www.ffxiah.com Open in urlscan Pro
158.69.250.98 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.ffxiah.com/login/
Effective URL:
https://www.ffxiah.com/login/
Submission: On March 02 via manual (March 2nd 2022, 1:20:48 am UTC) from JP — Scanned from CA

Summary HTTP 105 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 21 IPs in 3 countries across 14 domains to perform 105 HTTP transactions. The main IP is 158.69.250.98, located in Montreal, Canada and belongs to OVH, FR. The main domain is www.ffxiah.com.
TLS certificate: Issued by R3 on February 1st 2022. Valid for: 3 months.

This is the only time www.ffxiah.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 13	158.69.250.98 158.69.250.98	16276 (OVH) (OVH)
2	2607:f8b0:400... 2607:f8b0:4006:81c::200a	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4006:80f::2002	15169 (GOOGLE) (GOOGLE)
7	142.250.80.2 142.250.80.2	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:807::2002	15169 (GOOGLE) (GOOGLE)
19	2607:f8b0:400... 2607:f8b0:4006:81f::2001	15169 (GOOGLE) (GOOGLE)
23	2607:f8b0:400... 2607:f8b0:4006:80e::2002	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:81e::2004	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:821::2002	15169 (GOOGLE) (GOOGLE)
1	172.67.209.18 172.67.209.18	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 8	142.251.40.98 142.251.40.98	15169 (GOOGLE) (GOOGLE)
4 8	23.52.162.21 23.52.162.21	16625 (AKAMAI-AS) (AKAMAI-AS)
4 6	68.67.179.173 68.67.179.173	29990 (ASN-APPNEX) (ASN-APPNEX)
4	142.251.32.98 142.251.32.98	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4006:816::2006	15169 (GOOGLE) (GOOGLE)
1	2600:9000:220... 2600:9000:2209:7000:19:fc2c:a140:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2607:f8b0:400... 2607:f8b0:4006:809::200e	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:402... 2607:f8b0:4020:1::9	15169 (GOOGLE) (GOOGLE)
3	2404:6800:400... 2404:6800:4009:80a::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.72.98 142.250.72.98	15169 (GOOGLE) (GOOGLE)
105	21

13 158.69.250.98 (Montreal, Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ns547292.ip-158-69-250.net

www.ffxiah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.ffxiah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.ffxiah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81c::200a (Queens, United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:80f::2002 (Queens, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.80.2 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s33-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:807::2002 (Queens, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2607:f8b0:4006:81f::2001 (Queens, United States)

ASN15169 (GOOGLE, US)

3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2607:f8b0:4006:80e::2002 (Queens, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81e::2004 (Queens, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:821::2002 (Queens, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.209.18 (United States)

ASN13335 (CLOUDFLARENET, US)

metrics.getrockerbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.251.40.98 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.52.162.21 (New York, United States) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 68.67.179.173 (Secaucus, United States) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 569.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.32.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:816::2006 (Queens, United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2209:7000:19:fc2c:a140:93a1 (United States)

ASN16509 (AMAZON-02, US)

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::200e (Queens, United States) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4020:1::9 (Montreal, Canada)

ASN15169 (GOOGLE, US)

r4---sn-t0a7ln7d.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4009:80a::2003 (Australia)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.72.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	googlesyndication.com 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com 23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 92 tpc.googlesyndication.com — Cisco Umbrella Rank: 120 ade.googlesyndication.com — Cisco Umbrella Rank: 261	223 KB
23	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 googleads.g.doubleclick.net — Cisco Umbrella Rank: 37 cm.g.doubleclick.net — Cisco Umbrella Rank: 175 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	393 KB
13	ffxiah.com 1 redirects www.ffxiah.com static.ffxiah.com ads.ffxiah.com	581 KB
9	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 246 gcdn.2mdn.net — Cisco Umbrella Rank: 906 r4---sn-t0a7ln7d.c.2mdn.net — Cisco Umbrella Rank: 238726	265 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 488	7 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	6 KB
5	google.com adservice.google.com — Cisco Umbrella Rank: 59 www.google.com — Cisco Umbrella Rank: 2	3 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 146	131 KB
3	gstatic.com csi.gstatic.com	435 B
2	google.ca adservice.google.ca — Cisco Umbrella Rank: 12901	957 B
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 250	88 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 197	35 KB
1	agkn.com d.agkn.com — Cisco Umbrella Rank: 487	647 B
1	getrockerbox.com metrics.getrockerbox.com — Cisco Umbrella Rank: 3512	645 B
105	14

	Domain	Requested by
23	pagead2.googlesyndication.com	securepubads.g.doubleclick.net www.ffxiah.com tpc.googlesyndication.com 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com 23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
15	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com 23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com s0.2mdn.net
7	static.ffxiah.com	www.ffxiah.com static.ffxiah.com
6	s0.2mdn.net	23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com www.ffxiah.com s0.2mdn.net
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
4	googleads4.g.doubleclick.net	googleads.g.doubleclick.net www.ffxiah.com
4	googleads.g.doubleclick.net	3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com www.ffxiah.com 23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com
4	www.googletagservices.com	ads.ffxiah.com 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com 23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com
4	www.ffxiah.com	1 redirects www.ffxiah.com
3	csi.gstatic.com	securepubads.g.doubleclick.net
3	www.google.com	tpc.googlesyndication.com 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
2	r4---sn-t0a7ln7d.c.2mdn.net
2	23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.ca	securepubads.g.doubleclick.net
2	ads.ffxiah.com	www.ffxiah.com
2	ajax.googleapis.com	www.ffxiah.com
1	ade.googlesyndication.com
1	gcdn.2mdn.net	1 redirects
1	cdnjs.cloudflare.com	s0.2mdn.net
1	d.agkn.com	3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
1	metrics.getrockerbox.com	23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com
105	26

This site contains links to these domains. Also see Links.

Domain
discordapp.com
www.bg-wiki.com
www.discordapp.com
www.ffxidb.com
www.ffxivpro.com
www.guildwork.com
www.windower.net
jp.ffxiah.com
de.ffxiah.com
fr.ffxiah.com

Subject Issuer	Validity	Valid
*.ffxiah.com R3	`2022-02-01` - `2022-05-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-01` - `2022-06-30`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2022-02-08` - `2022-04-19`	2 months	crt.sh

This page contains 17 frames:

Primary Page: https://www.ffxiah.com/login/
Frame ID: 087579F3D7C535EC8BFFF658E5792449
Requests: 13 HTTP requests in this frame

Frame: https://ads.ffxiah.com/ffxiah.com/gAd_728x90.html
Frame ID: 4531D24F10C4053A2FE5A28B55F34443
Requests: 12 HTTP requests in this frame

Frame: https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html
Frame ID: 0F1FF6BF85AAC99699E430A39FF16948
Requests: 9 HTTP requests in this frame

Frame: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 470637705DC8A3EEA1AEEBD587C06C66
Requests: 1 HTTP requests in this frame

Frame: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 7D4DFD4E8EBD6D1CC9EE3437474CB8BE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 161724E4CF26CD2588537D148BE65488
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C6EB12B329C957D839E4612AFFE4354C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D393ED3C48991D20D6B8C162C48BCE50
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 77A569487F025AB0330706B2BF182C79
Requests: 2 HTTP requests in this frame

Frame: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: FB59F924774C60DD8CAEC7F375B695C7
Requests: 19 HTTP requests in this frame

Frame: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 93933CEC580D831D19321C852FFD4F6C
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIG4RxCxzGkYsqvwwQEwAQ&v=APEucNVHpZHGnV-Hp1jsxV8gtea-8g_IzwDWELEei0dLLZ-0XW3ZXiUE85o8H5yYTId1hvcjABp96pmEuREKcqVKRxz0i7EYWA
Frame ID: 63D1B22EFEBDB717C53CA2A9AF49508D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLeO4gEQ7NyYlQIYg4LgvQEwAQ&v=APEucNWxKG8fdSkkgaHtvFyapLp39uTFZmAjcelLvQa7npSzNtQHBP6XjUcD8CNx0_bbnnd29MO3Gn4KrN06A3VnaH7MkvfFTw
Frame ID: F9FAA3CFA01EE50C3BDD81659C4CE4F9
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 730A74AF8DD31669410B7C9F7016E876
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AC147533FCC8C1BD444383239140E28B
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/6844132/1645031070487/index.html?e=69&leftOffset=0&topOffset=0&c=vPFv8mEgCs&t=1&renderingType=2
Frame ID: 76A95B74154201CFF5CE19ACC8DCC1FC
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/j7hE3yxA75Jh70ErwfbAXbZ96cK9V2UfbDPjrUCF35o.js
Frame ID: F0CA63C5A90C518F4296EC75945C28F0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login - FFXIAH.com

Page URL History Show full URLs

http://www.ffxiah.com/login/ HTTP 302
https://www.ffxiah.com/login/ Page URL

Detected technologies

GSAP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

TweenMax(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

105
Requests

91 %
HTTPS

62 %
IPv6

14
Domains

26
Subdomains

21
IPs

3
Countries

1725 kB
Transfer

3791 kB
Size

14
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://discordapp.com/invite/0bUAApcl86UNdbI7?username=
Title: Chat

Search URL Search Domain Scan URL

URL: http://www.bg-wiki.com/
Title: BG Wiki

Search URL Search Domain Scan URL

URL: https://www.discordapp.com/
Title: Discord

Search URL Search Domain Scan URL

URL: http://www.ffxidb.com/
Title: FFXIDB

Search URL Search Domain Scan URL

URL: https://www.ffxivpro.com/
Title: FFXIVPro

Search URL Search Domain Scan URL

URL: http://www.guildwork.com/
Title: Guildwork

Search URL Search Domain Scan URL

URL: http://www.windower.net/
Title: Windower

Search URL Search Domain Scan URL

URL: https://jp.ffxiah.com/login/
Title: JP

Search URL Search Domain Scan URL

URL: https://de.ffxiah.com/login/
Title: DE

Search URL Search Domain Scan URL

URL: https://fr.ffxiah.com/login/
Title: FR

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.ffxiah.com/login/ HTTP 302
https://www.ffxiah.com/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1

Request Chain 59

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yh7GbJlR4zZYcrWkUOhgeAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1

Request Chain 60

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAOxI4BLsfwf6Unp2xy1Nh8&google_cver=1

Request Chain 61

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODAyNDUyOTczNjYxMjIyNzM4OA%3D%3D

Request Chain 62

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1

Request Chain 63

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yh7GbJlR4zZYcrWkUOhgeAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1

Request Chain 64

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAOxI4BLsfwf6Unp2xy1Nh8&google_cver=1

Request Chain 65

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODAyNDUyOTczNjYxMjIyNzM4OA%3D%3D

Request Chain 92

https://gcdn.2mdn.net/videoplayback/id/3242a4300e334bad/itag/15/source/doubleclick_dmm/ctier/L/ip/0.0.0.0/ipbits/0/expire/3789479072/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/22C1B942FCEFFA5BBB296835D069170FFD889C9C.B49A1A7EB9F78F808BC9BECC5038758FD303FDF1/key/ck2/file/file.mp4 HTTP 302
https://r4---sn-t0a7ln7d.c.2mdn.net/videoplayback/id/3242a4300e334bad/itag/15/source/doubleclick_dmm/ctier/L/ip/0.0.0.0/ipbits/0/expire/3789479072/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/420DB6D7A1106CF098B0374FED1760B68DD29533.5C9DC83714B5B5F714656A246CB4A385F2A212AB/key/cms1/cms_redirect/yes/mh/jU/mip/2607:5300:60:7867::14/mm/42/mn/sn-t0a7ln7d/ms/onc/mt/1646182900/mv/u/mvi/4/pl/32/file/file.mp4

105 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.ffxiah.com/login/
Redirect Chain

http://www.ffxiah.com/login/
https://www.ffxiah.com/login/

22 KB
7 KB

83ms
62ms

Document
text/html

158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ffxiah.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c38cbc9533bcd07405059d9e0135b364a0b0f5ca07aca21cf8aaaff3648b4589

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 02 Mar 2022 01:20:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-No-Cache: Y
Content-Encoding: gzip

Redirect headers

Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 02 Mar 2022 01:20:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://www.ffxiah.com/login/
X-No-Cache: Y

GET
H/1.1 200
OK main-bundle.v1578090613.css
static.ffxiah.com/css/ 220 KB
221 KB 59ms
17ms Stylesheet
text/css 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/css/main-bundle.v1578090613.css
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b4931eddbb10292330d2d8b29833a4e56f86475bbea197e0f5256089c75adaba

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 01:20:42 GMT
Last-Modified: Fri, 03 Jan 2020 22:30:13 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0fc075-371e1"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 225761
Expires: Sat, 25 Feb 2023 01:20:42 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.0.0/ 81 KB
29 KB 68ms
21ms Script
text/javascript 2607:f8b0:4006:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.0.0/jquery.min.js

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200a Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 23 Feb 2022 03:32:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 596871
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29195
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Feb 2023 03:32:51 GMT

GET
H2 200 jquery-ui.min.js Show response
ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/ 223 KB
59 KB 87ms
40ms Script
text/javascript 2607:f8b0:4006:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200a Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9671f8be70ad94a5362e60f4656d5d53ba214d32ab70a3f9d1603d7dadf9d1c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 06:01:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 155931
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60529
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Feb 2023 06:01:51 GMT

GET
H/1.1 200
OK sockjs-0.3.min.js Show response
www.ffxiah.com/js/vendor/ 32 KB
32 KB 19ms
18ms Script
application/javascript 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ffxiah.com/js/vendor/sockjs-0.3.min.js
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 328f0490c1cb33e8591121a3137010d723185c7cb296d6e31972a53eecc2ad8b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 01:20:42 GMT
Last-Modified: Tue, 22 Dec 2020 16:02:01 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5fe21879-7e95"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32405
Expires: Sat, 25 Feb 2023 01:20:42 GMT

GET
H/1.1 200
OK main-bundle.v1578090613.js Show response
static.ffxiah.com/js/ 226 KB
227 KB 59ms
19ms Script
application/javascript 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/js/main-bundle.v1578090613.js
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a68e054693be4a1d12da204ae67abab74a0c5fe24d97345cb9dfa9da4fcfb26d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 01:20:42 GMT
Last-Modified: Fri, 03 Jan 2020 22:30:13 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0fc075-388c6"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 231622
Expires: Sat, 25 Feb 2023 01:20:42 GMT

GET
H/1.1 200
OK AH.v1577922910.js Show response
static.ffxiah.com/js/lib/ 13 KB
13 KB 59ms
19ms Script
application/javascript 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/js/lib/AH.v1577922910.js
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b83a14fe83bbf97fa965c43c7014232f9441aa51b16d5a87a41c8677f1b6ddf0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 01:20:42 GMT
Last-Modified: Tue, 22 Dec 2020 16:02:01 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5fe21879-333b"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13115
Expires: Sat, 25 Feb 2023 01:20:42 GMT

GET
H/1.1 200
OK FFXIAH_winter.jpg
static.ffxiah.com/images/ 66 KB
67 KB 10ms
9ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/FFXIAH_winter.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f2cd1b47cdac63f03064a02c7521c71ee4421239f6afcd1b0fcc90b41307d321

