
x.gd
1    151.101.65.26 (United States)

ASN54113 (FASTLY, US)
polyfill.io
1    172.253.122.97 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f97.1e100.net
www.googletagmanager.com
19    172.253.122.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f155.1e100.net
pagead2.googlesyndication.com
8    172.253.62.157 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f157.1e100.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
4    172.253.63.138 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f138.1e100.net
www.google-analytics.com
14    172.253.122.113 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f113.1e100.net
fundingchoicesmessages.google.com
13    172.253.122.132 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f132.1e100.net
tpc.googlesyndication.com
1    172.253.122.105 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f105.1e100.net
www.google.com
2    172.253.63.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f95.1e100.net
fonts.googleapis.com
3    172.253.63.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f94.1e100.net
www.gstatic.com
2    172.253.115.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f155.1e100.net
www.googletagservices.com
4    142.251.111.154 (United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f154.1e100.net
cm.g.doubleclick.net
4    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
3    68.67.160.114 (Jersey City, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
2    172.253.115.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f94.1e100.net
p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com
2    44.199.149.119 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-199-149-119.compute-1.amazonaws.com
fw.adsafeprotected.com
6    172.253.115.148 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f148.1e100.net
s0.2mdn.net
2    54.192.51.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-51-19.yul62.r.cloudfront.net
static.adsafeprotected.com
8    52.40.12.255 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-40-12-255.us-west-2.compute.amazonaws.com
dt.adsafeprotected.com
Apex Domain
Subdomains		 Transfer
32 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 102
tpc.googlesyndication.com — Cisco Umbrella Rank: 148
481 KB
21 x.gd
x.gd
437 KB
15 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1404
www.google.com — Cisco Umbrella Rank: 2
72 KB
12 adsafeprotected.com
fw.adsafeprotected.com — Cisco Umbrella Rank: 900
static.adsafeprotected.com — Cisco Umbrella Rank: 602
dt.adsafeprotected.com — Cisco Umbrella Rank: 567
103 KB
12 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
cm.g.doubleclick.net — Cisco Umbrella Rank: 219
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 515
116 KB
6 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 300
282 KB
5 gstatic.com
www.gstatic.com
p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com
20 KB
4 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578
3 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
3 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 229
2 KB
2 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 206
129 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36
90 KB
1 polyfill.io
polyfill.io — Cisco Umbrella Rank: 1345
626 B
110 14
Domain Requested by
21 x.gd 2 redirects x.gd
19 pagead2.googlesyndication.com x.gd
pagead2.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
14 fundingchoicesmessages.google.com pagead2.googlesyndication.com
13 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
x.gd
8 dt.adsafeprotected.com googleads.g.doubleclick.net
6 s0.2mdn.net x.gd
s0.2mdn.net
googleads.g.doubleclick.net
6 googleads.g.doubleclick.net pagead2.googlesyndication.com
x.gd
4 dsum-sec.casalemedia.com 2 redirects googleads.g.doubleclick.net
4 cm.g.doubleclick.net 3 redirects googleads.g.doubleclick.net
4 www.google-analytics.com x.gd
www.googletagmanager.com
www.google-analytics.com
3 ib.adnxs.com 2 redirects googleads.g.doubleclick.net
3 www.gstatic.com googleads.g.doubleclick.net
2 static.adsafeprotected.com googleads.g.doubleclick.net
2 googleads4.g.doubleclick.net x.gd
2 fw.adsafeprotected.com 1 redirects x.gd
2 p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com googleads.g.doubleclick.net
p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com
2 www.googletagservices.com x.gd
googleads.g.doubleclick.net
2 fonts.googleapis.com googleads.g.doubleclick.net
1 www.google.com tpc.googlesyndication.com
1 www.googletagmanager.com x.gd
1 polyfill.io x.gd
110 21

This site contains links to these domains. Also see Links.

Domain
chrome.google.com
Subject Issuer Validity Valid
x.gd
GTS CA 1P5		 2023-11-17 -
2024-02-15		 3 months crt.sh
polyfill.io
Certainly Intermediate R1		 2023-12-02 -
2024-01-01		 a month crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
fw.adsafeprotected.com
Amazon RSA 2048 M01		 2023-03-29 -
2024-04-27		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M02		 2023-07-07 -
2024-08-04		 a year crt.sh
dt.adsafeprotected.com
Amazon RSA 2048 M01		 2023-05-09 -
2024-06-06		 a year crt.sh

This page contains 16 frames:

Primary Page: https://x.gd/view/unsafe/gvZZa
Frame ID: 901363E696E1747FE2E7142E7C473D08
Requests: 44 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Frame ID: A0C8D189A1AA5CB9DCC564D227E2B7CB
Requests: 1 HTTP requests in this frame

Frame: https://x.gd/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Frame ID: 1ED1186F0ED118EF29EEB81AE03238EF
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2737572314184878&output=html&adk=1812271804&adf=3025194257&lmt=1698861228&plaf=7%3A2&plat=3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=https%3A%2F%2Fx.gd%2Fview%2Funsafe%2FgvZZa&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703202226998&bpp=3&bdt=565&idt=278&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3812082310986&frm=20&pv=2&ga_vid=2091073090.1703202227&ga_sid=1703202227&ga_hid=1528514096&ga_fc=0&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079758%2C31079979%2C31080104%2C95320885%2C21065724&oid=2&pvsid=4383104778850118&tmod=1300601970&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=296
Frame ID: 09CA509BA2FDB77115882C5FC79ABA54
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DADC25C942709AF3BB4008BCF6AEAE8A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 564EB4B181B12EE9497326F40BE304FD
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 026CEA2FF133FAFD811C8321FE98B0B8
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 95082CF71D118C04611720BD3953591E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQuvOSARjD6er9ATAB&v=APEucNUngpkhOfAatw0SuSA4IRm1TPJBeoCTUG0dJYrACbBzvlRaN2o49qed1AOKWUCcM-IKKaChoaTpQjPNCMzgcJTyM6TsPw
Frame ID: 28DD757A133D230901E783749267E380
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 15DEF37B41887F777F6D6FA12FD67D7D
Requests: 27 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Noto%20Sans%20JP%3A400%2C500&text=%E3%81%98%E9%96%89%E3%82%8B
Frame ID: B9FEA5F255DE704AD443563204EDFC48
Requests: 7 HTTP requests in this frame

Frame: https://p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: F475624833B23F704C5420C3745B3C5F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: F1D31F8BE988EB974F33787F6A755159
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/index.html?ev=01_250
Frame ID: 8A329DE96205F80A831CB6C245C2C583
Requests: 6 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 80411542ACCB474BAC426E8899A0C06A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js
Frame ID: 542ADB61D5FF13B51748DBA6D1FDB3B3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Warning | URL Shortener X.gd

Page URL History Show full URLs

  1. https://x.gd/gvZZa HTTP 301
    https://x.gd/view/unsafe/gvZZa Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js

Page Statistics

110
Requests

95 %
HTTPS

0 %
IPv6

14
Domains

21
Subdomains

21
IPs

2
Countries

1826 kB
Transfer

4777 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://x.gd/gvZZa HTTP 301
    https://x.gd/view/unsafe/gvZZa Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://x.gd/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://x.gd/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Request Chain 50
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELRjmzXTnreUqN598nj58W8&google_cver=1
Request Chain 51
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYTNtPP591fob.iLQXaE3gAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELRjmzXTnreUqN598nj58W8&google_cver=1&google_hm=2
Request Chain 52
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEA8BBxVKDNsdqYISC2s-tVs&google_cver=1
Request Chain 53
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTMxOTE1NDcyMjAyMDQwMzg0Ng%3D%3D
Request Chain 77
  • https://fw.adsafeprotected.com/rfw/st/1138160/76485369/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1014346490&ias_pubId=pub-2737572314184878&ias_chanId=1&ias_placementId=20612429936&bidurl=https://x.gd/view/unsafe/gvZZa&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0g93nwb9t6mSQU6zfFPvHID&adContainerId=brand_safety_tM2EZc_kKrbQoPwPksKVmA4&cbFunctionName=goog_wrapCb_tM2EZc_kKrbQoPwPksKVmA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fx.gd&adsafe_type=g&adsafe_url=https%3A%2F%2Fx.gd%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-2737572314184878%26fa%3D1%26ifi%3D3%26uci%3Da!3&adsafe_type=be&adsafe_jsinfo=,id:794b5059-6204-cb11-8803-6f66889985fc,c:xrJFy9,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7949887ccd-hvzst,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:5,mot:0,app:0,maw:0,fm:tZ7wYJ9+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a11%7C1b1*.1138160-76485369%7C1b11%7C1b12%7C1b13,idMap:1b1*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:35,oid:c9d7874a-a05a-11ee-b339-62b49fbc982e,v:19.8.466,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}&ias_xappb=&adContainerId=brand_safety_tM2EZc_kKrbQoPwPksKVmA4&cbFunctionName=goog_wrapCb_tM2EZc_kKrbQoPwPksKVmA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js

110 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request gvZZa
x.gd/view/unsafe/
Redirect Chain
  • https://x.gd/gvZZa
  • https://x.gd/view/unsafe/gvZZa
6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://x.gd/view/unsafe/gvZZa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87f8317343ab596479a4d4ee267c8004e6831c84bffb4a0238a6790f1710fa94

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8393fd3a08c936ce-YYZ
content-encoding
br
content-type
text/html
date
Thu, 21 Dec 2023 23:43:46 GMT
last-modified
Wed, 01 Nov 2023 17:53:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A3KgkSFZuYBmQhBThingIx%2F5NjQ1JUtXVzZDGTkLm1caxWqgK9dhsA%2BKHnqVrWAzds7qIezJijmqMnqUX347z9gSuIBaldye4KSWO764ynggtJNCOgiY"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, max-age=0, no-cache
cf-cache-status
DYNAMIC
cf-ray
8393fd373c2536ce-YYZ
content-type
text/html; charset=UTF-8
date
Thu, 21 Dec 2023 23:43:46 GMT
location
/view/unsafe/gvZZa
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2BJjnPeWuCqMAT%2F806nX%2BKIF%2F3cKmutShwIfF2Pf3k9R2fV01VNQTWB8MkMgPyAilPgBuoIQhG%2Fxdemj%2FfppkEg7mh3lpBZiFblX4Y4G8vW0dRycacF3"}],"group":"cf-nel","max_age":604800}
server
cloudflare
polyfill.min.js
polyfill.io/v3/ 		104 B
626 B 		Script
General
Check archive.org
Download Go to
Full URL
https://polyfill.io/v3/polyfill.min.js?features=URLSearchParams,Object.fromEntries,Object.keys,Object.values
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.26 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 21 Dec 2023 23:43:46 GMT
age
150877
detected-user-agent
Chrome Mobile/120.0.6099
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=2
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
121
referrer-policy
origin-when-cross-origin
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
normalized-user-agent
chrome/120.0.0
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800, immutable
accept-ranges
bytes
timing-allow-origin
*
js
www.googletagmanager.com/gtag/ 		268 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-K53RX1V2LY
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
4d0bc1c639a684dbf8416313889b59847676461a4a7c2dba12994ade84f1a4d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:46 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
91611
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 21 Dec 2023 23:43:46 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		145 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2737572314184878
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
3068eaff0492063c2c93e835607c1afcd1a6118887843959fd56cc2487a99140
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
Origin
https://x.gd
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:46 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51277
x-xss-protection
0
server
cafe
etag
10239934112322126291
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 21 Dec 2023 23:43:46 GMT
daeb648.js
x.gd/_nuxt/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/daeb648.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b9f3f599c8c620303e3ecb3ef4efc57020d6abfde96b1863afee551fcd5d430

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:46 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-9dc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBF2zFnue9VaBnm4ChptyDMW6YOh06jIwNkMVRgyGi%2BEtcoqZg5MOdmbVwM7MfsSgWX81uMJqmAt%2BBab%2Bk11DIakIEQ6pihlbSe1MV7n5OSWkW9J3%2Bwu"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8393fd3b4ba939cb-YYZ
alt-svc
h3=":443"; ma=86400
64c8103.js
x.gd/_nuxt/ 		191 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/64c8103.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39488b5646fd7a7ba52a4e1a67c4655730f91b93c6681524e4c581090fabb716

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:46 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-2fb77"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4025424x34K3lhZT4m5ZenmujOMAgDYBaLELscq%2BvGRZ68q830dnfHgpUc4isNUzsG%2FW3f9pPpPv5W7cADX94sn%2FqLFx22UmhEVNea6Vbl4JOLMBj888"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8393fd3b4baf39cb-YYZ
alt-svc
h3=":443"; ma=86400
55d6948.js
x.gd/_nuxt/ 		122 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/55d6948.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9d63d94d11e65be863b3a754ace1b9f2fa71e5e874d7b0ad2ca3e9a831cf3fa

