postimages.org Open in urlscan Pro
172.67.210.56 Public Scan

Software

cafe /

Resource Hash

f3c7a9f2a02f53975d9cd8b6eaea5fa29459a53add12adf0974ef9ceb43dbb28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Origin: https://postimages.org
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:49 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51214
x-xss-protection: 0
server: cafe
etag: 1369612915692393729
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Thu, 07 Mar 2024 07:24:49 GMT

GET
H2 200 logo.png
postimgs.org/img/ 2 KB
2 KB 96ms
46ms Image
image/png 172.67.216.170
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://postimgs.org/img/logo.png
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.216.170 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1aa70024ac6f01c7669a14fc606db2cb555073bad5a076c9d70869392fb1118f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:49 GMT
cf-cache-status: HIT
last-modified: Wed, 07 Jun 2017 15:20:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1213
etag: "593819b2-8b6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QEImJPxHnTi7q8DAxm8VO8IuQPEtftPyQHE9e1SNrS5RP9RxrBVDQvEozWYR4kO42ZR6geu3OyREt4lHKmwx8ZAC9ZlCGyxxMXJJQHVg6Q82kcbBfDcU8NODJhdHSfU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 8608d9190a02a253-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 2230

GET
H2 200 slidebar.js Show response
postimgs.org/167/ 11 KB
4 KB 101ms
51ms Script
application/javascript 172.67.216.170
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://postimgs.org/167/slidebar.js
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.216.170 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 700602424f3b2803dc9d2c06a01b7afe6639b1334f9144b4ed1a831e74ca6f8e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 17 Sep 2018 05:01:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6268
etag: W/"5b9f3534-2c90"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LH2PL9qra9T0CQKwmuir5ywAsYu%2FOIcMankxsqwDvtq5NYaEbkSAr8kcxPEtvC%2FYKuJo4VnpLnKC5az%2F%2FxzG9Gkh7JIqM9rsczEunnDGq6yTB%2Fmr6fjtgipaZjCxtwg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 8608d9190a04a253-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 upload.js Show response
postimgs.org/167/ 26 KB
9 KB 74ms
47ms Script
application/javascript 172.67.216.170
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://postimgs.org/167/upload.js
Requested by: Host: postimages.org
URL: https://postimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.216.170 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 579f7afffec025181ef2723ce9e8376f407c37419bc5345c28e5a868788add6f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 17 Sep 2018 05:01:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 680
etag: W/"5b9f3532-6958"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EcomXiEvAIzeiNSi4h5sL9PKCZL0yIEvnDvqEHBPew%2B0z0JFsWRi8dCkU87%2Fi24Hqf2GclYfRmEuBjASaVeOxLNilebVEU1PLOnmPT%2B%2FtTfFwbGgDQD3eCLBv7Ihbu4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 8608d9190a05a253-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 webfont.woff2
postimgs.org/font/awesome/ 7 KB
7 KB 73ms
29ms Font
font/woff2 172.67.216.170
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://postimgs.org/font/awesome/webfont.woff2
Requested by: Host: postimgs.org
URL: https://postimgs.org/167/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.216.170 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9be248eee3efff14af2a4d91b67a0da6b9fa4a3aeeca3136671c686d8b822be

Request headers

Referer: https://postimgs.org/167/style.css
Origin: https://postimages.org
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:49 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2467
alt-svc: h3=":443"; ma=86400
content-length: 7084
last-modified: Fri, 09 Jun 2017 21:50:06 GMT
server: cloudflare
etag: "593b180e-1bac"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rtcf617Nwz0eart5HkjidMuHQ93hQR5XoYkOfanc7Nxx6Y4U%2Fhb2Q1tK08W6lNYIhdT0O3PwsQ28lyx5fsGw8A6e4Fi4n7rxzLlVRVjW6OGOTdhXAqB4Csv7%2FGrR3A0%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 8608d9199fd139d7-YYZ

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/ 405 KB
137 KB 210ms
129ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0776200265208929

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1d65d34cdafce1c5e4465081883c12a497c2cb34a3b44249e9a921b4a449215

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:49 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140439
x-xss-protection: 0
server: cafe
etag: 30875406338484185
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Mar 2024 07:24:49 GMT

GET
H2 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240305/r20190131/ Frame 1389 9 KB
4 KB 116ms
38ms Document
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240305/r20190131/zrt_lookup_nohtml_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0776200265208929

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 15309
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Mar 2024 03:09:40 GMT
etag: 5035419970550746386
expires: Thu, 21 Mar 2024 03:09:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C8E5 293 KB
71 KB 742ms
740ms Document
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&adk=1812271804&adf=3025194257&lmt=1709796290&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpostimages.org%2F&pra=5&wgl=1&easpi=1&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709796289634&bpp=14&bdt=254&idt=453&shv=r20240305&mjsv=m202402290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2185749787120&frm=20&pv=2&ga_vid=1808745244.1709796290&ga_sid=1709796290&ga_hid=221272312&ga_fc=0&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31081612%2C44795922%2C95325753%2C95326317%2C95320377%2C95321868%2C95324160%2C95325784%2C95326430%2C95326935%2C21065725&oid=2&pvsid=148177581894733&tmod=368125530&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=475

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c855114a8c3c7c146bd5eaf06412bec3c352dada80eea542976d63d0f0a7f2fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 72537
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Mar 2024 07:24:50 GMT
expires: Thu, 07 Mar 2024 07:24:50 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 18B4 114 KB
45 KB 502ms
501ms Document
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1709796290&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709796289648&bpp=6&bdt=269&idt=470&shv=r20240305&mjsv=m202402290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2185749787120&frm=20&pv=1&ga_vid=1808745244.1709796290&ga_sid=1709796290&ga_hid=221272312&ga_fc=0&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31081612%2C44795922%2C95325753%2C95326317%2C95320377%2C95321868%2C95324160%2C95325784%2C95326430%2C95326935%2C21065725&oid=2&pvsid=148177581894733&tmod=368125530&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=479

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f76180663d43c0f77653f3c035b50958db3bcca9ac72d827deb160197742bdaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45878
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Mar 2024 07:24:50 GMT
expires: Thu, 07 Mar 2024 07:24:50 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E3FF 127 KB
42 KB 427ms
426ms Document
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=280&slotname=8487831485&adk=750852199&adf=519338288&pi=t.ma~as.8487831485&w=1200&fwrn=4&fwrnh=100&lmt=1709796290&rafmt=3&format=1200x280&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709796289654&bpp=2&bdt=274&idt=487&shv=r20240305&mjsv=m202402290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x90&nras=1&correlator=2185749787120&frm=20&pv=1&ga_vid=1808745244.1709796290&ga_sid=1709796290&ga_hid=221272312&ga_fc=0&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=503&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31081612%2C44795922%2C95325753%2C95326317%2C95320377%2C95321868%2C95324160%2C95325784%2C95326430%2C95326935%2C21065725&oid=2&pvsid=148177581894733&tmod=368125530&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=492

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48b0c65325dba1a6f0aa31d3a128309851637486580d7b3f0dac8f93162f16d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 42516
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Mar 2024 07:24:50 GMT
expires: Thu, 07 Mar 2024 07:24:50 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame E3FF 14 KB
2 KB 138ms
52ms Stylesheet
text/css 142.251.179.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=280&slotname=8487831485&adk=750852199&adf=519338288&pi=t.ma~as.8487831485&w=1200&fwrn=4&fwrnh=100&lmt=1709796290&rafmt=3&format=1200x280&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709796289654&bpp=2&bdt=274&idt=487&shv=r20240305&mjsv=m202402290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x90&nras=1&correlator=2185749787120&frm=20&pv=1&ga_vid=1808745244.1709796290&ga_sid=1709796290&ga_hid=221272312&ga_fc=0&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=503&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31081612%2C44795922%2C95325753%2C95326317%2C95320377%2C95321868%2C95324160%2C95325784%2C95326430%2C95326935%2C21065725&oid=2&pvsid=148177581894733&tmod=368125530&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=492

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.95 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f95.1e100.net

Software

ESF /

Resource Hash

a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 07 Mar 2024 07:24:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 07 Mar 2024 05:30:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Mar 2024 07:24:50 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame E3FF 2 KB
875 B 141ms
56ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:19:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61500
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:19:50 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame E3FF 23 KB
9 KB 143ms
62ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:19:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61500
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:19:50 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame E3FF 3 KB
1 KB 148ms
68ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:19:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61500
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:19:50 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame E3FF 20 KB
8 KB 121ms
41ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:19:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61500
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:19:50 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame E3FF 207 KB
63 KB 41ms
40ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 06:26:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3503
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 07 Mar 2024 07:26:27 GMT

GET
H2 200 fae6ba9c9cb9ec876bbde5988f04c6f7.js Show response
www.gstatic.com/mysidia/ Frame E3FF 36 KB
15 KB 118ms
38ms Script
text/javascript 172.253.122.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fae6ba9c9cb9ec876bbde5988f04c6f7.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 03:15:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14979
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15132
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 22:04:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 05 Jun 2024 03:15:11 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/6154728634826904457/ Frame E3FF 31 KB
31 KB 144ms
69ms Image
image/jpeg 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6154728634826904457/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe3a93fb9ffc9fb9e74c31a2afc5d0d8826976edbad35168cd4a7273471592db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Thu, 07 Mar 2024 07:24:50 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31316
x-xss-protection: 0
last-modified: Fri, 24 Nov 2023 15:52:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 07 Mar 2025 07:24:50 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 40D5 624 B
246 B 102ms
100ms Document
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLy2IRDZ-S4Yi6PbiQIwAQ&v=APEucNXzXjRYFlFqHR1QpFZ_92NnxtXTtKFFxQGdIy6cPxeZsO1xszWqWNvoymuVX2t24c0-1ECaOjLWu_AyZo8h_pYuLN7kXg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1709796290&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709796289648&bpp=6&bdt=269&idt=470&shv=r20240305&mjsv=m202402290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2185749787120&frm=20&pv=1&ga_vid=1808745244.1709796290&ga_sid=1709796290&ga_hid=221272312&ga_fc=0&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31081612%2C44795922%2C95325753%2C95326317%2C95320377%2C95321868%2C95324160%2C95325784%2C95326430%2C95326935%2C21065725&oid=2&pvsid=148177581894733&tmod=368125530&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=479

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0776200265208929&output=html&h=90&slotname=4727113088&adk=1184666797&adf=3475520789&pi=t.ma~as.4727113088&w=1200&fwrn=4&fwrnh=100&lmt=1709796290&rafmt=2&format=1200x90&url=https%3A%2F%2Fpostimages.org%2F&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1709796289648&bpp=6&bdt=269&idt=470&shv=r20240305&mjsv=m202402290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2185749787120&frm=20&pv=1&ga_vid=1808745244.1709796290&ga_sid=1709796290&ga_hid=221272312&ga_fc=0&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=70&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31081612%2C44795922%2C95325753%2C95326317%2C95320377%2C95321868%2C95324160%2C95325784%2C95326430%2C95326935%2C21065725&oid=2&pvsid=148177581894733&tmod=368125530&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=479
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Mar 2024 07:24:50 GMT
expires: Thu, 07 Mar 2024 07:24:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame C9D7 111 KB
39 KB 126ms
41ms Script
text/javascript 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 03:00:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15865
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 03:00:25 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/ Frame C9D7 8 KB
3 KB 41ms
41ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:19:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61496
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3206
x-xss-protection: 0
server: cafe
etag: 12640889860211258669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:19:54 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame C9D7 23 KB
9 KB 40ms
40ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite_fy2021.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:19:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61496
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:19:54 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame C9D7 41 KB
14 KB 67ms
57ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 21:24:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36024
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Mar 2025 21:24:26 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame C9D7 3 KB
1 KB 76ms
67ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:19:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61500
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:19:50 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame C9D7 20 KB
8 KB 47ms
37ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:19:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61500
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:19:50 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame C9D7 207 KB
63 KB 42ms
41ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 06:26:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3503
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 07 Mar 2024 07:26:27 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9D7 42 B
63 B 96ms
96ms Image
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D3hZo1J1t3LKaY5EjSrwiMHsLWOPfM43sw-SfobJINa9Qv9A4ykeFsGO__Hy_rIDR0MALJ7orCwB_SPOAhfl_xG8TaYQLHKhmIhkGvBDOOi474FiI

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

639.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame C9D7 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6452676bf6423e896fde56d869d128c8b7d3fdad25c9fd96988f5d9d3b027d5

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E3FF 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06e9b8843b616a233de655ce3d2f9da3bb143116098af365b1a1122e7675e34d

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 40D5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAi-Eu_xs4SydFerbvHTtRw&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAi-Eu_xs4SydFerbvHTtRw&google_cver=1&C=1