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 01:20:43 GMT
Last-Modified: Wed, 01 Jan 2020 23:45:13 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2f09-109de"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68062
Expires: Sat, 25 Feb 2023 01:20:43 GMT

GET
H/1.1 200
OK ffxivprobox.jpg
static.ffxiah.com/images/ 2 KB
2 KB 10ms
9ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/ffxivprobox.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 77a8904df780875e356b196bb3c8b55067185b8b42a2b6363875b5ce7eded29e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 01:20:43 GMT
Last-Modified: Wed, 01 Jan 2020 23:45:56 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2f34-84c"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2124
Expires: Sat, 25 Feb 2023 01:20:43 GMT

GET
H/1.1 200
OK guildwork-logo-120.png
static.ffxiah.com/images/ 6 KB
6 KB 11ms
9ms Image
image/png 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.ffxiah.com/images/guildwork-logo-120.png
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b4b1f3c5233a55d42fda178b57bd8f10492a77bd93daf35054e144d99b9b7761

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 01:20:43 GMT
Last-Modified: Wed, 01 Jan 2020 23:45:56 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2f34-1789"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6025
Expires: Sat, 25 Feb 2023 01:20:43 GMT

GET
H/1.1 200
OK mini-noavatar.jpg
www.ffxiah.com/images/ 649 B
970 B 11ms
9ms Image
image/jpeg 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ffxiah.com/images/mini-noavatar.jpg
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: afecc80369c60a81fb5ef1dc95125f8f602e5a571fea2b2b67ac5df53ac8dc16

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 01:20:43 GMT
Last-Modified: Wed, 01 Jan 2020 23:48:52 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5e0d2fe4-289"
Content-Type: image/jpeg
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 649
Expires: Sat, 25 Feb 2023 01:20:43 GMT

GET
H/1.1 200
OK gAd_728x90.html Show response
ads.ffxiah.com/ffxiah.com/ Frame 4531 875 B
752 B 49ms
9ms Document
text/html 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.ffxiah.com/ffxiah.com/gAd_728x90.html
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2e6550ca6c5ca20106cda53ee4781dabfec2750dab8b11211e7259d9cdd3910b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 02 Mar 2022 01:20:43 GMT
Content-Type: text/html
Last-Modified: Tue, 03 Dec 2019 02:39:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5de5cac8-36b"
Content-Encoding: gzip

GET
H/1.1 200
OK gAd_160x600.html Show response
ads.ffxiah.com/ffxiah.com/ Frame 0F1F 877 B
749 B 49ms
9ms Document
text/html 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html
Requested by: Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 820082abc59342f47489e47ede1b727d4ea2a258af6752d96d88fd84f2dfe35c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 02 Mar 2022 01:20:43 GMT
Content-Type: text/html
Last-Modified: Tue, 03 Dec 2019 02:39:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5de5cac8-36d"
Content-Encoding: gzip

GET
DATA 200
OK truncated
/ 539 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de9238a6076601f98a67bf7c628a8847a4856991edb81bbb23d3c0016241a059

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 4531 82 KB
28 KB 82ms
35ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: ads.ffxiah.com
URL: https://ads.ffxiah.com/ffxiah.com/gAd_728x90.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b9ce52d9918bab6ab2bb2ce10cebdc5dc279fc874e92107c958858da6b939c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27852
x-xss-protection: 0
server: sffe
etag: "1147 / 480 of 1000 / last-modified: 1646179388"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 02 Mar 2022 01:20:43 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 0F1F 82 KB
27 KB 101ms
54ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: ads.ffxiah.com
URL: https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7cf68627e0a55ba90824d570ca10a028ce1543ff72223d90fd452fd7bc9ef3b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27846
x-xss-protection: 0
server: sffe
etag: "1147 / 18 of 1000 / last-modified: 1646179388"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 02 Mar 2022 01:20:43 GMT

GET
H2 200 pubads_impl_2022022401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 4531 363 KB
122 KB 67ms
19ms Script
text/javascript 142.250.80.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f2.1e100.net

Software

sffe /

Resource Hash

eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 06:12:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68922
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124299
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 09:41:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Mar 2023 06:12:01 GMT

GET
H2 200 pubads_impl_2022022401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 0F1F 363 KB
122 KB 66ms
41ms Script
text/javascript 142.250.80.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f2.1e100.net

Software

sffe /

Resource Hash

eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 06:12:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68922
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124299
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 09:41:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Mar 2023 06:12:01 GMT

GET
H2 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 4531 60 KB
23 KB 20ms
19ms Script
text/javascript 142.250.80.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f2.1e100.net

Software

cafe /

Resource Hash

6834235d5f6bfbbfbec709573c170995ca9a911a05838056d2611abe065ecc9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:30:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3023
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23110
x-xss-protection: 0
server: cafe
etag: 511128683542746665
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 02 Mar 2022 01:30:20 GMT

GET
H2 200 integrator.js Show response
adservice.google.ca/adsid/ Frame 4531 107 B
792 B 113ms
39ms Script
application/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=ads.ffxiah.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 01:20:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 4531 107 B
549 B 89ms
34ms Script
application/javascript 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ads.ffxiah.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 01:20:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4531 17 KB
9 KB 437ms
437ms XHR
text/plain 142.250.80.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3906260093809105&correlator=1807362169981974&output=ldjh&impl=fifs&eid=31063378%2C31064976%2C31065018%2C31065288%2C31065391%2C31061691%2C31061693&vrg=2022022401&ptt=17&sc=1&sfv=1-0-38&ecs=20220302&iu_parts=1031700%2CMidBottomLeaderboard_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&cookie_enabled=1&cdm=ads.ffxiah.com&abxe=1&dt=1646184043441&lmt=1575340744&dlt=1646184043102&idt=303&biw=-12245933&bih=-12245933&isw=728&ish=90&oid=2&adxs=0&adys=0&ucis=y22o008qikp6&adks=1741596969&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fads.ffxiah.com%2Fffxiah.com%2FgAd_728x90.html&ref=https%3A%2F%2Fwww.ffxiah.com%2F&top=https%3A%2F%2Fwww.ffxiah.com%2F&rumc=3906260093809105&rume=1&frm=24&vis=1&scr_x=-12245933&scr_y=-12245933&psz=728x90&msz=728x-1&fws=256&ohw=0&ea=0&ga_vid=80835819.1646184043&ga_sid=1646184043&ga_hid=1062182871&ga_fc=false&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f2.1e100.net

Software

cafe /

Resource Hash

36c31c36d31cdc434910adc13c66d2fa052e25a246c03756851c6565c15950f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8756
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ads.ffxiah.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4706 6 KB
4 KB 120ms
41ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 02 Mar 2022 01:20:43 GMT
expires: Thu, 02 Mar 2023 01:20:43 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.ca/adsid/ Frame 0F1F 107 B
165 B 87ms
58ms Script
application/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=ads.ffxiah.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 01:20:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0F1F 107 B
165 B 61ms
50ms Script
application/javascript 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ads.ffxiah.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 01:20:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0F1F 14 KB
8 KB 434ms
434ms XHR
text/plain 142.250.80.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3906591633755890&correlator=163525463220526&output=ldjh&impl=fifs&eid=31065287%2C31065008%2C31065390%2C31061165%2C31063246&vrg=2022022401&ptt=17&sc=1&sfv=1-0-38&ecs=20220302&iu_parts=1031700%2CRight_BigSkyScraper_160x600&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&cookie_enabled=1&cdm=ads.ffxiah.com&bc=31&abxe=1&dt=1646184043486&lmt=1575340744&dlt=1646184043120&idt=345&ea=0&biw=-12245933&bih=-12245933&isw=160&ish=600&oid=2&adxs=0&adys=0&ucis=i5ae4cjybzdx&adks=4037978123&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=1&url=https%3A%2F%2Fads.ffxiah.com%2Fffxiah.com%2FgAd_160x600.html&ref=https%3A%2F%2Fwww.ffxiah.com%2F&top=https%3A%2F%2Fwww.ffxiah.com%2F&frm=24&vis=1&scr_x=-12245933&scr_y=-12245933&psz=160x600&msz=160x-1&ga_vid=861945666.1646184043&ga_sid=1646184043&ga_hid=412834374&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f2.1e100.net

Software

cafe /

Resource Hash

48c639946ecefa32203a475d98d756f67065ab02c4d7e2708a0b01178c7bb55e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7883
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ads.ffxiah.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7D4D 6 KB
4 KB 96ms
38ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 02 Mar 2022 01:20:43 GMT
expires: Thu, 02 Mar 2023 01:20:43 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4531 14 KB
10 KB 100ms
50ms XHR
application/json 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e655fba9c55016bfa8f7a760b33affb02d914b70c8ab9c28475068a6bbcd2b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 01:20:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10680
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4531 0
442 B 126ms
81ms Image
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=ads.ffxiah.com&doc=complete&pg_h=90&pg_w=728&pg_hs=90&c=1&aa_c=0&av_h=90&av_w=728&av_a=65520&b=0&all_b=0&d=1&all_d=1&ard=1&all_ard=1&dt=d

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0F1F 14 KB
11 KB 89ms
46ms XHR
application/json 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

419de48870c00b668019face0b4141266355922d0458fefe1d67f6be108f953f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 01:20:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10782
x-xss-protection: 0

GET
H/1.1 200
OK syndicate.v20190214.css
static.ffxiah.com/css/shared/ 3 KB
3 KB 9ms
9ms Stylesheet
text/css 158.69.250.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ffxiah.com/css/shared/syndicate.v20190214.css
Requested by: Host: static.ffxiah.com
URL: https://static.ffxiah.com/js/lib/AH.v1577922910.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 158.69.250.98 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns547292.ip-158-69-250.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2953f313f04d1977820ca1a332c2bb7c76aa4c0313c16d0dec37cfd73ae832f0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 01:20:43 GMT
Last-Modified: Tue, 22 Dec 2020 16:02:01 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5fe21879-b5e"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2910
Expires: Sat, 25 Feb 2023 01:20:43 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0F1F 17 KB
7 KB 58ms
57ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 01:20:43 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4531 17 KB
6 KB 107ms
106ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 01:20:43 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1617 13 KB
5 KB 49ms
19ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 06:11:55 GMT
expires: Wed, 01 Mar 2023 06:11:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 68928
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C6EB 783 B
1 KB 85ms
39ms Document
text/html 2607:f8b0:4006:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b5b24673ae69d3a759809b5f24d0c547c599cbc134d7e57ff8fd739212b35adf

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7OrLsljDJI+wPnkEyCvxOg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 02 Mar 2022 01:20:43 GMT
date: Wed, 02 Mar 2022 01:20:43 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-7OrLsljDJI+wPnkEyCvxOg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D393 13 KB
5 KB 20ms
19ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 06:11:55 GMT
expires: Wed, 01 Mar 2023 06:11:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 68928
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 77A5 783 B
744 B 38ms
38ms Document
text/html 2607:f8b0:4006:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fbc331d286b47e12f268104be149a2031ea2757da3cc1d0e5086e64ce26ccade

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZOohMUVAkdaLYpjWX1G5kQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 02 Mar 2022 01:20:43 GMT
date: Wed, 02 Mar 2022 01:20:43 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-ZOohMUVAkdaLYpjWX1G5kQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 j7hE3yxA75Jh70ErwfbAXbZ96cK9V2UfbDPjrUCF35o.js Show response
pagead2.googlesyndication.com/bg/ Frame 1617 35 KB
13 KB 50ms
22ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/j7hE3yxA75Jh70ErwfbAXbZ96cK9V2UfbDPjrUCF35o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8fb844df2c40ef9261ef412bc1f6c05db67de9c2bd57651f6c33e3ad4085df9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 00:11:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 176982
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13490
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Feb 2023 00:11:01 GMT

GET
H3 200 j7hE3yxA75Jh70ErwfbAXbZ96cK9V2UfbDPjrUCF35o.js Show response
pagead2.googlesyndication.com/bg/ Frame D393 35 KB
13 KB 27ms
21ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/j7hE3yxA75Jh70ErwfbAXbZ96cK9V2UfbDPjrUCF35o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8fb844df2c40ef9261ef412bc1f6c05db67de9c2bd57651f6c33e3ad4085df9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 00:11:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 176982
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13490
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Feb 2023 00:11:01 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C6EB 0
0 85ms
85ms Image
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022401&jk=3906591633755890&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 77A5 0
0 86ms
86ms Image
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022401&jk=3906260093809105&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 container.html Show response
3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FB59 6 KB
3 KB 20ms
19ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Mar 2022 01:20:43 GMT
expires: Thu, 02 Mar 2023 01:20:43 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9393 6 KB
3 KB 21ms
20ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Mar 2022 01:20:43 GMT
expires: Thu, 02 Mar 2023 01:20:43 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 63D1 624 B
976 B 90ms
43ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIG4RxCxzGkYsqvwwQEwAQ&v=APEucNVHpZHGnV-Hp1jsxV8gtea-8g_IzwDWELEei0dLLZ-0XW3ZXiUE85o8H5yYTId1hvcjABp96pmEuREKcqVKRxz0i7EYWA