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:46 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290b5-1e87c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=70WdtV2NM6kIZAcsDiKWJ1Z0s8lSeF9veQDImGIhnYLoNC7I0ix4eexrI%2FFK5t6R%2F4x0ej%2F8KjlMfN5EKN9XgGZ6VU98BHshGuuhdHqxt31Ki3yMSRwq"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8393fd3b4bb139cb-YYZ
alt-svc
h3=":443"; ma=86400
849cc5d.js
x.gd/_nuxt/ 		706 KB
264 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/849cc5d.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f37fb29719b441eb569ded27a94e405544d3afc1d312167aeb6a3489f4962ae9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:46 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290b5-b0830"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZJMKUO5%2FXi%2Bi6BW%2FRgaoeBn%2Byp7wSLFGvpzN1SEnFKDpbGeNMEOm2lDkbp4FcS6%2FhcJAaXuoJnPCqVTyjTAjsVOhK7an4boSyylfO5R1G2hr17%2BV7ZRv"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8393fd3b4bb339cb-YYZ
alt-svc
h3=":443"; ma=86400
5015cbf.js
x.gd/_nuxt/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/5015cbf.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c90d4af4915ff3986649148829d4e4515d61e91b6a4471c9a2cf5c6849776b4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290b5-4291"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vOFMFN5lJXKrmEYBlrOtrgg%2BRTueGqSN%2FjnxqWn%2BOtL%2FktNXb7NZAA18Skr%2Bx9EBwqmL2aXfe5SaiOZi9udkFU9WvbsTBOaVzMF8Qkh1%2BEv41%2BTMuzwC"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8393fd3e88c539cb-YYZ
alt-svc
h3=":443"; ma=86400
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 		399 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2737572314184878
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
b3f8b6630b6dff3720b43b2e745b4a2c6843539a16af9dc3cf5b98af45eb4a52
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
137927
x-xss-protection
0
server
cafe
etag
6944461894553272985
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 21 Dec 2023 23:43:47 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/ Frame A0C8 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2737572314184878
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

age
47293
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4130
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 21 Dec 2023 10:35:34 GMT
etag
5585625838579639069
expires
Thu, 04 Jan 2024 10:35:34 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
main.js
x.gd/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/ Frame 1ED1
Redirect Chain
  • https://x.gd/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://x.gd/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
349f2bf0d41a6546d2dcb0d4001fb955984b5fd672fd36f7aa4e070684604ea0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jgEwlbyg5eTWbLo%2F%2B68GjW5e4f%2FgLxh2aU4zr2kihnMkW08NwA5e8jphshMkPTEzAwvUPWhhdeQT3sghgo9jPCM6bIb3bBxCEFX9eapf4ljwWxGr2QTO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
8393fd3f29dc39cb-YYZ
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Thu, 21 Dec 2023 23:43:47 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UZurtSPkVcvpMcWv8cBfyBGchuQfyLyxOmlwXUlP3VSY02YoT4PiCdcaxxfquwW5gBg3RyyrmaKnyvJpOLzyDPW2zV502c8xP1Qq17v1A2efPZ39uLvf"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
cache-control
max-age=300, public
cf-ray
8393fd3f097139cb-YYZ
alt-svc
h3=":443"; ma=86400
8393fd3a08c936ce
x.gd/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 1ED1 		0
524 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://x.gd/cdn-cgi/challenge-platform/h/g/jsd/r/8393fd3a08c936ce
Requested by
Host: x.gd
URL: https://x.gd/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3yiNqtfy8rEtpJapi1UG5NItGQT%2BGsZkripwkF3c4sZI8t%2B5D5YbU96hfH42sGc8LTbIQsVwkWh3MCC4nAoQecnrUUYh%2FEJaPFvsgpniHbzmmSf%2B3O%2FK"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
8393fd3ffb0b39cb-YYZ
alt-svc
h3=":443"; ma=86400
ads
googleads.g.doubleclick.net/pagead/ Frame 09CA 		227 KB
61 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2737572314184878&output=html&adk=1812271804&adf=3025194257&lmt=1698861228&plaf=7%3A2&plat=3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=https%3A%2F%2Fx.gd%2Fview%2Funsafe%2FgvZZa&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703202226998&bpp=3&bdt=565&idt=278&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3812082310986&frm=20&pv=2&ga_vid=2091073090.1703202227&ga_sid=1703202227&ga_hid=1528514096&ga_fc=0&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079758%2C31079979%2C31080104%2C95320885%2C21065724&oid=2&pvsid=4383104778850118&tmod=1300601970&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=296
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
c20e259c9c087fb2fa056ee6a68e1d091319d370ab7ceb5696616ba8c0106f09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
62050
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 21 Dec 2023 23:43:48 GMT
expires
Thu, 21 Dec 2023 23:43:48 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/55d6948.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f138.1e100.net
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 21 Dec 2023 22:57:21 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
2786
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 22 Dec 2023 00:57:21 GMT
collect
www.google-analytics.com/g/ 		0
154 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-K53RX1V2LY&gtm=45je3bt0v9102618407&_p=1703202227320&gcd=11l1l1l1l1&dma=0&cid=2091073090.1703202227&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEAE&_s=1&sid=1703202227&sct=1&seg=0&dl=https%3A%2F%2Fx.gd%2Fview%2Funsafe%2FgvZZa&dt=URL%E7%9F%AD%E7%B8%AE%E3%82%B5%E3%83%BC%E3%83%93%E3%82%B9%20X.gd&en=scroll&_fv=1&_ss=1&epn.percent_scrolled=90&tfd=1590
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K53RX1V2LY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f138.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:47 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://x.gd
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
logo.svg
x.gd/img/icon/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.gd/img/icon/logo.svg
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
336951503a0ffc84310fb5345be5eaa6f9d8a2bdfad0dae493cf3abce96b425f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 01 Nov 2023 17:53:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290ac-67c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TPLXpu5oWoMWCaLLSLzfg0RFPIsVMTFTB%2FmoUTW5dmYDuBa5ySUcKmCu2NwFFV1BIeRxy0C1hKLkoUhPlrvtmn7Y1702knIobyTn7FHsFpgb9kG571tZ"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
8393fd412ca339cb-YYZ
alt-svc
h3=":443"; ma=86400
settings.svg
x.gd/img/icon/ 		587 B
788 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.gd/img/icon/settings.svg
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a9ff32d85258ef227ddc9a6763db635f084caaaaded2d4b28bb98ea0b1253c9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290ac-24b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ug6D%2BBp7suEjEfydbVc1imfdAsaNxlBreakwm%2Fg5CdTnydq87QVBknyelED9o3K3C5ZmhLppmMmMknnQ8XauTwLmNECnMkzdaIZRgH9vizRiRCcRSUtw"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
8393fd412ca839cb-YYZ
alt-svc
h3=":443"; ma=86400
auth
x.gd/api/V1/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://x.gd/api/V1/auth
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/64c8103.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
526c86b4050c1ab8cc208a4ccf2a94b880861c8a4839ecf24be54ea1bb7bfe6b

Request headers

Accept
application/json, text/plain, */*
Referer
https://x.gd/view/unsafe/gvZZa
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SCcARDS3%2F7NlpIRhhx%2FdHRA7KNgn4raOddalggUT70KOmaqVgzDWt7w%2B1hp9Mgam0k1cf9ltejn6nLmmxlj3Jmr8ZerldVetD6OrdVADHMPaP9ijZbJ%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=UTF-8
cache-control
no-store, max-age=0, no-cache, no-cache
xacas
Yn3QrUgIrUhIhVfwrQ0RKTqQhV3MBU2ohUutrVgQBWtprG5UuV0CLU1ohVqHBVhCBUqwrQhRgm
cf-ray
8393fd413cba39cb-YYZ
alt-svc
h3=":443"; ma=86400
178999a.js
x.gd/_nuxt/ 		55 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/178999a.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a932604416230684537f03bc523f1b5da6b10b7ee5be83e8b451f0bd8a59acd0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:48 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-daed"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WxbTbzyBUC%2BxXHgCJVvTHlCqr7SzCYmIfJRXz1jyGAG4wg3jh%2BEPEsqCc1t9Fp76su8KaVcLQabXvxBeESIB3VaNcxrOsomzvNUejNmf2RLywey0vs0a"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8393fd417cf939cb-YYZ
alt-svc
h3=":443"; ma=86400
56264b2.js
x.gd/_nuxt/ 		32 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/56264b2.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
899af7118726b26033f0cfcd94aa35343a8855b928a40cadc16c1a0ce5419997

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-802d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=si6zG0LO3cpVcePc6iginp%2Fu3NaCAIkwILAq6ozBYKruNfVkskMGMb2%2BvgD1vWDxVY%2BjoHSd01%2BVJusnVZ3QMOFM%2BoNJavq5EhHVaoTO61SqulE%2FTmYR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8393fd417cfb39cb-YYZ
alt-svc
h3=":443"; ma=86400
57c82bd.js
x.gd/_nuxt/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/57c82bd.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c6a5bb37520d3802bf344e433669d6f795ca3f003e7564e4ae82db7714429bd

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:48 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 01 Nov 2023 17:53:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290b5-6c94"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSrBCeAPtaOnGTTM%2BFFJY4mHUK0262oHDvzpQ2LhuTB8o2wjehw0kTUdC7hJL8Sivo3w72r4X6qKTCJU6HO4PHbzF%2BsPA%2FREhHBtDbnRHC32KLNOuiOI"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8393fd417d0439cb-YYZ
alt-svc
h3=":443"; ma=86400
18ff7cd.js
x.gd/_nuxt/ 		29 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/18ff7cd.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b7fc41884f9369db038e9beb5a7c7bf2d754a1032e3c67a9b5e5fbd530cad07

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-74d4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KA7K%2Fw4B1z%2Bn5JsDVSv1yLLxKnnTUomf7zSllOVG269mYiXzlKIY7uFpjm%2BcIRvj%2B0BkypSZURmEjnPo7%2Bh825hddiF4my4JugdiZtghttcsPv9m0WVj"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8393fd418d0539cb-YYZ
alt-svc
h3=":443"; ma=86400
15b80ae.js
x.gd/_nuxt/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/15b80ae.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
943e9b87328e617dc5dde0f272231be8ac51d8f3d54ae169b47b4b87093e03bb

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-338c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f8Ay5Lu%2FCk8OsG%2F3YxppOYM2hhjFH1LKug%2BemIp%2BZv1kl9wXjAy%2B7FKVAq%2BQLxRyiwSkU%2BzKEtZZe9Hb2opIYBLick5Pe1PkX8tM6piUx3WENJAg0N78"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8393fd418d0639cb-YYZ
alt-svc
h3=":443"; ma=86400
4248dea.js
x.gd/_nuxt/ 		27 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/4248dea.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8ed9cfdb3caea0b6f5cfa91df5aa6f1861e760115db0cc1901c90fb69069609

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290b5-6ce1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3MaZr7cEiqUBoMgRCf5Cn7grpoHUy5bbTbvWqHw5oowadgmbHgNOW0AJvyl70MQsKU7OczA%2BuDMgLFxjY9KGbJpc5jRsMdnqO8Dp5lBHBLMpxMSp%2BSmq"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8393fd418d0739cb-YYZ
alt-svc
h3=":443"; ma=86400
c33eb82.js
x.gd/_nuxt/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.gd/_nuxt/c33eb82.js
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/daeb648.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
563a21af7d066a5ed2d05357428e1b96508f9c9e23a39b560ab9fa8fe92f1591

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/view/unsafe/gvZZa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Nov 2023 17:53:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"654290aa-47fa"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Li1Jz2kNuOeiNoEMIt7vQCWvNaiT8BVjtExavpr6Oisc0Sh8aA91epDk8GQzvDJmXruPVFpkk3085FIDKxuLK2JqVvcR5UgO5Rroj4g72qs00asuCZJD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8393fd418d0839cb-YYZ
alt-svc
h3=":443"; ma=86400
collect
www.google-analytics.com/j/ 		3 B
93 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1528514096&t=pageview&_s=1&dl=https%3A%2F%2Fx.gd%2Fview%2Funsafe%2FgvZZa&dp=%2Fview%2Funsafe%2FgvZZa&ul=en-us&de=UTF-8&dt=Warning%20%7C%20URL%20Shortener%20X.gd&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABEAAAACAAI~&jid=653450540&gjid=858327847&cid=2091073090.1703202227&tid=UA-154998386-2&_gid=145111867.1703202227&_r=1&_slc=1&z=1345565491
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f138.1e100.net
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://x.gd/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:47 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://x.gd
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
info
x.gd/api/V1/ 		95 B
500 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://x.gd/api/V1/info
Requested by
Host: x.gd
URL: https://x.gd/_nuxt/64c8103.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.46.170 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f5aad9dd89d3567284ffca495cecd3a8542c857beed34a1699f0b68c006cfe0

Request headers

Accept
application/json, text/plain, */*
Referer
https://x.gd/view/unsafe/gvZZa
xacas
{"s":"15356b7850546c9b8e92269f38611772","t":1703202227}
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 21 Dec 2023 23:43:47 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z4L5WC5p2aaFNqde%2Fic4u%2BOFABTcOzkWqpCRqg6eaGtsG3XVjutZM%2BUoTt7FKt5RM8HBQLUud8wdrasF43w5C0%2BSGMFJ1BCcGzcXlOnv89ddjFRiuP8v"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=UTF-8
cache-control
no-store, max-age=0, no-cache, no-cache
cf-ray
8393fd429e5b39cb-YYZ
alt-svc
h3=":443"; ma=86400
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231207&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
3b1aa634e28fdb9d4c80ac9edc0d71a196c4713b678c867e81155fce2466df48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:48 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12049
x-xss-protection
0
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 		160 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/reactive_library_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
a7c793a5bae350ee5cb328e7ccdddac77344b9b2fab701769979df5ec13bec4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:48 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56010
x-xss-protection
0
server
cafe
etag
16909176233448256137
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 21 Dec 2023 23:43:48 GMT
ca-pub-2737572314184878
fundingchoicesmessages.google.com/i/ 		182 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/ca-pub-2737572314184878?ers=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
950e919f094872be420e1d5aa7b12871a8ba9db42ddc629360beb647bf71fe49
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-6pyVH_CvvsSpMjZ1R5V8XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:48 GMT
content-security-policy
script-src 'report-sample' 'nonce-6pyVH_CvvsSpMjZ1R5V8XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 21 Dec 2023 23:43:48 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DADC 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
25602
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 21 Dec 2023 16:37:06 GMT
expires
Fri, 20 Dec 2024 16:37:06 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 564E 		829 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.105 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f105.1e100.net
Software
GSE /
Resource Hash
083ae7f1960c2983a9f1d99432f11aad1d338b15ff14613d8d56403cbffa59dc
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-9igeHIM59UEwh1VAgVsz6A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://x.gd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-9igeHIM59UEwh1VAgVsz6A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 21 Dec 2023 23:43:48 GMT
expires
Thu, 21 Dec 2023 23:43:48 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 026C 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

age
6446
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4130
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 21 Dec 2023 21:56:22 GMT
etag
5585625838579639069
expires
Thu, 04 Jan 2024 21:56:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 9508 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