43 B
343 B

43ms
43ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAi-Eu_xs4SydFerbvHTtRw&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLy2IRDZ-S4Yi6PbiQIwAQ&v=APEucNXzXjRYFlFqHR1QpFZ_92NnxtXTtKFFxQGdIy6cPxeZsO1xszWqWNvoymuVX2t24c0-1ECaOjLWu_AyZo8h_pYuLN7kXg
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:50 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5PwFjlEaQW4kSnRCJwFH0UXtuyMGT9k0IlsjolTiHBpqD%2BsQMubggd6o0FsVEvu%2B3v7d6GsnlvcZbwQZ6OIcCGe22nhSWj5hn5hHJcDQc6eGh%2BFSVYk4ZS%2BFXG3M%2FMI%2B8JR%2FsJZ9GTt4JA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8608d9225ddca23b-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:50 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W8AZf3wyzCwTSovdLMn61fBGBz1jcydgBa2uHuzGE8RhbA302jpbI39ghoPXTx9LyCkeP1N2WA7kObCKHw8rk41MlsoOWZiZxl1Z2daW%2BPX15vEXs1NxAQ12NC%2Femb%2FDCbjFqaFCLoneOA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEAi-Eu_xs4SydFerbvHTtRw&google_cver=1&C=1
cache-control: no-cache
cf-ray: 8608d9220da7a23b-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 40D5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZelrwtHM6c8AAEiDABP3LwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAi-Eu_xs4SydFerbvHTtRw&google_cver=1

43 B
771 B

44ms
44ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAi-Eu_xs4SydFerbvHTtRw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLy2IRDZ-S4Yi6PbiQIwAQ&v=APEucNXzXjRYFlFqHR1QpFZ_92NnxtXTtKFFxQGdIy6cPxeZsO1xszWqWNvoymuVX2t24c0-1ECaOjLWu_AyZo8h_pYuLN7kXg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:51 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yJGJApzdN74eDyVEP%2FulYjXQ9G8NpjL2vVz0LiUQ9Se4vx1s0rDKdv8cJDIqL3jUh6rnb6xvXjqgp%2FmYdX%2Bf8EY9rCT7rc8jpdUS6BtognqyEQGCQxzFn1Y%2FBnbDm97u7I10MYjMLFJazg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8608d922fb2d36db-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:50 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAi-Eu_xs4SydFerbvHTtRw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 40D5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEB2SY_GN8twDvdtOGe-C_es&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB2SY_GN8twDvdtOGe-C_es%26google_cver%3D1

43 B
1 KB

45ms
44ms

Image
image/gif

68.67.160.137
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB2SY_GN8twDvdtOGe-C_es%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLy2IRDZ-S4Yi6PbiQIwAQ&v=APEucNXzXjRYFlFqHR1QpFZ_92NnxtXTtKFFxQGdIy6cPxeZsO1xszWqWNvoymuVX2t24c0-1ECaOjLWu_AyZo8h_pYuLN7kXg

Protocol

Server

68.67.160.137 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:51 GMT
an-x-request-uuid: 3e32be38-494d-49da-96ac-5663375b1b7d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 62.3.36.179; 62.3.36.179; 639.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:50 GMT
an-x-request-uuid: f224cb4c-5748-4700-a42c-23ec1c9f2b57
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB2SY_GN8twDvdtOGe-C_es%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 62.3.36.179; 62.3.36.179; 639.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 40D5
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzk4NDc3MDE4NDY2NTAzMDk0NQ%3D%3D

170 B
188 B

50ms
49ms

Image
image/png

172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzk4NDc3MDE4NDY2NTAzMDk0NQ%3D%3D

Requested by

Protocol

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:50 GMT
an-x-request-uuid: 2e459167-0438-4c2c-b7fc-8606c5d6f1c5
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzk4NDc3MDE4NDY2NTAzMDk0NQ%3D%3D
x-proxy-origin: 62.3.36.179; 62.3.36.179; 639.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 71B8 38 KB
13 KB 39ms
38ms Document
text/html 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 195493
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Mar 2024 01:06:37 GMT
expires: Wed, 05 Mar 2025 01:06:37 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame E3FF 33 KB
34 KB 114ms
38ms Font
font/woff2 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 21:24:26 GMT
x-content-type-options: nosniff
age: 36024
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Mar 2025 21:24:26 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 6 KB
2 KB 120ms
41ms Document
text/html 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d01a0b99d9128904ffe04f60e982d501490665eea15c01fba5dee47bc11b07cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 8548
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2008
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 07 Mar 2024 05:02:22 GMT
expires: Fri, 07 Mar 2025 05:02:22 GMT
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame C9D7 0
0 185ms
106ms Fetch
image/gif 172.253.63.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssw77oqT4wIajePl5YwiWybHUGkW7hbEmmEVgVtWzx698uxCaDgW8reYrFehqzK9ry8oq4M0nQ7bqjImxSVlsoeUkblpDc1VjCI595xM5fp864OzyJOf2A_EO5zPtfEqb1K38BySFZ8xYySsphE9zenizgnvWpTBErz0Z8k5-olZK6Vfq7HCBuSS3-5GzPGHY576zoX_LuQxMONvPlzo_SLeBX-ftfDlO2XjlKyNQVZtyVTh7nUggSe9Cmek6mulwBRrGUG2WXcWi1YGxWlBmu1kQxdKC-qTFq6yyM1mgG8r7VqmuJ4_buliz5IWrqfSLrJ-xeQ8KNsH-p_4tmQ4oXKyQfYMVWnQhSgg5g84SoX3CNVxSLeHPBbx8iD6H_n2YSZnn0jI4eVSmwnLKC7aTqO6bnmLy0gNsqAjH7Ro6oO316JFMz1J4QHy2fM7df0g_7t3zxXngClPsYpfjE5HnzYArMHbVMf8Iy2l-C950ioRoHcJyGXbbr-OrQ27_MaqY6r8Iy2-hdwYKzT7p6TPruoHThVhHv0jH45trkODMnEtGhzlKU2wBm5uiLV6a7LuG6K1LhqGfXEf0g6ue22RY5cAyv0qt383jSu1KMx1WNQ6dp1tN_NYZ6y7SwWJmdomZSL3vZZT2cqp-MAWrf-ovxm9_tUPKBTHOFtdK4BywTEofROXhkqndmGTzySnD51aFY1s0BWq7IvViJ0PvmH29HXRRQWurD5p9WHIGb94Oc1spJ6E1BOCB4RY3G0tJftkd3oTAKWE_TawYWopqu9gZrOy6VDnqpVtC54SfscwAFdAwnpSaA43hFIlrbfRatz2oIQlWkoNMsGvCZpmtbJ5mTDYqWfWHpeDljjZL0syNN6Yh7yVbuzoBlClKv0Mj51NSFzsgVfokUuLjHb4zC87-NC2kN4pC9FoicX5BtxVTGTV4cjn8rMvtjdwNRT9kfiHkS0LXrr_Z8HqSFMUdIT2MxaX4sb_3kHjuo3CxEbucbi3uJUHq2BsfgLE0fHqECcuCy_pAqSE3Zlm0_ZLN8Ocn_Uee9YhdcpSYv84amx_-RjM3kQjv9TenjaSbXGK2Vwyr5ts9pLFTaGUCkPjVR30da0EOQZDY9nXffqeMQr6maMsHT4Tcxar1lD4ocW1WzYpt8ISK0dqbuZak4cmSR9xkLgmtbD6ujxkqZzhDPV2sJs2Tyt_z4mPEfXCPZ4Q_cCMP-zc7TlK_VcmOlIvMNIyhytWAJwRWWdHS8HtWUjIGDNTnPiaQRZz9aHJjgE7tyyJgFmnX75HcWT1LhD5SIyXwpD0pwf9PjJLsV6IaXqFTfJ2CBko4xNtAlRTP2hXNCQ7u_nWYL9IGw4Aa_O_5oYLHGOFTrl1DKszySdyQoRPsK5EF2mSeQzTB7Y&sai=AMfl-YTrx20ymYYyhHVpjjRSItWr-UZ2yJK2ap3aE2HOoZv6aTJOfIx0DI7Ri7doJ3Xx0ul4iLH7z4Peq20e0d6kjF7QzxUx-xOswT6QK4Is9p9JP7lNJLzNjzFLmzxQvvGNlOykwrs3IgkCp57JsQVRAXYLa8DJHst7CdP7_08ePqS81bgcBI7I5pBofqd063BeN6pjX7L_GhIDdeyaUvKf2212p9HyEF5CC02oUi_8TyD8cY-56F71heQIOwY_uOqBDQoxQLlKitpYY1tYPPBfTae4RlBjxmttARAXej86biJKVja3VWgl0nnXX07B1XZytEqnyml9W1PpzNahzpQ7umCuje_ijs8G_gMYGhdoee8l_DhcjwUJS9iEilFQ4fr8yanSsI4-tbrjaf2kh3s9tPN8WpdBes5fX_pAC4vMj2YTuCn47Dgsdv0IS9hfC_7Rd1vOR-OYQ7vNjqojptRToQhUwuXb6Y-2nG1i2e1FjvkILdoLh51ABzPRsocBcQhOneeZyl8wM58&sig=Cg0ArKJSzCwwRv5CMaUvEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9sZXh1c29udGFyaW8uY2E&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=212&cbvp=1&cstd=210&cisv=r20240306.56927&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 07 Mar 2024 07:24:51 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 07 Mar 2024 07:24:51 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/ 166 KB
56 KB 111ms
110ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

526d985c4be533eb425bb144ddcef063c672c222da0794631abc3d804ff9d1c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57310
x-xss-protection: 0
server: cafe
etag: 5622085874322372351
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Mar 2024 07:24:50 GMT

GET
H2 200 ca-pub-0776200265208929 Show response
fundingchoicesmessages.google.com/i/ 182 KB
61 KB 155ms
71ms Script
application/javascript 172.253.115.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-0776200265208929?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

11b437e9bb7d6ca6abbcc285fecb6fdc5191a8393e2fb0be6fd617f5d37e5fa2

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-71ReekA8gVYmcJwImcP47Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:51 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-71ReekA8gVYmcJwImcP47Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStHikmLw0pBiOO90h-k6ENcyPGNqBWIDjedMFkDM-OcFEycQv_vykonn60smCSDWAOIdPh4sfOums6oAse766ayhQBzzfDprChA7pc9gDQJin_oZrDFALMTNcfj60vVsAgt-H5AAANV1LSY"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 tx_YDh4dAjwBh_VW-2vM8PCxzl4JTVu4GQSmkVWr_Gk.js Show response
pagead2.googlesyndication.com/bg/ Frame 71B8 51 KB
20 KB 40ms
40ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tx_YDh4dAjwBh_VW-2vM8PCxzl4JTVu4GQSmkVWr_Gk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b71fd80e1e1d023c0187f556fb6bccf0f0b1ce5e094d5bb81904a69155abfc69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 03:11:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 187996
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20052
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Mar 2025 03:11:34 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame E3FF
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C2psZwmvpZZrJC6XMqMwPsuaaoAKhnY3SdYekxsf9EbCQHxABIJHywAdg_YiXgegDoAGvtdrhA8gBCakC2mDZeunSqD6oAwHIA8sEqgTPAU_Q2aRJcmu9yUNnwJGJcZJI7fL6zhcxhrPedHp...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x9d5bb561b1afc8d00000000000000000%22,%222%22:%220x3fed3b7840fd9dfb0000000000000000%22,%223%22:%220xb7308e...