Requested by

Host: 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
URL: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 02 Mar 2022 01:20:44 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 02 Mar 2022 01:20:44 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FB59 76 KB
33 KB 123ms
77ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ColHw_3addUMfAyLSx3bAh78UFcow6HxmovI1Vv_rmghSdweQvxlh7OvRcYylgq7oJiY9cdg3c1kWZuMhHUHb3buzlYhEPDxi4YipEkZQZHiDYGjywjJyKDm1Sg6oEKpfrzeA0-NrsbW69vuNxEF9SP3C4ow&dbm_d=AKAmf-CZbgslDRPua_5RaI4BLJ0cwA6EoL1tvQOk6su_HnDx_zZcAmqP3Z7uKBeao0gyhMct867OmJvd0dXjr7PLWVzjA9ZB3uOzDcwXUvJB3tPPwR4GHzfJ2MWGVRniNSP8vhzARds6u4XMJUn6V9HnV2DEeA6BzZtoDAz6M_QBwc8vmsNIvSSPwAix-iBllSuf2o3V2HP3XCR3mW_IHx6fYn8C71plXqueKDp6XQRwTxGNonjPW9T6IyW7uF-28nu9850GEOqMlU-sejSAJHIg-5lqpt7djCz4R8tXiAFs31hGHfvtlAmNj5H6Cwu8EbDBfxcXyaXj0EvJvK6GgkBObx8K_pTZ56m3MWZPZehclBs7kb92G8qm93JAL-YVF4EKI6EacY1ZmFyfUpLoGowWXQjd3dB5xe464CZYgZJK3vhShCRYRd08Dd4Eb0YTc8yAHWbUAX7KFXeCwAW-qHFV0wVKu19S_HAgqbcZhjPh0TImHMIUbMyHRG1Qo7MomXtVV2H3ZbqWILPtNMmKz6gN5-k8VqgStKBYmlsQexjsvo8w_ualMEi11gjSI_zXBx8yA-3KIaoibEuNeFfvCscRU368TU-ERrXxA5U6tZIPZcTaGvY-MXaYjeiOs447LQbR4eCzCudxEvct8Y3Xxj9lNtIRVeFm2y-sIZKChSDu01IBHlX3hgWBXVe4Vln6ZuZj9kCa6aT2MMoV4fjsUbBew0NUvhkK3hs3VryD6RYtEVVjv7kOhRsbef9BqZVST7h5u1l83pAA6GxW8_M8jmIZPUpKDcIIIisrrtdRuSCmTSD3wQchlJLxZj2THcdWFNPbaRxtxZt2sDL75HiQOhlDd2KHGpGfiKAmBtEIMy_tL0NB3GQ2uCbbs4yv4MP1H9AW4ST8OpL8UFT4x26CLMjAYo5xtqhjo2OWUIy-Vb3i4wjh14fOGli27AshM73XC08ug-bwP3XoP0CW6qz2n8hrVYoQrWa3SfO7NNMqdE5r8pWJpdk_tJ-tDTYPRaRWJ-71ICRsW6sI4TgC8OcXbBXvVLI67FW70Jdn4iEtgZyBNLvpeoG81O5SfYz3a8UjwuDHh-OmVgCoOfm1VxLrhwe22_aMTUMcb8lz1EOb2_zHnI8-mPaqRIFXzfjydL3SY0PsdA28vuc7_ilRQb2C2Pzbyokk_Mj2TxU08DSPVaKRAsKt3TngF_GArnV7jdy6XZqG-02BXTTRpCth-tSuKOxJHQVY_NHRv548B-DUnsxe_HW_mzU1hWZSkSYtCCz80B79_Qt6XMzW5SD6_4VC2VQrffzFcl1r1YECnaLB_IupxAmT96ZFQntvPqnia4HgMOVlD66_B1NvYRMUbABn9ta5OPh0OGLM9A4jFIa6sxTCrEA-bAfX7wd8f8uBYOSScaC4XMrthppVcHAyh-Mc5xAL0-al115uQESELXzW6x4dhPt2jD349xGnEUa1ZyW00-z9L5emyOdprakRLQyO_Y3oAjHlsCfL-n3yMs8NLaIptV73Di-sCiUb374OzvmE5_LBtWOi9Ml4mEhAx7Og4vNtd2gUhlOCQheSJ1ShWYoJAQlO2ZrPcMG9Yg7Bi3vdDbcE9FBfl2L60hu4YGn6VB8kkyRKq4-CQyrtZvInci2RCXTU-hd9-rk2fJb1rkHugR05sYlP3stcz-HM5Mwj88MnxkxpYI6mYCsYE4d79_B_P1lvBfwKqtOLe7M5dscEqqvcaPlmdXUO6a-WgnvMwyQLfIlw4PqnZOgpr9LFDxoKlAMy3l0DsQzHP2oPJ77x1VE0PpIUL4V_yExYde-oMQXa1JQ3wIHra0BpYrCd4RTbJuZyO-J-z6KvsgcEf2l-my4xmzRUZ55GnoBsCpMFURt0e_UB3YR8AoUIxMkfpGkmWyGXTVyOOI52tnBj1Nl7iSXmuNUKs7DmG9o9cdbdtoYoYbyZU6n-9_9qxJ-ACVC4FMzkAx4NMSfS2w3_9tBFJypDxIBCCFJ14yix0FVqPpY66m49jpLhnAurslaNVH_VkCm7Ff6fbbEwmifA9zj2c_ulTepXcldEphT5Z0THGF0PTcjznsZ83bhqSN0AcBLuQ_qdks6gimh8zQcGx_4DRypXxHPKuTWXIfEcEgAsmwjtcfpL4MtVz1UNTaKvTfrT-58RDUxtmouvDHJK3OCWxqrmSeCM9pRpSH8zmF5RU1ZXbF9h_grvEETAqxaZo_qJr9FWHRdkqZ6yUOb7pSxawFVSt15zLWNcIQ7GAwh_jDMo5sqcm7147LJoi3RMiIJ8WjGOm54oja8lxZheWtFCu9eEcwbjrc4NLVupF32wEjVXtb2BSjp0U77a0HJB1oZjrSo_N5eHP8iCiLRZ-kyGSQmSHDn8y_jmbdelpOpbzg5gQexmuZG4026x8Frg3akpn9CxqLYD0vhgMEoYCB88djvJd64jcKqplBxj5c5u_3TGfE9X73Ecek3A-aITg1iSeU6QjX-JPGvlx0SVeUE6ZVt75rm4fC9ciCQbKXbx45dFsiJmKDabXtXSJ3gikaX9IOVvkSKGgxyD8OyipPNP1L6SzKVkEmqgzntOtIrkUQ9u2A9VW1x4gmqVDGPxciG2u40hmxtr_lJjZrjQZ-sVREszTgn7c_3uEIxB5A7761UkUsQrHvO0NdKqysHMUZxl7UkbpyBF_uacNboixY8OJW3QaIY7lnOWZJ0RMTospBtEtWHq-Q4sY36vdRq5ugaKF1ZCLd8pkdtQxdB09rIHoTgNFtzwilzek6aNz-ek2RbXhaWamG3wYsSAyjo3SSlEqZwt57iTpXGFF4wnaj0seRk7JNogTeh3PSW4wA-3GKeRd6UjfG6hxigmJuSt9ky4cfXFLNyszemWB4TzT1tBkMccnn4rA5jQiPoiTkOSTJA2o3WUPNyle7lrYjH396hSL2QAJ9Q6P_xPUBErNMHUMPCaFsFMQaLBGZJD-mnKIPDOr8RgPO4iwxhO3ndGZ7Pp6BTxUwTAaotnwCf72Jmo-U9j3ZXftsh9gnHDlTM9sGJ3yugKQl88Lqk8SbTNsWbnzBQaHGoI9mbqDZ7G8sibHabCRa5rLItS08pKXsWpqzRl6o3LwcnkvNIz6lOXF7N3Ox8UfCXfOObQX6-jzah8wYIMP0VLYmRdSrTpsD3LIrQqB4qqdgZa_7UlDakgKFOag4AoyEcsT1E&cid=CAASFeRoAB57t9-Pvu37OAXge5m-r9kYMw&rfl=2%2Chttps%253A%252F%252Fwww.ffxiah.com%242%2Chttps%253A%252F%252Fads.ffxiah.com%252F%240

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc198b107a5ade8d0f4722cd96110e46ab440e661d5929912f60f198c322d75d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32973
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FB59 42 B
63 B 81ms
80ms Image
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BZRzWtosMZhRDPIqN5MzHBi1xa46W89YFS-tyWxzLTDmJpWxsZmG1-ws1UTMNEoD_JbRur2Za7huPOOuclkAqhbR68ymYyMo2nqdelJdH3Qw1DHWs

Requested by

Host: 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
URL: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/ Frame FB59 2 KB
1 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
URL: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Mar 2022 01:20:04 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FB59 124 KB
38 KB 66ms
39ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
URL: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

421826ba172a54d9fd676a0a6ec9d635c3f2210aba81b270d1505c8c653ae4ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38862
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646052075697155"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 01:20:44 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/ Frame FB59 15 KB
6 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
URL: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

383f95a75b02bb1370e93c9c3c6b9f060a98dbe492b16d8e1da3f653a800e435

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6433
x-xss-protection: 0
server: cafe
etag: 3306657128042699500
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Mar 2022 01:20:20 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame FB59 0
0 73ms
43ms Image
text/html 2607:f8b0:4006:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTRqKlP9Sq4wKDmuDs-MdkUMBgZ1n9UntYozdpwp9zJMR6oD7o2mVmiJzZbSxNO9F_zQW_Jtd7-E743jK1j8LjuDDt5wA
Requested by: Host: 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
URL: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81e::2004 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F9FA 624 B
559 B 76ms
44ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLeO4gEQ7NyYlQIYg4LgvQEwAQ&v=APEucNWxKG8fdSkkgaHtvFyapLp39uTFZmAjcelLvQa7npSzNtQHBP6XjUcD8CNx0_bbnnd29MO3Gn4KrN06A3VnaH7MkvfFTw

Requested by

Host: 23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com
URL: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 02 Mar 2022 01:20:44 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 02 Mar 2022 01:20:44 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9393 58 KB
29 KB 102ms
71ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AUhDJbgMPSPrDm9oArFu_fSarscLKPNtqMvP7OmLXAsbpo8WEOvX8iZ1SEnOLoUb-dPEPtMf7HAzUeBs-paDDIM1e1y8JI44jL9uCghQiK37ExHnmUX8D-x814Bjr3qcbZ4LNYjFfQl-pumX46eAI4qjWZnQ&dbm_d=AKAmf-DDWdpNQJdNep09b1CPSx9ZdGO4CD_NQuDfuCMURw9cIpgT9pEm7gdl1UYVRAUDwPM-CT1FYTo26nEP4bc57yDt_sv5iQrh5rWDMuBMzM-DD5bNM7Xb7b_YebrJnWz67b4Hh4nNt8_Af1N1Nr1dyErR3bUvBlLT0Tat9boqlTtPc1_tNncpL_QU0HrF8T82f37TxyEKyBXkE8MKqbFL1kKN7IAg0rbva97tr_54YmY9ixcih_iOjXIb2XsN4XfbQmZpSYK2TTLAD-ImTnmsREpnSAYuue9w-3IOVwCoxXRBNJDwY5hpigxqPYodm0xPqTpUcLyK0rriyW3mADmL8cGDavurk7cryZpdXTO-l4-HG9aWTpmoUNpi8mD3y0YUzzWKiY30Mq4brQh_Yl0on-qBmbEMitNj--AIFL21sdqoupXMr7H_pJH5DoJY-GO8UqjuPhQal6PZbOUNhVAs2NOnRBvGqrv25FvkxQ65G2WA82mqIkrs4EI5avUN5ruOZaJgfBQRPpRxfJB_rWepqhCnMq7SvMaO-u_dG3Rr-GZRrOwk_mI1Wb8GBiilB0DH94FzXuN5hhypqv9bnxOu-cYhpEUS8T2mKOljqmOKQ5RMhCrBSRDqaYpszpHAVhf6HpzMKNfgJdEWYiBeUdZdsHyi5WJ9X1CRohN8YjWldXIOVM3qMHaWvIZpDgjmfOuSXd8si_mUWR1WYXd2h3F0GMX5zRU8M3QtiN1YS2oMHNBuABE5CM1PHjJOYbrHVkXq193J7EI4uNC1rK-VChc6vAZcg-et6O-HBvBT5zrkKYuKKsMpWM5DUw15373_bv-yq1W2JRttwzlbuWENea97OZW1olkNFZL7LHjST7VZ_opmZ6ac21lmZ-C7xn4oTPwiLEXLvdpB9-F8Syir4zwz8LDhatj1cR0_KYkF5DjQoGgoti9S_uY-_AOuWGRzNiUQ2F5UQJjT-COgEE9L9olnYzqzLWAwc4RwMvfdhkpGU3IqxJlSL8XU0hP9Qep3dxyuASaVK6eNZFJ2AOh2lSQEDnCU26Q_2j_WkKRgWG_0WqxecFXaPCvwIhRFPZn-OKW-NrPRLUhaPiVhjQVgHj91b-ikoJIvIrUNw2gHZorTKkpFAAixD5-17EP73XwgZLRNMJxSWPXlivUriUAQgUe5KvMynoLIf2dgzDcB0PXgfWg-7rFo3bB6jT5IZ5PwHR7Xdyp7nqIlZEkMXj5xNZ_0LLMsdIWMa5WnTPS8rA8knCYyT4w3wCdJkzoLPvwEKkjg-dlxedETtXTu6063GTFKiqdLz21kFFFibqrk50aq87-aedRGzv4LbGISus4oYTr9KTeqYYHUk25De9nLPzsNc-Zwj-WiP1MBcs2uYi274hpk2dhbqoeUS5v1eKhKnZicPJ-TLiKZENhOAKvMzJFssJHqDNLFhXjRv_v8-B-knAUz2EoBtnxJ1dIkABXiR4bF-HWo1-PkcRtI6vA2L6KbX-V3vhDDfHKSGZPlkmquTG-XWsy4lcMSgwOPSGKbZ9jG1B4wN4HRkLtehtYNT-ao4rJFwJxZ7wJkZoQsSpNRh71TUIM6H9gVvfDTU5v63In_tbE4_zO_YrekG4s0BvcI6bhRBe5fjuU-1hdYhdAV6IUO9QmzcP7Ll2NkFJtdgR8LSUMYt1tNXUB6C2uNoBcamYRmFMudZugyCNdZgnLMINQ66EPhyge03JResaOuKepQPl18u3J60LWclOBvYpQfbbkwoBhUq3kQfWcUk1mCzMjLiJ4AquXuAII-SfduxODkiObcx4DRT9_MBkJTceke1Ho0Y6-4aVkVUOChQBPColQ2RTbidJ3qfxPNzQxx4adTYi9IP88F9Hg83G3_gOhOOHtZiTLEOzm09fOENKg-1W_2whIjjvJpdt9HJ403UY3a-Ismckf1I-u1v7URjqa4iqMibLYl_m-juv-GccnC036zdjP1kMGvnNkehEc9MDre5kDFRBIE29at2tOQPLnhkRnffCJjnUY6n13XE21UuWNhUYcaKMHE_84yodHkoWMrG4el6B4PFP6C7NqMeVwVYkx8sGJ-1tqMxk7QY1n0kE1KZbH1QSIaiNWa56fVqdh9QBgdnSZbyK3g4Gs3f9GSgIXbujLtUMx0QLjFpps-1troezyJIJnH7CruirdEcAUEhyRbTP_yb1sEq7YEJ-WjLnkx6Bu3cx5ozJ5cDibrJwsxNsjYez4eYT9OXPKtqgrqNuEOYO82D42YGg__ibhbfO9P39nK2vpAe2ZftS-Un8g9vEGf_P9LLTfsVhqnv9BXN8XYW4XsJbVYqRCIwX1YMcSywuf2WGdSRTKbldBGYpMPQOSLVqd_WfuKthd5VI-V0OLwcgAUBBFwoPlnwWnBWFIxw3b94FOU4X9Y6k4WS5g7TkMHP8Us3xAOdcDbuyBdmjATNXSgXaaCo578hAGNgfACJHShuWJN2TNJ5E0HUxmjKfo6e3xF5gyB6O2jyM6eYmE5dIQm6hktjCtHDLwx9tn7NQUI24I08RhVySlcXHU_yvSo74SaydhiD0EddEiViDWjxEv4oEGLrSe9y-O5v25Hkiuw9ZP2guBQjQyV0ta7323ZZv4XnywjBv5jvcr8Kt5kDWpgErAELzIUa-nT8sYN4kO7QSBhpx4a_93tFu7nP52GvtIqysCVKiSWh9t3vJc1qiK3BJ93Yvrq2FYipjGIGBPqDyFYMiuyZB7RZwCSs5Y0hPd2Bb3IjuW1Mfrr9akDvtUwOGxtIuPu8RH1pPTNH2TKXJDDFh3FPHR6gtBoT83bHB_aSbSWh9JSbaZOJboY6yQntlNC1rKXZSEBniOPxBLAbQ8rfMSSn7ZsCqDxlFPW7hjj5HsKbA_y3VaWPYyRvQQVI64ISBpTp6BM4zbl237tJeH_l5JSIA3JBlsIMMIkwpyuEkGu-gY2er6HWGznBOGxN06GX6dkRD9KXXVKNOKm5jK-h-qRMyrxlSaQsTxt3v73kT3GwHsttlEdZSsLz9O6tHeEvnQ28YDW84hhWG65AZh0F3orSvpvn_YCWlYiWc0yYJGR3PiRrkfAy1R1cJqTfGeAsOvQ66AOYyaPlJjKobe7jEQtZLNarFnOZDS4sz1QRgQBpWmS_WNbpyBs177g&cid=CAASFeRo0jp_6JpTjwA9UtnSaAk6G7KWlQ&rfl=2%2Chttps%253A%252F%252Fwww.ffxiah.com%242%2Chttps%253A%252F%252Fads.ffxiah.com%252F%240