age
6446
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4130
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 21 Dec 2023 21:56:22 GMT
etag
5585625838579639069
expires
Thu, 04 Jan 2024 21:56:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
AGSKWxVBJks3hMvogwM39L3w6xXIH5uvUFB4XyuyJ-xt6ztQN3BzMv_S8idB5Ss3tfSxeFZwxKrvUofGzW364EVBFssRR_iJPON1LIS0kWR05kbe1oN9ksGb1L0LScImEMwdgbtSKaZT7w==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVBJks3hMvogwM39L3w6xXIH5uvUFB4XyuyJ-xt6ztQN3BzMv_S8idB5Ss3tfSxeFZwxKrvUofGzW364EVBFssRR_iJPON1LIS0kWR05kbe1oN9ksGb1L0LScImEMwdgbtSKaZT7w==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAzMjAyMjI4LDQ3NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly94LmdkL3ZpZXcvdW5zYWZlL2d2WlphIixudWxsLFtbOCwiVXZGQlFSMzRTNVUiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
e75536f1ba9738e00aa737fe6b7231805ada06afa01d676bfa84ede22cb128b5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-pHAFbLaPfHlue3MOHw2AbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:48 GMT
content-security-policy
script-src 'report-sample' 'nonce-pHAFbLaPfHlue3MOHw2AbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
css2
fonts.googleapis.com/ Frame 026C 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f95.1e100.net
Software
ESF /
Resource Hash
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 21 Dec 2023 23:43:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 21 Dec 2023 22:45:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 21 Dec 2023 23:43:48 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 026C 		205 B
649 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f94.1e100.net
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 21:21:04 GMT
x-content-type-options
nosniff
age
8564
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
205
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Fri, 20 Dec 2024 21:21:04 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 026C 		604 B
695 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f94.1e100.net
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 17:33:34 GMT
x-content-type-options
nosniff
age
22214
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
604
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Fri, 20 Dec 2024 17:33:34 GMT
fullscreen_api_adapter_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 026C 		16 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/fullscreen_api_adapter_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
cafe /
Resource Hash
41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 05:24:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
65978
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6766
x-xss-protection
0
server
cafe
etag
14924840246271906451
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 05:24:10 GMT
interstitial_ad_frame_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 026C 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
cafe /
Resource Hash
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 03:05:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
74298
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9210
x-xss-protection
0
server
cafe
etag
13914886398874665762
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 03:05:30 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 28DD 		624 B
246 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQuvOSARjD6er9ATAB&v=APEucNUngpkhOfAatw0SuSA4IRm1TPJBeoCTUG0dJYrACbBzvlRaN2o49qed1AOKWUCcM-IKKaChoaTpQjPNCMzgcJTyM6TsPw
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 21 Dec 2023 23:43:48 GMT
expires
Thu, 21 Dec 2023 23:43:48 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 15DE 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:48 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 21 Dec 2023 23:43:48 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 15DE 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 10:05:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
49093
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 10:05:35 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 15DE 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 03:40:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
72170
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 03:40:58 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 15DE 		203 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f155.1e100.net
Software
sffe /
Resource Hash
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65731
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702472459035717"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 21 Dec 2023 23:43:48 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 15DE 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Be8h9RKnu0x8XQQkXiCy2_8Zj7I57KxeC_hABRo28xYSdX6ksm3hrPSWS9tXc58eS8DKZvgEU-LxTtZPQAwDSyxdTR-o9O1CkQBdGRZ0gcj60RZks
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame DADC 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:16:54 GMT
content-encoding
br
x-content-type-options
nosniff
age
1614
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 20 Dec 2024 23:16:54 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 564E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231207&jk=4383104778850118&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers
AGSKWxUw0kPShwFAip9kSkRAnIdhJaC4EjcUxtXRqgBuy7t3WlH6zvrpCCi4GiD3PdAP-nux-Dzwfphd5qMviYOFggeKRVqYQ2rLXEN5vs-2i_uWjPL96sJHNnL8ZBgnOrZCEBWFjUfOYg==
fundingchoicesmessages.google.com/f/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUw0kPShwFAip9kSkRAnIdhJaC4EjcUxtXRqgBuy7t3WlH6zvrpCCi4GiD3PdAP-nux-Dzwfphd5qMviYOFggeKRVqYQ2rLXEN5vs-2i_uWjPL96sJHNnL8ZBgnOrZCEBWFjUfOYg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAzMjAyMjI4LDU0NjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImphIl0sImh0dHBzOi8veC5nZC92aWV3L3Vuc2FmZS9ndlpaYSIsbnVsbCxbWzgsIlV2RkJRUjM0UzVVIl0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
5bc35a6df363aa4b3e127afba871739f054f708a2cc473a94ef248ba8d973754
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-L4hH2xdUIsK0TcyapoU0Jw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:48 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-L4hH2xdUIsK0TcyapoU0Jw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 28DD
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELRjmzXTnreUqN598nj58W8&google_cver=1
43 B
769 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELRjmzXTnreUqN598nj58W8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQuvOSARjD6er9ATAB&v=APEucNUngpkhOfAatw0SuSA4IRm1TPJBeoCTUG0dJYrACbBzvlRaN2o49qed1AOKWUCcM-IKKaChoaTpQjPNCMzgcJTyM6TsPw
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T2O7oxJhExq4083ucRXxL0Jau2I6llXKVuSonDAd0bBHN5jdyJBcl5ZRu%2B2oT%2FvRSjEKBqSRAWtHcYJ%2B%2FKRY6wI5mx3rbJG8eEK0xn9XmB6O1a1x47gwiVbsKexnjigAwGLMqPYh0YeaEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8393fd498bf639dd-YYZ
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELRjmzXTnreUqN598nj58W8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 28DD
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYTNtPP591fob.iLQXaE3gAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELRjmzXTnreUqN598nj58W8&google_cver=1&google_hm=2
43 B
737 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELRjmzXTnreUqN598nj58W8&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQuvOSARjD6er9ATAB&v=APEucNUngpkhOfAatw0SuSA4IRm1TPJBeoCTUG0dJYrACbBzvlRaN2o49qed1AOKWUCcM-IKKaChoaTpQjPNCMzgcJTyM6TsPw
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zUNPAp%2B%2FihezBQ%2FQQmiicFrT8nUxvJhk0Vdd45BZcEUemF%2FkcFG06pXt7H%2Fs%2Fmg63x1CslkwUqE7L9fG%2FvrW1ju6d2nrbDbUXiVOm6K4zKGtFY1kBkMGCtlZDV9lGavcZzp7Z4znBq91aw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8393fd4a3cee39dd-YYZ
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELRjmzXTnreUqN598nj58W8&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 28DD
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEA8BBxVKDNsdqYISC2s-tVs&google_cver=1
43 B
839 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEA8BBxVKDNsdqYISC2s-tVs&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQuvOSARjD6er9ATAB&v=APEucNUngpkhOfAatw0SuSA4IRm1TPJBeoCTUG0dJYrACbBzvlRaN2o49qed1AOKWUCcM-IKKaChoaTpQjPNCMzgcJTyM6TsPw
Protocol
H2
Server
68.67.160.114 Jersey City, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
an-x-request-uuid
ff06b187-7c88-4185-991c-3a07deef7aa0
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
86.48.14.168; 86.48.14.168; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEA8BBxVKDNsdqYISC2s-tVs&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 28DD
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTMxOTE1NDcyMjAyMDQwMzg0Ng%3D%3D
170 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTMxOTE1NDcyMjAyMDQwMzg0Ng%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQuvOSARjD6er9ATAB&v=APEucNUngpkhOfAatw0SuSA4IRm1TPJBeoCTUG0dJYrACbBzvlRaN2o49qed1AOKWUCcM-IKKaChoaTpQjPNCMzgcJTyM6TsPw
Protocol
H2
Server
142.251.111.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f154.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
an-x-request-uuid
9fcbdc0b-33a7-4e1e-9fa4-91314f99b1f8
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTMxOTE1NDcyMjAyMDQwMzg0Ng%3D%3D
x-proxy-origin
86.48.14.168; 86.48.14.168; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
css
fonts.googleapis.com/ Frame B9FE 		462 B
336 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto%20Sans%20JP%3A400%2C500&text=%E3%81%98%E9%96%89%E3%82%8B
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f95.1e100.net
Software
ESF /
Resource Hash
d68792895f86c25ba4927823a2bbc062460c49c85d30003fd4795c26becdc51b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 21 Dec 2023 23:43:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 21 Dec 2023 23:43:48 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 21 Dec 2023 23:43:48 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame B9FE 		2 KB
822 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 03:35:45 GMT
content-encoding
br
x-content-type-options
nosniff
age
72483
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 03:35:45 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame B9FE 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
cafe /
Resource Hash
9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 10:05:32 GMT
content-encoding
br
x-content-type-options
nosniff
age
49096
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9269
x-xss-protection
0
server
cafe
etag
11706523405290302210
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 10:05:32 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame B9FE 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 10:05:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
49093
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 10:05:35 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame B9FE 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 03:40:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
72170
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 03:40:58 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame B9FE 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f155.1e100.net
Software
sffe /
Resource Hash
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65731
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702472459035717"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 21 Dec 2023 23:43:48 GMT
f9d9b65dbd646119ce96bad0f484d579.js
www.gstatic.com/mysidia/ Frame B9FE 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f94.1e100.net
Software
sffe /
Resource Hash
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 15 Dec 2023 00:40:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
601392
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15460
x-xss-protection
0
last-modified
Thu, 07 Dec 2023 22:13:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Thu, 14 Mar 2024 00:40:36 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 15DE 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9761095154940&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 15DE 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9761095154940&version=m202309260101&ct=76&x=1&cor=11659975497869470000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 15DE 		108 