0
0

95ms
94ms

Fetch
text/css

172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x9d5bb561b1afc8d00000000000000000%22,%222%22:%220x3fed3b7840fd9dfb0000000000000000%22,%223%22:%220xb7308e37debda26f0000000000000000%22,%224%22:%220x3928e968dc1be1450000000000000000%22,%225%22:%220x7074d14650016ba10000000000000000%22},%22debug_key%22:%224928582893178271679%22,%22debug_reporting%22:true,%22destination%22:%22https://tvolearn.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221010211503%22],%2222%22:[%22true%22],%224%22:[%2203-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222348851394045087857%22}&andc=true

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:51 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x9d5bb561b1afc8d00000000000000000","2":"0x3fed3b7840fd9dfb0000000000000000","3":"0xb7308e37debda26f0000000000000000","4":"0x3928e968dc1be1450000000000000000","5":"0x7074d14650016ba10000000000000000"},"debug_key":"4928582893178271679","debug_reporting":true,"destination":"https://tvolearn.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1010211503"],"22":["true"],"4":["03-07"],"6":["true"]},"priority":"500","source_event_id":"2348851394045087857"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 07 Mar 2024 07:24:51 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 07 Mar 2024 07:24:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x9d5bb561b1afc8d00000000000000000","2":"0x3fed3b7840fd9dfb0000000000000000","3":"0xb7308e37debda26f0000000000000000","4":"0x3928e968dc1be1450000000000000000","5":"0x7074d14650016ba10000000000000000"},"debug_key":"4928582893178271679","debug_reporting":true,"destination":"https://tvolearn.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1010211503"],"22":["true"],"4":["03-07"],"6":["true"]},"priority":"500","source_event_id":"2348851394045087857"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 1 KB
725 B 42ms
41ms Stylesheet
text/css 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08e4ce4f74cd32894be333e561124f9847b544ef47916ed7a90f6d669d602202

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Fri, 07 Mar 2025 05:02:22 GMT
date: Thu, 07 Mar 2024 05:02:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 695
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 imagesloaded.pkgd.min.js Show response
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 5 KB
2 KB 44ms
42ms Script
application/x-javascript 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/imagesloaded.pkgd.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96abf166b3cbb5f7df525d86fdeeeccea4af3c120b19bc26b0613530a94e8b44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Fri, 07 Mar 2025 05:02:22 GMT
date: Thu, 07 Mar 2024 05:02:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1810
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 680E 113 KB
38 KB 49ms
47ms Script
text/javascript 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Mar 2024 07:24:51 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 1 KB
590 B 44ms
43ms Script
application/x-javascript 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe743dc1c7994c80f86608e88583153d9302a7a8a5ac20c31fc53b0eb9b10ec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Fri, 07 Mar 2025 05:02:22 GMT
date: Thu, 07 Mar 2024 05:02:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 560
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 headline_01.png
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 5 KB
5 KB 79ms
78ms Image
image/png 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/headline_01.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3284ce11b294985d29d91d737e57face096a8e7dcadfa542d32cf669f07bd59b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Fri, 07 Mar 2025 05:02:22 GMT
date: Thu, 07 Mar 2024 05:02:22 GMT
x-content-type-options: nosniff
age: 8549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5174
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 offer.png
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 5 KB
5 KB 45ms
44ms Image
image/png 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/offer.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c036eaec9f9129d1929a800150b70a23c0a2284c6ec925df3e530fa3e76a65c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Fri, 07 Mar 2025 05:02:22 GMT
date: Thu, 07 Mar 2024 05:02:22 GMT
x-content-type-options: nosniff
age: 8549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5317
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 nameplate.png
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 945 B
973 B 45ms
44ms Image
image/png 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/nameplate.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86aa775b96984c6464a9651211a59496ac30964cb0f1ab4dabb7805835b4ce33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Fri, 07 Mar 2025 05:02:22 GMT
date: Thu, 07 Mar 2024 05:02:22 GMT
x-content-type-options: nosniff
age: 8549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 945
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 car.png
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 22 KB
22 KB 42ms
41ms Image
image/png 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/car.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0f675d7c9324c46465beddf0c5c6055a8512f2be9ae8350b5358b40e9017f6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Fri, 07 Mar 2025 05:02:22 GMT
date: Thu, 07 Mar 2024 05:02:22 GMT
x-content-type-options: nosniff
age: 8549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22766
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 919 B
947 B 43ms
42ms Image
image/png 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10babe98206a6f6417a76635104b0d24a5a925c5df66b9d4a16c5a9df9e6aebe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Fri, 07 Mar 2025 05:02:22 GMT
date: Thu, 07 Mar 2024 05:02:22 GMT
x-content-type-options: nosniff
age: 8549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 919
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 2 KB
2 KB 41ms
41ms Image
image/png 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8873fd208c5e2f7e8c9dcfaefba2e0491b4e0b7aee2fec72fd4a6fc23922101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Fri, 07 Mar 2025 05:02:22 GMT
date: Thu, 07 Mar 2024 05:02:22 GMT
x-content-type-options: nosniff
age: 8549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1627
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 btn_disclaimer.png
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 740 B
768 B 44ms
43ms Image
image/png 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/btn_disclaimer.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b07345def4300d4596c0814a5185e711f807bb2f21ffd587c752f2748734c87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Fri, 07 Mar 2025 05:02:22 GMT
date: Thu, 07 Mar 2024 05:02:22 GMT
x-content-type-options: nosniff
age: 8549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 740
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 tx_YDh4dAjwBh_VW-2vM8PCxzl4JTVu4GQSmkVWr_Gk.js Show response
pagead2.googlesyndication.com/bg/ Frame EC1E 51 KB
20 KB 43ms
43ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tx_YDh4dAjwBh_VW-2vM8PCxzl4JTVu4GQSmkVWr_Gk.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b71fd80e1e1d023c0187f556fb6bccf0f0b1ce5e094d5bb81904a69155abfc69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 03:11:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 187997
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20052
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Mar 2025 03:11:34 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 171ms
94ms Preflight
text/html 172.253.122.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 07 Mar 2024 07:24:51 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/ Frame 2E19 9 KB
4 KB 39ms
38ms Document
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 15189
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Mar 2024 03:11:42 GMT
etag: 5035419970550746386
expires: Thu, 21 Mar 2024 03:11:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/ Frame AD3B 9 KB
4 KB 39ms
38ms Document
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 15189
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Mar 2024 03:11:42 GMT
etag: 5035419970550746386
expires: Thu, 21 Mar 2024 03:11:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxV_jCyWBfnhbnUestgxwFU94TcE7Qjm-LD8FeJxiy-C54lcrAb_GLUGYwshEO0XfCE99omsBVrgYG3om26Ig4XPnonBAgZJUy5lD3f3NlORXfBuQijmEtO0ybIksfRYi6ykO2uBXw== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 73ms
73ms Script
application/javascript 172.253.115.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxV_jCyWBfnhbnUestgxwFU94TcE7Qjm-LD8FeJxiy-C54lcrAb_GLUGYwshEO0XfCE99omsBVrgYG3om26Ig4XPnonBAgZJUy5lD3f3NlORXfBuQijmEtO0ybIksfRYi6ykO2uBXw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA5Nzk2MjkxLDI0MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9wb3N0aW1hZ2VzLm9yZy8iLG51bGwsW1s4LCJGODhYYmhxTG9qUSJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.F88XbhqLojQ.es5.O/am=wA/d=1/rs=AJlcJMy3SgnF0EVdgXHg5Ybt6aiahLkLXw/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

db4bf7c878917ddef0b47bc3eceb7158c81b104acc76ba570f7be05d3484ec1a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Evc_SHEEvqhFHL13F5Fqag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:51 GMT
content-security-policy: script-src 'report-sample' 'nonce-Evc_SHEEvqhFHL13F5Fqag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStHikmII0JBiOO90h-k6ENcyPGNqBWIDjedMFkDM-OcFEycQv_vykonn60smCSDWAOIdPh4sfOums6oAse766ayhQBzzfDprChA7pc9gDQJin_oZrDFALMTDcfj60vVsAgu2nOlmBAAFOi1m"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame C9D7 0
0 104ms
103ms Fetch
image/gif 172.253.63.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssw77oqT4wIajePl5YwiWybHUGkW7hbEmmEVgVtWzx698uxCaDgW8reYrFehqzK9ry8oq4M0nQ7bqjImxSVlsoeUkblpDc1VjCI595xM5fp864OzyJOf2A_EO5zPtfEqb1K38BySFZ8xYySsphE9zenizgnvWpTBErz0Z8k5-olZK6Vfq7HCBuSS3-5GzPGHY576zoX_LuQxMONvPlzo_SLeBX-ftfDlO2XjlKyNQVZtyVTh7nUggSe9Cmek6mulwBRrGUG2WXcWi1YGxWlBmu1kQxdKC-qTFq6yyM1mgG8r7VqmuJ4_buliz5IWrqfSLrJ-xeQ8KNsH-p_4tmQ4oXKyQfYMVWnQhSgg5g84SoX3CNVxSLeHPBbx8iD6H_n2YSZnn0jI4eVSmwnLKC7aTqO6bnmLy0gNsqAjH7Ro6oO316JFMz1J4QHy2fM7df0g_7t3zxXngClPsYpfjE5HnzYArMHbVMf8Iy2l-C950ioRoHcJyGXbbr-OrQ27_MaqY6r8Iy2-hdwYKzT7p6TPruoHThVhHv0jH45trkODMnEtGhzlKU2wBm5uiLV6a7LuG6K1LhqGfXEf0g6ue22RY5cAyv0qt383jSu1KMx1WNQ6dp1tN_NYZ6y7SwWJmdomZSL3vZZT2cqp-MAWrf-ovxm9_tUPKBTHOFtdK4BywTEofROXhkqndmGTzySnD51aFY1s0BWq7IvViJ0PvmH29HXRRQWurD5p9WHIGb94Oc1spJ6E1BOCB4RY3G0tJftkd3oTAKWE_TawYWopqu9gZrOy6VDnqpVtC54SfscwAFdAwnpSaA43hFIlrbfRatz2oIQlWkoNMsGvCZpmtbJ5mTDYqWfWHpeDljjZL0syNN6Yh7yVbuzoBlClKv0Mj51NSFzsgVfokUuLjHb4zC87-NC2kN4pC9FoicX5BtxVTGTV4cjn8rMvtjdwNRT9kfiHkS0LXrr_Z8HqSFMUdIT2MxaX4sb_3kHjuo3CxEbucbi3uJUHq2BsfgLE0fHqECcuCy_pAqSE3Zlm0_ZLN8Ocn_Uee9YhdcpSYv84amx_-RjM3kQjv9TenjaSbXGK2Vwyr5ts9pLFTaGUCkPjVR30da0EOQZDY9nXffqeMQr6maMsHT4Tcxar1lD4ocW1WzYpt8ISK0dqbuZak4cmSR9xkLgmtbD6ujxkqZzhDPV2sJs2Tyt_z4mPEfXCPZ4Q_cCMP-zc7TlK_VcmOlIvMNIyhytWAJwRWWdHS8HtWUjIGDNTnPiaQRZz9aHJjgE7tyyJgFmnX75HcWT1LhD5SIyXwpD0pwf9PjJLsV6IaXqFTfJ2CBko4xNtAlRTP2hXNCQ7u_nWYL9IGw4Aa_O_5oYLHGOFTrl1DKszySdyQoRPsK5EF2mSeQzTB7Y&sai=AMfl-YTrx20ymYYyhHVpjjRSItWr-UZ2yJK2ap3aE2HOoZv6aTJOfIx0DI7Ri7doJ3Xx0ul4iLH7z4Peq20e0d6kjF7QzxUx-xOswT6QK4Is9p9JP7lNJLzNjzFLmzxQvvGNlOykwrs3IgkCp57JsQVRAXYLa8DJHst7CdP7_08ePqS81bgcBI7I5pBofqd063BeN6pjX7L_GhIDdeyaUvKf2212p9HyEF5CC02oUi_8TyD8cY-56F71heQIOwY_uOqBDQoxQLlKitpYY1tYPPBfTae4RlBjxmttARAXej86biJKVja3VWgl0nnXX07B1XZytEqnyml9W1PpzNahzpQ7umCuje_ijs8G_gMYGhdoee8l_DhcjwUJS9iEilFQ4fr8yanSsI4-tbrjaf2kh3s9tPN8WpdBes5fX_pAC4vMj2YTuCn47Dgsdv0IS9hfC_7Rd1vOR-OYQ7vNjqojptRToQhUwuXb6Y-2nG1i2e1FjvkILdoLh51ABzPRsocBcQhOneeZyl8wM58&sig=Cg0ArKJSzCwwRv5CMaUvEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9sZXh1c29udGFyaW8uY2E&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=574&vt=11&dtpt=362&dett=3&cstd=210&cisv=r20240306.56927&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:51 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 07 Mar 2024 07:24:51 GMT

GET
H3 200 img_bg.jpg
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 49 KB
49 KB 41ms
41ms Image
image/jpeg 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/img_bg.jpg