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d76534696af70134fedf3607876e3a31410bb2e4e66f739b7aba095870eb3174

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29505
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9393 42 B
63 B 81ms
80ms Image
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AEq1XQ68JVdnipy8ufMcNbTLLDzH4x7lltis7rPVBLm2ZEJDtqZwt6z56zk-HoA3XCMlRnfZ3wMhfEk4vC5VHak86jW9qdr5HyBS8tbjoUtfsTJvc

Requested by

Host: 23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com
URL: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 v5
metrics.getrockerbox.com/track/ Frame 9393 44 B
645 B 99ms
46ms Image
image/gif 172.67.209.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://metrics.getrockerbox.com/track/v5?source=stockx&tier_one=dv360&tier_two=25658942&tier_three=15552482823&tier_four=397934851&auction_id=1646184043541170&referrer=https://ads.ffxiah.com/ffxiah.com/gAd_160x600.html
Requested by: Host: 23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com
URL: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.209.18 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:44 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d25i%2B0PtwGlhvLqKTvxH2G9ayv7K8RhqGtUmwD4Z39pz7AuF7TW6c1fGSGCgZQsSDWHeZHbTZjQI81klBpcx3KeI%2Fk3t9N5MPEFLsX3F0TWiluDzsNO1bBBHVvLquCqiIvKfBmWbO15XBs4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 6e564fc3ba011a17-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/ Frame 9393 2 KB
1 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/window_focus_fy2019.js

Requested by

Host: 23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com
URL: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Mar 2022 01:20:04 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9393 124 KB
38 KB 76ms
64ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com
URL: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

421826ba172a54d9fd676a0a6ec9d635c3f2210aba81b270d1505c8c653ae4ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38862
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646052075697155"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 01:20:44 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/ Frame 9393 15 KB
6 KB 20ms
20ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com
URL: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

383f95a75b02bb1370e93c9c3c6b9f060a98dbe492b16d8e1da3f653a800e435

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6433
x-xss-protection: 0
server: cafe
etag: 3306657128042699500
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Mar 2022 01:20:20 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1617 0
9 B 20ms
19ms Image
text/plain 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?A2mweQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame D393 0
9 B 23ms
23ms Image
text/plain 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?8GiXZQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 63D1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1

43 B
1012 B

51ms
28ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIG4RxCxzGkYsqvwwQEwAQ&v=APEucNVHpZHGnV-Hp1jsxV8gtea-8g_IzwDWELEei0dLLZ-0XW3ZXiUE85o8H5yYTId1hvcjABp96pmEuREKcqVKRxz0i7EYWA
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 01:20:44 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 02 Mar 2022 01:20:44 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 63D1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yh7GbJlR4zZYcrWkUOhgeAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1

43 B
892 B

32ms
31ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIG4RxCxzGkYsqvwwQEwAQ&v=APEucNVHpZHGnV-Hp1jsxV8gtea-8g_IzwDWELEei0dLLZ-0XW3ZXiUE85o8H5yYTId1hvcjABp96pmEuREKcqVKRxz0i7EYWA
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 01:20:44 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 02 Mar 2022 01:20:44 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 63D1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAOxI4BLsfwf6Unp2xy1Nh8&google_cver=1

43 B
1006 B

68ms
35ms

Image
image/gif

68.67.179.173
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAOxI4BLsfwf6Unp2xy1Nh8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIG4RxCxzGkYsqvwwQEwAQ&v=APEucNVHpZHGnV-Hp1jsxV8gtea-8g_IzwDWELEei0dLLZ-0XW3ZXiUE85o8H5yYTId1hvcjABp96pmEuREKcqVKRxz0i7EYWA

Protocol

HTTP/1.1

Server

68.67.179.173 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

569.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 01:20:44 GMT
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 569.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: d815be56-b11c-441a-a31c-1ac3a83c3aa1
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAOxI4BLsfwf6Unp2xy1Nh8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 63D1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODAyNDUyOTczNjYxMjIyNzM4OA%3D%3D

170 B
188 B

69ms
43ms

Image
image/png

142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODAyNDUyOTczNjYxMjIyNzM4OA%3D%3D

Requested by

Protocol

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 01:20:44 GMT
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 569.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 54a62f99-f54c-4aeb-9678-9ed579e5289b
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODAyNDUyOTczNjYxMjIyNzM4OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F9FA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1

43 B
1012 B

49ms
27ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLeO4gEQ7NyYlQIYg4LgvQEwAQ&v=APEucNWxKG8fdSkkgaHtvFyapLp39uTFZmAjcelLvQa7npSzNtQHBP6XjUcD8CNx0_bbnnd29MO3Gn4KrN06A3VnaH7MkvfFTw
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 01:20:44 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 02 Mar 2022 01:20:44 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F9FA
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yh7GbJlR4zZYcrWkUOhgeAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1

43 B
892 B

29ms
29ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLeO4gEQ7NyYlQIYg4LgvQEwAQ&v=APEucNWxKG8fdSkkgaHtvFyapLp39uTFZmAjcelLvQa7npSzNtQHBP6XjUcD8CNx0_bbnnd29MO3Gn4KrN06A3VnaH7MkvfFTw
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 01:20:44 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 02 Mar 2022 01:20:44 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPa2aExiadKl_BOnPF4XLQc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame F9FA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAOxI4BLsfwf6Unp2xy1Nh8&google_cver=1

43 B
1006 B

69ms
61ms

Image
image/gif

68.67.179.173
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAOxI4BLsfwf6Unp2xy1Nh8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLeO4gEQ7NyYlQIYg4LgvQEwAQ&v=APEucNWxKG8fdSkkgaHtvFyapLp39uTFZmAjcelLvQa7npSzNtQHBP6XjUcD8CNx0_bbnnd29MO3Gn4KrN06A3VnaH7MkvfFTw

Protocol

HTTP/1.1

Server

68.67.179.173 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

569.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 01:20:44 GMT
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 569.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 361fcf3c-a9cd-49d6-80dd-e2f4fdd7836a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAOxI4BLsfwf6Unp2xy1Nh8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F9FA
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODAyNDUyOTczNjYxMjIyNzM4OA%3D%3D

170 B
188 B

43ms
43ms

Image
image/png

142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODAyNDUyOTczNjYxMjIyNzM4OA%3D%3D

Requested by

Protocol

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 01:20:44 GMT
X-Proxy-Origin: 149.56.153.188; 149.56.153.188; 569.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: dca39bc0-dbd1-4500-b1de-104f6414b2ee
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODAyNDUyOTczNjYxMjIyNzM4OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220225/r20110914/ Frame 9393 25 KB
9 KB 20ms
20ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220225/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AUhDJbgMPSPrDm9oArFu_fSarscLKPNtqMvP7OmLXAsbpo8WEOvX8iZ1SEnOLoUb-dPEPtMf7HAzUeBs-paDDIM1e1y8JI44jL9uCghQiK37ExHnmUX8D-x814Bjr3qcbZ4LNYjFfQl-pumX46eAI4qjWZnQ&dbm_d=AKAmf-DDWdpNQJdNep09b1CPSx9ZdGO4CD_NQuDfuCMURw9cIpgT9pEm7gdl1UYVRAUDwPM-CT1FYTo26nEP4bc57yDt_sv5iQrh5rWDMuBMzM-DD5bNM7Xb7b_YebrJnWz67b4Hh4nNt8_Af1N1Nr1dyErR3bUvBlLT0Tat9boqlTtPc1_tNncpL_QU0HrF8T82f37TxyEKyBXkE8MKqbFL1kKN7IAg0rbva97tr_54YmY9ixcih_iOjXIb2XsN4XfbQmZpSYK2TTLAD-ImTnmsREpnSAYuue9w-3IOVwCoxXRBNJDwY5hpigxqPYodm0xPqTpUcLyK0rriyW3mADmL8cGDavurk7cryZpdXTO-l4-HG9aWTpmoUNpi8mD3y0YUzzWKiY30Mq4brQh_Yl0on-qBmbEMitNj--AIFL21sdqoupXMr7H_pJH5DoJY-GO8UqjuPhQal6PZbOUNhVAs2NOnRBvGqrv25FvkxQ65G2WA82mqIkrs4EI5avUN5ruOZaJgfBQRPpRxfJB_rWepqhCnMq7SvMaO-u_dG3Rr-GZRrOwk_mI1Wb8GBiilB0DH94FzXuN5hhypqv9bnxOu-cYhpEUS8T2mKOljqmOKQ5RMhCrBSRDqaYpszpHAVhf6HpzMKNfgJdEWYiBeUdZdsHyi5WJ9X1CRohN8YjWldXIOVM3qMHaWvIZpDgjmfOuSXd8si_mUWR1WYXd2h3F0GMX5zRU8M3QtiN1YS2oMHNBuABE5CM1PHjJOYbrHVkXq193J7EI4uNC1rK-VChc6vAZcg-et6O-HBvBT5zrkKYuKKsMpWM5DUw15373_bv-yq1W2JRttwzlbuWENea97OZW1olkNFZL7LHjST7VZ_opmZ6ac21lmZ-C7xn4oTPwiLEXLvdpB9-F8Syir4zwz8LDhatj1cR0_KYkF5DjQoGgoti9S_uY-_AOuWGRzNiUQ2F5UQJjT-COgEE9L9olnYzqzLWAwc4RwMvfdhkpGU3IqxJlSL8XU0hP9Qep3dxyuASaVK6eNZFJ2AOh2lSQEDnCU26Q_2j_WkKRgWG_0WqxecFXaPCvwIhRFPZn-OKW-NrPRLUhaPiVhjQVgHj91b-ikoJIvIrUNw2gHZorTKkpFAAixD5-17EP73XwgZLRNMJxSWPXlivUriUAQgUe5KvMynoLIf2dgzDcB0PXgfWg-7rFo3bB6jT5IZ5PwHR7Xdyp7nqIlZEkMXj5xNZ_0LLMsdIWMa5WnTPS8rA8knCYyT4w3wCdJkzoLPvwEKkjg-dlxedETtXTu6063GTFKiqdLz21kFFFibqrk50aq87-aedRGzv4LbGISus4oYTr9KTeqYYHUk25De9nLPzsNc-Zwj-WiP1MBcs2uYi274hpk2dhbqoeUS5v1eKhKnZicPJ-TLiKZENhOAKvMzJFssJHqDNLFhXjRv_v8-B-knAUz2EoBtnxJ1dIkABXiR4bF-HWo1-PkcRtI6vA2L6KbX-V3vhDDfHKSGZPlkmquTG-XWsy4lcMSgwOPSGKbZ9jG1B4wN4HRkLtehtYNT-ao4rJFwJxZ7wJkZoQsSpNRh71TUIM6H9gVvfDTU5v63In_tbE4_zO_YrekG4s0BvcI6bhRBe5fjuU-1hdYhdAV6IUO9QmzcP7Ll2NkFJtdgR8LSUMYt1tNXUB6C2uNoBcamYRmFMudZugyCNdZgnLMINQ66EPhyge03JResaOuKepQPl18u3J60LWclOBvYpQfbbkwoBhUq3kQfWcUk1mCzMjLiJ4AquXuAII-SfduxODkiObcx4DRT9_MBkJTceke1Ho0Y6-4aVkVUOChQBPColQ2RTbidJ3qfxPNzQxx4adTYi9IP88F9Hg83G3_gOhOOHtZiTLEOzm09fOENKg-1W_2whIjjvJpdt9HJ403UY3a-Ismckf1I-u1v7URjqa4iqMibLYl_m-juv-GccnC036zdjP1kMGvnNkehEc9MDre5kDFRBIE29at2tOQPLnhkRnffCJjnUY6n13XE21UuWNhUYcaKMHE_84yodHkoWMrG4el6B4PFP6C7NqMeVwVYkx8sGJ-1tqMxk7QY1n0kE1KZbH1QSIaiNWa56fVqdh9QBgdnSZbyK3g4Gs3f9GSgIXbujLtUMx0QLjFpps-1troezyJIJnH7CruirdEcAUEhyRbTP_yb1sEq7YEJ-WjLnkx6Bu3cx5ozJ5cDibrJwsxNsjYez4eYT9OXPKtqgrqNuEOYO82D42YGg__ibhbfO9P39nK2vpAe2ZftS-Un8g9vEGf_P9LLTfsVhqnv9BXN8XYW4XsJbVYqRCIwX1YMcSywuf2WGdSRTKbldBGYpMPQOSLVqd_WfuKthd5VI-V0OLwcgAUBBFwoPlnwWnBWFIxw3b94FOU4X9Y6k4WS5g7TkMHP8Us3xAOdcDbuyBdmjATNXSgXaaCo578hAGNgfACJHShuWJN2TNJ5E0HUxmjKfo6e3xF5gyB6O2jyM6eYmE5dIQm6hktjCtHDLwx9tn7NQUI24I08RhVySlcXHU_yvSo74SaydhiD0EddEiViDWjxEv4oEGLrSe9y-O5v25Hkiuw9ZP2guBQjQyV0ta7323ZZv4XnywjBv5jvcr8Kt5kDWpgErAELzIUa-nT8sYN4kO7QSBhpx4a_93tFu7nP52GvtIqysCVKiSWh9t3vJc1qiK3BJ93Yvrq2FYipjGIGBPqDyFYMiuyZB7RZwCSs5Y0hPd2Bb3IjuW1Mfrr9akDvtUwOGxtIuPu8RH1pPTNH2TKXJDDFh3FPHR6gtBoT83bHB_aSbSWh9JSbaZOJboY6yQntlNC1rKXZSEBniOPxBLAbQ8rfMSSn7ZsCqDxlFPW7hjj5HsKbA_y3VaWPYyRvQQVI64ISBpTp6BM4zbl237tJeH_l5JSIA3JBlsIMMIkwpyuEkGu-gY2er6HWGznBOGxN06GX6dkRD9KXXVKNOKm5jK-h-qRMyrxlSaQsTxt3v73kT3GwHsttlEdZSsLz9O6tHeEvnQ28YDW84hhWG65AZh0F3orSvpvn_YCWlYiWc0yYJGR3PiRrkfAy1R1cJqTfGeAsOvQ66AOYyaPlJjKobe7jEQtZLNarFnOZDS4sz1QRgQBpWmS_WNbpyBs177g&cid=CAASFeRo0jp_6JpTjwA9UtnSaAk6G7KWlQ&rfl=2%2Chttps%253A%252F%252Fwww.ffxiah.com%242%2Chttps%253A%252F%252Fads.ffxiah.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7fb55cee3f07d021bbc1a8812f42e584f1c2fbd540f147dbeb7f3c4818f9fdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:18:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9649
x-xss-protection: 0
server: cafe
etag: 14231210586090289831
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Mar 2022 01:18:49 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220225/r20110914/elements/html/ Frame 9393 8 KB
3 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220225/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:18:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Mar 2022 01:18:28 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9393 0
571 B 114ms
58ms Ping
image/gif 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu7-NfAGS10Ki7oO36mkjIpnpT6hOGy0eSwfglu_Wi4Q6QuaVB3Nz5G5HgBn0OdM3rdqgUCEB_DIKoPwEX0iS68Q-b1xtB7QojOnNfN3vlPcJrWBbT7DL53kFsCK3YgH7cQBdKe-N6WVj2goft2rgwRw6MYrZgpukQh_5AduWC_o5gGYpnYLTv-Qx3lQ95ucJioqTa9zlbWzdx2vo6quMWbRVRoht35xNMPe5kOw5QmQNeM7gsNpWStvQJyxD47aXlNKE4-e4Hv-pQfyQ-pwZLnaUI2X73Lz001E39u4Dsa4YkQRTa9bJVPBZuldARNd350zwp5t5J4Rf-RZDNT5fZD6eYMxrgDqDLRvfj5exPW1rbHLwX6K_XcBeqodLYWljzDmmOepahGNPqFu_ymC1PC4J5WEXHQmCrq9vBR_7r4Jv56OViZK6YiJ-ZLnnUZ9nRini1_IwO3bzduGiO6L9Oe85NMSVbZOMldN7jFIQh1Q6wIRhwBdMWFqcc4tYrDordW2AJZXBDUgg3RP7Ua0xWvkwSid9laLg_13DNmf6Q25VN9kV0OzfamPrq2RE7j61X6S4ZlxZehY1lmtnWDTD8uaHTEAtyfdUj9Cs_mnKDJPNJ6z8rOuoETqsVDzgwN7HET6rQg1w9IZomOhkptsObubOd5pf51QGJfcTygGMfAfdpfUNP02AEF4hE0uEdYlHbrf9N0C9VKg0fvdIyDEzukftfc0z27gx99GzIsTU4S85LxPmXmmL6tOkXoMQ4SIF8f9iVQpjM8kokQraqaCEVtMXZrIjRb97S1JrhHLbvY6TiXkijpW51kP9OeGggMcJx8iNmI9RWEA7SDTJIX2kC853E_CHoFamWeMXG-uMXxisFYy1g4FfQGz7WhToI_jF4j-5YV7nR3TRQO6T5hy9I5irKPViLuGQ9tWrj3HUh9oidBhJZ6b4Sqt5ajvizFM5xMNBQIYvrEU2vhS0htMkkaWvx0wj1v0YsZ6_nMXgmXv7zmuiiOfuJbSOg9xGKTIOuxtwvVda7-heYrCoTJVO3iJFwSyagZZCm4oMQjYVX1Ljr2HXcpd9B4hl2ti_8qWpUseX3gHxa6rcDqtPCDE-7EPKTtyT-hKagFXkyMqxCoPUzvkigRFTJ_-wcZgIt0-lzB_HfYxEmCLeZPsg&sai=AMfl-YQ6mNh8LNE8cG_JeJkfUxA583jeU35IPB_lRflMPWCLxA1YU294YdVP7zXKDt3nubJ_xzQOHZwFr6X4IX8tDa7t7kyywQhWu39piJGRsAMtdddIjP2sEpmUkZZEZGW9JbkkIP7rb1gEramS-qcTlMKzBChFaoVL-0F4C4Q&sig=Cg0ArKJSzBVeBsJb1nJgEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220225.10403&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 02 Mar 2022 01:20:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9393 41 KB
15 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 06:10:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68986
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Mar 2023 06:10:58 GMT