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DVU7SugrD8TP3fMASspS3XK3pIb0jo5f-zhIkQrFxONj05XvGOZ0jOCWkzH5OBfaAkgni9x_EZtEVnu8rl_apsEW5kZ-AdCqS0SkolYvb-Nq5sPCeCypwFLgGh5nUJ3_m2Pyg-3q9DEI3_aFBRbE3rdPXak9PTInJJMSpot52jXk4xRGQ&dbm_d=AKAmf-ChRE7gFcNwzv6rdkWAeMuhFADQ4qqJKsggka1Fyh3w5rMRSP5l2i9kd5qsifex5O766iqBgk5J3MCbkJpwMz8wXMq6kI_BejwCnas1g1MA47744S1EnGgqmbaNgPBpzDCXj4GTBWpgYgiMSqXqP5tk9jdQ0rQQ16b8ZLscrgCzPXi3IhvG9Z73DMl0j6QwLiqWoI16UReSspuvcNz9ecCicEUA7HbOq_NSK3vmFOOFN_F3qVp3NNoJBKFuB_bEeHlUQGQUGEkwbyoxM7kER0AlpLTwRaPhUpH6zxy6QMc6vdm1jX0oIsctfEMVVSuV56aV8ou0BMvJ2yMFMAYcVO0FXb7mVuvCAQ2oTWkFaFMtR4ESKnn0glwN7Y8wAdYOhShGxG0hpVt-2ESmqCymMY900lDaR6_ygvp-IKoESucPtoeVZCX9kFqE7h1mZkkciRZ0Gdib5BN86Da-lVbYC6YG3hW0suhvwHYD9g92mG67ZnjRoJnhATkuFUIf3jdzFn9ianSIA7n4eDY3rKxmkfEDt4QgtSwpdIQEi1d9zwEy1_SFWFUm3gJaZa-XQ5635hBSnqXyPsgYQ8gcwPYUprrryvloE819aA8S59uX39OLn1pYLAaAxR_D0DVITHTrgCOASjlyFttOoyJXdgJh7fhxEkr8UcWF513886T9X6mWclVb3AVoGj0MqSmNQ30c_xQJfdelTaHxUIP-wQ8nf8Asf2s76bECvt784KrkagTj0UvbLF3CgiY9uUaOolwsAbAJUHN0qAlMI8gMWTkkPVfI5Ox2rsNGTQjrjD7TBoOX2b7LpRd7aAAU7RDIdOJ8wUsL3FEGuom11jM_XyoY7-d8UHZS63AxC7W0JvejsnnqHNDOlSnVXVD58z3k6YEuB0f620hd5NGEp9YnlC5kP-kFL4KJFU0pAYLtf6CJFjW9fvSUDpoqz4d3EktGLpEfS1VTuhZ0cTCSndoxXXwonzqvnxl3lOtCNIMjWHiTJfpMJTzqB2MSiVgRwraUP15dUhKh3fn3GymNLEyHpyjsA3sOV9vq48FFDw2_bRZM3ahPSlcBSJJpVntymzYVFis28P8os2DrKn0X63FYZ1lxmBHMu8MMTAmDHbsLZ7H-2x3Yopjk5MWUrIsPhq4gibFJrsPseDr3Gim86Xs-kj4g9tak8rd6Wz7Ed0PptVw4bKAS5gEG_dWfM1Ra2t1X8IrwAgZzqRTTDZt0JOdaK_nV2zLbj2SWI-fllskhAF1UzmE0Jqc0uldZk5EjUd--GqsEsPAZHBioBOd7F5udrtM9g5xAPfhUB9W9ebbuswN4Rg97HJ82qxIXJ3sdtZNf8KFhj3IT1z1AYsqMWFBDn33tmELJ3SinCxMrDWiuHvGrwVO0ayLXm4qSl7v3u06CwPOZqxN6yYaq83YgrT6XOtFSwvbZAA6pxvmq5Uf8WSyZZUOK5U3uprE_c5PW7Rsg-qhS7MFeqBM4shVsxUUSzaOuQWwTmvTwRsCkhHXzlG0OwFXrHRrnvmhC7jzrPwLf_KfhdU_aE3mMsq-21NwWtIJSKntkzEhlfLGZik0sU7xQcC-yJu73oU5GWelNZmMp-X31ZJ0Vl6mFZiJAYviXN2LI1VVlAxc9ArI_vXpOXngLDQf-08tprnWGpaKDf17CIX3tojG_FI4VwLWcSIer2DqPUvFw1HOHXNXaAwJslK8wBAD3eNVXuFflbmbxDs0Cg8yHhKT4PRp_BTsHDrVoiFSeEPiTGg4ciAyksPX7Pbtcw3hTMAKRF-Dp_ReV1izl1RK11VUptmohor7BBpJMAYrb0VGxphvRi8pGchrD4LdZqtx6QojrR7tlaKDJgNIVs-yAIz57dGaIOTyTVVGrlUCXmeguqTIwmJYysiAdbndAvuzbQhaenK2bWjmtI9jQtrtW44XrclqRA6SSS_wD283m6eps4QcoMh9igzIqdkF13HWEGOCIJhhm4Rtl8mzRiUzplzuEhbM7I7fvAEdWVqKulhUd1fd0sJ0AIXxfBeteUIpuHBLKWyXSM7mUJRb7ZgSpqoWdmXIMygPxQepVDtMOAFIx0sTqVu3zYC6KEUQx2Z4x7J7VvARiyTYEiT6ihh6pAAwxK2e-Oak1lC5MbxQf8a4hpfRNmCL5_Rcj6KS7x_38YI67KNj3UaWANks73KqZopsAs-pk6YXpILQrBItUK6gzWUuANRU3P9-9tcslYQD-jh5kS8BJZzeIaS3-VoSRNQvmGbVmGYRMfETLijHPCVPS6A2Hbk-acCrpfnIxEacxZ_-bay18PscwitwxTJSpoZCoazj7bU9_FHu7aeuM-kDhk38AoPuZIxWTxfzLm5Z01uxDIlK3o6sgrP-B1K9Rc7UwGxVFhlD4i_pv_15c9k5NkPtquHVoDCjPTfTUJ2OnvVmv7227b7k0mVi6k-jNmozP_pGFY-XgkBszsDztDVefhnn3w94igg2-EDyyMfN23zXOTUi0Q6XkhbdfpWSuuJ5R2Iu_DvIYO14uAKdwojlmqqN_PNOkUCqNZwANhT5mdQiQNaP8RLTbUznpakszlnivWBO2Zt1pxKEFmaOSp15NBuxPVzILTwa1FA8Ub28GsJweUNDskg-vvLb8buP5yOkcROQ3O9NEcIkYOHoHg4ut96ZchH0R8oMdqC-gDPBCc5IEueJngHAzYWsawMVk5oSv-BH6JllS0VSVnpDZCSH65cTpzbai6TWL5QC6aPsX4jTp6_GZaAAuOExSS0Y9zksyeyLPMEQrq7tzKLRcsoVPZGKKPyUS2N4kPvX8uZD0hplF5QV_ehZAAmRwRpVeEX0ALpA8UR-by2dmJhIj6xRynPi8OtGBd0FuVmQo5O02Gg1UL5OtJdG8XmlrsJ5PHyKs9vN6lDpGwbr4rPG9OvX8uZE57R7SjR6D6aY2UNXfPlKEyWcJM99UrQyEzr-s6KmBj4I4N2TsWs7w0adpSS4BYbDA_9QfHFa_wd6qSuS2g98m13ChYtoKAo-vrILySwuMuc-sinxVhS7AA7-OgN64UNo0BdNSWolPPDdfa0MRK15OSWtqglRvO9YIQzU2Ks-YSxsl3HkmeYfthPQbdeUr0aXMDQCvv1V8Fn6wjUX11edknyOS7YQw8P25-dGtZ2e-nZ08Kg5gfZNpmE6BBMIx3ARn4P_Qp7xs3dAx4gAjVzaoZsLk7njh75awEZWG--o5Q9PPg2ZOis_kwX23SMlnjpQIe9uq0sFhxNDsmsEbdWAzz-CsejTBuaz-rGF2hPyEKY-ASk_4i6iCr60P6edVGiO_-SNSBI1PKsxx_lgZDDj_XBzqsm62mbJOCw4L371pXFH92swlyuQbz3-WYf0AhAZmX0vdaG9ZMTCNeXqT4NjDnzeRKtCYpRD5Y97A_CvhLTqlIoC-2WcHY6ofgsh6Rm_5a_fEseSkY1CtFVHe0mdRwICRI4wDDzURsXiyqb95JCuRSS4EmN4I4yaORg07QWoIKBI4tSPcHgJDmhJeS7qsP1smBUB8qQ7TLYRImMxjbFP0ypKBnyTfJoVGBTwsln1zhTrk-A7Elnk3wGmt9IB_JXxtId44iX4rL44Y0s2gic3W0U_yB1X5sSw1c6WPMrn7rhflITwW2Chomh8oOWHxGED9YVg04ZCRwMuLMBpwAZFH&cid=CAQSTwAvHhf_Y-73Y_PzXLIvGSz8QE8JRW7t2y1K-yxTapo706GFcwUtj1BzRLO-DZFknBBTsO1Mm8Ym5a1mbleWayCNFMCXqnYPUsRD3F9YuykYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fx.gd%2F&ds=l&xdt=1&iif=1&cor=11659975497869470000&adk=2935317966&idt=91&cac=0&dtd=16
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
658d2988267bbf1eeae3e1655baa314ad12856763cb85bdcee3ea25a41fe292b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42126
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
redir.html
p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame F475 		247 B
871 B 		Document
General
Check archive.org
Download Go to
Full URL
https://p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f94.1e100.net
Software
sffe /
Resource Hash
b107aa754b56c645d2839966c27e54dad693ade78bc5f4692290f2f49b292fc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
206
content-security-policy-report-only
script-src 'nonce-FfKKzp2e_a7HV5rq6LTPbA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy
cross-origin
date
Thu, 21 Dec 2023 23:43:48 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
last-modified
Tue, 14 Nov 2023 14:08:00 GMT
pragma
no-cache
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
skeleton.js
fw.adsafeprotected.com/rjss/st/1138160/76485369/ Frame 15DE 		255 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/st/1138160/76485369/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1014346490&ias_pubId=pub-2737572314184878&ias_chanId=1&ias_placementId=20612429936&bidurl=https://x.gd/view/unsafe/gvZZa&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0g93nwb9t6mSQU6zfFPvHID
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.199.149.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-199-149-119.compute-1.amazonaws.com
Software
/
Resource Hash
12a5323054bf1dc8a93821a425f2f85fcfb5e0cbefea866c3b140c7f4381a9a4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:48 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame 15DE 		111 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f148.1e100.net
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 16:06:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27452
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 22 Dec 2023 16:06:16 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 15DE 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DVU7SugrD8TP3fMASspS3XK3pIb0jo5f-zhIkQrFxONj05XvGOZ0jOCWkzH5OBfaAkgni9x_EZtEVnu8rl_apsEW5kZ-AdCqS0SkolYvb-Nq5sPCeCypwFLgGh5nUJ3_m2Pyg-3q9DEI3_aFBRbE3rdPXak9PTInJJMSpot52jXk4xRGQ&dbm_d=AKAmf-ChRE7gFcNwzv6rdkWAeMuhFADQ4qqJKsggka1Fyh3w5rMRSP5l2i9kd5qsifex5O766iqBgk5J3MCbkJpwMz8wXMq6kI_BejwCnas1g1MA47744S1EnGgqmbaNgPBpzDCXj4GTBWpgYgiMSqXqP5tk9jdQ0rQQ16b8ZLscrgCzPXi3IhvG9Z73DMl0j6QwLiqWoI16UReSspuvcNz9ecCicEUA7HbOq_NSK3vmFOOFN_F3qVp3NNoJBKFuB_bEeHlUQGQUGEkwbyoxM7kER0AlpLTwRaPhUpH6zxy6QMc6vdm1jX0oIsctfEMVVSuV56aV8ou0BMvJ2yMFMAYcVO0FXb7mVuvCAQ2oTWkFaFMtR4ESKnn0glwN7Y8wAdYOhShGxG0hpVt-2ESmqCymMY900lDaR6_ygvp-IKoESucPtoeVZCX9kFqE7h1mZkkciRZ0Gdib5BN86Da-lVbYC6YG3hW0suhvwHYD9g92mG67ZnjRoJnhATkuFUIf3jdzFn9ianSIA7n4eDY3rKxmkfEDt4QgtSwpdIQEi1d9zwEy1_SFWFUm3gJaZa-XQ5635hBSnqXyPsgYQ8gcwPYUprrryvloE819aA8S59uX39OLn1pYLAaAxR_D0DVITHTrgCOASjlyFttOoyJXdgJh7fhxEkr8UcWF513886T9X6mWclVb3AVoGj0MqSmNQ30c_xQJfdelTaHxUIP-wQ8nf8Asf2s76bECvt784KrkagTj0UvbLF3CgiY9uUaOolwsAbAJUHN0qAlMI8gMWTkkPVfI5Ox2rsNGTQjrjD7TBoOX2b7LpRd7aAAU7RDIdOJ8wUsL3FEGuom11jM_XyoY7-d8UHZS63AxC7W0JvejsnnqHNDOlSnVXVD58z3k6YEuB0f620hd5NGEp9YnlC5kP-kFL4KJFU0pAYLtf6CJFjW9fvSUDpoqz4d3EktGLpEfS1VTuhZ0cTCSndoxXXwonzqvnxl3lOtCNIMjWHiTJfpMJTzqB2MSiVgRwraUP15dUhKh3fn3GymNLEyHpyjsA3sOV9vq48FFDw2_bRZM3ahPSlcBSJJpVntymzYVFis28P8os2DrKn0X63FYZ1lxmBHMu8MMTAmDHbsLZ7H-2x3Yopjk5MWUrIsPhq4gibFJrsPseDr3Gim86Xs-kj4g9tak8rd6Wz7Ed0PptVw4bKAS5gEG_dWfM1Ra2t1X8IrwAgZzqRTTDZt0JOdaK_nV2zLbj2SWI-fllskhAF1UzmE0Jqc0uldZk5EjUd--GqsEsPAZHBioBOd7F5udrtM9g5xAPfhUB9W9ebbuswN4Rg97HJ82qxIXJ3sdtZNf8KFhj3IT1z1AYsqMWFBDn33tmELJ3SinCxMrDWiuHvGrwVO0ayLXm4qSl7v3u06CwPOZqxN6yYaq83YgrT6XOtFSwvbZAA6pxvmq5Uf8WSyZZUOK5U3uprE_c5PW7Rsg-qhS7MFeqBM4shVsxUUSzaOuQWwTmvTwRsCkhHXzlG0OwFXrHRrnvmhC7jzrPwLf_KfhdU_aE3mMsq-21NwWtIJSKntkzEhlfLGZik0sU7xQcC-yJu73oU5GWelNZmMp-X31ZJ0Vl6mFZiJAYviXN2LI1VVlAxc9ArI_vXpOXngLDQf-08tprnWGpaKDf17CIX3tojG_FI4VwLWcSIer2DqPUvFw1HOHXNXaAwJslK8wBAD3eNVXuFflbmbxDs0Cg8yHhKT4PRp_BTsHDrVoiFSeEPiTGg4ciAyksPX7Pbtcw3hTMAKRF-Dp_ReV1izl1RK11VUptmohor7BBpJMAYrb0VGxphvRi8pGchrD4LdZqtx6QojrR7tlaKDJgNIVs-yAIz57dGaIOTyTVVGrlUCXmeguqTIwmJYysiAdbndAvuzbQhaenK2bWjmtI9jQtrtW44XrclqRA6SSS_wD283m6eps4QcoMh9igzIqdkF13HWEGOCIJhhm4Rtl8mzRiUzplzuEhbM7I7fvAEdWVqKulhUd1fd0sJ0AIXxfBeteUIpuHBLKWyXSM7mUJRb7ZgSpqoWdmXIMygPxQepVDtMOAFIx0sTqVu3zYC6KEUQx2Z4x7J7VvARiyTYEiT6ihh6pAAwxK2e-Oak1lC5MbxQf8a4hpfRNmCL5_Rcj6KS7x_38YI67KNj3UaWANks73KqZopsAs-pk6YXpILQrBItUK6gzWUuANRU3P9-9tcslYQD-jh5kS8BJZzeIaS3-VoSRNQvmGbVmGYRMfETLijHPCVPS6A2Hbk-acCrpfnIxEacxZ_-bay18PscwitwxTJSpoZCoazj7bU9_FHu7aeuM-kDhk38AoPuZIxWTxfzLm5Z01uxDIlK3o6sgrP-B1K9Rc7UwGxVFhlD4i_pv_15c9k5NkPtquHVoDCjPTfTUJ2OnvVmv7227b7k0mVi6k-jNmozP_pGFY-XgkBszsDztDVefhnn3w94igg2-EDyyMfN23zXOTUi0Q6XkhbdfpWSuuJ5R2Iu_DvIYO14uAKdwojlmqqN_PNOkUCqNZwANhT5mdQiQNaP8RLTbUznpakszlnivWBO2Zt1pxKEFmaOSp15NBuxPVzILTwa1FA8Ub28GsJweUNDskg-vvLb8buP5yOkcROQ3O9NEcIkYOHoHg4ut96ZchH0R8oMdqC-gDPBCc5IEueJngHAzYWsawMVk5oSv-BH6JllS0VSVnpDZCSH65cTpzbai6TWL5QC6aPsX4jTp6_GZaAAuOExSS0Y9zksyeyLPMEQrq7tzKLRcsoVPZGKKPyUS2N4kPvX8uZD0hplF5QV_ehZAAmRwRpVeEX0ALpA8UR-by2dmJhIj6xRynPi8OtGBd0FuVmQo5O02Gg1UL5OtJdG8XmlrsJ5PHyKs9vN6lDpGwbr4rPG9OvX8uZE57R7SjR6D6aY2UNXfPlKEyWcJM99UrQyEzr-s6KmBj4I4N2TsWs7w0adpSS4BYbDA_9QfHFa_wd6qSuS2g98m13ChYtoKAo-vrILySwuMuc-sinxVhS7AA7-OgN64UNo0BdNSWolPPDdfa0MRK15OSWtqglRvO9YIQzU2Ks-YSxsl3HkmeYfthPQbdeUr0aXMDQCvv1V8Fn6wjUX11edknyOS7YQw8P25-dGtZ2e-nZ08Kg5gfZNpmE6BBMIx3ARn4P_Qp7xs3dAx4gAjVzaoZsLk7njh75awEZWG--o5Q9PPg2ZOis_kwX23SMlnjpQIe9uq0sFhxNDsmsEbdWAzz-CsejTBuaz-rGF2hPyEKY-ASk_4i6iCr60P6edVGiO_-SNSBI1PKsxx_lgZDDj_XBzqsm62mbJOCw4L371pXFH92swlyuQbz3-WYf0AhAZmX0vdaG9ZMTCNeXqT4NjDnzeRKtCYpRD5Y97A_CvhLTqlIoC-2WcHY6ofgsh6Rm_5a_fEseSkY1CtFVHe0mdRwICRI4wDDzURsXiyqb95JCuRSS4EmN4I4yaORg07QWoIKBI4tSPcHgJDmhJeS7qsP1smBUB8qQ7TLYRImMxjbFP0ypKBnyTfJoVGBTwsln1zhTrk-A7Elnk3wGmt9IB_JXxtId44iX4rL44Y0s2gic3W0U_yB1X5sSw1c6WPMrn7rhflITwW2Chomh8oOWHxGED9YVg04ZCRwMuLMBpwAZFH&cid=CAQSTwAvHhf_Y-73Y_PzXLIvGSz8QE8JRW7t2y1K-yxTapo706GFcwUtj1BzRLO-DZFknBBTsO1Mm8Ym5a1mbleWayCNFMCXqnYPUsRD3F9YuykYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fx.gd%2F&ds=l&xdt=1&iif=1&cor=11659975497869470000&adk=2935317966&idt=91&cac=0&dtd=16
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 07:22:32 GMT
content-encoding
br
x-content-type-options
nosniff
age
58876
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4206
x-xss-protection
0
server
cafe
etag
14415875674906819925
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 07:22:32 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 15DE 		31 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DVU7SugrD8TP3fMASspS3XK3pIb0jo5f-zhIkQrFxONj05XvGOZ0jOCWkzH5OBfaAkgni9x_EZtEVnu8rl_apsEW5kZ-AdCqS0SkolYvb-Nq5sPCeCypwFLgGh5nUJ3_m2Pyg-3q9DEI3_aFBRbE3rdPXak9PTInJJMSpot52jXk4xRGQ&dbm_d=AKAmf-ChRE7gFcNwzv6rdkWAeMuhFADQ4qqJKsggka1Fyh3w5rMRSP5l2i9kd5qsifex5O766iqBgk5J3MCbkJpwMz8wXMq6kI_BejwCnas1g1MA47744S1EnGgqmbaNgPBpzDCXj4GTBWpgYgiMSqXqP5tk9jdQ0rQQ16b8ZLscrgCzPXi3IhvG9Z73DMl0j6QwLiqWoI16UReSspuvcNz9ecCicEUA7HbOq_NSK3vmFOOFN_F3qVp3NNoJBKFuB_bEeHlUQGQUGEkwbyoxM7kER0AlpLTwRaPhUpH6zxy6QMc6vdm1jX0oIsctfEMVVSuV56aV8ou0BMvJ2yMFMAYcVO0FXb7mVuvCAQ2oTWkFaFMtR4ESKnn0glwN7Y8wAdYOhShGxG0hpVt-2ESmqCymMY900lDaR6_ygvp-IKoESucPtoeVZCX9kFqE7h1mZkkciRZ0Gdib5BN86Da-lVbYC6YG3hW0suhvwHYD9g92mG67ZnjRoJnhATkuFUIf3jdzFn9ianSIA7n4eDY3rKxmkfEDt4QgtSwpdIQEi1d9zwEy1_SFWFUm3gJaZa-XQ5635hBSnqXyPsgYQ8gcwPYUprrryvloE819aA8S59uX39OLn1pYLAaAxR_D0DVITHTrgCOASjlyFttOoyJXdgJh7fhxEkr8UcWF513886T9X6mWclVb3AVoGj0MqSmNQ30c_xQJfdelTaHxUIP-wQ8nf8Asf2s76bECvt784KrkagTj0UvbLF3CgiY9uUaOolwsAbAJUHN0qAlMI8gMWTkkPVfI5Ox2rsNGTQjrjD7TBoOX2b7LpRd7aAAU7RDIdOJ8wUsL3FEGuom11jM_XyoY7-d8UHZS63AxC7W0JvejsnnqHNDOlSnVXVD58z3k6YEuB0f620hd5NGEp9YnlC5kP-kFL4KJFU0pAYLtf6CJFjW9fvSUDpoqz4d3EktGLpEfS1VTuhZ0cTCSndoxXXwonzqvnxl3lOtCNIMjWHiTJfpMJTzqB2MSiVgRwraUP15dUhKh3fn3GymNLEyHpyjsA3sOV9vq48FFDw2_bRZM3ahPSlcBSJJpVntymzYVFis28P8os2DrKn0X63FYZ1lxmBHMu8MMTAmDHbsLZ7H-2x3Yopjk5MWUrIsPhq4gibFJrsPseDr3Gim86Xs-kj4g9tak8rd6Wz7Ed0PptVw4bKAS5gEG_dWfM1Ra2t1X8IrwAgZzqRTTDZt0JOdaK_nV2zLbj2SWI-fllskhAF1UzmE0Jqc0uldZk5EjUd--GqsEsPAZHBioBOd7F5udrtM9g5xAPfhUB9W9ebbuswN4Rg97HJ82qxIXJ3sdtZNf8KFhj3IT1z1AYsqMWFBDn33tmELJ3SinCxMrDWiuHvGrwVO0ayLXm4qSl7v3u06CwPOZqxN6yYaq83YgrT6XOtFSwvbZAA6pxvmq5Uf8WSyZZUOK5U3uprE_c5PW7Rsg-qhS7MFeqBM4shVsxUUSzaOuQWwTmvTwRsCkhHXzlG0OwFXrHRrnvmhC7jzrPwLf_KfhdU_aE3mMsq-21NwWtIJSKntkzEhlfLGZik0sU7xQcC-yJu73oU5GWelNZmMp-X31ZJ0Vl6mFZiJAYviXN2LI1VVlAxc9ArI_vXpOXngLDQf-08tprnWGpaKDf17CIX3tojG_FI4VwLWcSIer2DqPUvFw1HOHXNXaAwJslK8wBAD3eNVXuFflbmbxDs0Cg8yHhKT4PRp_BTsHDrVoiFSeEPiTGg4ciAyksPX7Pbtcw3hTMAKRF-Dp_ReV1izl1RK11VUptmohor7BBpJMAYrb0VGxphvRi8pGchrD4LdZqtx6QojrR7tlaKDJgNIVs-yAIz57dGaIOTyTVVGrlUCXmeguqTIwmJYysiAdbndAvuzbQhaenK2bWjmtI9jQtrtW44XrclqRA6SSS_wD283m6eps4QcoMh9igzIqdkF13HWEGOCIJhhm4Rtl8mzRiUzplzuEhbM7I7fvAEdWVqKulhUd1fd0sJ0AIXxfBeteUIpuHBLKWyXSM7mUJRb7ZgSpqoWdmXIMygPxQepVDtMOAFIx0sTqVu3zYC6KEUQx2Z4x7J7VvARiyTYEiT6ihh6pAAwxK2e-Oak1lC5MbxQf8a4hpfRNmCL5_Rcj6KS7x_38YI67KNj3UaWANks73KqZopsAs-pk6YXpILQrBItUK6gzWUuANRU3P9-9tcslYQD-jh5kS8BJZzeIaS3-VoSRNQvmGbVmGYRMfETLijHPCVPS6A2Hbk-acCrpfnIxEacxZ_-bay18PscwitwxTJSpoZCoazj7bU9_FHu7aeuM-kDhk38AoPuZIxWTxfzLm5Z01uxDIlK3o6sgrP-B1K9Rc7UwGxVFhlD4i_pv_15c9k5NkPtquHVoDCjPTfTUJ2OnvVmv7227b7k0mVi6k-jNmozP_pGFY-XgkBszsDztDVefhnn3w94igg2-EDyyMfN23zXOTUi0Q6XkhbdfpWSuuJ5R2Iu_DvIYO14uAKdwojlmqqN_PNOkUCqNZwANhT5mdQiQNaP8RLTbUznpakszlnivWBO2Zt1pxKEFmaOSp15NBuxPVzILTwa1FA8Ub28GsJweUNDskg-vvLb8buP5yOkcROQ3O9NEcIkYOHoHg4ut96ZchH0R8oMdqC-gDPBCc5IEueJngHAzYWsawMVk5oSv-BH6JllS0VSVnpDZCSH65cTpzbai6TWL5QC6aPsX4jTp6_GZaAAuOExSS0Y9zksyeyLPMEQrq7tzKLRcsoVPZGKKPyUS2N4kPvX8uZD0hplF5QV_ehZAAmRwRpVeEX0ALpA8UR-by2dmJhIj6xRynPi8OtGBd0FuVmQo5O02Gg1UL5OtJdG8XmlrsJ5PHyKs9vN6lDpGwbr4rPG9OvX8uZE57R7SjR6D6aY2UNXfPlKEyWcJM99UrQyEzr-s6KmBj4I4N2TsWs7w0adpSS4BYbDA_9QfHFa_wd6qSuS2g98m13ChYtoKAo-vrILySwuMuc-sinxVhS7AA7-OgN64UNo0BdNSWolPPDdfa0MRK15OSWtqglRvO9YIQzU2Ks-YSxsl3HkmeYfthPQbdeUr0aXMDQCvv1V8Fn6wjUX11edknyOS7YQw8P25-dGtZ2e-nZ08Kg5gfZNpmE6BBMIx3ARn4P_Qp7xs3dAx4gAjVzaoZsLk7njh75awEZWG--o5Q9PPg2ZOis_kwX23SMlnjpQIe9uq0sFhxNDsmsEbdWAzz-CsejTBuaz-rGF2hPyEKY-ASk_4i6iCr60P6edVGiO_-SNSBI1PKsxx_lgZDDj_XBzqsm62mbJOCw4L371pXFH92swlyuQbz3-WYf0AhAZmX0vdaG9ZMTCNeXqT4NjDnzeRKtCYpRD5Y97A_CvhLTqlIoC-2WcHY6ofgsh6Rm_5a_fEseSkY1CtFVHe0mdRwICRI4wDDzURsXiyqb95JCuRSS4EmN4I4yaORg07QWoIKBI4tSPcHgJDmhJeS7qsP1smBUB8qQ7TLYRImMxjbFP0ypKBnyTfJoVGBTwsln1zhTrk-A7Elnk3wGmt9IB_JXxtId44iX4rL44Y0s2gic3W0U_yB1X5sSw1c6WPMrn7rhflITwW2Chomh8oOWHxGED9YVg04ZCRwMuLMBpwAZFH&cid=CAQSTwAvHhf_Y-73Y_PzXLIvGSz8QE8JRW7t2y1K-yxTapo706GFcwUtj1BzRLO-DZFknBBTsO1Mm8Ym5a1mbleWayCNFMCXqnYPUsRD3F9YuykYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fx.gd%2F&ds=l&xdt=1&iif=1&cor=11659975497869470000&adk=2935317966&idt=91&cac=0&dtd=16
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
565592ede82822decb298ebd1e6f56e9c6a680b1a79cd4208513a834295e4c43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 06:46:23 GMT
content-encoding
br
x-content-type-options
nosniff
age
61045
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11872
x-xss-protection
0
server
cafe
etag
16225921609732785849
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jan 2024 06:46:23 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 15DE 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 19:05:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
16700
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 20 Dec 2024 19:05:28 GMT
truncated
/ Frame 15DE 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e187c8f1439d4216045242272315548f6779545445b35b311db5e481069fbbd1