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca06000320f4a42f0e6011db2a238349e5ad939779f01ced6671d69e22729ecf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Fri, 07 Mar 2025 05:02:22 GMT
date: Thu, 07 Mar 2024 05:02:22 GMT
x-content-type-options: nosniff
age: 8549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49691
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 71B8 0
20 B 98ms
98ms Image
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BigUywmvpZbC2Cq3xqMwPmq6_qA0AAAAAOAHgBAI&bg=!wsGlwY7NAAZdgtM0fYI7ADQBe5WfOGkMTYXs9eYPVEegbgjP1KHGZohXpDn6tMJO84vtpH-89_K5kQ_aTtT92zpiK-iBAgAAAJhSAAAAA2gBBwoAMQ4hDnIlP7KvEayjNI2NpN5hkQP2U7mAqZ0XCadKwCUCntEXPHC5s8KEDqSALHEOO2aZAwVI2U6DvtxIXsbkD9nmHrtgwQmL6AzbG4mOzqT11G5pc46dfV6-OKp2U1bhcqi87GvUoM-0rCaJw8UEiO6Jc0xXIFepppA_FFSG1nDWz2SuEa6qdAAptj46TbmSkkx8niMnhRJ6uohRuULqEte3ZN6b4BrCOF9C7NtpOI9l6SKXw-pU_YQ4JKkqdELfseI8AqYn_epGcopbT6OCaKU0Pl1hhHlKk3pzwQYibP7MCkdhcOlfeh7yCXWsE9_pLrrrATxgA5mP8-c_lGVpzppuaSpNHz6n9yj6W5MfhUTYDmtrM8p_EeoDSTARLOWw9_ZXaNJgiBpdlrWfyQUKWrh3_f3dP4W9sklNtD7gcxoeP74UngDVvRK1O8sPojMS3Vp3oEIi6_BmdTZPp2SIvtDS7Efkr_D1McXpx1cGSjI9x_pLWsyOFLIWO4XYmHY5ovnP2-yvxspbtdorrMesLpQXWV8e4QQXRg_2860Gdn66YxE2bZYmghJMAaQ3OM638LRuVDP3wrW3oreYg83xvbic508FX7NDznGtyQsBxM3Akm_gGZQEHDPxSvG_lpSP4sud-c2X7q6uM2Q3ewBI3p6XqfI8YhohXRgK4aqFs6t-deERtDtyyod3o5Pp3f4YOIENlr6XZiKHPmRovIZD_Kzw5wJpFgxCVBevKi5PunMpYoi1qQzqiMsR662A6FV2lBPzICEUAlpy6qu4xbjwFDU_asUoctgcqsmrx0YkJ8CjzNgX7DpKSVD7WM0z9lHNPO3Ur3aSD14910WUPMbXZHEn7QY06STdC8YhdUhdfIV9BYcB93rxeP7hZIQM3z9frWiJOEIc4PWqfuj9MtHUMc1GHn704Eyaa_3vkGNu3AqYCiq_WVXyLSddmsluq6hnx5DEvcbJU0DSduj6QuSBu4p7u3kv3WwHcMImfx5ybt2CuWO5YNmsC2AO-vyptTauKTPtXFiPQKpyF7fWYepw9-KxUF75Yg5C4dWE4knzDaP5OffxWVUeQOJnS_nDH-aVQBTDqiTy3CMW0Q

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame A4CE 14 KB
1 KB 52ms
51ms Stylesheet
text/css 142.251.179.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.95 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f95.1e100.net

Software

ESF /

Resource Hash

a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 07 Mar 2024 07:24:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 07 Mar 2024 07:19:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Mar 2024 07:24:51 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240305/r20110914/client/ Frame A4CE 2 KB
822 B 40ms
40ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240305/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:32:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60743
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:32:28 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240305/r20110914/ Frame A4CE 23 KB
9 KB 40ms
39ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240305/r20110914/abg_lite_fy2021.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:32:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60743
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:32:28 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BCC4 143 B
166 B 39ms
38ms Document
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 1167
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Mar 2024 07:05:24 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240305/r20110914/client/ Frame A4CE 3 KB
1 KB 41ms
40ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240305/r20110914/client/window_focus_fy2021.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 21:24:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36025
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 21:24:26 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240305/r20110914/client/ Frame A4CE 20 KB
8 KB 44ms
42ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240305/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 20:10:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40465
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 20:10:26 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame A4CE 207 KB
63 KB 43ms
42ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 06:26:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3504
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 07 Mar 2024 07:26:27 GMT

GET
H2 200 fae6ba9c9cb9ec876bbde5988f04c6f7.js Show response
www.gstatic.com/mysidia/ Frame A4CE 36 KB
15 KB 39ms
38ms Script
text/javascript 172.253.122.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fae6ba9c9cb9ec876bbde5988f04c6f7.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 03:15:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14980
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15132
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 22:04:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 05 Jun 2024 03:15:11 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240305/r20110914/elements/html/ Frame 2E19 15 KB
6 KB 45ms
45ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240305/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a1433553dad10b1617e945447ce8d2a7a4ce6542ad50fdb8b563f85560cbc3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:46:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59886
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6454
x-xss-protection: 0
server: cafe
etag: 9518204868993021864
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:46:45 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 2E19 205 B
519 B 40ms
39ms Image
image/png 172.253.122.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 05:35:56 GMT
x-content-type-options: nosniff
age: 6535
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 07 Mar 2025 05:35:56 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 2E19 604 B
694 B 40ms
39ms Image
image/png 172.253.122.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 06:40:49 GMT
x-content-type-options: nosniff
age: 2642
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 07 Mar 2025 06:40:49 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240305/r20110914/elements/html/ Frame 2E19 22 KB
9 KB 49ms
48ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240305/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5efd17aa9600929f5517878dd267b6fdfeca37478d6987b5d75caec4f1e4b1a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:40:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60270
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9093
x-xss-protection: 0
server: cafe
etag: 981128176822753981
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:40:21 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240305/r20110914/ Frame AD3B 23 KB
9 KB 41ms
40ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240305/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 14:32:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60743
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 14:32:28 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame AD3B 9 KB
846 B 51ms
50ms Stylesheet
text/css 142.251.179.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.95 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f95.1e100.net

Software

ESF /

Resource Hash

d3f4104957e76483acba4180738253208fd8d4d81c64931244860514af502b82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 07 Mar 2024 07:24:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 07 Mar 2024 06:32:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Mar 2024 07:24:51 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/ Frame AD3B 15 KB
3 KB 116ms
38ms Stylesheet
text/css 142.251.16.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/outstream.min.css

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.95 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f95.1e100.net

Software

sffe /

Resource Hash

425f9ca7029ca2c95d204079575a3e5f737ef4d322614225344c5aeadd51bfb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 06:26:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3511
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2939
x-xss-protection: 0
last-modified: Mon, 26 Feb 2024 11:38:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 07 Mar 2025 06:26:20 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/ Frame AD3B 379 KB
132 KB 117ms
38ms Script
text/javascript 142.251.16.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/outstream.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.95 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f95.1e100.net

Software

sffe /

Resource Hash

f34cf5ba670b3eae17378288357603fe520e0dff85b58097e492945dd35c4ed8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 06:37:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2831
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 134699
x-xss-protection: 0
last-modified: Mon, 26 Feb 2024 11:38:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 07 Mar 2025 06:37:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240305/r20110914/client/ Frame AD3B 20 KB
8 KB 41ms
41ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240305/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 20:10:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40465
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Mar 2024 20:10:26 GMT

GET
H3 200 AGSKWxXvDfZF-LHsCkHsnKCnrokesXfxLOepz7P-AI5_RyevuXSMA-YcmXzp46yMMC9R_TB_TS7UaMEvh43QSeeCEgXjdLlrUraGuVYmywF-NN85UMDZQ3B3iS4b3SphXVZM5YQGvIXj9g== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 66ms
66ms Script
application/javascript 172.253.115.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXvDfZF-LHsCkHsnKCnrokesXfxLOepz7P-AI5_RyevuXSMA-YcmXzp46yMMC9R_TB_TS7UaMEvh43QSeeCEgXjdLlrUraGuVYmywF-NN85UMDZQ3B3iS4b3SphXVZM5YQGvIXj9g==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA5Nzk2MjkxLDMxOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vcG9zdGltYWdlcy5vcmcvIixudWxsLFtbOCwiRjg4WGJocUxvalEiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f1c9b11acdc551d5091a18c301c79580276cf2ed0aa1cc692b5b72c8c1992f7e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tsQIWRIBWegqDCM7ds-Y2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:51 GMT
content-security-policy: script-src 'report-sample' 'nonce-tsQIWRIBWegqDCM7ds-Y2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStHikmJw0JBiOO90h-k6ENcyPGNqBWIDjedMFkDM-OcFEycQv_vykonn60smCSDWAOIdPh4sfOums6oAse766ayhQBzzfDprChA7pc9gDQJin_oZrDFALMTDcfj60vVsAg2Xf6xlBAD-7y2j"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 img_bg.jpg
s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/ Frame 680E 49 KB
49 KB 41ms
40ms Image
image/jpeg 172.253.115.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/img_bg.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca06000320f4a42f0e6011db2a238349e5ad939779f01ced6671d69e22729ecf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6939911544815639185/en_lda_feb24_phase1_roc_nxSIG_728x90/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Fri, 07 Mar 2025 05:02:22 GMT
date: Thu, 07 Mar 2024 05:02:22 GMT
x-content-type-options: nosniff
age: 8549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49691
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 17:46:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BCC4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