GET
H2 200 8757595833308877118
s0.2mdn.net/simgad/ Frame 9393 109 KB
110 KB 89ms
21ms Image
image/png 2607:f8b0:4006:816::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/8757595833308877118?sqp=-oaymwEOCKABENgEIAFIZFABWAE&rs=AOga4qmLrOjQLWbrbzUUyDYTC90VsPeCFA

Requested by

Host: 23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com
URL: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2006 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c508e357e6e1297a689c63abf4b546478b84f2d570e649f1c5e28e87df61d2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 14:07:52 GMT
x-content-type-options: nosniff
age: 299572
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112062
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:38:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 26 Feb 2023 14:07:52 GMT

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame FB59 169 KB
59 KB 80ms
21ms Script
text/javascript 2607:f8b0:4006:816::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2006 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
Origin: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 06:57:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 02 Mar 2022 06:57:29 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220225/r20110914/elements/html/ Frame FB59 8 KB
3 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220225/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ColHw_3addUMfAyLSx3bAh78UFcow6HxmovI1Vv_rmghSdweQvxlh7OvRcYylgq7oJiY9cdg3c1kWZuMhHUHb3buzlYhEPDxi4YipEkZQZHiDYGjywjJyKDm1Sg6oEKpfrzeA0-NrsbW69vuNxEF9SP3C4ow&dbm_d=AKAmf-CZbgslDRPua_5RaI4BLJ0cwA6EoL1tvQOk6su_HnDx_zZcAmqP3Z7uKBeao0gyhMct867OmJvd0dXjr7PLWVzjA9ZB3uOzDcwXUvJB3tPPwR4GHzfJ2MWGVRniNSP8vhzARds6u4XMJUn6V9HnV2DEeA6BzZtoDAz6M_QBwc8vmsNIvSSPwAix-iBllSuf2o3V2HP3XCR3mW_IHx6fYn8C71plXqueKDp6XQRwTxGNonjPW9T6IyW7uF-28nu9850GEOqMlU-sejSAJHIg-5lqpt7djCz4R8tXiAFs31hGHfvtlAmNj5H6Cwu8EbDBfxcXyaXj0EvJvK6GgkBObx8K_pTZ56m3MWZPZehclBs7kb92G8qm93JAL-YVF4EKI6EacY1ZmFyfUpLoGowWXQjd3dB5xe464CZYgZJK3vhShCRYRd08Dd4Eb0YTc8yAHWbUAX7KFXeCwAW-qHFV0wVKu19S_HAgqbcZhjPh0TImHMIUbMyHRG1Qo7MomXtVV2H3ZbqWILPtNMmKz6gN5-k8VqgStKBYmlsQexjsvo8w_ualMEi11gjSI_zXBx8yA-3KIaoibEuNeFfvCscRU368TU-ERrXxA5U6tZIPZcTaGvY-MXaYjeiOs447LQbR4eCzCudxEvct8Y3Xxj9lNtIRVeFm2y-sIZKChSDu01IBHlX3hgWBXVe4Vln6ZuZj9kCa6aT2MMoV4fjsUbBew0NUvhkK3hs3VryD6RYtEVVjv7kOhRsbef9BqZVST7h5u1l83pAA6GxW8_M8jmIZPUpKDcIIIisrrtdRuSCmTSD3wQchlJLxZj2THcdWFNPbaRxtxZt2sDL75HiQOhlDd2KHGpGfiKAmBtEIMy_tL0NB3GQ2uCbbs4yv4MP1H9AW4ST8OpL8UFT4x26CLMjAYo5xtqhjo2OWUIy-Vb3i4wjh14fOGli27AshM73XC08ug-bwP3XoP0CW6qz2n8hrVYoQrWa3SfO7NNMqdE5r8pWJpdk_tJ-tDTYPRaRWJ-71ICRsW6sI4TgC8OcXbBXvVLI67FW70Jdn4iEtgZyBNLvpeoG81O5SfYz3a8UjwuDHh-OmVgCoOfm1VxLrhwe22_aMTUMcb8lz1EOb2_zHnI8-mPaqRIFXzfjydL3SY0PsdA28vuc7_ilRQb2C2Pzbyokk_Mj2TxU08DSPVaKRAsKt3TngF_GArnV7jdy6XZqG-02BXTTRpCth-tSuKOxJHQVY_NHRv548B-DUnsxe_HW_mzU1hWZSkSYtCCz80B79_Qt6XMzW5SD6_4VC2VQrffzFcl1r1YECnaLB_IupxAmT96ZFQntvPqnia4HgMOVlD66_B1NvYRMUbABn9ta5OPh0OGLM9A4jFIa6sxTCrEA-bAfX7wd8f8uBYOSScaC4XMrthppVcHAyh-Mc5xAL0-al115uQESELXzW6x4dhPt2jD349xGnEUa1ZyW00-z9L5emyOdprakRLQyO_Y3oAjHlsCfL-n3yMs8NLaIptV73Di-sCiUb374OzvmE5_LBtWOi9Ml4mEhAx7Og4vNtd2gUhlOCQheSJ1ShWYoJAQlO2ZrPcMG9Yg7Bi3vdDbcE9FBfl2L60hu4YGn6VB8kkyRKq4-CQyrtZvInci2RCXTU-hd9-rk2fJb1rkHugR05sYlP3stcz-HM5Mwj88MnxkxpYI6mYCsYE4d79_B_P1lvBfwKqtOLe7M5dscEqqvcaPlmdXUO6a-WgnvMwyQLfIlw4PqnZOgpr9LFDxoKlAMy3l0DsQzHP2oPJ77x1VE0PpIUL4V_yExYde-oMQXa1JQ3wIHra0BpYrCd4RTbJuZyO-J-z6KvsgcEf2l-my4xmzRUZ55GnoBsCpMFURt0e_UB3YR8AoUIxMkfpGkmWyGXTVyOOI52tnBj1Nl7iSXmuNUKs7DmG9o9cdbdtoYoYbyZU6n-9_9qxJ-ACVC4FMzkAx4NMSfS2w3_9tBFJypDxIBCCFJ14yix0FVqPpY66m49jpLhnAurslaNVH_VkCm7Ff6fbbEwmifA9zj2c_ulTepXcldEphT5Z0THGF0PTcjznsZ83bhqSN0AcBLuQ_qdks6gimh8zQcGx_4DRypXxHPKuTWXIfEcEgAsmwjtcfpL4MtVz1UNTaKvTfrT-58RDUxtmouvDHJK3OCWxqrmSeCM9pRpSH8zmF5RU1ZXbF9h_grvEETAqxaZo_qJr9FWHRdkqZ6yUOb7pSxawFVSt15zLWNcIQ7GAwh_jDMo5sqcm7147LJoi3RMiIJ8WjGOm54oja8lxZheWtFCu9eEcwbjrc4NLVupF32wEjVXtb2BSjp0U77a0HJB1oZjrSo_N5eHP8iCiLRZ-kyGSQmSHDn8y_jmbdelpOpbzg5gQexmuZG4026x8Frg3akpn9CxqLYD0vhgMEoYCB88djvJd64jcKqplBxj5c5u_3TGfE9X73Ecek3A-aITg1iSeU6QjX-JPGvlx0SVeUE6ZVt75rm4fC9ciCQbKXbx45dFsiJmKDabXtXSJ3gikaX9IOVvkSKGgxyD8OyipPNP1L6SzKVkEmqgzntOtIrkUQ9u2A9VW1x4gmqVDGPxciG2u40hmxtr_lJjZrjQZ-sVREszTgn7c_3uEIxB5A7761UkUsQrHvO0NdKqysHMUZxl7UkbpyBF_uacNboixY8OJW3QaIY7lnOWZJ0RMTospBtEtWHq-Q4sY36vdRq5ugaKF1ZCLd8pkdtQxdB09rIHoTgNFtzwilzek6aNz-ek2RbXhaWamG3wYsSAyjo3SSlEqZwt57iTpXGFF4wnaj0seRk7JNogTeh3PSW4wA-3GKeRd6UjfG6hxigmJuSt9ky4cfXFLNyszemWB4TzT1tBkMccnn4rA5jQiPoiTkOSTJA2o3WUPNyle7lrYjH396hSL2QAJ9Q6P_xPUBErNMHUMPCaFsFMQaLBGZJD-mnKIPDOr8RgPO4iwxhO3ndGZ7Pp6BTxUwTAaotnwCf72Jmo-U9j3ZXftsh9gnHDlTM9sGJ3yugKQl88Lqk8SbTNsWbnzBQaHGoI9mbqDZ7G8sibHabCRa5rLItS08pKXsWpqzRl6o3LwcnkvNIz6lOXF7N3Ox8UfCXfOObQX6-jzah8wYIMP0VLYmRdSrTpsD3LIrQqB4qqdgZa_7UlDakgKFOag4AoyEcsT1E&cid=CAASFeRoAB57t9-Pvu37OAXge5m-r9kYMw&rfl=2%2Chttps%253A%252F%252Fwww.ffxiah.com%242%2Chttps%253A%252F%252Fads.ffxiah.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:18:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Mar 2022 01:18:28 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220225/r20110914/ Frame FB59 25 KB
9 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220225/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7fb55cee3f07d021bbc1a8812f42e584f1c2fbd540f147dbeb7f3c4818f9fdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:18:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9649
x-xss-protection: 0
server: cafe
etag: 14231210586090289831
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Mar 2022 01:18:49 GMT

GET
DATA 200
OK truncated
/ Frame 9393 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 28d0e04a5acbc07c9e439054b8b7911f0aa7ed1f44dfac501f7b9f55e64befe1

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 730A 22 KB
8 KB 24ms
22ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 06:10:58 GMT
expires: Wed, 01 Mar 2023 06:10:58 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 68986
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FB59 41 KB
15 KB 23ms
22ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
URL: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 06:10:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68986
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Mar 2023 06:10:58 GMT

GET
DATA 200
OK truncated
/ Frame FB59 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 61f041c5ecb9209a1151d01571564c4d420c07457e8adc25f94ad42b5d6d91bd

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AC14 22 KB
8 KB 21ms
20ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 06:10:58 GMT
expires: Wed, 01 Mar 2023 06:10:58 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 68986
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 index.html Show response
s0.2mdn.net/6844132/1645031070487/ Frame 76A9 79 KB
21 KB 66ms
39ms Document
text/html 2607:f8b0:4006:816::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/6844132/1645031070487/index.html?e=69&leftOffset=0&topOffset=0&c=vPFv8mEgCs&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2006 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00ea380aa9569377a185aa7c9484b3cd6a7e08d988477f34e8382c7bf45067f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 21368
date: Wed, 02 Mar 2022 01:20:44 GMT
expires: Thu, 03 Mar 2022 01:20:44 GMT
cache-control: public, max-age=86400
last-modified: Wed, 16 Feb 2022 17:04:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame FB59 0
24 B 85ms
58ms Ping
image/gif 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssGy2wB2r4aMhnXUHPUhWxJf3vFTR6TBcGN2JirPhwEMwAN2eKyvoT6QCL6AumgiRZziaXrTM4RNxV9dM69G4D-2Kk_lxgpzUkCpQZc-C10gj-gzF6-eVP27-p1Z83OIBVGfwLIM7CHRDkFgGeZk-o40sern0eROD3m14lj1UoPHObGagmneNLSGK710BK0q5HIAVL_rUBSTy_GkfCilR_1ZuHfdEjiFba9blvJSHD550zUbS2hBWRi3hgqs1v5WvPyjFdJueoSnaVyLalWT7hqwz3RVOnpTSQU2szHmgWKl4LxQIwjZiTFUc3EEcbyr9IuGTRhv3ob6g9Ylus4LU4gG0C1lJMm55Q4af9RCj3K7mSyWCRyqxKEVwZom0R9OKDYqgopMUga6sM4q8BGfVm59ogEO5izpxlg0gNwZd45BMTamT_2pS3Eq0_hP-E5Vv0adIC0aXtKpbPflpx3WyesA05GwjUO1QEH37qksXcEQdl4r3dPE9bRj5uURpb7iyjYWSWlHiAK0xDbSXJhS2tNgcBPsXwwZX3noDDTaSDC_abWSVYCxg7zCwzKtaq8L_De2O_dgBneWo5uKhe9BwAO2eN77bRE5a_bNoG_fuTypPGsHJGMJG4w-V_EZOERhgALbY2i-0ANuje_Ilz7-qLsbOEzDeNaKNSN0WBZ9evqpBKqorXdfwc2it9HEQYVhYRP1Xnk117LkvUq7aWKJORW0DWKojv47k2TlzUhBCGKmA555S_jdyGswK2q_yXgumxfceP1qD7fBdFKAV8F4qluJef6O0NJ5_u6eRr6DMLELRL_9k9zJqgZBa8q2XaUVBl-SlrVuo8MMnG_4hab5WEixYbRpJSYwn7zdz6mrJzj7dkK778tAPO8mvIXF12IGNAYDDNUehTZtMwnvqZD1l6thQR2ZwtHB0B-q0Ih3r_BqNtueE19-G7FmRC-qrfq3G730B4-8miYMIYhEoRgQJeSkC1X5Y9f3CYno5ZPdeKNv8tpQc_PcCEy60aPJW_c8KySOWCVTyMy7QJl5Uqs0ZH76u3qtqofKDIlaG0glf1w4Hu_wSqaXG-ZUVzOzSSwLy4BdLPZXOw0Z9eg5v3UKyc0nN7jyTRQmU3sEsCTU3g0rlz7MI0EFabjzIm4OvL3V-6Vkzg&sai=AMfl-YTcEpARzDX1MWihyuNreAmFBHuz4K5IXaEIEH2vjUI8iV6b22OblKRAIg76aqFpMiWKFyd7NrwFd1N40mKHx20e_abDrwNodlAh8xjnSOwTtNUy1nXrKBH6iNT7AUWa2rKHKPekRiqtQl-WiBcGufZoUPo8Ixk3AiCLetE&sig=Cg0ArKJSzIo-LB0hqpbHEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=148&cbvp=1&cstd=140&cisv=r20220225.69854&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 02 Mar 2022 01:20:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 /
d.agkn.com/pixel/2387/ Frame FB59 43 B
647 B 111ms
29ms Image
image/gif 2600:9000:2209:7000:19:fc2c:a140:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/2387/?ct=CA&st=QC&city=1827&dma=0&zp=&bw=3&che=3864248222&col=27245680,3083823,328372895,520909880,166617811
Requested by: Host: 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
URL: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:7000:19:fc2c:a140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
via: 1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
x-amz-cf-pop: EWR53-P1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, must-revalidate
content-type: image/gif
content-length: 43
x-amz-cf-id: zybovufyPveszernGUhplp3SU4ImBb_S-oxtzzX98AznDh9mzX65zg==
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9393 0
23 B 57ms
54ms Ping
image/gif 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 01:20:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 j7hE3yxA75Jh70ErwfbAXbZ96cK9V2UfbDPjrUCF35o.js Show response
pagead2.googlesyndication.com/bg/ Frame 730A 35 KB
13 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/j7hE3yxA75Jh70ErwfbAXbZ96cK9V2UfbDPjrUCF35o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8fb844df2c40ef9261ef412bc1f6c05db67de9c2bd57651f6c33e3ad4085df9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 00:11:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 176983
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13490
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Feb 2023 00:11:01 GMT

GET
H3 200 j7hE3yxA75Jh70ErwfbAXbZ96cK9V2UfbDPjrUCF35o.js Show response
pagead2.googlesyndication.com/bg/ Frame AC14 35 KB
13 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/j7hE3yxA75Jh70ErwfbAXbZ96cK9V2UfbDPjrUCF35o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8fb844df2c40ef9261ef412bc1f6c05db67de9c2bd57651f6c33e3ad4085df9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 00:11:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 176983
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13490
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Feb 2023 00:11:01 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 76A9 118 KB
40 KB 21ms
21ms Script
text/javascript 2607:f8b0:4006:816::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/6844132/1645031070487/index.html?e=69&leftOffset=0&topOffset=0&c=vPFv8mEgCs&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2006 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/6844132/1645031070487/index.html?e=69&leftOffset=0&topOffset=0&c=vPFv8mEgCs&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 06:57:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66191
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 02 Mar 2022 06:57:33 GMT

GET
H2 200 TweenMax.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/2.1.3/ Frame 76A9 114 KB
35 KB 53ms
18ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/2.1.3/TweenMax.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/6844132/1645031070487/index.html?e=69&leftOffset=0&topOffset=0&c=vPFv8mEgCs&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94f137c233766bb0015876c6cfbf8c28125aca4cb3a826d4f7a0495a38a8f3a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6505
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34868
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-1c604"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KsifbOXdJJ8rrUo1euUjgS8vN1bneOgMqRSvP3Fsf3OVj8FXbfBzTOGs94Vv8ZIF3tm7sM1o9pevN1EYJLM7uTkPqDOEmNKltllm0cCbzSqFq0tKUeH9m9bBzgJ7YJyg2sntXfduG5f9YNpjI%2ByairgY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e564fc67e224bd0-YUL
expires: Mon, 20 Feb 2023 01:20:44 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame FB59 0
23 B 51ms
50ms Ping
image/gif 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssGy2wB2r4aMhnXUHPUhWxJf3vFTR6TBcGN2JirPhwEMwAN2eKyvoT6QCL6AumgiRZziaXrTM4RNxV9dM69G4D-2Kk_lxgpzUkCpQZc-C10gj-gzF6-eVP27-p1Z83OIBVGfwLIM7CHRDkFgGeZk-o40sern0eROD3m14lj1UoPHObGagmneNLSGK710BK0q5HIAVL_rUBSTy_GkfCilR_1ZuHfdEjiFba9blvJSHD550zUbS2hBWRi3hgqs1v5WvPyjFdJueoSnaVyLalWT7hqwz3RVOnpTSQU2szHmgWKl4LxQIwjZiTFUc3EEcbyr9IuGTRhv3ob6g9Ylus4LU4gG0C1lJMm55Q4af9RCj3K7mSyWCRyqxKEVwZom0R9OKDYqgopMUga6sM4q8BGfVm59ogEO5izpxlg0gNwZd45BMTamT_2pS3Eq0_hP-E5Vv0adIC0aXtKpbPflpx3WyesA05GwjUO1QEH37qksXcEQdl4r3dPE9bRj5uURpb7iyjYWSWlHiAK0xDbSXJhS2tNgcBPsXwwZX3noDDTaSDC_abWSVYCxg7zCwzKtaq8L_De2O_dgBneWo5uKhe9BwAO2eN77bRE5a_bNoG_fuTypPGsHJGMJG4w-V_EZOERhgALbY2i-0ANuje_Ilz7-qLsbOEzDeNaKNSN0WBZ9evqpBKqorXdfwc2it9HEQYVhYRP1Xnk117LkvUq7aWKJORW0DWKojv47k2TlzUhBCGKmA555S_jdyGswK2q_yXgumxfceP1qD7fBdFKAV8F4qluJef6O0NJ5_u6eRr6DMLELRL_9k9zJqgZBa8q2XaUVBl-SlrVuo8MMnG_4hab5WEixYbRpJSYwn7zdz6mrJzj7dkK778tAPO8mvIXF12IGNAYDDNUehTZtMwnvqZD1l6thQR2ZwtHB0B-q0Ih3r_BqNtueE19-G7FmRC-qrfq3G730B4-8miYMIYhEoRgQJeSkC1X5Y9f3CYno5ZPdeKNv8tpQc_PcCEy60aPJW_c8KySOWCVTyMy7QJl5Uqs0ZH76u3qtqofKDIlaG0glf1w4Hu_wSqaXG-ZUVzOzSSwLy4BdLPZXOw0Z9eg5v3UKyc0nN7jyTRQmU3sEsCTU3g0rlz7MI0EFabjzIm4OvL3V-6Vkzg&sai=AMfl-YTcEpARzDX1MWihyuNreAmFBHuz4K5IXaEIEH2vjUI8iV6b22OblKRAIg76aqFpMiWKFyd7NrwFd1N40mKHx20e_abDrwNodlAh8xjnSOwTtNUy1nXrKBH6iNT7AUWa2rKHKPekRiqtQl-WiBcGufZoUPo8Ixk3AiCLetE&sig=Cg0ArKJSzIo-LB0hqpbHEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=376&vt=11&dtpt=228&dett=3&cstd=140&cisv=r20220225.69854&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: www.ffxiah.com
URL: https://www.ffxiah.com/login/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 01:20:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame FB59 60 KB
23 KB 20ms
20ms Script
text/javascript 142.250.80.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
URL: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f2.1e100.net

Software

cafe /

Resource Hash

6834235d5f6bfbbfbec709573c170995ca9a911a05838056d2611abe065ecc9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:30:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3024
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23110
x-xss-protection: 0
server: cafe
etag: 511128683542746665
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 02 Mar 2022 01:30:20 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 76A9 60 KB
23 KB 21ms
20ms Script
text/javascript 142.250.80.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f2.1e100.net

Software

cafe /

Resource Hash

6834235d5f6bfbbfbec709573c170995ca9a911a05838056d2611abe065ecc9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:30:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3024
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23110
x-xss-protection: 0
server: cafe
etag: 511128683542746665
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 02 Mar 2022 01:30:20 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 76A9 7 KB
6 KB 70ms
43ms XHR
application/json 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

453fb863e3c0287b3e4b7505e8ad90828abe8dbfca87a875af6bacc4865f6464

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 01:20:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5713
x-xss-protection: 0

GET
H3 200 footer.png
s0.2mdn.net/6844132/1645031070487/ Frame 76A9 13 KB
13 KB 21ms
20ms Image
image/png 2607:f8b0:4006:816::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/6844132/1645031070487/footer.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2006 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eec2d2339c94267837e4c52a9736a8fc7cc7e2ecb4bc8b2c981b501cdd43ab0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/6844132/1645031070487/index.html?e=69&leftOffset=0&topOffset=0&c=vPFv8mEgCs&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 21:08:27 GMT
x-content-type-options: nosniff
age: 15137
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Wed, 16 Feb 2022 17:04:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 02 Mar 2022 21:08:27 GMT

GET
H/1.1

206
Partial Content

file.mp4
r4---sn-t0a7ln7d.c.2mdn.net/videoplayback/id/3242a4300e334bad/itag/15/source/doubleclick_dmm/ctier/L/ip/0.0.0.0/ipbits/0/expire/3789479072/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,... Frame 76A9
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/3242a4300e334bad/itag/15/source/doubleclick_dmm/ctier/L/ip/0.0.0.0/ipbits/0/expire/3789479072/sparams/id,itag,source,ctier,ip,ipbits,expire/signature/22C1B942...
https://r4---sn-t0a7ln7d.c.2mdn.net/videoplayback/id/3242a4300e334bad/itag/15/source/doubleclick_dmm/ctier/L/ip/0.0.0.0/ipbits/0/expire/3789479072/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,m...

240 KB
0

57ms
11ms

Media
application/octet-stream

2607:f8b0:4020:1::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-t0a7ln7d.c.2mdn.net/videoplayback/id/3242a4300e334bad/itag/15/source/doubleclick_dmm/ctier/L/ip/0.0.0.0/ipbits/0/expire/3789479072/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/420DB6D7A1106CF098B0374FED1760B68DD29533.5C9DC83714B5B5F714656A246CB4A385F2A212AB/key/cms1/cms_redirect/yes/mh/jU/mip/2607:5300:60:7867::14/mm/42/mn/sn-t0a7ln7d/ms/onc/mt/1646182900/mv/u/mvi/4/pl/32/file/file.mp4