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/png
generate_204
tpc.googlesyndication.com/ Frame DADC 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?pcXsNw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:48 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame F1D3 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f132.1e100.net
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
244133
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 19 Dec 2023 03:54:55 GMT
expires
Wed, 18 Dec 2024 03:54:55 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
iframe.html
p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame F475 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Requested by
Host: p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f94.1e100.net
Software
sffe /
Resource Hash
b0d3f1a372fb1b357992de31215b4a94bd7002654d0e4443d3b8a66f6e82e1ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
1987
content-security-policy-report-only
script-src 'nonce-oLOMuTg1JAmLrXkC4Q9D8Q' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy
cross-origin
date
Thu, 21 Dec 2023 23:43:48 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
last-modified
Tue, 14 Nov 2023 14:08:00 GMT
pragma
no-cache
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame F1D3 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:16:54 GMT
content-encoding
br
x-content-type-options
nosniff
age
1614
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 20 Dec 2024 23:16:54 GMT
index.html
s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/ Frame 8A32 		159 KB
92 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f148.1e100.net
Software
sffe /
Resource Hash
4211861e9d65c9b501d8c5422b7ea6e52097b098d2c249f9f1f5c344383a4932
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
10790
allow-fenced-frame-automatic-beacons
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
93894
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 21 Dec 2023 20:43:59 GMT
expires
Fri, 20 Dec 2024 20:43:59 GMT
last-modified
Fri, 10 Nov 2023 11:08:58 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 15DE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsviziO6_6YdEBz4E1Kdwcx3nfQuaFbS2dM47b6Fo2cEhjp-Bg2OapakpCOWhf2A6SKCb0pSy44hr1kWbA9MP00IYzB-AXugESdTv-0Ge3HLmSd7nCWv7uiCTvZt08bn302DBKHAPwTMEKW2S8RNBHtsXweCzFpHSXpniEDMm7tmDKSCVhKJ5bYTm2lejvAR7paCq7DvjJrQYBDztI1jHUemFslyOBm_ynGmDapVrZwjGkWlkUUzrE_D7PPwMf9KsvdNpBdahjUD9-jxdJ_A8DcPVh25WSFuzozLuUYllrKqZ1NvYgTUn0FB5MrOS7YvwKuqCWqREoD56tBvBZFo-8dSvO3LMgjdOzfWxkjjfwI9qlYiH9sarweXVCAr7igl9V5aev8bBy15z1AouvEM6GcrBUZmOI4XQTVMTyaYpdpliI4ZgQoDoEfBxNJ_lazsQLsG3hWuefB_s6nFi4qYx-LwM9ncfuFDKyZtp5ojqJLO-a8p26QzDisO_Y-plA2y9M7gZBxfxsryXkPqrbJlEaACnsF3vGyR_8gdPcFvwL2nb-lbPtQtrJlMV7nG56EXsFSnHMmEROi32H-O02mWL5tM1WN3CpLKOqP26wvsC_e3-etqpT0YGzq_NDedD83rm6-fg4wJ7IYR_aLeFlakQmH0a7LBGjD5IgI-fvWYD_BlvJaCwsnS0fbY10eMjW-MaAQOmHJuI2_UuvRznEx0y6Vf1QWgkUBva-VKDypHKvCoWOCodkW4Tzp35mT7S7JDGj217OPcREXJSUM5FS6mTOrSpPmD4vjpUneANaU3-DN0QqbYeGMmqZcoYrQPwrngSkN3jRl9QftLlWPP_gZrxgcmEyZ2kXHJBuqq8BXzyR1DbkXGP9DLph-b0yXaKGW1xRTKY8t28rBYhs3US1GxPZSJ8aPEWwPdQFmXFwvbKxjaWWIia9kx60Ve_XEzNYBmqHJX0_zPg8TTiL7PSENh2BlJLvIRu2FPLLfHGYiVq5t2Fkep8hT4e9A-wl2i4rqp2pLGA8o1K-A4Fk3h6iNYai6UqWUOsIEzIvoGuIH5sGFtz0Fkrc-7cHd--eCQZuWNacevPQhyjc9F1wnPqCJAvU7ZUUkxWeZH09RGfux4_lRQ9gS7nHei0a8yH1cwkLNDDc86B1UixsmOjm1X9BW9Nljz_7FUe8Q58sKkTF5njElAgiIkZrchxx4qaB6SyP7bFQ1BanRoVf1BTKxIOP3GwqeLDY0tnPba_PuhWh9FsnmjcmkhNKb5skD3Tpjf3Ywm7wvVBuUIU2kMwcyjP6PJCwTfrMgBGyyYZIw9X1JoyEdfRxn_dWwHONmamziIsUxYcw&sai=AMfl-YRwst-vlhrOrUGs7c1xenPIbEIHFdDmF8wFsRMn9y7sbSdbpqxw4bMw5p36ullCh5C7uyZSyyMFmmg0UfY8oVREPNgMbhxBysVcBhxRfGQfAZpKLu2xh8_-DVNyyDJwhVIwzX53J8lwnAoe_sNg3bzviClaQX4e2ojoyTl4zpl1YoyyxpuVUHH7TRUXFWEuqBkPReY_Hvj7omK4oAd5dl2uJSdmuDIqqV3uE_xwOYQ_30FI5GxvEfhKM7wj8Q6tUBTc5Q5da2V3lcUjphaA_xHBqFwiRiE9FDdEK_i_d470WbQmkuTrPXuMQzfyQRpA5Zk&sig=Cg0ArKJSzFMTBYL02uQtEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=154&cbvp=1&cstd=147&cisv=r20231207.06452&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 21 Dec 2023 23:43:48 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
content-type
image/gif
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
4.js
static.adsafeprotected.com/ Frame 15DE
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/1138160/76485369/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1014346490&ias_pubId=pub-2737572314184878&ias_chanId=1&ias_placementId=20612429936&bidurl=ht...
  • https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}&ias_xappb=&adContainerId=brand_safety_tM2EZc_kKrbQoPwPksKVmA4&cbFunctionName=goog_wrapCb_tM2EZc_kKrbQoPwPksKVmA4&true_pb=https%3A%2F%2F...
1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}&ias_xappb=&adContainerId=brand_safety_tM2EZc_kKrbQoPwPksKVmA4&cbFunctionName=goog_wrapCb_tM2EZc_kKrbQoPwPksKVmA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Server
54.192.51.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-51-19.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id
vKEhI2DDF7x4y1d6KCleNAEq1uB6J8K1
content-encoding
gzip
via
1.1 39379e6e28640430f64b963528b44426.cloudfront.net (CloudFront)
date
Wed, 20 Dec 2023 19:37:41 GMT
x-amz-cf-pop
YUL62-C2
age
101169
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Wed, 13 Dec 2023 19:37:39 GMT
server
AmazonS3
etag
W/"33dffa7df253125904b2f354b5bb5e8d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
57XQL_EDIJg5kX1lmkBJMgz0sFBlihTk_N2K7AnOSrxya1T_B1Sm1A==

Redirect headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:49 GMT
server
nginx
x-server-name
app43.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}&ias_xappb=&adContainerId=brand_safety_tM2EZc_kKrbQoPwPksKVmA4&cbFunctionName=goog_wrapCb_tM2EZc_kKrbQoPwPksKVmA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame 8041 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.51.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-51-19.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Mon, 31 Jul 2023 03:25:40 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 39379e6e28640430f64b963528b44426.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-C2
age
12428290
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
MeFAWg7em_wIxRnbJDdIcwRh-cN4KuguDmJx0rjsM_RHR06W04qhmg==
dt
dt.adsafeprotected.com/ Frame 15DE 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1138160&asId=794b5059-6204-cb11-8803-6f66889985fc&tv=%7Bc:xrJFyZ,pingTime:-3,time:86,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:34%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:87,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B76~0%5D,as:%5B76~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tZ7wYJ9+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a11%7C1b1*.1138160-76485369%7C1b11%7C1b12%7C1b13,idMap:1b1*,rmeas:1,rend:0,renddet:DIV,siq:36%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.40.12.255 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-40-12-255.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:49 GMT
server
nginx
x-server-name
dt07.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 15DE 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1138160&asId=794b5059-6204-cb11-8803-6f66889985fc&tv=%7Bc:xrJFz1,pingTime:-6,time:88,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:88,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B78~0%5D,as:%5B78~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tZ7wYJ9+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a11%7C1b1*.1138160-76485369%7C1b11%7C1b12%7C1b13,idMap:1b1*,rmeas:1,rend:0,renddet:DIV,siq:36%7D&tpiLookup=ao:x.gd*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.40.12.255 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-40-12-255.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:49 GMT
server
nginx
x-server-name
dt18.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js
pagead2.googlesyndication.com/bg/ Frame 542A 		50 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
sffe /
Resource Hash
80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 03:05:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
74307
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19632
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 20 Dec 2024 03:05:22 GMT
dt
dt.adsafeprotected.com/ Frame 15DE 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1138160&asId=794b5059-6204-cb11-8803-6f66889985fc&tv=%7Bc:xrJFzt,pingTime:-2,time:116,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:460,beZ:462,mfA:467,cmA:468,inA:469,inZ:473,prA:474,prZ:489,si:495,poA:497,poZ:523,cmZ:523,mfZ:523,loA:548,loZ:551,ltA:576,ltZ:576%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:true%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:34%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:116,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B105~0%5D,as:%5B105~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tZ7wYJ9+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a11%7C1b1*.1138160-76485369%7C1b11%7C1b12%7C1b13,idMap:1b1*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:DIV,siq:36,sinceFw:79,readyFired:true%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.40.12.255 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-40-12-255.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:49 GMT
server
nginx
x-server-name
dt01.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
truncated
/ Frame 8A32 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
24366c51064fc57cb419cc93db561f43bf3461affb1d04deb4d552a7e2ba4956

Request headers

Referer
Origin
https://s0.2mdn.net
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
view
googleads4.g.doubleclick.net/pcs/ Frame 15DE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsviziO6_6YdEBz4E1Kdwcx3nfQuaFbS2dM47b6Fo2cEhjp-Bg2OapakpCOWhf2A6SKCb0pSy44hr1kWbA9MP00IYzB-AXugESdTv-0Ge3HLmSd7nCWv7uiCTvZt08bn302DBKHAPwTMEKW2S8RNBHtsXweCzFpHSXpniEDMm7tmDKSCVhKJ5bYTm2lejvAR7paCq7DvjJrQYBDztI1jHUemFslyOBm_ynGmDapVrZwjGkWlkUUzrE_D7PPwMf9KsvdNpBdahjUD9-jxdJ_A8DcPVh25WSFuzozLuUYllrKqZ1NvYgTUn0FB5MrOS7YvwKuqCWqREoD56tBvBZFo-8dSvO3LMgjdOzfWxkjjfwI9qlYiH9sarweXVCAr7igl9V5aev8bBy15z1AouvEM6GcrBUZmOI4XQTVMTyaYpdpliI4ZgQoDoEfBxNJ_lazsQLsG3hWuefB_s6nFi4qYx-LwM9ncfuFDKyZtp5ojqJLO-a8p26QzDisO_Y-plA2y9M7gZBxfxsryXkPqrbJlEaACnsF3vGyR_8gdPcFvwL2nb-lbPtQtrJlMV7nG56EXsFSnHMmEROi32H-O02mWL5tM1WN3CpLKOqP26wvsC_e3-etqpT0YGzq_NDedD83rm6-fg4wJ7IYR_aLeFlakQmH0a7LBGjD5IgI-fvWYD_BlvJaCwsnS0fbY10eMjW-MaAQOmHJuI2_UuvRznEx0y6Vf1QWgkUBva-VKDypHKvCoWOCodkW4Tzp35mT7S7JDGj217OPcREXJSUM5FS6mTOrSpPmD4vjpUneANaU3-DN0QqbYeGMmqZcoYrQPwrngSkN3jRl9QftLlWPP_gZrxgcmEyZ2kXHJBuqq8BXzyR1DbkXGP9DLph-b0yXaKGW1xRTKY8t28rBYhs3US1GxPZSJ8aPEWwPdQFmXFwvbKxjaWWIia9kx60Ve_XEzNYBmqHJX0_zPg8TTiL7PSENh2BlJLvIRu2FPLLfHGYiVq5t2Fkep8hT4e9A-wl2i4rqp2pLGA8o1K-A4Fk3h6iNYai6UqWUOsIEzIvoGuIH5sGFtz0Fkrc-7cHd--eCQZuWNacevPQhyjc9F1wnPqCJAvU7ZUUkxWeZH09RGfux4_lRQ9gS7nHei0a8yH1cwkLNDDc86B1UixsmOjm1X9BW9Nljz_7FUe8Q58sKkTF5njElAgiIkZrchxx4qaB6SyP7bFQ1BanRoVf1BTKxIOP3GwqeLDY0tnPba_PuhWh9FsnmjcmkhNKb5skD3Tpjf3Ywm7wvVBuUIU2kMwcyjP6PJCwTfrMgBGyyYZIw9X1JoyEdfRxn_dWwHONmamziIsUxYcw&sai=AMfl-YRwst-vlhrOrUGs7c1xenPIbEIHFdDmF8wFsRMn9y7sbSdbpqxw4bMw5p36ullCh5C7uyZSyyMFmmg0UfY8oVREPNgMbhxBysVcBhxRfGQfAZpKLu2xh8_-DVNyyDJwhVIwzX53J8lwnAoe_sNg3bzviClaQX4e2ojoyTl4zpl1YoyyxpuVUHH7TRUXFWEuqBkPReY_Hvj7omK4oAd5dl2uJSdmuDIqqV3uE_xwOYQ_30FI5GxvEfhKM7wj8Q6tUBTc5Q5da2V3lcUjphaA_xHBqFwiRiE9FDdEK_i_d470WbQmkuTrPXuMQzfyQRpA5Zk&sig=Cg0ArKJSzFMTBYL02uQtEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=415&vt=11&dtpt=261&dett=3&cstd=147&cisv=r20231207.06452&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: x.gd
URL: https://x.gd/view/unsafe/gvZZa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:49 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
TI-Cloud-Operating-Model-Overview.png
s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/ Frame 8A32 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/TI-Cloud-Operating-Model-Overview.png?
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f148.1e100.net
Software
sffe /
Resource Hash
ffb869cc59e6497e356256a060335bceca8d670298bc89bc1311477eb06a0ef0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires
Wed, 18 Dec 2024 15:33:28 GMT
date
Tue, 19 Dec 2023 15:33:28 GMT
x-content-type-options
nosniff
age
202221
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75182
x-xss-protection
0
last-modified
Fri, 10 Nov 2023 11:08:58 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
LogoLockup_Vert_RGB_Midnight.png
s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/ Frame 8A32 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/LogoLockup_Vert_RGB_Midnight.png?
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f148.1e100.net
Software
sffe /
Resource Hash
9d6cef47868c3ea806f9e8b951a660547f561ac7e8e5b2a93a41d4b4b6c21f83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires
Fri, 20 Dec 2024 20:30:51 GMT
date
Thu, 21 Dec 2023 20:30:51 GMT
x-content-type-options
nosniff
age
11578
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1989
x-xss-protection
0
last-modified
Fri, 10 Nov 2023 11:08:58 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
dt
dt.adsafeprotected.com/ Frame 15DE 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1138160&asId=794b5059-6204-cb11-8803-6f66889985fc&tv=%7Bc:xrJFCq,time:299,type:e,env:%7Bgcd2:%7Bappl:0,cnst:na%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:299,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B288~0%5D,as:%5B288~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tZ7wYJ9+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a11%7C1b1*.1138160-76485369%7C1b11%7C1b12%7C1b13,idMap:1b1*,rmeas:1,rend:0,renddet:DIV,siq:36,sis:242%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.40.12.255 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-40-12-255.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:49 GMT
server
nginx
x-server-name
dt26.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
LogoLockup_Vert_RGB_Midnight.png
s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/ Frame 8A32 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/LogoLockup_Vert_RGB_Midnight.png?
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f148.1e100.net
Software
sffe /
Resource Hash
9d6cef47868c3ea806f9e8b951a660547f561ac7e8e5b2a93a41d4b4b6c21f83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires
Fri, 20 Dec 2024 20:30:51 GMT
date
Thu, 21 Dec 2023 20:30:51 GMT
x-content-type-options
nosniff
age
11578
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1989
x-xss-protection
0
last-modified
Fri, 10 Nov 2023 11:08:58 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
TI-Cloud-Operating-Model-Overview.png
s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/ Frame 8A32 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/TI-Cloud-Operating-Model-Overview.png?
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f148.1e100.net
Software
sffe /
Resource Hash
ffb869cc59e6497e356256a060335bceca8d670298bc89bc1311477eb06a0ef0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8405908780505691337/CA-ENG_XA-09_0__728x90_BAN-A_HTML5_TOFU-no-Networking-CiscoOperatingModelOverviewv1_0_105/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires
Wed, 18 Dec 2024 15:33:28 GMT
date
Tue, 19 Dec 2023 15:33:28 GMT
x-content-type-options
nosniff
age
202221
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75182
x-xss-protection
0
last-modified
Fri, 10 Nov 2023 11:08:58 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
gen_204
pagead2.googlesyndication.com/pagead/ Frame F1D3 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BWF3RtM2EZc_kKrbQoPwPksKVmA4AAAAAOAHgBAI&bg=!ra6lruHNAAY3kmNgF5I7ADQBe5WfOCLUtXwmxCC36V6BY3QyYi7xtih16wGJN-BvQSYaswIlqvprVX8zk-WFEHcagAGCAgAAAO1SAAAABWgBB5kDTMRqSTjGzEoMqKf2xRB4cHnH3MVX7VoMqF9nClHnnW_HgJfvOE8b7t6hi6lnZA-TL8MxsMgKHn_sZl_ZyXqGnJiuY3Ow_TeTUG3msMhlmQBeh486WsYvQ1ERWQrj5T1FdVMJ5_Km-CuEnL1gzGWZXhtGbqyKExaZjPSqvtVxqManJe53Ai5WXBm5Et5UXhOnqKdhcqtZPzIKJN80OTpTfuvf94ikETuCebBQj0ZuGtX4cfa6TN1-j48OXZmYz4uYeYRCWI84rMoRLWWCwN9WfXKgnVOqJZ32NwFLH-3vSeQ-dJftEjv7On7fyIjOt8IUXdPYVxObEqYsjnm1zB3AC0R3Hq5dfHED4Q2O71jttzP_S-U2Lzm0OQXe5dW5CUX-MFwnLuYJRHDqHNiOV4As8DfMOnma7oKfWcSFwoOn_xkpeb7vXuKwDrpxxy1LKT9k_TsDlh8Thmj9fmNMFvnaXa4glqcQPpguO9D24_sh6yYjZeEET_CnzFUHseZqRiZ7-hhQuTipLOcAZyMZFMxZSbSHqOztlZ28EyOwSgXytGi4hqxggYX29DqiLDfFNVZsZLbJANdqYuNbMvlXBi0-JzkSitMDr4xnozeW4hzX1G7MKHdJ5UFGD094FqOJ4OnKx2t7d6d-S-FJSJge1yTEk4ud8n1EpmKr_vY7rzFR_53HO1zBd1UGYv0iTrIBMOuO3FXpjCKFIXhbXHGP-ws7ltDAFFNh88zQM9qnbLjMlU3q3CYERtoqGADIHdJ1gti_UJlPRPQ5-KyYlwcmeCcHkVR2gpZZtMRoJwHYjdZ8IGqCoQjbdNpLOWpfKOW2x5TIl5TPnNfg1fOri9-xZ4LUjyMMQXK8aV9nsUC4R0Iv8e1prd5MnJA2AX_JGS2aa7DtzSQjRmb4k5pI7vf6UglCOFyCABsK3giuyYALGAIm_v4VBxjBfHWkhNEQldWdbGdZ3USRWz1d1HcnNiv2XxKDZIgf4_USsJotBfPq_LOHQn2uEkVHnMyDbaSkU_W47JOTQYPGH7d0ACB0duIjW8hmXsKDbLV8G3KISsXSYkplu_TtZYt8hzGAGqtxgtlTtZPIwToBJddinveEE1vkmrd5TF50hJWfXlrQkSMH5Yc
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:49 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231207&jk=4383104778850118&bg=!ERKlEl3NAAY3kmNgF5I7ADQBe5WfOFLBkgKssXp75W94aCrqaPmeqfFuIohVk3KP0gEd0RiaUGhbcOkRsk2ahXVfuyzMAgAAASdSAAAABGgBB5kCzvEm0SpBPwPlHl9GOh-KOF3eVqDB8BAIHVa5btCG2Mtqs__BFXZA3TTPOJq_epraNstYkiGwEZ652q8Q0NL3z9bH6cDcX1s2_yPTeipz7Lmx5iX_Bip3OpT0b8VtHfoeq_lRuayyZEMpzB8QBez3GbnGxdilnJvcY4HA4woMEwSqNRpducpiWCONUM0YuSQOAWTc9yRLxpoURxNYPMvrGQDd7th6buOw2nv2qefaYKr4Wc5HwGTsB0JGgFuK3KelLQPsRfFP2r0Pn-_JV90q6FNLi-coj0XGZqz_Uiu18fOk-yFIGOeAc3bVNgL2TJOPHhawdZ2TGG4FmRBjIlsmhZD9hhVgP6jgCJDdOUaVhYcBPeNxfb8KwHARD7X865gzlFKryZHqu9GT0BDPqqQIcwKZJtaSKRxL-kT46HrglgIs0_y5CImQfOIEsIWB7NPCl0N7vywHoe2UW6gy91MubxP61ti1JK5UsJZYiddfGzxyujL2JiHgJz5pWWAwi8ECjSXrOSlvB35y3TGUEd_lHEWXUPlKrW7H_nMa6UQEmux5-JZrtUhWregNF60LrHa5gMDtqXc_guJWLFVzfgtUkJDgxQoR4IyA0Xvre2By36aCWzFHsPRsVU0G3Gy_L54_WUqq2pcb1Nac8kS1bJeJqP5cys69WRmmfFKhBL1LjIDYqSVMO74cf6Im7rVY1uVxGl6U5c1ADDE4gP8RN6GrTRbB0WSGHK_YvQTliLe47p-GOMfxjnQ7RE-uFy4oyKIaLiSm_LmoggHHHjYFwYTH7x7AzxcWyGodikV9Uvh2ZxLKh4liUq3LI9RvN-KANhIJiSDzDE_9z5OWQCBD2Xo8w40VJkWY_R2p2ZpElstm1oSv4VDjdVRgMezSaDRPtyjzDB9q6hi3TcRCWFkDAF2IZKLiIWaDNB3LtHLLfxQi5Ye2FSpa4A9YpFSFV-Ef5Y8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers
dt
dt.adsafeprotected.com/ Frame 15DE 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1138160&asId=794b5059-6204-cb11-8803-6f66889985fc&tv=%7Bc:xrJFGr,pingTime:-10,time:548,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHw0ODB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjEwOSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1703202229522%7C%7C5b480c7fe742d2e037d98672b884c3a9%7C%7Cf5ef61ca1e560a2377dfd6c236fd3eb9%7C%7Cbd90eee7301dfb5570b978be7267167a%7C%7C6237a7572a064bba2307756fabbb749f%7C%7Cebacd00cba023844d29e79ebcc6abfa0%7C%7C20101db33bf13df516dd96e4a0554127%7C%7C0eb3a5e0f302e1220bcc679f394d08a1%7C%7C1663701684%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.40.12.255 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-40-12-255.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:49 GMT
server
nginx
x-server-name
dt12.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
px.gif
fundingchoicesmessages.google.com/img/ 		43 B
68 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=7.560167486127182
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-XG8Ts-wgl-uXgKnsrHH8ZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:49 GMT
content-security-policy
script-src 'report-sample' 'nonce-XG8Ts-wgl-uXgKnsrHH8ZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
px.gif
fundingchoicesmessages.google.com/img/ 		43 B
68 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=10.854361751078837
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-ik7lL0nXfBtg4OBasKBumg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:49 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-ik7lL0nXfBtg4OBasKBumg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWSEXYv1M22ToV8KeO6ovVP1daAVXq_k8auzlSAbUx5dSgyP7n9b5rd4TexJlRxE6O8YLdC3bZByUO4wDbDrVZzBNnZZhcHiOpRn812IHcMk8y3BTR6AFUJV-ERNr9qx0mZMdVV2g==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWSEXYv1M22ToV8KeO6ovVP1daAVXq_k8auzlSAbUx5dSgyP7n9b5rd4TexJlRxE6O8YLdC3bZByUO4wDbDrVZzBNnZZhcHiOpRn812IHcMk8y3BTR6AFUJV-ERNr9qx0mZMdVV2g==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-UULrygfnkOm6NbOqYxCurw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 21 Dec 2023 23:43:49 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-UULrygfnkOm6NbOqYxCurw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://x.gd
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 15DE 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssM0zcbSzNWl1-4AfqdfKETmwOedg4IUHXdRKUk5Ba0Ytv_osa0VEdPctRjYdXY0Mo2WEnRYpqFGYB8haL2TrMmLDQBNRn9y8i3rBEp5Ervpde-Qw0Jv1uY0-CZ8sAWfvgZcTzXPDPPV4tMgssdcUdBPHVT&sai=AMfl-YSkU1tIJAi4ywcRTMNPZ9M7-O1B7Z0xTQEEyrK3cffxDx7GhuDtlzqnQD_GhtH0v090EywfTur6-Ixilk921CxHcWXkC3a82xhydSyjnKkkfE153e8tLJVLUjAAEKocDRAQpJNrln2KAXxRAD9Taw&sig=Cg0ArKJSzAnZ4RL4mqzoEAE&cid=CAQSTwAvHhf_Y-73Y_PzXLIvGSz8QE8JRW7t2y1K-yxTapo706GFcwUtj1BzRLO-DZFknBBTsO1Mm8Ym5a1mbleWayCNFMCXqnYPUsRD3F9YuykYAQ&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=478,981,1000,1000,1000&tos=478,503,19,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1703202228515&rpt=370&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:49 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame 15DE 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1138160&asId=794b5059-6204-cb11-8803-6f66889985fc&tv=%7Bc:xrJFOP,time:1068,type:e,im:%7Bpci:%7Btdr:1006%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1068,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1057~0%5D,as:%5B1057~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:91,fm:tZ7wYJ9+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a11%7C1b1*.1138160-76485369%7C1b11%7C1b12%7C1b13,idMap:1b1*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:36,sis:242%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.40.12.255 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-40-12-255.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:50 GMT
server
nginx
x-server-name
dt04.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
adframewrapper.
fundingchoicesmessages.google.com/f/AGSKWxX93VBpqEQigFOFBWgwPWQqAYIa_a1cYdadXuSZgJHCaVgAwWweKKUgWVxxSXNJEetbhpZxQtn2yuRmk6bJBA7P3Fs1TR0V9L56M4a8fMgnFe8JS2vByxlu2J-ne8Ku3DU34RETzQqOnOld_MTXzPN4JKnpC... 		54 B
109 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxX93VBpqEQigFOFBWgwPWQqAYIa_a1cYdadXuSZgJHCaVgAwWweKKUgWVxxSXNJEetbhpZxQtn2yuRmk6bJBA7P3Fs1TR0V9L56M4a8fMgnFe8JS2vByxlu2J-ne8Ku3DU34RETzQqOnOld_MTXzPN4JKnpCF3qs7VOipUhmB2_OjB8cClijWwNKiiG/__adspace_/ad-home-_ad_actron..com/adx_/adframewrapper.
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMz3yAw6EdmQsjd3aj68pMJW_AFq6g/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
6fa1d5118df725e5c57c9d14a5ce12d6efe9fd21496aa71ebc9193a2671e89f5
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-Vy1YnqBcY0Cn2hqR5jttPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:50 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-Vy1YnqBcY0Cn2hqR5jttPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		145 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMz3yAw6EdmQsjd3aj68pMJW_AFq6g/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
d31e3bf84838d9d4103d1cdc5204dbdf3052bc54dbebdc667091ed97ed65451e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:50 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51283
x-xss-protection
0
server
cafe
etag
16481205546430931250
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Thu, 21 Dec 2023 23:43:50 GMT
AGSKWxWSEXYv1M22ToV8KeO6ovVP1daAVXq_k8auzlSAbUx5dSgyP7n9b5rd4TexJlRxE6O8YLdC3bZByUO4wDbDrVZzBNnZZhcHiOpRn812IHcMk8y3BTR6AFUJV-ERNr9qx0mZMdVV2g==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWSEXYv1M22ToV8KeO6ovVP1daAVXq_k8auzlSAbUx5dSgyP7n9b5rd4TexJlRxE6O8YLdC3bZByUO4wDbDrVZzBNnZZhcHiOpRn812IHcMk8y3BTR6AFUJV-ERNr9qx0mZMdVV2g==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-mWYbVYIfBgHL4VwZjRTB-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 21 Dec 2023 23:43:50 GMT
content-security-policy
script-src 'report-sample' 'nonce-mWYbVYIfBgHL4VwZjRTB-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://x.gd
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 15DE 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9761095154940&version=m202309260101&ct=76&x=1&cor=11659975497869470000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:50 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AGSKWxWSEXYv1M22ToV8KeO6ovVP1daAVXq_k8auzlSAbUx5dSgyP7n9b5rd4TexJlRxE6O8YLdC3bZByUO4wDbDrVZzBNnZZhcHiOpRn812IHcMk8y3BTR6AFUJV-ERNr9qx0mZMdVV2g==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWSEXYv1M22ToV8KeO6ovVP1daAVXq_k8auzlSAbUx5dSgyP7n9b5rd4TexJlRxE6O8YLdC3bZByUO4wDbDrVZzBNnZZhcHiOpRn812IHcMk8y3BTR6AFUJV-ERNr9qx0mZMdVV2g==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-TEeCXfYanlirT2h9f0CBeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 21 Dec 2023 23:43:50 GMT
content-security-policy
script-src 'report-sample' 'nonce-TEeCXfYanlirT2h9f0CBeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://x.gd
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWSEXYv1M22ToV8KeO6ovVP1daAVXq_k8auzlSAbUx5dSgyP7n9b5rd4TexJlRxE6O8YLdC3bZByUO4wDbDrVZzBNnZZhcHiOpRn812IHcMk8y3BTR6AFUJV-ERNr9qx0mZMdVV2g==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWSEXYv1M22ToV8KeO6ovVP1daAVXq_k8auzlSAbUx5dSgyP7n9b5rd4TexJlRxE6O8YLdC3bZByUO4wDbDrVZzBNnZZhcHiOpRn812IHcMk8y3BTR6AFUJV-ERNr9qx0mZMdVV2g==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-q7aE_oydMQCYRkQhdDJcjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 21 Dec 2023 23:43:50 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-q7aE_oydMQCYRkQhdDJcjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://x.gd
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWSEXYv1M22ToV8KeO6ovVP1daAVXq_k8auzlSAbUx5dSgyP7n9b5rd4TexJlRxE6O8YLdC3bZByUO4wDbDrVZzBNnZZhcHiOpRn812IHcMk8y3BTR6AFUJV-ERNr9qx0mZMdVV2g==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWSEXYv1M22ToV8KeO6ovVP1daAVXq_k8auzlSAbUx5dSgyP7n9b5rd4TexJlRxE6O8YLdC3bZByUO4wDbDrVZzBNnZZhcHiOpRn812IHcMk8y3BTR6AFUJV-ERNr9qx0mZMdVV2g==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce--WCvASeUvhZsR2ugn6azTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 21 Dec 2023 23:43:50 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce--WCvASeUvhZsR2ugn6azTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://x.gd
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxU9-JBOjDh3Zdu7M6dg1uSipnOz1wFG6CA6UfMSMB82BkUFUArA3bM8lU3eXOhlynXWm80Xl95YkKC17vEEtrHTUi4LCgPW-f-FFowCl0fCwSp1RVq89QpnhejvpW0N-9Xfkgwy5A==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxU9-JBOjDh3Zdu7M6dg1uSipnOz1wFG6CA6UfMSMB82BkUFUArA3bM8lU3eXOhlynXWm80Xl95YkKC17vEEtrHTUi4LCgPW-f-FFowCl0fCwSp1RVq89QpnhejvpW0N-9Xfkgwy5A==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAzMjAyMjMwLDQ0OTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiamEiLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly94LmdkL3ZpZXcvdW5zYWZlL2d2WlphIixudWxsLFtbOCwiVXZGQlFSMzRTNVUiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
c6e5580b7422733850ab802b7faff4a546d5849b109df9466c4ecf4b2fb5e004
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-HvLs138T5Afz_VlXkCQM1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 23:43:50 GMT
content-security-policy
script-src 'report-sample' 'nonce-HvLs138T5Afz_VlXkCQM1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxXBFuc-gb7KbJ6h1dzvBrBFnjgjaX4DJOOm8K3gC5tZ1YhAoDr-5Vo-ovxqm7xP5dC3OWREDM2_7ddScIvxGxZ-VScJz1keoBGqgeStItH3mhLRovpOXEP3BMiopqfsAndfPkuu9A==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXBFuc-gb7KbJ6h1dzvBrBFnjgjaX4DJOOm8K3gC5tZ1YhAoDr-5Vo-ovxqm7xP5dC3OWREDM2_7ddScIvxGxZ-VScJz1keoBGqgeStItH3mhLRovpOXEP3BMiopqfsAndfPkuu9A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-o9VR7EZPa8uc165of5CdDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 21 Dec 2023 23:43:50 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-o9VR7EZPa8uc165of5CdDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://x.gd
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWSEXYv1M22ToV8KeO6ovVP1daAVXq_k8auzlSAbUx5dSgyP7n9b5rd4TexJlRxE6O8YLdC3bZByUO4wDbDrVZzBNnZZhcHiOpRn812IHcMk8y3BTR6AFUJV-ERNr9qx0mZMdVV2g==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWSEXYv1M22ToV8KeO6ovVP1daAVXq_k8auzlSAbUx5dSgyP7n9b5rd4TexJlRxE6O8YLdC3bZByUO4wDbDrVZzBNnZZhcHiOpRn812IHcMk8y3BTR6AFUJV-ERNr9qx0mZMdVV2g==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMxTgAzZgX7fv5x3yC2FM5A7d8L4hw/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f113.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-bTgA3QXYlQU7BbTUzIT3Mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://x.gd/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 21 Dec 2023 23:43:50 GMT
content-security-policy
script-src 'report-sample' 'nonce-bTgA3QXYlQU7BbTUzIT3Mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://x.gd
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame 15DE 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1138160&asId=794b5059-6204-cb11-8803-6f66889985fc&tv=%7Bc:xrJGb2,pingTime:1,time:2445,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:34%7D,%7Bpiv:100,vs:i,r:,t:1444%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1444,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1433~0,0~100%5D,as:%5B1433~728.90%5D%7D%7D,%7Bsl:i,t:1444,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:90,fm:tZ7wYJ9+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a11%7C1b1*.1138160-76485369%7C1b11%7C1b12%7C1b13,idMap:1b1*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:36,sis:242%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.40.12.255 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-40-12-255.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:51 GMT
server
nginx
x-server-name
dt21.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 15DE 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1138160&asId=794b5059-6204-cb11-8803-6f66889985fc&tv=%7Bc:xrJGb2,pingTime:1,time:2445,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:34%7D,%7Bpiv:100,vs:i,r:,t:1444%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1444,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1433~0,0~100%5D,as:%5B1433~728.90%5D%7D%7D,%7Bsl:i,t:1444,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:90,fm:tZ7wYJ9+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a11%7C1b1*.1138160-76485369%7C1b11%7C1b12%7C1b13,idMap:1b1*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:36,sis:242%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.40.12.255 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-40-12-255.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:51 GMT
server
nginx
x-server-name
dt12.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-K53RX1V2LY&gtm=45je3bt0v9102618407&_p=1703202227320&gcd=11l1l1l1l1&dma=0&cid=2091073090.1703202227&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1703202227&sct=1&seg=1&dl=https%3A%2F%2Fx.gd%2Fview%2Funsafe%2FgvZZa&dt=URL%E7%9F%AD%E7%B8%AE%E3%82%B5%E3%83%BC%E3%83%93%E3%82%B9%20X.gd&en=page_view&_ee=1&_et=2&tfd=6594
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K53RX1V2LY
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f138.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://x.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Dec 2023 23:43:52 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://x.gd
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| documentPictureInPicture object| adsbygoogle boolean| __abg_called object| __NUXT__ object| google_tag_manager object| google_tag_data object| dataLayer object| webpackJsonp function| _0x283bb5 function| _0x2831cf function| _0x51c973 function| _0x1dd6c8 function| _0x4df6e6 function| _0x1712 function| _0x1a47 function| _0x54d5eb function| installComponents object| __core-js_shared__ object| core object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| onYouTubeIframeAPIReady function| google_sa_impl number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| $nuxt function| ga object| gaplugins boolean| ga-disable-UA-154998386-2 object| gaData object| google_llp object| googlefc boolean| adsbygoogle_ama_fc_has_run object| GoogleGcLKhOms object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| NTdjZTNhYjQ1OTk0ZjczN2xvYWRlcl9qcw== string| NTdjZTNhYjQ1OTk0ZjczN2NhY2hlZF9qcw== object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady object| googletag object| google_image_requests boolean| 714327cf-df95-4839-b304-f36536e9dc10

16 Cookies

Domain/Path Name / Value
.x.gd/ Name: cf_clearance
Value: D3k9PzPdok0d7v2RH0PYWSpdBpacuOvZ3FYIo0uSHb8-1703202227-0-2-4c8a72e0.bb48a701.ff67f156-0.2.1703202227
.x.gd/ Name: _ga_K53RX1V2LY
Value: GS1.1.1703202227.1.1.1703202227.0.0.0
x.gd/ Name: si
Value: 3063xez6
.x.gd/ Name: _ga
Value: GA1.2.2091073090.1703202227
.x.gd/ Name: _gid
Value: GA1.2.145111867.1703202227
.x.gd/ Name: _gat
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUkPyJU-4BlSULmfBzHpntpBYXdJ2nIGea4H0x9QRepIX6efG0Iv9HqmNgb1
.casalemedia.com/ Name: CMID
Value: ZYTNtPP591fob.iLQXaE3gAA
.casalemedia.com/ Name: CMPS
Value: 3612
.casalemedia.com/ Name: CMPRO
Value: 3612
.adnxs.com/ Name: uuid2
Value: 1319154722020403846
.x.gd/ Name: __gads
Value: ID=cb1580ff842186bd:T=1703202227:RT=1703202227:S=ALNI_MYqDB8a9Xbl8cIrGBWWEDPZY_HWgg
.x.gd/ Name: __gpi
Value: UID=00000dac27d8e83b:T=1703202227:RT=1703202227:S=ALNI_MakcrpcE8jOxHzn-me-_q68zyMSLw
.doubleclick.net/ Name: APC
Value: AfxxVi4all7Dp8e63B_BALOtFVcdXIyOy7Z4wVK9yCQXLDQknFD4Qw
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2Il_lXmga!]tbPl1M>e)ZlrFUfJ+tGXxp:Ou/K*V*'zaIGx_<F@acB_$60<_.z`^TPr%43If)y3KL9D3I?+Gs1qwG
.x.gd/ Name: FCNEC
Value: %5B%5B%22AKsRol9oGDc_xq8rRXDwD13LBVk57VbhF1GppqBBMwIvZeSrvPyKuwt9xxS0GmPIvh7HBF6kaVJFDu578LztC5aiDZN5pbcPKefM8cctPapE78kCIYzNkvMH92oTI1_n-PGNkuOQ0duGhmo0EIvS9xj7ZpJiFxsQkw%3D%3D%22%5D%5D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cm.g.doubleclick.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fundingchoicesmessages.google.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
p4-cs7rhyognc6ee-qhzi4x3ckw7vrihk-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
polyfill.io
s0.2mdn.net
static.adsafeprotected.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.gd
104.18.36.155
104.21.46.170
142.251.111.154
151.101.65.26
172.253.115.148
172.253.115.155
172.253.115.94
172.253.122.105
172.253.122.113
172.253.122.132
172.253.122.155
172.253.122.97
172.253.62.157
172.253.63.138
172.253.63.94
172.253.63.95
44.199.149.119
52.40.12.255
54.192.51.19
68.67.160.114
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
083ae7f1960c2983a9f1d99432f11aad1d338b15ff14613d8d56403cbffa59dc
0a9ff32d85258ef227ddc9a6763db635f084caaaaded2d4b28bb98ea0b1253c9
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b9f3f599c8c620303e3ecb3ef4efc57020d6abfde96b1863afee551fcd5d430
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
12a5323054bf1dc8a93821a425f2f85fcfb5e0cbefea866c3b140c7f4381a9a4
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1f5aad9dd89d3567284ffca495cecd3a8542c857beed34a1699f0b68c006cfe0
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
24366c51064fc57cb419cc93db561f43bf3461affb1d04deb4d552a7e2ba4956
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3068eaff0492063c2c93e835607c1afcd1a6118887843959fd56cc2487a99140
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
336951503a0ffc84310fb5345be5eaa6f9d8a2bdfad0dae493cf3abce96b425f
349f2bf0d41a6546d2dcb0d4001fb955984b5fd672fd36f7aa4e070684604ea0
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
39488b5646fd7a7ba52a4e1a67c4655730f91b93c6681524e4c581090fabb716
3b1aa634e28fdb9d4c80ac9edc0d71a196c4713b678c867e81155fce2466df48
41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
4211861e9d65c9b501d8c5422b7ea6e52097b098d2c249f9f1f5c344383a4932
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c6a5bb37520d3802bf344e433669d6f795ca3f003e7564e4ae82db7714429bd
4d0bc1c639a684dbf8416313889b59847676461a4a7c2dba12994ade84f1a4d8
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
526c86b4050c1ab8cc208a4ccf2a94b880861c8a4839ecf24be54ea1bb7bfe6b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
563a21af7d066a5ed2d05357428e1b96508f9c9e23a39b560ab9fa8fe92f1591
565592ede82822decb298ebd1e6f56e9c6a680b1a79cd4208513a834295e4c43
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
5bc35a6df363aa4b3e127afba871739f054f708a2cc473a94ef248ba8d973754
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
658d2988267bbf1eeae3e1655baa314ad12856763cb85bdcee3ea25a41fe292b
6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2
6fa1d5118df725e5c57c9d14a5ce12d6efe9fd21496aa71ebc9193a2671e89f5
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
7b7fc41884f9369db038e9beb5a7c7bf2d754a1032e3c67a9b5e5fbd530cad07
80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346
87f8317343ab596479a4d4ee267c8004e6831c84bffb4a0238a6790f1710fa94
899af7118726b26033f0cfcd94aa35343a8855b928a40cadc16c1a0ce5419997
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
943e9b87328e617dc5dde0f272231be8ac51d8f3d54ae169b47b4b87093e03bb
950e919f094872be420e1d5aa7b12871a8ba9db42ddc629360beb647bf71fe49
9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5
9c90d4af4915ff3986649148829d4e4515d61e91b6a4471c9a2cf5c6849776b4
9d6cef47868c3ea806f9e8b951a660547f561ac7e8e5b2a93a41d4b4b6c21f83
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a7c793a5bae350ee5cb328e7ccdddac77344b9b2fab701769979df5ec13bec4b
a932604416230684537f03bc523f1b5da6b10b7ee5be83e8b451f0bd8a59acd0
b0d3f1a372fb1b357992de31215b4a94bd7002654d0e4443d3b8a66f6e82e1ef
b107aa754b56c645d2839966c27e54dad693ade78bc5f4692290f2f49b292fc8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3f8b6630b6dff3720b43b2e745b4a2c6843539a16af9dc3cf5b98af45eb4a52
c20e259c9c087fb2fa056ee6a68e1d091319d370ab7ceb5696616ba8c0106f09
c6e5580b7422733850ab802b7faff4a546d5849b109df9466c4ecf4b2fb5e004
d31e3bf84838d9d4103d1cdc5204dbdf3052bc54dbebdc667091ed97ed65451e
d68792895f86c25ba4927823a2bbc062460c49c85d30003fd4795c26becdc51b
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e187c8f1439d4216045242272315548f6779545445b35b311db5e481069fbbd1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e75536f1ba9738e00aa737fe6b7231805ada06afa01d676bfa84ede22cb128b5
e8ed9cfdb3caea0b6f5cfa91df5aa6f1861e760115db0cc1901c90fb69069609
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f37fb29719b441eb569ded27a94e405544d3afc1d312167aeb6a3489f4962ae9
f9d63d94d11e65be863b3a754ace1b9f2fa71e5e874d7b0ad2ca3e9a831cf3fa
ffb869cc59e6497e356256a060335bceca8d670298bc89bc1311477eb06a0ef0