55ms
55ms

Document
text/html

172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Mar 2024 07:24:51 GMT
expires: Thu, 07 Mar 2024 07:24:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Mar 2024 07:24:51 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 csi
csi.gstatic.com/ Frame AD3B 0
234 B 157ms
51ms Ping
image/gif 64.233.183.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~ltgwkdyt&c=4838636647709&slotId=2419318323854.5&qqid=CKGKjcTP4YQDFVcuaAgd4uYGqA&fb=outstream-lima&sei=44752538%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.233.183.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: it-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:51 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame AD3B 15 KB
16 KB 38ms
38ms Font
font/woff2 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 07:59:23 GMT
x-content-type-options: nosniff
age: 84328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Mar 2025 07:59:23 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame AD3B 15 KB
15 KB 38ms
38ms Font
font/woff2 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 15:26:57 GMT
x-content-type-options: nosniff
age: 57474
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Mar 2025 15:26:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AD3B 0
20 B 97ms
96ms Image
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CNcznwmvpZaGhCdfcoPMP4s2bwAr0nuLldYnRoKXrEdWR_MIDEAEgkfLAB2D9iJeB6AOgAYLk69ApyAEFqAMByAObBKoE8QFP0HpnTomb76Ftgb3AGvghgpjHd7Q9voEHX8EbrgXAS3LpfSgoWjoy5F7h9Q_4WFXc8AU3y4L0dilmyUmwfmQ6rA5ut_wOLYvvxNZ_BpWGlE9g2tHw7REjgc_YMw244u5h9ZtkAzzKq7YpuQ1-IScTDT1rmGsMvcEK8rCsU1vTvnV1p4J06nRXx5IJlkvhKesTKDowQOuhwDRETN-413Bka9DrEydZS23v1LDp8IDoPKkeUZ5dsG3IB_-mCA4ds-CAZoKvje8p_kiKBdk4Td9i8EjHeiVqZ3x57lkBD_jMkjB2jRXrdLJ2VZ3h0Tb9EPkGwATg4bmrxwTgBAOIBZHAj6tLkAYBoAZ5gAeCnLywBKgH2baxAqgHr76xAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQLYBwDSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYpOyMxM_hhAOACgHICwHgCwGADAGqDQJDQbAT1uX2FtATANgTA4gULtgUAdAVAfgWAYAXAQ&eventType=clickstring&clientTime=1709796291529&ai=CNcznwmvpZaGhCdfcoPMP4s2bwAr0nuLldYnRoKXrEdWR_MIDEAEgkfLAB2D9iJeB6AOgAYLk69ApyAEFqAMByAObBKoE8QFP0HpnTomb76Ftgb3AGvghgpjHd7Q9voEHX8EbrgXAS3LpfSgoWjoy5F7h9Q_4WFXc8AU3y4L0dilmyUmwfmQ6rA5ut_wOLYvvxNZ_BpWGlE9g2tHw7REjgc_YMw244u5h9ZtkAzzKq7YpuQ1-IScTDT1rmGsMvcEK8rCsU1vTvnV1p4J06nRXx5IJlkvhKesTKDowQOuhwDRETN-413Bka9DrEydZS23v1LDp8IDoPKkeUZ5dsG3IB_-mCA4ds-CAZoKvje8p_kiKBdk4Td9i8EjHeiVqZ3x57lkBD_jMkjB2jRXrdLJ2VZ3h0Tb9EPkGwATg4bmrxwTgBAOIBZHAj6tLkAYBoAZ5gAeCnLywBKgH2baxAqgHr76xAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQLYBwDSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYpOyMxM_hhAOACgHICwHgCwGADAGqDQJDQbAT1uX2FtATANgTA4gULtgUAdAVAfgWAYAXAQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame AD3B 0
54 B 133ms
54ms Ping
image/gif 64.233.183.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~ltgwkdzf&c=4838636647709&slotId=2419318323854.5&qqid=CKGKjcTP4YQDFVcuaAgd4uYGqA&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.140&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.233.183.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: it-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:51 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame AD3B 26 KB
17 KB 82ms
78ms XHR
text/xml 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DIrNkUar5lFixACigDIUT_neH0U8Deu1oc3yTtRMNtIpWlC-XWFzwhH2DN0ag4QYjdW7eZJgOSyZUzLMtJKl5Pjh03jw&cry=1&dbm_d=AKAmf-D-oZlW2a7bpz_U2D6l2pwUtEhF8km9IbQG4brkX1yEx_jZqXUfSR0ZbVvnO1umTGl9-9Ko91fJiyTc9P7hbBwGNRJxv_0ENQwArq7FHnBY8sNyOpfuUzyYY_XIYJlmolJ0lzE9bGBAwy-wHI4aTDldee6DQFsMzPzVyID2H03v5Uf-FCvAU5gaSvAXgpHvnKyMLjNlA85VkJx8XqlwRt5tkXGUmQNqCKRebVqiQSxEWpQGkJ5LtWMY7ChoVqflLIQHyOncCFNgKrCc2DvZMw3PMsfG5mIFPPuYA3qra_CC_Cs1cOTXezIBFmTjKCbvqqX1gSIPSKjW0jq8HCIBOSRr0pQ50gRpjL5k4m-vZMvmkoXTT_FhulEfPozKpuu8XMp-LkyBaSPuw4aZ1ArtPpv9mS0dK-bHFf8-enZORQ6l5n9RIpIQuLWrL3dypa-MQghhjArkrGaBF129HlvRt5PU6YAXWvrgwV_kKzMyPUxH6wa3TqiiZE2Y_i_qzL8U0Jh0_dt9onUCjWONbxIhfElfc8qItY-Fxp-LgIGuL0V-irqvG5yeLZM6csX-YwsFw8Qc4wC7nXkdRndDWNMw9Pbr5xVtYR22csSuyvqyIgGa5VW68WCO76kvsYUpXdtzjK_Z2hxktGap_CVsn6qFyMGziTkSB5EBrCi1WOlJVv4yKK7M95mQ3ei9OIpKg7uuhvRGzAMHfgcyB3tLtHeato6N3eYHjsApiY9zKpSsQ9dQ6pzTsLLprANRCB2mlgn0_EmnQdAK1YdEl7-uiWI_pQr1yUSVWqsjxG4QB33Zsoe8kx9WlANZOp-SezxeHtleDwSdDEPO_D-wjBjCB3oKa39NjOJgocsnkl6sJIH7YVFPI3KtZALq3_le5ZC-HZiuLOAvHecIKURm6EBTKIVT95o6Fxn-MVxeKlUPM50ffPM9d7YtUsMH50eYwgKEHEZ_WsaVvQCSAw4HVOnc-DkJAG0YMDdM7PMqdWuzMSLJtIJqtuxRV16AfH6A_pU7N9Kct6OVGscCwCW2kotonnRuJ9C-0GisVqw4Gzb1xmUTDz4cUjur8NMBQyJAlTSo6TUrSkrj_lI2YZQTANQdK79DUYhwFeyyRlBVd5o-X0tggGiR_N2_x26L5k_dxGAFHDlUWfhN7ypfY5HlrGYepqGlepBQhazGPoPskfLfkjXCxG2Bs7omk88VyD9sCCKf37z-hnW-BBUOYUgxRBAoyBFbGgLVvrFQ08Gd_q6arKqlgt2otN84yYMgs8XyJQdzpX6PnktTokyrvtGqDY_dzxiJskac9dBRA84e-XrQmwfbsTwS3VqJoQzWfP-kepUI1Q6UGW9L1hU_0xvxFCxYV083AtPz0FRlpzxWtLHdRcFXpxgVPvcDigz-jqnoPez0G4c0ypP48zWGV2ul1DnnRH8EYSgLa5dks4aUKPv02-oU24f1BVnyaF00gRd81h55A5n5nkjscGptGYz4mfhn_GKO6X5yndOOWVizVKA60G8Tvrmfou834LWlZv7COpCuK87JPCX1rVTYoZPIUZNOG08HrGjGc993bVsotFCjYjrHwOnJqOxZGSHWyutPJ_5SDfS_bdH4tOReUnYeZxPabIO2EXaBapUNvgh6A44FU5HXVH5akWZuZjyNH6votP4tKuSXFQGyJBw7MUNjEHqm0ANDr-2N0qk5IyRtSo3-TIE-zNHaYLsPBYn-LVNclbQ6DzOLqSTFa19zu1L4bQ62_Q6oEV1yi_ZeLjZl6NWI_bS5yawIhYeFWrUQb_3J7E8V1DJFakrIOw5uiULvnKJqHml03Lytz_hUh6ZYTeBomUw-rYHEezDroS1t_sK8gVGg22pVdy8QExHbOxRrtAjGaEeN2nYZaFBxylMoOztSeFgxrTbfIITRiHWT5sIM4CitQhMjM9wD1OFEisJBRRb2fePNY7h2J-N0ok6Opmtj47TXLIP4oju2TVuptH5ldC-sBW6wK1agMENpgFiKebDQ9Gdaeqfl5gk8VY197VOM4M1CWZTHGdtOWxKMGUyyZfwb4RLAzyahssTCBI_iTlCAv69pAhUbN5vlZg9yaTd2HUZTlycJUUPZs1C_-2oxxWdwcAX8M7NPo9MtTzqT-tyVzRLIeasMXndeMn2_RHMD4tjMDlMv5r40zrQd3fnlPmVmldQ8Ag8AY01M4TKjiPInehKzcyVYXgXRcKmDZA8_ASgL-MAGfsS9QZj6YK5qK51VtG85NCDMJrlZb25ZRXox5YCMjh9AVvkLNg80WjTtKrvHAf6n2YyaEKRbCfwN_SQTfIOmoPvK9MlbGIZQnwph1oNZ_1qufS3MS53lVNZ8VT9dNB9-u6MnKLWZrwEPmRZQCuV4c3MkrZ7U_QoUgHJp03UBEhhG9XzQC91hLTNkkCMkNxWvtpWKZEkWqGeZ1jut7TdKL82M1-wZTf62ufCfYaTIPrsgqNJkEkP4ooLdAs5M2cEzpcS9UcDkXz2-Eitwyt4LYQxuXyQKfy5zXFAw2ZDQ3d4mMpIWUtRFNbfV75mTqHfdz-UMrMnSoXGVIALH601aTL3ovVyN-pwsY235_6e71oaUhbhfMkih59toWpX5UU8OkFJ-P2-P-FyUmvWP0uBwx8Y-3eR9v2QDTXDao4CBUs77QAPDW6I02pOgVgPwyY0x52Dc78UPH-XQd5i5bqxAsuxyXflr1S5Lclh-jme4OrCV_TkX8_AYxpd_DBHjdpOrUKkiNbi2-Rx3KMFRcb2NlBMSsY45fvM4hxmr8HDb9Jyw7Yik7TGz0EEh2erYDLJHtbTounlCgEw-jUS90m6fM2RTA2ZN3RedFuv3q2-f5DtMtfqVBmSKqntEcM3amsOgt6w8KNzwcSbRZTIpIGQd_BeG3BD5cfM679dGVRyUjDKSAf5qazwOz1t1g4n2vz1mKL2edoF5dkHlvkOhxhdRu2rappDVdwmSJ7B2JAbMRUiHcwBO4V59CqEtWBDzqVTKtv06yRmlp-CJmaGDzzB-JykXs1y10z4S7IntoWQtXBx-SBQK83MkQ2l1uZdNIJ72ysaQDL4ciWY5Av02giDtf9FVyU9DXpw_G61lUesxCt-svhvCiAdXD7Ni93m9U1H6DlBTUqQ1xdYEBhHWV_1TWFizTPUk83FK_Hc-Qgco3VFB7Zre-h-pApXWOYHR59UJCBvB3Crk9Q7pzBEqCcuwR--8Og4Gos7HhTcOnXRa5AV7_uSHNpBs8yB7bHxWiqBF7sNUjPIP4RMBHSFYlX_it0QhqfEzHSDiPzk7URfo9PV0hYy9AfBTfzf5IOmupGIq9OF8UARKrgz4m0ZSCy9I-FD68crlJxsMJwAUKfHjbhOoSFDO41WH8iO7oNMGCbSwEB2qPZ1u6Oi5FLvZCCnbmjgtH8S0BGNT2TgMn5puoSK0JA83aSdabQjLSKjRhCt3xen53Rj7oujvOQYgEMj2KONztF6-gvdWnRNf5lay7kv7uHtlBMQOvnJx0XD_Kqa3yLKCFes5NpaqtkllObTD3gEWty1PjxN89rywfCTd9zIj8WfUKhVaSVxVVG4GVqJbbrPL4Uxk285x7bPhbGDVf-QliSQ7XFKNr-ZRM5OTfXNu0V7AdKJFyCogl5dNq9g1tm88SbA&cid=CAQSTgB7FLtqsvSOisaT0hQFirISLeuiDo0eNpSRa8xzGwrBmW5GSIUfNEFewud_72Iqif1BpjRkq5xSBfUFrerGrnJlUWcQIH6hGMsy9VQEtBgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee864f066fb7285e27d28b7a958f716b6a9722957180a0426472e3771c0bb945

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:51 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16982
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame AD3B 204 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37e4dbec4a9fa28f10d0934b94aeed4adc1989851080ff82fc18c8c896ab4dce

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 tx_YDh4dAjwBh_VW-2vM8PCxzl4JTVu4GQSmkVWr_Gk.js Show response
pagead2.googlesyndication.com/bg/ Frame 178C 51 KB
20 KB 40ms
40ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tx_YDh4dAjwBh_VW-2vM8PCxzl4JTVu4GQSmkVWr_Gk.js

Requested by

Host: postimages.org
URL: https://postimages.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

a184-29-161-102.deploy.static.akamaitechnologies.com

Software

sffe /

Resource Hash

b71fd80e1e1d023c0187f556fb6bccf0f0b1ce5e094d5bb81904a69155abfc69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 03:11:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 187997
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20052
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Mar 2025 03:11:34 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame AD3B 0
45 B 53ms
51ms Ping
image/gif 64.233.183.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~ltgwke06&c=4838636647709&slotId=2419318323854.5&qqid=CKGKjcTP4YQDFVcuaAgd4uYGqA&fb=outstream-lima&vast_v=2.0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.233.183.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: it-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:51 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK / Show response
servedby.flashtalking.com/imp/8/224477;7876249;208;xml;DV360;DV360FY24StockCTXKeywordCADSKVID1920x1080/ Frame AD3B 9 KB
3 KB 133ms
50ms XHR
application/xml 184.29.161.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://servedby.flashtalking.com/imp/8/224477;7876249;208;xml;DV360;DV360FY24StockCTXKeywordCADSKVID1920x1080/?gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&bundle_id=&site_url=https://postimages.org/&pub_id=1&sup_platform=1&pbMethods=[PLAYBACKMETHODS]|[CONTINUOUSPLAY]|[TIMESINCEINTERACTION]&cachebuster=[CACHEBUSTER]

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/outstream.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.29.161.102 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

prod-xre-app41.ash11 /

Resource Hash

11b271de5d2a1901dedee0500c1635dcbe7517dbf00ee58862346986088fcab3

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Thu, 07 Mar 2024 07:24:51 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=86400
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 1921
Pragma: no-cache
Last-Modified: Sat, 02 Mar 2024 03:14:29 GMT
Server: prod-xre-app41.ash11
ETag: "8a62bbfaee792f6f182cbf23bf3e5bc5"
Vary: Accept-Encoding
Content-Type: application/xml
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Expires: Thu, 07 Mar 2024 07:24:51 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame AD3B 0
0 99ms
98ms Fetch
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CgtCvwmvpZaGhCdfcoPMP4s2bwAr0nuLldYnRoKXrEdWR_MIDEAEgkfLAB2D9iJeB6AOgAYLk69ApyAEFqAMBqgTuAU_QemdOiZvvoW2BvcAa-CGCmMd3tD2-gQdfwRuuBcBLcul9KChaOjLkXuH1D_hYVdzwBTfLgvR2KWbJSbB-ZDqsDm63_A4ti-_E1n8GlYaUT2Da0fDtESOBz9gzDbji7mH1m2QDPMqrtim5DX4hJxMNPWuYawy9wQrysKxTW9O-dXWngnTqdFfHkgmWS-Ep6xMoOjBA66HANERM37jXcGRr0OsTJ1lLbe_UsOnwgOg8qR5RngWxz9QPxTA7nIYpM7_tUfkMdTZ70prSNEGVGu3yYM5TPZWUiQA2locv1tRilvSSkFObnVpNBE8aCXbABODhuavHBOAEA4gFkcCPq0uSBQQIAxgBkgUGCBsQARgBkgULCCIQAxgBSP2-_AGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBnmAB4KcvLAEqAfZtrECqAevvrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQLYBwDyBwoQnYQ0GNegnoAC0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WKTsjMTP4YQDgAoByAsB2gwRCgsQ0IzMo6aJjKm6ARICAQOwE9bl9hbIE_zZ_eID0BMA2BMDiBQu2BQB0BUBgBcBshccChoIABIUcHViLTA3NzYyMDAyNjUyMDg5MjkYAA&sigh=hJodHMlhDQ0&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgB7FLtqsvSOisaT0hQFirISLeuiDo0eNpSRa8xzGwrBmW5GSIUfNEFewud_72Iqif1BpjRkq5xSBfUFrerGrnJlUWcQIH6hGMsy9VQEtBgB&vt=10&cbvp=2&vis=1&nis=5