Protocol

HTTP/1.1

Server

2607:f8b0:4020:1::9 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 01:20:44 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 16 Feb 2022 17:04:31 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: application/octet-stream
Content-Range: bytes 0-245803/245804
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 245804
Expires: Wed, 02 Mar 2022 01:20:44 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r4---sn-t0a7ln7d.c.2mdn.net/videoplayback/id/3242a4300e334bad/itag/15/source/doubleclick_dmm/ctier/L/ip/0.0.0.0/ipbits/0/expire/3789479072/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/420DB6D7A1106CF098B0374FED1760B68DD29533.5C9DC83714B5B5F714656A246CB4A385F2A212AB/key/cms1/cms_redirect/yes/mh/jU/mip/2607:5300:60:7867::14/mm/42/mn/sn-t0a7ln7d/ms/onc/mt/1646182900/mv/u/mvi/4/pl/32/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 638
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame FB59 0
54 B 1017ms
357ms Ping
image/gif 2404:6800:4009:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~l08vh66h&chm=1&c=3906260093809105&ctx=2&qqid=CMCpmLmhpvYCFRANhgodFXIK_A&met.4=fb.3k~lb.bq~ol.jd~idt.-4g~dt.-cv&met.3=736.bt~735.by_1~374.d6~734.eg~734.hr~734.kv~113.ll_2~112.lk_2&met.1=1.l08vh5kw~6.1~7.1~8.1~9.1~10.1~12.2~13.l~14.n~15.1w~16.bq~17.bq~18.bq~19.jd~20.jd~21.jd~22.94~23.94&met.7=CBsQCBgBMBc4uQVoAnAVeNAagAGkGIgBzi-wAQG4AQM~CCgQBRgBIIIBKIIBMN4BOFxQhQFYsQFglwFosgFw3gF4wASAAZQCiAHwBLABAbgBAw~CCgQChgBIIQBKIQBMJYCOJIBaLIBcP8BePmDAoABzYECiAGS4QSwAQG4AQM~CBwQBhgBIIUBKIUBMNcBOFJohgFw1gF41gKAASqIASqwAQG4AQM~CB4QChgBIIUBKIUBMJoBOBVohgFwmQF4_QuAAdEJiAHSErABAbgBAw~CCoQChgBIIUBKIUBMNIBOE0~CBwQChgBIIUBKIUBMJwBOBZoiAFwmwF4zTSAAaEyiAHhdrABAbgBAw~CBsQBhgBIIYBKIYBMNABOEs~CCkQChgBIL0CKL0CMLEDOHVAwgJI0AJQ0AJY_QJg4wJo_QJwkgN4udgDgAGN1gOIAY_GCrABAbgBAw~CBwQChgBIL4CKL4CMN4COCBowwJw1wJ4gxuAAdcYiAGeP7ABAbgBAw~CAkQChgBIMICKMICMN0COBxowwJw1wJ43U2AAbFLiAHsxAGwAQG4AQM~CCcQChgBIJMDKJMDMK0DOBpolQNwqwN4k3mAAed2iAGKxQKwAQG4AQM~CCcQBRgBIMADKMADMNYDOBdowQNw1gN490OAActBiAHqsgGwAQG4AQM~CCkQBRgBIM8DKM8DMJsEOEw~CCIQARgBINQDKNQDMKoEOFZo8ANwqgR4rAKwAQG4AQM~CBsQBiDVAzhx~CCIQARgBILgFKLgFMOsFODNouQVw6wV4rAKwAQG4AQM~CCgQChgBIMIFKMIFMNwFOBpowwVw1wV48rYBgAHGtAGIAf7fA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4009:80a::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:45 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 730A 0
20 B 84ms
84ms Image
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BNVE6bMYeYqDyBo6DzgWU2qDQBQAAAAA4AeAEAg&bg=!Y2ClYCTNAAYFuXAgBbk7ACkAdvg8WgX6DMwcQg0gUV_TdyfEKre9MXyXdqsApmXyfvKr4kZhiRdX0QIAAADhUgAAAAhoAQeZAzZTxSrVTDFT2tMe8z3k_XIAZB7a5WukH4VtoEbfFphMaYJn-frJsmTdHUYqfuRpcXGeq9oXJbPi2w6z-BUpEAWKo0zf-LJg7751tKX9m0WauQeXYSVVN-bka7ZkDTWVNmrx7ItblMp6OMJv7ZXxGXLIEUyGImMp4bTxmY58cFHu0qwih-2047ZsoviN6jClDpzD8Pp1zVVPRP34Kg-8pMD7JcUhx6oj70i122HRyKeuVmqONbdiEMTW3qv4MJEBuZk0xpPH5jsF7SJutbE7i0wXc1H2wzo7yehA0sTGA6I715OJg5xl94v0c9ekOWxLboQ0Po0WshCamLlqX-an3Lrh3dYLSg4kGKTd7S8Z1_ZywtF89m2BkSxRhXPS6NP6zLm-mzRWO3HV3xucIgTSijnh9UaaOi5qObe2T0RO-4JjhZHkfQ0jUZ0GoRf-RFsJDfSEppg8TOq5ERPAXakYxGDeUNFzGRJZH8Gq6c6WoJ4WGtAu6h0DJ5MokmH1LgnvK51-wynNIp4P9P7CKh6_zjhL8HMBtaKx7d3m-2LQ2pCyI_hpWvebiqrGgunta1CWDsxFb5B4QB-OmAdjqKsBGSoripxpQ_gH8rR4j2pUsyk7wOBdxRm2LT5IurKnqFmZQroVK7IwVi2tPTOuj8gWfsY3nIsHQPSLsGZuxWXRkaICb1mkXHzIYNoJNKHKRo7C1FAh_CtKSQyzdXXj7OZX35G1Bmk8D8c6sXVzVXsVt24DDbQsI0QxF3334lRZ_HMTG2biVgWcq5mGOSG27_zp66QMP0F_khfcavGspMZBYBmXMJOSYoTW-DrkuuSJq77JoOOIwVQRGbjiUKaAu77iJkWs3y-7m-lJ7M2ejMeWXtDRd34XcwU96_5Yw0YwKjzhJhkYNheGc2KkBN2lUWVGqtkNtjKvBFVSbVgzMmuLd3aOEzyer7pT82NHp5kXBftTue2DEh8yJM7BjmB0uoW9kLf0lx37XDQudvwfR6VSUkbi3SAJ4FqZdNQAS_JTA0UvEtW9N_-PsS5PPkr0I8Msd09n9JxpYmDZ-cD2VX5Tp-3tz1HTOh8Cpr0ASbBmOn4a-rOR0hS5X-Y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 prod_studio_01_247_videomodule.js Show response
s0.2mdn.net/879366/ Frame 76A9 13 KB
5 KB 20ms
20ms Script
text/javascript 2607:f8b0:4006:816::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_247_videomodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2006 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78b8b9c06e8648b397191402eb4ca35c9a83400e71f2338c84f2ef1393ef32cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/6844132/1645031070487/index.html?e=69&leftOffset=0&topOffset=0&c=vPFv8mEgCs&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 06:38:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67354
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5003
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 02 Mar 2022 06:38:10 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 76A9 0
327 B 998ms
354ms Ping
image/gif 2404:6800:4009:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~l08vh676&c=3906260093809105&ctx=3&qqid=CMCpmLmhpvYCFRANhgodFXIK_A&met.9=11.l08vh62x~12.l08vh677&met.3=113.9f~112.9e
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4009:80a::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:45 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 4531 0
54 B 991ms
355ms Ping
image/gif 2404:6800:4009:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~l08vh59i&c=3906260093809105&e=31063378%2C31064976%2C31065018%2C31065288%2C31065391%2C31061691%2C31061693&ctx=1&met.9=1.5u~2.a2~9.0~3_1.b8~7_1.0~4_1.nh~5_1.nq~6_1.179&met.3=827.a7~74.a7_1~947.a8~43.a9_1~947.a9~6.a9~91.a9_1~947.ab~95.aa_2~77.a7_4~894.ae~724.ae_1~872.ag~907.as_1~808.b9~808.b9_1~112.ch_1~94.fq~947.fv~573.fv~598.fv~113.fu_3~646.nh_1~800.nj~800.nj~800.nk~800.nk~800.nk~801.nz~825.nz~801.nz~355.nz~825.nz~825.o0~647.o1_1~415.179~844.17a~844.17a~783.17g&met.10=1_1.IJ8DEPD_Awjw_wMY____________ASgB&met.7=CBsQCMAB5NHz2g0~CA0QChgBIFYoVjC9AThmQFhIWFBYWIYBYGtohgFwqQF4-NsBgAHM2QGIAYqNBbABAbgBA8AB4dvm3Qs~CA4QChgBINMBKNMBMNcCOIQBQNMBSNUBUNUBWIMCYOgBaIMCcJYCeLfNB4ABi8sHiAH22RawAQG4AQPAAcXNhr8H~CCgQChgBIPYCKPYCMIwDOBZo9wJwigN48rYBgAHGtAGIAf7fA7ABAbgBA8ABm-H6cA~CC8QBxgBIIEDKIEDMNsDOFpAggNIjANQjANYuANgngNouQNw2wN4kAOAAWSIAWuwAQG4AQPAAZv_iccH~CC8QBxgBIIEDKIEDMPMDOHJAgQNInQNQnQNYywNgsANoywNw8gN4kAOAAWSIAWuwAQG4AQPAAfGR6JoJ~CBsQBRgBIJoDKJoDMJMEOHpAmwNItANQtANY6gNgxgNo6gNwkwR40BqAAaQYiAHOL7ABAbgBA8ABm4eU6Ao~CBsQCDi4BMAB5NHz2g0~CCcQDRgBILcEKLcEMKAFOGlAuARIvARQvARY6QRgzgRo6QRwnAV45FWAAbhTiAHwbbABAbgBA8AB8_LLrgs~CBwQBhgBIL0EKL0EMLwFOH9QvQRY6gRg0ARo6gRwuwV4rAKwAQG4AQPAAZSE4rUO~CCcQChgBIKEFKKEFMI4GOG3AAeLBm9oF~CCcQBRgBIJIGKJIGMKgGOBbAAZmVn6AL~CBsQBRgBIJMGKJMGMLsGOCjAAc_G2uIB~CA8QDRgBIJUDKJUDMMsGOLYDaJUDcMoGeOBGgAG0RIgB0ocBsAEBuAEDwAG_3prrBg~CBsQBRgBINwGKNwGMPMGOBdo3gZw8QZ40BqAAaQYiAHOL7ABAbgBA8ABm4eU6Ao&met.1=1.l08vh4x0~6.1~7.5~8.m~9.m~10.17~11.u~12.18~13.1h~14.1i~15.1m~16.2i~17.2i~18.2i~19.fq~20.fq~21.fs~22.36&qqid.1=CMCpmLmhpvYCFRANhgodFXIK_A
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4009:80a::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:45 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AC14 0
20 B 89ms
88ms Image
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BkgS8bMYeYqWBB7qToPMPvJqDmAYAAAAAOAHgBAI&bg=!xsWlxYHNAAYFuXAgBbk7ACkAdvg8Wse2TIfS8wtpcVLqw8teWwe3G-uOhD3fyldBKX-FIZWUe-N3fwIAAADiUgAAAAJoAQcKAEiCJlL46k9n0otbcoyiuL-kN0OVg2w6i6BoKuMzX3NGT6pgHxEz9E0tVB0UgWXLPnGXIgKcaE7Y_jGzu8vnbFB_-Ehuqgx9faGZAzXQNaWwMMx3ZfIQzrPwNgvIM8TlfcDLhJ4fyEtW65XwJ48fsSzw06A9O1iXtmM_ybO2ey-zwHHpOGCLVY1eZB7AE8wdECW_O1jBCq0quGefbA9_Ykt_8ZQZpSZ8OLk-IM2aVr9r9hj0l6Zby5j4HD7fh9Zy31sx5hyhVCt0mO3vxEyAIJBG9kOIOxwfwJcQVZUqjnnqB2D9eoVV7Gzh5Bf7km6ShEcFD2ZHJ8kOJG-rI-3-4-oQrPfbzWzAmaKxjctJEhsB_E6U0ORzS9UdKzgD7auzlnTGB5QFZcMxVmg5okqw_ZUdltlHCDHucNdOj1_4rSJY9znC0ibSoptXgSTiJAajmLnOfLsPN9zgHNTWhrV4cs6lNInXmiyopmcI0edeca46BWpkXtnP1Am14RTnxOP4VGj-94oe-bvHRyqz1VO-h17h047-hxiB15KqlPsIYkNPaF9rXJIJFmPUYFAulHh7HetDGSODdW6n7xpBoyQTbBhiOuYQtvXF-5XvTV2vSAXm1rq2mwxzZ3YQ13vfFsNHA1UOSUf8fuZRh999jWtnbTVuT_uNLjkWIohOl-6x1XVaBQcsA9A61-_vOr1Feou862FB1jfPw7VTrE6_hKlQfF_c6oWxGMbvvmsyG7nffepZCWKccg9vDkVx2ojXM1uUZe7WTih88c3wAVvUTWxKIy9vKOweOpX9IBbKV-LoSXg77Vl9VuYHrFO83bhrf-zK3yAjGtIZ2I3gz6jrehHs77qd4ughxb_RHM3rJFc1-U7AgOK_u1l9TeIM2J_VyblPJc3GhCVAYEf2qqGmU1arg7jn9UBRBYDyt3atx0GJsOlL4JDj7bi21oxSDdse_HzFSddBn2vT5Fo5cWbjajytBElBarmtGjp0o9RzGyrt3otk82DnJR3CtnXZ-oMit5wMXTkYipcZyKT02tmurdUaqCdGSlXLd5NC9ML3-aKFIc90D2btD5kRKXcu8Ych0BLDddBW1YBVdpweW2I6Ak8ctI5AatTmgIO1PzUgIsVcszx-mYmPMIoDSGL4aQ7ibsvwM80GfK3YderbeuPYgwuUxhS_7a7Ib_BEX2JFlnxby7aEDw

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0F1F 0
20 B 87ms
87ms Image
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022022401&jk=3906591633755890&bg=!GRqlGl7NAAYFuXAgBbk7ACkAdvg8Wm-b3lEkcNJRV-vjw2k9sId4pMWvkxEU3ouIDrhuAZGgC7sOiAIAAAD3UgAAAAhoAQeZAwXkN19OVr33Ms3lHpPr4VaHFSGgKTAa6_yxQTcHNTTGXDMsvr4Nv0YiIIQoUBqwk3TuCRGtsxUvZ5wTz1alPPYPe3SXjAbsHmdlpC9td2sagwLeAVK1EAmVPesY3NSUxCjG_3LTBMiCBZvoWcaetbj3NrWa4SRIl3nezQhJyiHdnJNSFxfIihcALWnCwNcUULQvT7dCglK4O0hX0A6jpmQPOrVFMCbBIj0AJeYokE17mS3XxJLle5MO_iI0hPE-mjxUOuV0LrrQVHPfnmEhtxOJBh28-qWabISbQb6h6UeQBtabircnnU7kKU1zICkoOJa_ea0gcYbJDzkZIwSWBfJKMaPs2XLTbyKQzu-jzC8Cfak1mU_nIdjuOMA5lFatYLUfNd91-30WpwRkxxQxkui-G4G7KPw1WmDUZws-BoiU-3c2BHud43CPLUvlfh8X9NpzRjDmSPUs1S0b7wtiY0zDczBMdyBlaAfEGILiE34ftgh4WqN_cFxnC1zxQsgLHLcgFv5k1GkEI0Jc1OPgeEej2LG5prM0D-LQd6h72Ci52-IFFAbd6-PMG2T12csSG3KiWeGgQhrb7e9DteII6fqRPL49-8tiuDICUYdq_EegQTGchbOzkgh75hYLBgarQLox8CNH_a95jqBlEvAxn0e7ZkDqa90XRhavib-RlmUt36kfHTEiFl0bDDLO5FbsxeyxbtVk21Zah6K-ZyeNKJ5JXwqJb4ywaFVbRmlWW4ztiA1ijCe5xaMoXAziIlxwFg0WibYMkXQ5USXBNBhPjBg0De-2527cM1dBzKy_lEc_mratoNeitS8poRn-Zc-eMzsZfnA_hUvM1Dk0aZEpI30WkViI6kyNV6t6SsT2qFQNCmm57DEk5crB-89tbpeD7FZroQeLNLJnRSc3-8wK0twnyMU86DaDzBWF8YExsjKR7M_VdTuq1jGz1kVK-ICcLS5sRX8GGfnyqdCDx3xpCOWpKpgGiY5CLyoUw7WWIVMsnbqb0MMzuXrcbRO6BGdHRm9wRGbpVA

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 76A9 17 KB
6 KB 39ms
38ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:20:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 01:20:44 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4531 0
20 B 83ms
82ms Image
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022022401&jk=3906260093809105&bg=!ubqluv7NAAYFuXAgBbk7ACkAdvg8WgIarBkzbzSIl8ybeC1GY4vmiCnhPvf5n5kPnjDOYkXb7oCuNQIAAAEXUgAAAAJoAQcKAF4Lr1tXn4ryW3QoUVwi3yAAnBiaH3B832Qj3qgJX_N078chY9d40XcrO_TeqdPLobYeDIQ3-NhyGtmWAdhszz3Wr2bD10H3bFVm_WcWUdHXEyXlfXqvU6cN23QXzxSTmQLrJvzGxwdD9AFWlXBv5U0CiMuWaRJYDakupV9OpiqS6jsnAdwNlT0NIvyotuVUu5ecza0k80A3GfHK6s-n-3AaR9wyvOo2uUPU0tU5c5CUpoj9VRh4ncHOoEFx4CO-wSO1IA92ML1tgFxHTN-NZCcjj9fWwzAta7HqiUgd5f2Tw4u7YHHQK2feczzNCke4-ZPc0rxBuekaWp1Czxo9YLRra26mIdMsyc5sS5fegsIiX3K07HK79heOpsew8tUdP21_J1HF_SW5YJo1G4kvpFfY2-5W_UhEoAPMcC53HVerOr46ROyiMc2NatXlTGK9PVz0xhfFsARIYAet9QYNnchgZKP2jxpxaERgRnCNxhUzdk-JLrhjCKhQ-_TEQrqr9_IXfFfoSmbpMJjl3dAAo8_oXNGyz3OO5udlU4A6n9X98Wvmvq0ZlEwOBKAojszjSwcSReVyweVLKwfoOFW2zQCZrITsKsJeqvQmKQq-Dd1gNH_NxM7xa_9Ak8fwF4Ml42IaBuCKOSpI-QlEMvP56vXzCRDK3q3zn_w9hIBYwUyS_OPPUNFUS14kCgVVcjSoIe9bkEjyYmFfrfV-xOr3sk2Zs9pu0buSpvte9dujkrTEgd1Hf5RevuB6vcCdOrF86FhPZhFr578tUVojcQBN7Dje2v80NzLLVRyzJ2qSVTO7EUKWxHPXuqvzSvpihEnilADIISeqH0qP2082fjU5HO5m0NmJDUmJPtSulF8d6X9YU4IKM2BIv33psV17oFwawGaLsUsJJMJprNZKAHZKqs2bnYsUyqfbs1rm_PO-xZZi764rYY_e3OYrh9XvlQT6WzUl7rDBTSKvmIxE21msUE_TBb6hUCukNNo8MwzihwzmOsAcGEn0jgJjCmtBd52Ze8iK6xjsgu4UfANz648UNwLYO_Yi_5-9DgsCHoaZ0i-D9NwB8FIApgYmbrBtGISe_GfZS7-TfLEyclHwOZ5qSQKYr6cvyJ2ar5Wu03Oy

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.ffxiah.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 j7hE3yxA75Jh70ErwfbAXbZ96cK9V2UfbDPjrUCF35o.js Show response
pagead2.googlesyndication.com/bg/ Frame F0CA 35 KB
13 KB 19ms
19ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/j7hE3yxA75Jh70ErwfbAXbZ96cK9V2UfbDPjrUCF35o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8fb844df2c40ef9261ef412bc1f6c05db67de9c2bd57651f6c33e3ad4085df9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 00:11:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 176983
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13490
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Feb 2023 00:11:01 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FB59 42 B
64 B 85ms
85ms Fetch
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvl5hinjWbKucueG3DLGAJFxNTbvVKBFhFDkhbxaZxOQDfTvuyhzfMuWach6x83unCkEsxpUYj8qDKgFycM-LXqOUYRrXLytolGZ2gjGPdzglHo6GI&sai=AMfl-YS8ELBExU6p7jXTFEl0SgiIpYHzraJxNxWjuc-_Uqq1G7VgODhSF24LjnRtcXrbU-CHTdqNx8b4Ip4HvUQ1E76OcwI-IhHhFuZp7a-t5lkVO5N5_iiPttb3DOYRgzPb&sig=Cg0ArKJSzB-asM6Mavf4EAE&cid=CAASFeRoAB57t9-Pvu37OAXge5m-r9kYMw&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220228&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1741596969&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1646184043904&rpt=416&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9393 42 B
64 B 84ms
83ms Fetch
image/gif 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstCGpk4E6uMoI3kOg2FA6qPHWIG7X8MDHs_1X0Jv_6UNgb91bIuMgh0kbbPzy_LGw9K5KzIykUYt6mbkNLIJX5ZigEjNweCELHIXDALpHS112PdnJA&sai=AMfl-YTPqqZkE2i3tPMui8T1G_RRCydiqYj-63YM0JnG9em37Z_eLCVU9pb_NGftWmg1F_GMoU4Fib565xH3iqQIwUIz_azsuE8Vfj99A8Lm12FSrhRAM9X09y7joUF2ClE&sig=Cg0ArKJSzG0BBls3as_1EAE&cid=CAASFeRo0jp_6JpTjwA9UtnSaAk6G7KWlQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220228&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=4037978123&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1646184043969&rpt=427&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIpee8uaGm9gIVugloCB08zQBjEAAYACDTxblPQhMIwKmYuaGm9gIVEA2GCh0Vcgr8;met=1;&timestamp=1646184046243;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=1;eid3=14;ecn3=1;etm3=0;eid5=11;ecn5=1;etm5=0;...
ade.googlesyndication.com/ddm/activity/ Frame FB59 42 B
494 B 146ms
81ms Image
image/gif 142.250.72.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIpee8uaGm9gIVugloCB08zQBjEAAYACDTxblPQhMIwKmYuaGm9gIVEA2GCh0Vcgr8;met=1;&timestamp=1646184046243;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=1;eid3=14;ecn3=1;etm3=0;eid5=11;ecn5=1;etm5=0;eid7=12;ecn7=1;etm7=0;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.72.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 01:20:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 206 file.mp4
r4---sn-t0a7ln7d.c.2mdn.net/videoplayback/id/3242a4300e334bad/itag/15/source/doubleclick_dmm/ctier/L/ip/0.0.0.0/ipbits/0/expire/3789479072/sparams/ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,... Frame 76A9 16 KB
16 KB 25ms
11ms Media
application/octet-stream 2607:f8b0:4020:1::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:1::9 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

5893623d9547b77763b0df3378cb7952c49076348ce648b16c14733f9c095b2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://s0.2mdn.net/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Range: bytes=229376-

Response headers

date: Wed, 02 Mar 2022 01:20:46 GMT
x-content-type-options: nosniff
last-modified: Wed, 16 Feb 2022 17:04:31 GMT
server: gvs 1.0
vary: Origin
content-type: application/octet-stream
Content-Range: bytes 229376-245803/245804
client-protocol: quic
cache-control: private, max-age=86400
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 16428
expires: Wed, 02 Mar 2022 01:20:46 GMT

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.ffxiah.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: uic0h06hbna0l5tmurpnps3skp
.ffxiah.com/	1970-01-20 10:38:00	Name: __gads Value: ID=497587f0993f27f8-2239d2f4d17b0056:T=1646184043:S=ALNI_MYtSFWLmGSRYaU9S4n4HSoQ9a70dQ
.ffxiah.com/	1970-01-20 10:38:00	Name: __gpi Value: UID=0000024f9e5b9128:T=1646184043:RT=1646184043:S=ALNI_Mar5gI4MV0F1HsEnUtgIFQq7Gv1NA
.getrockerbox.com/	1970-01-20 01:59:36	Name: uuid Value: rbcr-5bd44b38-89c4-49de-9b89-229de60ca32b
.doubleclick.net/	1970-01-20 18:47:36	Name: IDE Value: AHWqTUluSrufUSBMG83AsmlUQkDTKDkoK75zhjBx7m9wmX7d9o0nk05un2vcg-10Gag
.adnxs.com/	1970-01-20 03:26:00	Name: uuid2 Value: 8024529736612227388
.casalemedia.com/	1970-01-20 03:26:00	Name: CMPS Value: 470
.casalemedia.com/	1970-01-20 10:02:00	Name: CMID Value: Yh7GbJlR4zZYcrWkUOhgeAAA
.casalemedia.com/	1970-01-20 03:26:00	Name: CMPRO Value: 494
.casalemedia.com/	1970-01-20 01:17:50	Name: CMST Value: Yh7GbGIexmwA
.casalemedia.com/	1970-01-20 10:02:00	Name: CMRUM3 Value: 2d621ec66c2760CAESEPa2aExiadKl_BOnPF4XLQc
.adnxs.com/	1970-01-20 03:26:00	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>3p0u'/!]tbPl1M>e)ZlrFUfJ+tGXxp:Myfj[TBC4'L'qPCDgxFZ7m:ROyx4Pma7[kbpRzqF1`b`?h*<Z!5
.agkn.com/	1970-01-20 10:02:00	Name: ab Value: 0001%3AEP4GqLQdbUjunIpHPoyw6uaomLCZPpPe
.agkn.com/	1970-01-20 10:02:00	Name: u Value: C\|0EAgpsYLsKbGC7AAAAAAAAgAsAViNXAIAAC0BB-agAgABAAcAAAAAAZ-8cP__HgAAAAAALw4vAAAAABOSkp8AAAAACe5i0wAAAAAfDHQ4AA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

23969041e280dee7d8449c479f03dbb1.safeframe.googlesyndication.com
3de70e6f1ef83bd27625c50df42bac31.safeframe.googlesyndication.com
ade.googlesyndication.com
ads.ffxiah.com
adservice.google.ca
adservice.google.com
ajax.googleapis.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
csi.gstatic.com
d.agkn.com
dsum-sec.casalemedia.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
metrics.getrockerbox.com
pagead2.googlesyndication.com
r4---sn-t0a7ln7d.c.2mdn.net
s0.2mdn.net
securepubads.g.doubleclick.net
static.ffxiah.com
tpc.googlesyndication.com
www.ffxiah.com
www.google.com
www.googletagservices.com
142.250.72.98
142.250.80.2
142.251.32.98
142.251.40.98
158.69.250.98
172.67.209.18
23.52.162.21
2404:6800:4009:80a::2003
2600:9000:2209:7000:19:fc2c:a140:93a1
2606:4700::6810:125e
2607:f8b0:4006:807::2002
2607:f8b0:4006:809::200e
2607:f8b0:4006:80e::2002
2607:f8b0:4006:80f::2002
2607:f8b0:4006:816::2006
2607:f8b0:4006:81c::200a
2607:f8b0:4006:81e::2004
2607:f8b0:4006:81f::2001
2607:f8b0:4006:821::2002
2607:f8b0:4020:1::9
68.67.179.173
00ea380aa9569377a185aa7c9484b3cd6a7e08d988477f34e8382c7bf45067f5
039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
28d0e04a5acbc07c9e439054b8b7911f0aa7ed1f44dfac501f7b9f55e64befe1
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2953f313f04d1977820ca1a332c2bb7c76aa4c0313c16d0dec37cfd73ae832f0
2c508e357e6e1297a689c63abf4b546478b84f2d570e649f1c5e28e87df61d2d
2e6550ca6c5ca20106cda53ee4781dabfec2750dab8b11211e7259d9cdd3910b
328f0490c1cb33e8591121a3137010d723185c7cb296d6e31972a53eecc2ad8b
36c31c36d31cdc434910adc13c66d2fa052e25a246c03756851c6565c15950f5
383f95a75b02bb1370e93c9c3c6b9f060a98dbe492b16d8e1da3f653a800e435
419de48870c00b668019face0b4141266355922d0458fefe1d67f6be108f953f
421826ba172a54d9fd676a0a6ec9d635c3f2210aba81b270d1505c8c653ae4ff
453fb863e3c0287b3e4b7505e8ad90828abe8dbfca87a875af6bacc4865f6464
48c639946ecefa32203a475d98d756f67065ab02c4d7e2708a0b01178c7bb55e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e655fba9c55016bfa8f7a760b33affb02d914b70c8ab9c28475068a6bbcd2b1
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5893623d9547b77763b0df3378cb7952c49076348ce648b16c14733f9c095b2a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61f041c5ecb9209a1151d01571564c4d420c07457e8adc25f94ad42b5d6d91bd
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6834235d5f6bfbbfbec709573c170995ca9a911a05838056d2611abe065ecc9a
77a8904df780875e356b196bb3c8b55067185b8b42a2b6363875b5ce7eded29e
78b8b9c06e8648b397191402eb4ca35c9a83400e71f2338c84f2ef1393ef32cf
7cf68627e0a55ba90824d570ca10a028ce1543ff72223d90fd452fd7bc9ef3b9
820082abc59342f47489e47ede1b727d4ea2a258af6752d96d88fd84f2dfe35c
8b9ce52d9918bab6ab2bb2ce10cebdc5dc279fc874e92107c958858da6b939c4
8fb844df2c40ef9261ef412bc1f6c05db67de9c2bd57651f6c33e3ad4085df9a
94f137c233766bb0015876c6cfbf8c28125aca4cb3a826d4f7a0495a38a8f3a5
9671f8be70ad94a5362e60f4656d5d53ba214d32ab70a3f9d1603d7dadf9d1c1
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a68e054693be4a1d12da204ae67abab74a0c5fe24d97345cb9dfa9da4fcfb26d
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
afecc80369c60a81fb5ef1dc95125f8f602e5a571fea2b2b67ac5df53ac8dc16
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4931eddbb10292330d2d8b29833a4e56f86475bbea197e0f5256089c75adaba
b4b1f3c5233a55d42fda178b57bd8f10492a77bd93daf35054e144d99b9b7761
b5b24673ae69d3a759809b5f24d0c547c599cbc134d7e57ff8fd739212b35adf
b7fb55cee3f07d021bbc1a8812f42e584f1c2fbd540f147dbeb7f3c4818f9fdd
b83a14fe83bbf97fa965c43c7014232f9441aa51b16d5a87a41c8677f1b6ddf0
c38cbc9533bcd07405059d9e0135b364a0b0f5ca07aca21cf8aaaff3648b4589
cc198b107a5ade8d0f4722cd96110e46ab440e661d5929912f60f198c322d75d
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c
d76534696af70134fedf3607876e3a31410bb2e4e66f739b7aba095870eb3174
de9238a6076601f98a67bf7c628a8847a4856991edb81bbb23d3c0016241a059
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5
eec2d2339c94267837e4c52a9736a8fc7cc7e2ecb4bc8b2c981b501cdd43ab0f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2cd1b47cdac63f03064a02c7521c71ee4421239f6afcd1b0fcc90b41307d321
fbc331d286b47e12f268104be149a2031ea2757da3cc1d0e5086e64ce26ccade

www.ffxiah.com Open in urlscan Pro 158.69.250.98 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

105 Requests

91 %HTTPS

62 %IPv6

14 Domains

26 Subdomains

21 IPs

3 Countries

1725 kBTransfer

3791 kBSize

14 Cookies

10 Outgoing links

Page URL History

Redirected requests

105 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.ffxiah.com Open in urlscan Pro
158.69.250.98 Public Scan

Screenshot
Live screenshot

Full Image

105
Requests

91 %
HTTPS

62 %
IPv6

14
Domains

26
Subdomains

21
IPs

3
Countries

1725 kB
Transfer

3791 kB
Size

14
Cookies

105 HTTP transactions
3 data transactions