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html
Attribution-Reporting-Eligible: event-source
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 07 Mar 2024 07:24:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 101ms
100ms XHR
application/json 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240305&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08c5843ce110d0c547f7edcd3b2213fcbcad011d0d91ec2876527e000b1f12e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12318
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 42ms
41ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402290101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 07 Mar 2024 07:24:51 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C9D7 42 B
64 B 96ms
95ms Fetch
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuZfWsIH98QYbNPIXZy7xDWN-EeIEmZ6lS17_b_yCTBdx8Wo_TLupCGOsdRehwPxmpcImjH47AIpeMSSkY_4lDEne98ynP1jP6MxCItjq7Hy_ZQ6kpI78lHSSBMVWmiWbNBdPG7bGgYAKELrVqhop3wV8s0kGv6xl0&sai=AMfl-YQehdzsW_XALSmDHEaO5X8yDXllQCdJtgrm8Gh8LDUEMZupJUR2EUa4kSRhwCNdrzxSgFLoNP02ovtcD4h4Dp7ZXwPVyTmw2uB5m5WzcyaUzQTSzngF7XZTaksbVlQEV-7SZck5xFqD6Jr1Z0whmg&sig=Cg0ArKJSzJLAwiF5RTpfEAE&cid=CAQSTwB7FLtqwfIkstgfNjcCjlywBZDQUjrYE7W2Z874UTMvk4ymNK07l2ngG-E2sikLMVIAiEhu8hitURVFqOquYSZj3OepYC6_Y_sOJBrgomYYAQ&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240306&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1184666797&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=572909000&rst=1709796290654&rpt=151&met=ce&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame AD3B 0
17 B 52ms
52ms Ping
image/gif 64.233.183.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~ltgwke3t&c=4838636647709&slotId=2419318323854.5&qqid=CKGKjcTP4YQDFVcuaAgd4uYGqA&fb=outstream-lima&vmfc=6&vhc=0&icp=FTPrivacy&icdi=16x16&ccc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 64.233.183.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: it-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:51 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame AD3B 41 KB
15 KB 43ms
42ms Script
text/javascript 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230109
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Mar 2025 15:29:42 GMT

GET
H/1.1 200
OK consumer-privacy-logo-16.png
secure.flashtalking.com/oba/icon/ Frame AD3B 7 KB
7 KB 122ms
37ms Image
image/png 23.50.124.47
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.flashtalking.com/oba/icon/consumer-privacy-logo-16.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.50.124.47 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-50-124-47.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: ddfa452f752c05d749643b4221e6e18c92c0e8b6085b5ffa0ffe357935dbf60b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Thu, 07 Mar 2024 07:24:51 GMT
Last-Modified: Thu, 06 May 2021 18:54:24 GMT
Server: Flashtalking (AKA)
ETag: W/"ea9218504eec09a337676178d9020356"
X-FT-Origin: us
X-Varnish: 366364844
Content-Type: image/png
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7281
Expires: Thu, 07 Mar 2024 07:44:51 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame AD3B 0
17 B 51ms
51ms Ping
image/gif 64.233.183.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~ltgwke7p&c=4838636647709&slotId=2419318323854.5&qqid=CKGKjcTP4YQDFVcuaAgd4uYGqA&fb=outstream-lima&gpm_i=6&gpm_c=6&gpm_a=6&smb=Infinity&br=20000&mt=video%2Fmp4&vs=1920x1080&msm=1&aits=0&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=0&hcn=0&met.4=arp_a_e.1bv~atrd.1cd~videopreviewvisible.1cg&ua_e=1&umsem=0&ape=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 64.233.183.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: it-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:51 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 206
Partial Content FY22Q4_Stock_Stock_Stock_XY_EN_WorldOfStockNature15s_VID_1920_1080_20000_2398.mp4
cdn.flashtalking.com/165457/ Frame AD3B 36 MB
0 122ms
42ms Media
video/mp4 23.50.124.47
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/165457/FY22Q4_Stock_Stock_Stock_XY_EN_WorldOfStockNature15s_VID_1920_1080_20000_2398.mp4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.50.124.47 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-50-124-47.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Range: bytes=0-

Response headers

Date: Thu, 07 Mar 2024 07:24:51 GMT
Last-Modified: Sat, 02 Mar 2024 02:48:38 GMT
Server: Flashtalking (AKA)
ETag: "2bb679b20f0b8b456c037403ed194311"
X-FT-Origin: us
X-Varnish: 272926316
Content-Type: video/mp4
Content-Range: bytes 0-37509420/37509421
Cache-Control: max-age=375
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 37509421
Expires: Thu, 07 Mar 2024 07:31:06 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame AD3B 0
17 B 51ms
51ms Ping
image/gif 64.233.183.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=6~ltgwke8f&c=4838636647709&slotId=2419318323854.5&qqid=CKGKjcTP4YQDFVcuaAgd4uYGqA&fb=outstream-lima&gpm_i=6&gpm_c=6&gpm_a=6&smb=Infinity&br=20000&mt=video%2Fmp4&vs=1920x1080&ple=1&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fservedby.flashtalking.com%252Fimp%252F8%252F224477%253B7876249%253B208%253Bxml%253BDV360%253BDV360FY24StockCTXKeywordCADSKVID1920x1080%252F%253Fgdpr%253D%2526gdpr_consent%253D%2526us_privacy%253D%2524%257BUS_PRIVACY%257D%2526bundle_id%253D%2526site_url%253Dhttps%253A%252F%252Fpostimages.org%252F%2526pub_id%253D1%2526sup_platform%253D1%2526pbMethods%253D%255BPLAYBACKMETHODS%255D%257C%255BCONTINUOUSPLAY%255D%257C%255BTIMESINCEINTERACTION%255D%2526cachebuster%253D%255BCACHEBUSTER%255D&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 64.233.183.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: it-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:51 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 31F1 13 KB
5 KB 41ms
40ms Document
text/html 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 36022
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Mar 2024 21:24:29 GMT
expires: Thu, 06 Mar 2025 21:24:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3833 829 B
996 B 59ms
55ms Document
text/html 172.253.62.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f147.1e100.net

Software

GSE /

Resource Hash

f6ff51c24c5a7ca4e3f63190e8aa70b18867f6c24d911868090cd954e5b57c82

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6SvrNU10IMhTp1McvczI-w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://postimages.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-6SvrNU10IMhTp1McvczI-w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 07 Mar 2024 07:24:51 GMT
expires: Thu, 07 Mar 2024 07:24:51 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame B0DE 23 KB
8 KB 41ms
40ms Document
text/html 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 550326
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Feb 2024 22:32:45 GMT
expires: Fri, 28 Feb 2025 22:32:45 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 O8T1Km08OhS5_Tz58jKeajrFynp-IyfJlJwKv1268Sc.js Show response
pagead2.googlesyndication.com/bg/ Frame 31F1 39 KB
15 KB 40ms
40ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O8T1Km08OhS5_Tz58jKeajrFynp-IyfJlJwKv1268Sc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3bc4f52a6d3c3a14b9fd3cf9f2329e6a3ac5ca7a7e2327c9949c0abf5dbaf127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 03:02:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 188548
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15541
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Mar 2025 03:02:23 GMT

GET
H3 200 tx_YDh4dAjwBh_VW-2vM8PCxzl4JTVu4GQSmkVWr_Gk.js Show response
pagead2.googlesyndication.com/bg/ Frame B0DE 51 KB
20 KB 40ms
39ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tx_YDh4dAjwBh_VW-2vM8PCxzl4JTVu4GQSmkVWr_Gk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b71fd80e1e1d023c0187f556fb6bccf0f0b1ce5e094d5bb81904a69155abfc69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 03:11:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 187997
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20052
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Mar 2025 03:11:34 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3833 0
0 98ms
97ms Image
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240305&jk=148177581894733&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: bl-in-f157.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

GET
H3 200 adcalloverride. Show response
fundingchoicesmessages.google.com/f/AGSKWxX9ZMa-2nRKOpu48w7wg7Z-APeX67_kBH9WOUWi0G4O2TGU8V43rZERH0-iisRBuEBqb__2qlSHmqefVWYH86c-bRZk6ptWGm1QQam-M4Lcqft5c21RwkAefwOprRK2bgBQAHuGZzXCkGKXKmDocIyFk7Kmg... 54 B
110 B 65ms
65ms Script
application/javascript 172.253.115.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxX9ZMa-2nRKOpu48w7wg7Z-APeX67_kBH9WOUWi0G4O2TGU8V43rZERH0-iisRBuEBqb__2qlSHmqefVWYH86c-bRZk6ptWGm1QQam-M4Lcqft5c21RwkAefwOprRK2bgBQAHuGZzXCkGKXKmDocIyFk7KmgxWNXdL4eBrhmMEvJUROPi91-ZcI1SsU/_-Web-Ad./660x120_/idleAds./getsponslinks./adcalloverride.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.F88XbhqLojQ.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMzr4ceWFX7ILY5aq-B7zoYoS2SYxw/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

82c836523409a5a2bb388f04ee60b3e374d3a1a6a06db4cf301cefaadd980ba5

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-onrAcUGScWMicnfEmNu1Ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:52 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-onrAcUGScWMicnfEmNu1Ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStHikmLw0JBiOO90h-k6ENcyPGNqBWIDjedMFkDM-OcFEycQv_vykonn60smCSDWAOIdPh4sfOums6oAse766ayhQBzzfDprChA7pc9gDQJin_oZrDFALMTNceT60vVsAhPun5IFANQqLQg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
50 KB 170ms
169ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b3588f75aacd1a4862fdb2059d09da6755b9ec9d54488f3911966e8a6cffad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51219
x-xss-protection: 0
server: cafe
etag: 5088268992843944181
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Thu, 07 Mar 2024 07:24:52 GMT

POST
H3 204 AGSKWxWFUnZhU7EWnozYnMYdaxOeW4ADk9-M5BThehTMRub8yZQIpOD1vO8JP7trOUaU77ZWmeq114ZgaxlyJ2UyS2x-nOiJfi_tFMVcSHzm9Oqkw33MpIQra2zi_IJW6f7O2BY8XzRRBw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 142ms
65ms XHR
text/html 172.253.115.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWFUnZhU7EWnozYnMYdaxOeW4ADk9-M5BThehTMRub8yZQIpOD1vO8JP7trOUaU77ZWmeq114ZgaxlyJ2UyS2x-nOiJfi_tFMVcSHzm9Oqkw33MpIQra2zi_IJW6f7O2BY8XzRRBw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-HFPOOF_JjV0m7APOuun0pQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 07 Mar 2024 07:24:52 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-HFPOOF_JjV0m7APOuun0pQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtHikmII0JBiqGV4xtQKxIx_XjBxAvEOHw8Wp_QZrEFALMTNceT60vVsAh8eLnYCAH4jEYM"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://postimages.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E3FF 42 B
64 B 159ms
158ms Fetch
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuIdqKCON0IjxWP1a-ePSDriDdHJbTtDANFI0P1quP7eE9V0LpLQhZkdRJ4piPIKcrr2XP7-Is2Gctu1V7neOZIuSKvE8Dv5tDBK7Wvf6TemBdRcCoH6E87ZxDneItijSvK-kdHMER9zjSD3MIj_jGSeiA6BMXV3Os&sai=AMfl-YRYZUKSBVEI5cWFmYJq7gO438yux6wHwtzBY5B3wMzoIFjRfK8C9P9h4GSRqVYHExJXkoBlk03cFtxVb6UPDn4nGpHsg57TtUmzC454JXb6Xng5YKodvGB5CTCa-oOP-QxR3_y8urB9GTsuaJHVNg&sig=Cg0ArKJSzLJLu1LU2wGoEAE&cid=CAQSTwB7FLtqI8N7jW27yRiKj9_FgJczTXmnatSMpyakpiBAPVxeDi4kbXGuV4pJK0g8Xxi-fMssK_xP9eUSlNp4A59pBNlUW-MFf0u1rM2gx7wYAQ&id=lidar2&mcvt=1011&p=0,0,280,1200&mtos=1011,1011,1011,1011,1011&tos=1011,0,0,0,0&v=20240306&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=750852199&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=572909000&rst=1709796290148&rpt=869&met=mue&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 31F1 0
10 B 43ms
42ms Image
text/plain 172.253.63.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?G7A3pg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.253.63.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bi-in-f132.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:52 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWFUnZhU7EWnozYnMYdaxOeW4ADk9-M5BThehTMRub8yZQIpOD1vO8JP7trOUaU77ZWmeq114ZgaxlyJ2UyS2x-nOiJfi_tFMVcSHzm9Oqkw33MpIQra2zi_IJW6f7O2BY8XzRRBw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-IkegMUs7cLgBy_sNNPtn4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 07 Mar 2024 07:24:52 GMT
content-security-policy: script-src 'report-sample' 'nonce-IkegMUs7cLgBy_sNNPtn4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtHikmLw05BiqGV4xtQKxIx_XjBxAvEOHw8Wp_QZrEFALMTNceT60vVsAj9OnPUEAH35EaE"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://postimages.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B0DE 0
20 B 99ms
99ms Image
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=Bb8cjw2vpZfn0JK2E6toPjfGNsAYAAAAAOAHgBAI&bg=!gIOlg8zNAAZdgtM0fYI7ADQBe5WfOCpvGyFDT0dD4ViKAh1CIX1nF5ollVieB2XQCqCUfAWd519znHy-q05S_rKVFwplAgAAAIlSAAAABGgBBwoAgwC3Iq3fZw-gCLThhzPAQ96IyKpSO4gOs82pSzGWOBFLCvrqamJvH1NaZJoXDUXMV2QyjwnUQJ2Njcv6nF-7E9PKdb2YMQacLCFyO-2OZn0mO8oq_c3c9YdthRzIHl6NwWuJhEVWYegUk1JfKvY9sQ_6GN7YSq2BaiB4aIwuDQPSZAnAmQLfetABpZmbhwRd2JpsCcpBaqXq2TIApyWWw7iK1UIAsIWiXb7wX_0BNj57BCV9FmUVpgH8977CMZh6hGlizWA4q4NzwVWE1XzHScdOvM7l9sJlqrpsiqr2A8SxLlyLNkRDW1kL0P3jl65QA4ShZ2nRjiargVWQ8-mAkyFDDlC5PXZZBk7PWjDrb_ojTLJtLpalEF87vazEeeNAgCz8EfsysaH-_rkmUGQfMv5hnGvxvqjh0ODiRUxKPASTr4l5jkABbs6L7X5iQtrRcyOHomwNW1NS9GVIpFysI5dURm6peYF71yBgProHvBLW_1Re4er3gWyw6s4HDOQwSyzFzP2_S06XhLprYZusepWdtrzfgvDBPyRU3xogvqrEyKdzh89x1jV9kJ79AoPLqBRYl02Gv645kjveI7Y_intJ8UJxlIJB9x8V4pXF3IOfybcjyXxKNSCWqSPziinc8D6RVVaprMDIYK47U7QiNFbUG-LOtu2_iCAUB53fX2-QvU8temOLeiLFIS02z5QtUwxzu8-orflJocv1p2Vs_bJdyuptBsEMYQQLn6daMtTjjhxWGIEV1F0kd2xFKIyJs89Mm1dHhzjeQNKR7sjLlD9tMz59zSgQD_E7KxBjrjYjYEJe2Xymw5Aimw4gKK9RiszFX_sVjOiZiPzVlJ3bzqD6wjEK7rOuRyQ5Mgn9FP1LIjvkAC0eoqKpF86vmc120hUu41c2RgTXkJulU5it7LU7IzCWvgD9u7s0Hko0zFUN7dI1GIjBCzpVqNDPZyCUkc05zFOu97S5HXwFIr7QALHeM5leZk_mkkOpq_nbByls_QGjbWNaHqbTvL9hbFLf41r_Ze5084espKl8RIFJdOxJ-_MbErRCazltas7WVX4X4BMYV0nhICbHYbzr3gXJhdm7SnRViare3TJ-HRPZ2QqNCVaM4y0WlodT1eAWGLeGwVE1gg-YnFcBum6w3BzhMruPePPh

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWFUnZhU7EWnozYnMYdaxOeW4ADk9-M5BThehTMRub8yZQIpOD1vO8JP7trOUaU77ZWmeq114ZgaxlyJ2UyS2x-nOiJfi_tFMVcSHzm9Oqkw33MpIQra2zi_IJW6f7O2BY8XzRRBw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-axUdPLvQYNNxGmGj0SozNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 07 Mar 2024 07:24:52 GMT
content-security-policy: script-src 'report-sample' 'nonce-axUdPLvQYNNxGmGj0SozNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtHikmJw0ZBiqGV4xtQKxIx_XjBxAvEOHw8Wp_QZrEFALMTNceT60vVsAh9uLakCAHwsEak"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://postimages.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWFUnZhU7EWnozYnMYdaxOeW4ADk9-M5BThehTMRub8yZQIpOD1vO8JP7trOUaU77ZWmeq114ZgaxlyJ2UyS2x-nOiJfi_tFMVcSHzm9Oqkw33MpIQra2zi_IJW6f7O2BY8XzRRBw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dubL6uD6bP83_XmWLyErcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 07 Mar 2024 07:24:52 GMT
content-security-policy: script-src 'report-sample' 'nonce-dubL6uD6bP83_XmWLyErcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtHikmII0pBiqGV4xtQKxIx_XjBxAvEOHw8Wp_QZrEFALMTDceT60vVsAh8mLWliBACPVxF5"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://postimages.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxX_g32DFW_4rVySZhO_AIIpgMeQ6_z55v0Vy3PzRjAaVg1PA0rjeHS2GyqJkZacKYJOUUQ8a_yRd68mrigHNbILfZEtDqk7x7-O60lAygUM5kNaaBT0bEx372aDRCf_1ypfRL5B2A== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 75ms
74ms Script
application/javascript 172.253.115.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxX_g32DFW_4rVySZhO_AIIpgMeQ6_z55v0Vy3PzRjAaVg1PA0rjeHS2GyqJkZacKYJOUUQ8a_yRd68mrigHNbILfZEtDqk7x7-O60lAygUM5kNaaBT0bEx372aDRCf_1ypfRL5B2A==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA5Nzk2MjkyLDIyMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9wb3N0aW1hZ2VzLm9yZy8iLG51bGwsW1s4LCJGODhYYmhxTG9qUSJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

a184-29-161-102.deploy.static.akamaitechnologies.com

Software

ESF /

Resource Hash

3034f07f951f3069a7e66d3b73623ced6ce45d509d14a7d6c0edc3ce555bdb3d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Hp0iMGnam-5CRJY7h7CR2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://postimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:52 GMT
content-security-policy: script-src 'report-sample' 'nonce-Hp0iMGnam-5CRJY7h7CR2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStHikmLw0JBiOO90h-k6ENcyPGNqBWIDjedMFkDM-OcFEycQv_vykonn60smCSDWAOIdPh4sfOums6oAse766ayhQBzzfDprChA7pc9gDQJin_oZrDFALMTDceT60vVsAgfOvm9gBAADLC2w"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
servedby.flashtalking.com/state/7876249;4438354;0;271;F6BF5D24-27C3-5534-AEA1-D9769742A112/ Frame AD3B 42 B
342 B 57ms
55ms Image
image/gif 184.29.161.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://servedby.flashtalking.com/state/7876249;4438354;0;271;F6BF5D24-27C3-5534-AEA1-D9769742A112/?ft_data=[PLAYBACKMETHODS]|[CONTINUOUSPLAY]|[TIMESINCEINTERACTION]&cachebuster=2034157459

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.29.161.102 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

prod-xre-app6.ash11 /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2024 07:24:52 GMT
Strict-Transport-Security: max-age=86400
Server: prod-xre-app6.ash11
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 42
Expires: Thu, 07 Mar 2024 07:24:52 GMT

GET
H2 200 ft.stat
ad-events.flashtalking.com/ Frame AD3B 0
67 B 456ms
46ms Image
text/plain 3.136.63.130
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-events.flashtalking.com/ft.stat?15091;224477;7876249;4438354;0;13;F6BF5D24-27C3-5534-AEA1-D9769742A112;5910AE594E721A;2034157459
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.63.130 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-63-130.us-east-2.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:52 GMT
server: awselb/2.0
content-length: 0
content-type: text/plain; charset=utf-8

GET
H/1.1 200
OK img
data.ad-score.com/ Frame AD3B 35 B
633 B 180ms
49ms Image
image/gif 130.211.115.4
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.ad-score.com/img?pid=1000940&tid=15091&tt=g,vast_imgs&l1=224477&l2=DV360&l3=7876249&l4=4438354&utid=F6BF5D24-27C3-5534-AEA1-D9769742A112&cb=2034157459&uadid=-1&interact=[TIMESINCEINTERACTION]&pub_ts=1709796292&pm_session_data=adstart
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 4.115.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2024 07:24:52 GMT
Last-Modified: Thu, 07 Mar 2024 07:24:52 UTC
Age: 0
Access-Control-Allow-Methods: GET,POST
P3p: CP="CURa ADMa DEVa TAIi PSAi PSDi IVAi IVDi CONi HISa TELi OUR IND DSP CAO COR"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: post-check=0, pre-check=0, false, proxy-revalidate, no-cache, no-cache=Set-Cookie, no-store, must-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 35
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 dc_oe=ChMIueLlxM_hhAMVLYJaBR2NeANmEAAYACDF6JFiQhMIoYqNxM_hhAMVVy5oCB3i5gao;dc_eps=AHas8cA0sfbiGasBgEOVo2921HhZRABwPbhlEodQaNkVsN6km5aNTgeiA1MSl8nhV7vFqktJSsB_GOTPDL2-x0jh;met=1;acvw=sv%3D961%26v%3D...
ade.googlesyndication.com/ddm/activity/ Frame AD3B 42 B
401 B 191ms
97ms Image
image/gif 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIueLlxM_hhAMVLYJaBR2NeANmEAAYACDF6JFiQhMIoYqNxM_hhAMVVy5oCB3i5gao;dc_eps=AHas8cA0sfbiGasBgEOVo2921HhZRABwPbhlEodQaNkVsN6km5aNTgeiA1MSl8nhV7vFqktJSsB_GOTPDL2-x0jh;met=1;acvw=sv%3D961%26v%3D20240226%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15061%26vmtime%3D5%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D432622290%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0%26co%3D572909201;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1709796292247;dc_rfl=%5BURL_SIGNALS%5D;ecn1=1;etm1=0;eid1=11;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame AD3B 42 B
64 B 103ms
100ms Image
image/gif 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CNcznwmvpZaGhCdfcoPMP4s2bwAr0nuLldYnRoKXrEdWR_MIDEAEgkfLAB2D9iJeB6AOgAYLk69ApyAEFqAMByAObBKoE8QFP0HpnTomb76Ftgb3AGvghgpjHd7Q9voEHX8EbrgXAS3LpfSgoWjoy5F7h9Q_4WFXc8AU3y4L0dilmyUmwfmQ6rA5ut_wOLYvvxNZ_BpWGlE9g2tHw7REjgc_YMw244u5h9ZtkAzzKq7YpuQ1-IScTDT1rmGsMvcEK8rCsU1vTvnV1p4J06nRXx5IJlkvhKesTKDowQOuhwDRETN-413Bka9DrEydZS23v1LDp8IDoPKkeUZ5dsG3IB_-mCA4ds-CAZoKvje8p_kiKBdk4Td9i8EjHeiVqZ3x57lkBD_jMkjB2jRXrdLJ2VZ3h0Tb9EPkGwATg4bmrxwTgBAOIBZHAj6tLkAYBoAZ5gAeCnLywBKgH2baxAqgHr76xAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQLYBwDSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYpOyMxM_hhAOACgHICwHgCwGADAGqDQJDQbAT1uX2FtATANgTA4gULtgUAdAVAfgWAYAXAQ&sigh=Yp_Wlkyj3PI&label=part2viewed&ad_mt=6&acvw=sv%3D961%26v%3D20240226%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15061%26vmtime%3D5%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D432622290%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0%26co%3D572909201&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1709796292247

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

4438354.gif
cdn.flashtalking.com/xre/787/7876249/4438354/image/ Frame AD3B
Redirect Chain

https://servedby.flashtalking.com/imp/1/224477;7876249;201;gifimpid;DV360;DV360FY24StockCTXKeywordstreamingCADSKVID1920x1080/?ft_impID=F6BF5D24-27C3-5534-AEA1-D9769742A112&ft_custom=&ft_c1=&ft_c2=&...
https://cdn.flashtalking.com/xre/787/7876249/4438354/image/4438354.gif

42 B
415 B

154ms
66ms

Image
image/gif

23.50.124.47
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.flashtalking.com/xre/787/7876249/4438354/image/4438354.gif
Protocol: HTTP/1.1
Server: 23.50.124.47 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-50-124-47.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Thu, 07 Mar 2024 07:24:52 GMT
Last-Modified: Wed, 31 Jan 2024 00:05:49 GMT
Server: Flashtalking (AKA)
ETag: W/"d89746888da2d9510b64a9f031eaecd5"
X-FT-Origin: us
X-Varnish: 369494207
Content-Type: image/gif
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42
Expires: Thu, 07 Mar 2024 07:44:52 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 07 Mar 2024 07:24:52 GMT
Strict-Transport-Security: max-age=86400
Server: prod-xre-app46.ash11
Access-Control-Allow-Origin: *
Location: https://cdn.flashtalking.com/xre/787/7876249/4438354/image/4438354.gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Thu, 07 Mar 2024 07:24:52 GMT

GET
H2 200 img.png
d9.flashtalking.com/img/ Frame AD3B 70 B
487 B 414ms
66ms Image
image/png 3.214.175.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d9.flashtalking.com/img/img.png?D9r.DeviceID=true&D9v.CampID=3175&D9v.CCampID=224477&D9v.ImpID=F6BF5D24-27C3-5534-AEA1-D9769742A112&D9c=ftVideo&D9c.placementId=7876249&D9c.creativeId=4438354&D9c.confId=0&D9c.privacy=x&D9v.gdpr=FT_GDPR&D9v.gdpr_consent=&D9v.us_privacy=!!US_PRIVACY!&cb=2034157459
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.175.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-175-86.compute-1.amazonaws.com
Software: Apache/2.4.58 (Amazon Linux) OpenSSL/3.0.8 /
Resource Hash: f3ca3118d9eceb4028fb8b62693e34913badaedfc8d62eed83ed744697bf12f9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 07:24:52 GMT
server: Apache/2.4.58 (Amazon Linux) OpenSSL/3.0.8
access-control-allow-methods: GET,POST,SERVER
p3p: policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
access-control-allow-origin: d9.flashtalking.com
content-type: image/png
access-control-allow-credentials: true
content-length: 70

GET
H/1.1 200
OK img
data.ad-score.com/ Frame AD3B 35 B
633 B 211ms
55ms Image
image/gif 130.211.115.4
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.ad-score.com/img?pid=1000940&tid=15091&tt=g,vast_imgs&l1=224477&l2=DV360&l3=7876249&l4=4438354&l5=1&l6=1&utid=F6BF5D24-27C3-5534-AEA1-D9769742A112&cb=2034157459&uadid=-1&pub_app=&pub_domain=https%3A%2F%2Fpostimages.org%2F&uid=&interact=[TIMESINCEINTERACTION]&pub_ts=1709796292&pm_session_data=impression
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 4.115.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2024 07:24:52 GMT
Last-Modified: Thu, 07 Mar 2024 07:24:52 UTC
Age: 0
Access-Control-Allow-Methods: GET,POST
P3p: CP="CURa ADMa DEVa TAIi PSAi PSDi IVAi IVDi CONi HISa TELi OUR IND DSP CAO COR"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: post-check=0, pre-check=0, false, proxy-revalidate, no-cache, no-cache=Set-Cookie, no-store, must-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 35
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame AD3B 0
674 B 195ms
105ms Image
image/gif 172.253.115.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssP6nuLDnXALxZXilkzLJvJL6NUnltkiSbHsM1sw6EEZUn5XIFChyYggJVhqsH-FamUiCglCzZnslvO948oTh6uF58BjbC7lKYca7bo8xalw_qdRlHGZKnNVauwEN9Tznr1qiERI9SX9jGL9eI7PhNwjRO8OysJ91f1u9ixAPRiuO8USbNgjTitb3bcdUDeHIoU5QGBL-XHz79nXTwptNnbQebHbRaiQylf7A2ZT1C7D8WEQUjvfngAJ297BXPhGaXE6w_cbFchHeiUDd8jT6PH1Y3q82O4iRPJ9Ii9P5M1JcgNRUrDLaL-ULKZSOUGwLTIJn9x7rou9PLGRSW-Z_LbGfzoeKKy0EvL937OQ5fVI83J3tUc1P8XgmGyvmUtbwcAfQ-rEV6_kb6j7UWLj_jzaPopEXGn9HhV3Vuvyjg1xP2TGnjKiHBKJLrw2XbSJCCZVRfyxD_YlHiy00Ict-0N3MvQaIOfJN8_aN8PfCpxU5z8VRqQs3H-6fr23n5M9w8VT6A8UBfjN6T5mcgP_yOKSClt2XFQB2N4pPuy-GEBBBTlo7oSEhbJtpeNYlck9ZAw2LiUjgGLHOUBLt3yT70s1RPnF4mIiahTl60R93_6aWcN9MeIXqW-X3wjzFC7FQuZufgmvcMf_rlpEe4TRQI5lOvaJqSTTLoSrdknNlpQS60S0CEWhBGd6R51KCvT5Pj6BJHL0RYYcAMnX1QDMTV3dhkL_3FNOrP9Nml27cW7GzCJm7FeDTDa3QPQHozkrSCkFGwsfhfgzMREdoCmpDc1CeBDxH2hlJvAqoW-g6pEwUZgusMEPshJCG9NzjNnIRcZGuqZp7UFjdzI6ZuCevwNmgwiwxDDGrmgkOyl7BFsbIBXFbbuE6VikhLS1MKPsYBLbWkbOybTKMMQBGcFvFiD3JOvoVbhKr9V5XenE6y4FJJjAZdyvHkGqe8IqRdtlj8DEaQH3D4V64f9nl2HM_Nz-VlkPmu-awyLQ6QV8stCp9L2Gq0bhDLbbIr9EkhMzESYG2AKh21i1PjJa49JaFSOrZoi5YswRdl5plt14Dq6Mzl_UANZNE3UHUlKYqnE6AuOeFfPWo0w_BXSK1LXRdHFGodokJMkm6CtrxqjDIvMmDfju06lP43_gylr7kJK3pFPOxQ3arA87KpD9AEuyJDgJ7h1DZnAofO83Q1HfyUEla-qhodLO9H5-z5jQchjC5vEdiPaFII_psUKIaoMrqkzNnfQex6shEu9OhoPN6Dy_-FvwHcTuhX6-R6Pj19bqilo7MbXkL287nV7GNUsYXIKs2-xWQu5nf40aNjz6Gve-5qc0luTtEJeNZdzJuOE7NR-mZagFHSnLF_3xlg&sai=AMfl-YQ70AcIiwfKMmp7w3tXMLzDkTOJveUyUz-1fS9ucPpz7FqJaOTQ4fRzhpHjlpAThRHAr5Kt0EeZbhS3DR5TBCMgm5EOOJnBgJ1Q9ne9TdhV_PoEsKpWI2OyVf2iZqmbrvqOkqVRdsWTBDERdd0mbfGXydi0LADVdyMk8zDjNxgs--LrSKqU8NBkgEbZVw3isN4F64a5BjHgbA4Olds7gubIKTPjW14PuV9-G-9VJPcimn8r9et9mntezj62APNZutEf1ejqn86iMvZwgYcU0CBOZG8_XYct2-YVPiDzt0oGUi3I1QbQv_oOZwZZx8hl&sig=Cg0ArKJSzDLKoWekaeh6EAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&adurl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f156.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 07 Mar 2024 07:24:52 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 07 Mar 2024 07:24:52 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AD3B
Redirect Chain

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQt92T3QQY16CegAIgATAB&v=APEucNX9QcIMrlElHBajvWAPy0wq8Ev2sVJ8qzPJc8skr1BVVZOPhsRKeamwFff7IuGd2X0WHNwI3tq4fnWcNhWLMUk1Yfr6aTJ0eOZY06HM4VSPPoCB3mw
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZelrwtHM6SgAAHJBABRnUgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAi-Eu_xs4SydFerbvHTtRw&google_cver=1

43 B
734 B

46ms
44ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAi-Eu_xs4SydFerbvHTtRw&google_cver=1
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:52 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GHI7DnS6h7L2yuEMI80fypZpnDWR0s8kRW6o%2BUBhWjq40O0%2BOntQZPD2wHUl6UCADjIDp3BMJ3YktJGAdhoOLpGV1twybfhWcvxmecghzuAfu6DDI4mBa%2B883JthzI8DskIgrLXCLiUOzA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8608d92bf96c36db-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAi-Eu_xs4SydFerbvHTtRw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AD3B 0
20 B 97ms
96ms Image
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame AD3B 42 B
64 B 99ms
98ms Image
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvmIqjoNrw1UiGF62KHZJU6WCpC0cfZqf3iOGiJ_q6fzNmKwKZjLS4m1vhxkUcGETUuUQEDjILgoX3GJ0U9yDotaSWu2cvTe2AsZkzG5H8XBQqm9p-Apd_m5cp0PZfOW_A9hg0DW4n3kM8Ylrj2ygqDdCQ0N55uR4M&sai=AMfl-YTu--IG55sOAiBv8WJnEORPwi1FY5JPwjoDzllETsZOqFWLlvql4CI-16g2EnHA0KN0QxufJ8kzf62GAlTPEKSwjbiw4mNvYlIbEEgh2vz9Us--xDIQF_u7SSD-KsMJxMFlDl3KhAuG57U1bxtA&sig=Cg0ArKJSzPXyhVmgJnsXEAE&cid=CAQSTgB7FLtqsvSOisaT0hQFirISLeuiDo0eNpSRa8xzGwrBmW5GSIUfNEFewud_72Iqif1BpjRkq5xSBfUFrerGrnJlUWcQIH6hGMsy9VQEtBgB&id=lidarv&acvw=sv%3D961%26v%3D20240226%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15061%26vmtime%3D5%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26ic%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D432622290%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0%26co%3D572909200&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1709796292247&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame AD3B 42 B
64 B 100ms
99ms Image
image/gif 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CNcznwmvpZaGhCdfcoPMP4s2bwAr0nuLldYnRoKXrEdWR_MIDEAEgkfLAB2D9iJeB6AOgAYLk69ApyAEFqAMByAObBKoE8QFP0HpnTomb76Ftgb3AGvghgpjHd7Q9voEHX8EbrgXAS3LpfSgoWjoy5F7h9Q_4WFXc8AU3y4L0dilmyUmwfmQ6rA5ut_wOLYvvxNZ_BpWGlE9g2tHw7REjgc_YMw244u5h9ZtkAzzKq7YpuQ1-IScTDT1rmGsMvcEK8rCsU1vTvnV1p4J06nRXx5IJlkvhKesTKDowQOuhwDRETN-413Bka9DrEydZS23v1LDp8IDoPKkeUZ5dsG3IB_-mCA4ds-CAZoKvje8p_kiKBdk4Td9i8EjHeiVqZ3x57lkBD_jMkjB2jRXrdLJ2VZ3h0Tb9EPkGwATg4bmrxwTgBAOIBZHAj6tLkAYBoAZ5gAeCnLywBKgH2baxAqgHr76xAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQLYBwDSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYpOyMxM_hhAOACgHICwHgCwGADAGqDQJDQbAT1uX2FtATANgTA4gULtgUAdAVAfgWAYAXAQ&sigh=Yp_Wlkyj3PI&label=vast_creativeview&ad_mt=6&acvw=sv%3D961%26v%3D20240226%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15061%26vmtime%3D5%26is%3D33554450%26i0%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D432622290%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0%26co%3D572909203&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1709796292247

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240305/r20110914/zrt_lookup_nohtml_fy2021.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame AD3B 0
17 B 61ms
60ms Ping
image/gif 64.233.183.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=7~ltgwke8r&c=4838636647709&slotId=2419318323854.5&qqid=CKGKjcTP4YQDFVcuaAgd4uYGqA&fb=outstream-lima&gpm_i=6&gpm_c=6&gpm_a=6&smb=Infinity&br=20000&mt=video%2Fmp4&vs=1920x1080&dm=15000&event_name=first_play&asset_bytes=174324&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=7&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=1&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=vil.1nb~ff.1np~videopreviewstarted.1nr
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240226_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 64.233.183.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: it-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2024 07:24:52 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVG6KLH6Mf3SGKKa7y95hz4SpSzIN7XAmdGawR6S9CqjcD-njCZQf3nOTtc4OAgeDOp_z0xj0B8255eROP07LNDOayoVZ5oPm---SB5-jaewevnlQFa7jOGpVBCSMaJK11DowHrqg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 83ms
82ms XHR
text/html 172.253.115.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVG6KLH6Mf3SGKKa7y95hz4SpSzIN7XAmdGawR6S9CqjcD-njCZQf3nOTtc4OAgeDOp_z0xj0B8255eROP07LNDOayoVZ5oPm---SB5-jaewevnlQFa7jOGpVBCSMaJK11DowHrqg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Ap9BE4xMNg9jKs7CEcamjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://postimages.org/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 07 Mar 2024 07:24:52 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Ap9BE4xMNg9jKs7CEcamjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtHikmJw0JBiqGV4xtQKxIx_XjBxAvEOHw8Wp_QZrEFALMTDceT60vVsAi96OxczAgCL0BFg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://postimages.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWFUnZhU7EWnozYnMYdaxOeW4ADk9-M5BThehTMRub8yZQIpOD1vO8JP7trOUaU77ZWmeq114ZgaxlyJ2UyS2x-nOiJfi_tFMVcSHzm9Oqkw33MpIQra2zi_IJW6f7O2BY8XzRRBw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS