nwxp.info Open in urlscan Pro
199.36.158.100 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nwxp.info/
Submission: On December 12 via manual (December 12th 2021, 8:47:19 pm UTC) from CA — Scanned from CA

Summary HTTP 110 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 37 IPs in 2 countries across 20 domains to perform 110 HTTP transactions. The main IP is 199.36.158.100, located in United States and belongs to FASTLY, US. The main domain is nwxp.info.
TLS certificate: Issued by GTS CA 1D4 on October 16th 2021. Valid for: 3 months.

This is the only time nwxp.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	199.36.158.100 199.36.158.100	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6812:24e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	142.250.65.162 142.250.65.162	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6812:34e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2607:f8b0:400... 2607:f8b0:4006:81c::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81e::200e	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:822::200a	15169 (GOOGLE) (GOOGLE)
1 6	68.67.179.113 68.67.179.113	29990 (ASN-APPNEX) (ASN-APPNEX)
1	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	52.4.33.45 52.4.33.45	14618 (AMAZON-AES) (AMAZON-AES)
2	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
2	52.72.165.80 52.72.165.80	14618 (AMAZON-AES) (AMAZON-AES)
2	2607:f8b0:400... 2607:f8b0:4006:823::200a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81e::2008	15169 (GOOGLE) (GOOGLE)
16	2607:f8b0:400... 2607:f8b0:4006:81d::2002	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:81c::2001	15169 (GOOGLE) (GOOGLE)
10	2607:f8b0:400... 2607:f8b0:4006:824::2001	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:817::2004	15169 (GOOGLE) (GOOGLE)
1 6	2607:f8b0:400... 2607:f8b0:4006:816::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81e::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:817::200a	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80a::200a	15169 (GOOGLE) (GOOGLE)
4 5	142.250.80.66 142.250.80.66	15169 (GOOGLE) (GOOGLE)
2 5	184.29.129.7 184.29.129.7	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2001:4860:480... 2001:4860:4802:32::3	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:822::2003	15169 (GOOGLE) (GOOGLE)
1	142.251.4.157 142.251.4.157	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:822::2006	15169 (GOOGLE) (GOOGLE)
3	142.251.35.162 142.251.35.162	15169 (GOOGLE) (GOOGLE)
2	2620:100:a001::4 2620:100:a001::4	19750 (AS-CRITEO) (AS-CRITEO)
1 1	2607:f8b0:400... 2607:f8b0:4006:808::200e	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:38::7	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	142.250.80.34 142.250.80.34	15169 (GOOGLE) (GOOGLE)
1	74.119.119.139 74.119.119.139	19750 (AS-CRITEO) (AS-CRITEO)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
2	151.101.129.108 151.101.129.108	() ()
110	37

8 199.36.158.100 (United States)

ASN54113 (FASTLY, US)

nwxp.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:24e (United States)

ASN13335 (CLOUDFLARENET, US)

s.nitropay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.65.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:34e (United States)

ASN13335 (CLOUDFLARENET, US)

tracker.nitropay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81c::200e (United States) 1 redirects

ASN15169 (GOOGLE, US)

www3.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::200e (United States)

ASN15169 (GOOGLE, US)

marketingplatform.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:822::200a (United States)

ASN15169 (GOOGLE, US)

firebase.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 68.67.179.113 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 564.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.4.33.45 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-33-45.compute-1.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.72.165.80 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-165-80.compute-1.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:823::200a (United States)

ASN15169 (GOOGLE, US)

firebaseinstallations.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4006:81d::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81c::2001 (United States)

ASN15169 (GOOGLE, US)

506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4006:824::2001 (United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:817::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:816::2002 (United States) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::2002 (United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80a::200a (United States)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.80.66 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 184.29.129.7 (Edison, United States) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-29-129-7.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:32::3 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:822::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.4.157 (United States)

ASN15169 (GOOGLE, US)
PTR: gm-in-f157.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:822::2006 (United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.35.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:100:a001::4 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:808::200e (United States) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:38::7 (United States)

ASN15169 (GOOGLE, US)

r1---sn-ab5szn7y.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.80.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.108 (None, )

ASN- ()

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	googlesyndication.com pagead2.googlesyndication.com 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	152 KB
22	doubleclick.net 6 redirects securepubads.g.doubleclick.net www3.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net bid.g.doubleclick.net googleads4.g.doubleclick.net	214 KB
8	adnxs.com 1 redirects ib.adnxs.com acdn.adnxs.com	55 KB
8	nwxp.info nwxp.info	293 KB
7	googleapis.com firebase.googleapis.com firebaseinstallations.googleapis.com fonts.googleapis.com imasdk.googleapis.com	128 KB
6	gstatic.com csi.gstatic.com fonts.gstatic.com	32 KB
6	nitropay.com s.nitropay.com tracker.nitropay.com	116 KB
5	casalemedia.com 2 redirects dsum-sec.casalemedia.com	5 KB
4	2mdn.net 1 redirects s0.2mdn.net gcdn.2mdn.net r1---sn-ab5szn7y.c.2mdn.net	1 MB
4	criteo.com 1 redirects bidder.criteo.com gum.criteo.com mug.criteo.com	6 KB
4	google.com marketingplatform.google.com www.google.com	1 KB
2	criteo.net static.criteo.net	54 KB
2	google-analytics.com www.google-analytics.com	360 B
2	sharethrough.com btlr.sharethrough.com	380 B
2	33across.com ssc.33across.com	545 B
2	yahoo.com c2shb.ssp.yahoo.com	884 B
1	adsrvr.org match.adsrvr.org	539 B
1	googletagservices.com www.googletagservices.com	37 KB
1	googletagmanager.com www.googletagmanager.com	53 KB
0	tynt.com Failed de.tynt.com Failed
110	20

	Domain	Requested by
16	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com nwxp.info 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
10	tpc.googlesyndication.com	s.nitropay.com nwxp.info 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com imasdk.googleapis.com
8	nwxp.info	nwxp.info s.nitropay.com
6	googleads.g.doubleclick.net	1 redirects nwxp.info
6	ib.adnxs.com	1 redirects s.nitropay.com googleads.g.doubleclick.net acdn.adnxs.com
6	securepubads.g.doubleclick.net	s.nitropay.com securepubads.g.doubleclick.net 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
5	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
5	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net
5	tracker.nitropay.com	s.nitropay.com
4	ade.googlesyndication.com
4	csi.gstatic.com	imasdk.googleapis.com
3	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
3	www.google.com	s.nitropay.com nwxp.info 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
3	506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com	s.nitropay.com
2	acdn.adnxs.com	s.nitropay.com
2	gum.criteo.com	1 redirects s.nitropay.com
2	r1---sn-ab5szn7y.c.2mdn.net
2	static.criteo.net	s.nitropay.com static.criteo.net
2	fonts.gstatic.com	fonts.googleapis.com
2	imasdk.googleapis.com	506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com
2	firebaseinstallations.googleapis.com	nwxp.info
2	btlr.sharethrough.com	s.nitropay.com
2	ssc.33across.com	s.nitropay.com
2	c2shb.ssp.yahoo.com	s.nitropay.com
2	firebase.googleapis.com	nwxp.info
1	match.adsrvr.org	s.nitropay.com
1	mug.criteo.com
1	gcdn.2mdn.net	1 redirects
1	s0.2mdn.net	googleads.g.doubleclick.net
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	fonts.googleapis.com	506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
1	www.googletagservices.com	nwxp.info
1	www.googletagmanager.com	s.nitropay.com
1	bidder.criteo.com	s.nitropay.com
1	marketingplatform.google.com	nwxp.info
1	www3.doubleclick.net	1 redirects
1	s.nitropay.com	nwxp.info
0	de.tynt.com Failed	s.nitropay.com
110	39

This site contains links to these domains. Also see Links.

Domain
www.patreon.com
discord.com
discord.gg
play.google.com
www.iubenda.com

Subject Issuer	Validity	Valid
wzz.jp GTS CA 1D4	`2021-10-16` - `2022-01-14`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-16` - `2022-06-15`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-14` - `2022-04-06`	6 months	crt.sh
ssc.33across.com GTS CA 1D4	`2021-11-26` - `2022-02-24`	3 months	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-24`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2021-11-30` - `2022-02-08`	2 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh

This page contains 14 frames:

Primary Page: https://nwxp.info/
Frame ID: 7B1F58663FCE9F13B112C0704AFDEA8E
Requests: 40 HTTP requests in this frame

Frame: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 424ED734D568CC7AF266DF9F60D9BFC0
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 10FB21E2FE660559A72C5F882A1BFED9
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A6E3A8A2AECBA537A2A818F7909D63E5
Requests: 2 HTTP requests in this frame

Frame: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 203F3E3F0D1AF0CBB75BB6F7F000AB5F
Requests: 1 HTTP requests in this frame

Frame: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1890E21E5B1969015493DD02E0852251
Requests: 32 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2G88ICEMe_gsUCGN6igLoBMAE&v=APEucNU4C-_ag9-DlCWMkhCyLF6lwhVOH7-egY_7qPKdATAGjKX9PCppGlkkuLgm1L6kddQrF5s6__iGiVRIO3BdpA2Zj1tVHA
Frame ID: CB912134C319BA786D506A8F91B29064
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DY7Pfh5P4mOtm_NuW0_XiA2g5EQ_xyWdEvYUab6J0nkxckYI2o1JS0at2vgv4BVhNdRzLQMr5l4cTYvX-VmIgccayvV2GcUuosPP_U8rN8YAq8VC89Upb7qZRL-uJvwuELXZHkAlqCFREobMqfLf88S2P5Og&dbm_d=AKAmf-A2aMYYGmvGvvJ02ouoiORL6aIjYygVf_iTkfaH49Mhjd0TP15hTiImcmLjidG22qKmRDmhuoIT--oOZ-f_kYUZNFFGZhPytdpIXnrtU5eVuzed792Cm5eOM_f9jJx6k5nFVsAbi1zgq1WYSyhZSHKqeSKjHFd9YtuBAhJdmOyNnpGOVXXItdJfkOOAhVfJxjsqlOdYki8WsFKeQe7DAUF5hzG3ZqturujkShwT6LcvupRENBUg1up-Q_87JhTAOLKwuLHn9nnqKWWy8IRm8LD737cY79YsEzzTxs9fBxUSKwzt-Glqs45ngFkhRenYM6dKVHGJz8uxKwj55mKjiyxqBzGPlSJ5bkuVka0nm2tdp4COZ7VD6xvtnDs2aL1gODSh9A-tpKW9bACfzw3-GFcfIXjGy2kucWRzZhRWSL_KCYV4GvnQIyv1dyZLABuJVjCmIfayBOGPm3gtkZsr0TlxV43dPBCVc0Shi4E-PalUuaUEq6gpYg8FiQ-jmkR3djyGfgpcYGolwBdvYOIG-FqBuippt2YrS6vwaP5H4dL87I5S_tzWlbHgShMAVTdUA_hGkCz8VU-7L3pnOlB5n9xRjYFnZ3cSxXvImpA6H_KktfabFujoL51HyGYeGXjFkkuoIQVooyo3QiRNAlLhVzueH61tFKyKHfGUJpgDq9I1wTW0fIXOpr8yN9AHqUk8q6dOYMzGtlZ9lzVRuMKzeCRU4IZeIzcsB2Fuwz43yHPbrzb0fijwnFup4KegAdFConr1C-FtmWW3Z41OmlFEymNvQYGK47QcmYZnrnEd_IPZre7BQUXIqKQKWnDXQd0hJhqXkX2z85IQLXPVDNrje18KVjjh_-KeKsdEOBBqus9DgvMJcqnCAQCdyHJxEQ7A46qXeAg341ZG6LbSe-AzfVPqhfDKXyggETKIYc9PjyomxcdxxATwCcY6Nl1B6rT_sdWeb4_LrlgADxf6d76bmg7w3Cs9mD1kChjzIpvLXxBzIS5dAvah4mUbwmYUTBeF7cHTPH9ME5GIfLFlVCLcKbfCj1Ec2eZpIjT-5hJMkuStALS3IYIHFgZDa1iiC1tE2OZbs6Hrf0LP4owBJ-sp3FdxLP5NaT7SDLAN1L7yy_Qwq0DzgUY5x6XCR4M2sElVgeEphHcTfCT0ihwbhRmtezY7TQh5Ngbe6bkITzL1w2mGg39NzjFS6c-z3-POe7qQdW6ptuimtK6pejKq2mMiV5ftiuvlqg2UpPVSaBTuKv_mAPbjLlObgqdeooMYLfPJoEoX4mDg6qADbtvRSdhVS3B5n4zt8K73U3vLuJNOawI00-6dCbSLMaGDZFcrFgsgnFj31BKVRow-WAeU1yslkTLeCJ-TeUOTRO3laFjgafXffbdLtCetwgdhQRu8fcKTkL6bNPES1r8oDI6XSy6NSIPB7ak4iZQro2hTen2hQaiWVeTXXCRDnfRZWTP1_nRk-6BzzNjMaIKUbSHslsqdLWxGHc9Jlq29Pca8RDdjW0i8gBP2UNYVkv1O0Y2VF3Pa-pI3AIbT8zi-6i-MrhDQJNvq6XFpn7zWgpo92RbkjjniRWUpjrFe9__Fzad4QkRq3sLlx8ykH_ZwsZz3iT0EbkVgTel7hDqzMcSCXd5Rl6RycHyT8sXuQeW9BzUPizEhschCWe9fCe1Ivq-P9BNwsWlaw59V6BfuReKOVhSsWl740nCBZTWie5FT3xI-GJlScOBo9eIvxeWLZLQWukXpBBvP8DlRUl8zC3mMtv_6aXTtRG-wW6sbGfBZYmAz0M1fKxoeVjBsJ77fBjb2GjxswkFZNYsxqHbqnWhcAgYK-SkSlzv5lS5bwk3rYy8FNG3XmygTTVvWPNivfFT__Pqh7OmBcIDGjeRGkPCYFbRT74RU7dK4wJgfzocDplCzE05UYAwC2AI8zK3ui9KKEpGyWswinTn5VvgUnQpoY26fWEANUvEW1zXS8i125pxIT55h-dF8XIxdBRHuqwc31eqlrlescNfnMnkPsZXSIIjfJtshsM7VGiYAadgc8_PlS9HAFsZryDdWyux6CMb3yB6wlrovpnwjV8TljLsdWUuBNee03MeE3HPrRNQ73drEKjDLNjsgoSXYz51T8DYMWGbQsJrygFMbwRQ53q5HO-sc0UG8txLWpU2J5RevWwejn5W7Xn1Qev8V2x-Ujda8HK8nQksiWYKwvKolcRWZw8JH8T-q49SEbxe7aUKhlzDrjcT7ggIeJYFP22Ao3rsjyPKoc1zVi2KUQhcwcOwumS0Qc19qA5EUbXGU8TTgR86OSxKtte2njpbqxCSo29EpxWqtNsRdwDnumelNTE_RC26_1DiWsDSiHJx2OnBte1t5IMChfAwaLlbmCKtjyx5tsbEA2ruA44tK-uPy_gCFm95MxaiDjqqA07mLnSUoWfluPBaHCk87tOPPDLYDfpBIPP1dvoOEXOdjfzRdAQjlpyQ_wL7dlQrclhgyOP4u482jm7FFM7Lcwn9L5rCV8XG40mhAegpBGDHEc5zBF7eAxaPho2gUzlX9dhNVYKUYtIzQEnztsbvoV2LR1COb24Uto7wckYYDLfbnuFqeEmovNFqZ5FfJoDi7QbEZeGi7-DYGZg4Q8fvzvSWv1kG8wt48kjq8t9KKE7ajl_aJbpVvjVcvSR8GIGIOos3wy0pTrl4PuZnKO4Fa8QiiTEXSZsMDWV1WEmOa1GpT1JkUagzaTp1cF8tPaM7OMIn3Bp-kJZGJT34PZtqPFxJfCow9DZjGBAIsFh_L07qtRQkEDyuQyRNpH-sfhBq1sqmWdjzkM3gX83QI5-OAiAqvgm7WoVqgb49afB555WTElftg_x5i6PsVn2vf5c24lTWUajJa63ZqyzUkPeRERAjwVHKJ7C4u8gg1QrSJ6Gmc5cyrEiGZ9kpfWUrmU2o8qABmwySrm9n04FUImcrg5HcanjvzC1tx2tcvratUn9zljhkX-UKWKCsbgaBg9os1iH9bG9agZCar-wd3ubPraJ9lHbMEsV2JNyunyYHqPbJu9GVs793FrJAWHyogRw2C8WFu8-fLVrxVycfIIsMfMTOVYaso_KKt7-qUIapt2fBtA2zHm7lL03BadPGeN79X7tApw_5KD0rZrpWzSlKC3jB-&cid=CAASFeRongTLtuoCIHL_B62PXcRfjSIcCQ&rfl=2%2Chttps%253A%252F%252Fnwxp.info%252F%240
Frame ID: 00BB0C9C7F8D113C3F99E29A79E3E710
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 00B8C7A16A091213B8219A5AB28F3370
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: D0B55729AA77B1067F2B3507352143D9
Requests: 3 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=nwxp.info
Frame ID: BA4B05DD2A4CBD7C53FD91B8354069C8
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: B2EB88C91C46CF9E8B903AFBA81578AA
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 7A85D9F6C42F7F87824F0BCAAB017BAB
Requests: 2 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=acWXjMpl8r7iokaKj0P0Le&gdpr_consent=undefined&us_privacy=1---&gdpr=0
Frame ID: 084F8C20769FC911C9E8F8A1D2A71F82
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

NWXP - New World Crafting & Refining XP Calculator

Page Statistics

110
Requests

92 %
HTTPS

59 %
IPv6

20
Domains

39
Subdomains

37
IPs

2
Countries

2566 kB
Transfer

4707 kB
Size

19
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.patreon.com/nwxp
Title: Sponsor NWXP

Search URL Search Domain Scan URL

URL: https://discord.com/api/oauth2/authorize?client_id=909790625816256573&permissions=377957141504&scope=bot
Title: NWXP Discord bot

Search URL Search Domain Scan URL

URL: https://discord.gg/5HhAYxwj6X
Title: Discord

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=info.nwxp.twa&pcampaignid=pcampaignidMKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1
Title: Android app

Search URL Search Domain Scan URL

URL: https://www.iubenda.com/privacy-policy/56758293
Title: Privacy policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://www3.doubleclick.net/ HTTP 301
https://marketingplatform.google.com/about/enterprise/

Request Chain 54

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDN-OWaWUX9X2v221Im4whM&google_cver=1

Request Chain 55

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbZf0ie1Pit5lSI1QNiUxAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO3P6B219K6ElmQTLgSNaP0&google_cver=1

Request Chain 56

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIlXlBfbNb4lDoI1knYGm7o&google_cver=1

Request Chain 57

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTcyNDAwODIzNjEwODk0OTU0Ng%3D%3D

Request Chain 77

https://gcdn.2mdn.net/videoplayback/id/46a14387e9f7512b/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3781467698/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/7EA3CB57CEAB5D2AABAD7E1DBA905BC4613EBDAF.91CA226E7109D17924DBFD8E49E61FAB700A3932/key/ck2/file/file.mp4 HTTP 302
https://r1---sn-ab5szn7y.c.2mdn.net/videoplayback/id/46a14387e9f7512b/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3781467698/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5FF725462DFE283F8D996B551A6EC151419FEFFE.821A965980610C98472C4357A6E1F028E384A26E/key/cms1/cms_redirect/yes/mh/EA/mip/2a0d:5600:9:4b02:ca::1/mm/42/mn/sn-ab5szn7y/ms/onc/mt/1639341056/mv/u/mvi/1/pl/49/file/file.mp4

Request Chain 90

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjl5QIQnNLqAhjNjpG7ASABMAE&v=APEucNVQ71bgNaScS2Ta1hZB4yCAvemyTLemfW-kI0WT1neNMLggE7Q0FIlLPkrwYZl3UvUaqDWiUaWVYDUX-NFkdax2pSwpQQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO3P6B219K6ElmQTLgSNaP0&google_cver=1

Request Chain 96

https://gum.criteo.com/sid/json?origin=publishertag&domain=nwxp.info&sn=ChromeSyncframe&so=0&topUrl=nwxp.info&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=a6QQvHw0bllIV1F3TTcvNmg5bmRPYmt2Q2phTW1rZFRMRCtvK2NzU0hzU2RaRFdGRTRsMXdTU2lrVUdvWnVGQ3Y4cnlIeVg0Z1owRVd2UlVUcUJaTGR1d2FHUHhlRTV5NTIzcnZhSjU2RWJRR3lFWkhad0hOM1I5U1NaY3Q5blZrMFpueHZCRitSbzI5ZzFJWU9IeGhXeWkxaFRwNkpSV003Nndjb2R4b1U1NWRVK2p3NW9CQ25BclRsWmVHWkI2NjVZU1pYNnBrVWtSb01uZWxHWHpUbWx1Sys0SmtDOWlIRGFzNGhQS0lwb1U2ZldaeTg2eENWQ2wrMDRrRWJOdHhZbUFDZ3M1WUZSMXlIZDBCUlZYbFlTL0ZBQT09fA&cppv=2

Request Chain 106

https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=acWXjMpl8r7iokaKj0P0Le&gdpr_consent=undefined&us_privacy=1---&gdpr=0 HTTP 302
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=acWXjMpl8r7iokaKj0P0Le&gdpr_consent=undefined&us_privacy=1---&gdpr=0

110 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
nwxp.info/ 4 KB
2 KB 58ms
13ms Document
text/html 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://nwxp.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

04da66e0f7eb917ad715feac54e5bd617c9baa98a6ac4380cbed7db82908fadc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

cache-control: max-age=604800
content-encoding: br
content-type: text/html; charset=utf-8
etag: "00de2cfa111df890c7fbe003e1692aa47f58834c9644686969dd62e4135eb2c0-br"
last-modified: Sun, 12 Dec 2021 17:02:32 GMT
strict-transport-security: max-age=31556926
accept-ranges: bytes
date: Sun, 12 Dec 2021 20:47:13 GMT
x-served-by: cache-yul12822-YUL
x-cache: HIT
x-cache-hits: 1
x-timer: S1639342033.038211,VS0,VE0
vary: x-fh-requested-host, accept-encoding
content-length: 1468

GET
H2 200 ads-927.js Show response
s.nitropay.com/ 364 KB
114 KB 80ms
34ms Script
application/javascript 2606:4700::6812:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.nitropay.com/ads-927.js

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:24e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2308b7a7af98b5390fe3d58e5b771d001d402c12fb0475efe4f66c53f70d800

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
content-encoding: gzip
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1638401119
age: 1229
x-guploader-uploadid: ADPycdtcEmkRwkAwSgdaGCQvLYfgzlFSd9-FfdhM-45Lb8P03AykcqkkcMRnGMZ9JMRaX2yDBh2cBt09awbcmoTpRTs
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
strict-transport-security: max-age=2592000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sun, 12 Dec 2021 06:29:03 GMT
server: cloudflare
etag: W/"1247275f10b557fcc89082a7f9900ec0:1639290543000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=YMWsig==, md5=EkcnXxC1V/zIkIKn+ZAOwA==
x-goog-generation: 1638401123730807
access-control-allow-origin: *
content-type: application/javascript
access-control-expose-headers: Content-Type
cache-control: private, max-age=600
x-goog-stored-content-length: 372576
cf-ray: 6bc9ce7afc394bd6-YUL
expires: Mon, 13 Dec 2021 01:37:31 GMT

GET
H2 200 4.28f071e3.chunk.css
nwxp.info/static/css/ 255 KB
25 KB 14ms
13ms Stylesheet
text/css 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://nwxp.info/static/css/4.28f071e3.chunk.css

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1d03a900e76c71569c70cd2b88ca5529f3bd53b98aae61c12a9a82dfecc7577d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Sun, 12 Dec 2021 17:02:32 GMT
x-timer: S1639342033.074348,VS0,VE0
etag: "bfa8d4108f40e60702079dacb71b08ad4d155876fe296c66731d13dd0fdd2e39-br"
x-served-by: cache-yul12822-YUL
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
cache-control: max-age=604800
date: Sun, 12 Dec 2021 20:47:13 GMT
accept-ranges: bytes
content-length: 25775
x-cache-hits: 1

GET
H2 200 main.1b5b7b6c.chunk.css
nwxp.info/static/css/ 7 KB
2 KB 27ms
26ms Stylesheet
text/css 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://nwxp.info/static/css/main.1b5b7b6c.chunk.css

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ba50a4b97ab061dcf48db74f5c5fede646344a5593473c377797888e32e7d907

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Sun, 12 Dec 2021 17:02:32 GMT
x-timer: S1639342033.074790,VS0,VE0
etag: "8a7525506a6548fc551a37b01a674437669ad2e54016852bbec335ea5aa88a48-br"
x-served-by: cache-yul12822-YUL
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
cache-control: max-age=604800
date: Sun, 12 Dec 2021 20:47:13 GMT
accept-ranges: bytes
content-length: 2226
x-cache-hits: 1

GET
H2 200 4.f47549fe.chunk.js Show response
nwxp.info/static/js/ 538 KB
125 KB 27ms
27ms Script
text/javascript 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://nwxp.info/static/js/4.f47549fe.chunk.js

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b0c91b01cd76427f13786a8dc33fe15dda1f234fae381388ce3744fe611be5e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Sun, 12 Dec 2021 17:02:32 GMT
x-timer: S1639342033.074946,VS0,VE0
etag: "c252f3eb6641217f33e621f97ba4b52eac6e89045d2f42302e60b55f0f9bf1f8-br"
x-served-by: cache-yul12822-YUL
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=604800
date: Sun, 12 Dec 2021 20:47:13 GMT
accept-ranges: bytes
content-length: 127601
x-cache-hits: 1

GET
H2 200 main.8acb3645.chunk.js Show response
nwxp.info/static/js/ 28 KB
8 KB 51ms
51ms Script
text/javascript 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://nwxp.info/static/js/main.8acb3645.chunk.js

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

230947c8c508bc8db9d4f257682e2f94461682b599177ba5ffa1e5e570248466

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Sun, 12 Dec 2021 17:02:32 GMT
x-timer: S1639342033.075952,VS0,VE0
etag: "650d92477cf4e69515138c1b2f64ed070db9ea1d6a455b5b48de427831385a73-br"
x-served-by: cache-yul12822-YUL
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=604800
date: Sun, 12 Dec 2021 20:47:13 GMT
accept-ranges: bytes
content-length: 8477
x-cache-hits: 1

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 134ms
70ms Script
text/javascript 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

sffe /

Resource Hash

38258a3aa023ee5b5f45a8c149fd28449112dc4bf60411d2c88a4a6e33506df4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1069 / 973 of 1000 / last-modified: 1639177483"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26911
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 12 Dec 2021 20:47:13 GMT

GET
H2 200 analytics
tracker.nitropay.com/sites/927/ 0
0 98ms
51ms Fetch 2606:4700::6812:34e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracker.nitropay.com/sites/927/analytics?ab=eyJocmVmIjoiaHR0cHM6Ly9ud3hwLmluZm8vIiwidiI6OTYsImEiOmZhbHNlfQ%3D%3D

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:34e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains
cf-ray: 6bc9ce7beb787157-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0

GET
H2 200 12.04c46b9b.chunk.js Show response
nwxp.info/static/js/ 5 KB
2 KB 13ms
13ms Script
text/javascript 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://nwxp.info/static/js/12.04c46b9b.chunk.js

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ccf634e17fe9bc4165d7473e3651a9da1e2c2b693be634ae7f46d155322624e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Sun, 12 Dec 2021 17:02:32 GMT
x-timer: S1639342033.300357,VS0,VE0
etag: "0e31013464ae30a125c9d9d6f7bd37be8fc10c525087693d1f6f928e5ddbd697-br"
x-served-by: cache-yul12822-YUL
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=604800
date: Sun, 12 Dec 2021 20:47:13 GMT
accept-ranges: bytes
content-length: 1906
x-cache-hits: 1

HEAD
H2

200

/
marketingplatform.google.com/about/enterprise/
Redirect Chain

https://www3.doubleclick.net/
https://marketingplatform.google.com/about/enterprise/

0
0

106ms
41ms

Fetch
text/html

2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://marketingplatform.google.com/about/enterprise/
Requested by: Host: nwxp.info
URL: https://nwxp.info/
Protocol: H2
Server: 2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Redirect headers

date: Sun, 12 Dec 2021 20:47:13 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
location: https://marketingplatform.google.com/about/enterprise/
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 251
x-xss-protection: 0
expires: Sun, 12 Dec 2021 21:17:13 GMT

GET
H2 200 logo.98aeaba3.svg
nwxp.info/static/media/ 6 KB
2 KB 13ms
13ms Image
image/svg+xml 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nwxp.info/static/media/logo.98aeaba3.svg

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f1741f477a2dece83f0b75c26c220647df0716cc82bc29c449af3462f7232337

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Sun, 12 Dec 2021 17:02:32 GMT
x-timer: S1639342033.361470,VS0,VE0
etag: "1adc1d57a2e2070007eda8eab3ded4282c5c5ae79f72a52843b0758c85d5ff28-br"
x-served-by: cache-yul12822-YUL
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: image/svg+xml
cache-control: max-age=604800
date: Sun, 12 Dec 2021 20:47:13 GMT
accept-ranges: bytes
content-length: 2284
x-cache-hits: 1

GET
H3 200 webConfig Show response
firebase.googleapis.com/v1alpha/projects/-/apps/1:867545758178:web:f613c5dcd1132ba60c61bb/ 286 B
227 B 87ms
57ms Fetch
application/json 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebase.googleapis.com/v1alpha/projects/-/apps/1:867545758178:web:f613c5dcd1132ba60c61bb/webConfig

Requested by

Host: nwxp.info
URL: https://nwxp.info/static/js/4.f47549fe.chunk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6b347452e0f47adcd4448605049e7dfcf89a958fccd7a04b8067c42201bcabd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept: application/json
Referer: https://nwxp.info/
x-goog-api-key: AIzaSyDBtOhgO9tnzJbtj5urn0z5yfp74sj4lYo
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://nwxp.info
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
vary: Origin, X-Origin, Referer
content-length: 204
x-xss-protection: 0

OPTIONS
H2 200 webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:867545758178:web:f613c5dcd1132ba60c61bb/ Frame 0
0 102ms
35ms Preflight
text/html 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebase.googleapis.com/v1alpha/projects/-/apps/1:867545758178:web:f613c5dcd1132ba60c61bb/webConfig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-goog-api-key
Origin: https://nwxp.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://nwxp.info
vary: origin referer x-origin
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: x-goog-api-key
access-control-max-age: 3600
date: Sun, 12 Dec 2021 20:47:13 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 348 KB
117 KB 52ms
51ms Script
text/javascript 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 12 Dec 2021 20:47:13 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 28 B
68 B 65ms
36ms XHR
application/json 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=nwxp.info

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

80ad5f20f4b35943618ca2614a543c12a3fc1acae1ef2aec5ab151e3608b42d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Dec 2021 20:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44
x-xss-protection: 0
expires: Sun, 12 Dec 2021 20:47:13 GMT

GET
H2 200 bgi.8b0155dd.png
nwxp.info/static/media/ 130 KB
126 KB 20ms
19ms Image
image/png 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nwxp.info/static/media/bgi.8b0155dd.png

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

21227e820d1bce2a33aa72cec5b4f33ab23e5380e29c2b6ae2f0f5251e7fa909

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Sun, 12 Dec 2021 17:02:32 GMT
x-timer: S1639342033.436562,VS0,VE2
etag: "bc503ce38d6ebd26581b5674890d56e4dd377a2c91199c486fc6c7367bf4ccc9-br"
x-served-by: cache-yul12822-YUL
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: image/png
cache-control: max-age=604800
date: Sun, 12 Dec 2021 20:47:13 GMT
accept-ranges: bytes
content-length: 128574
x-cache-hits: 1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 11 KB
6 KB 178ms
129ms XHR
application/json 68.67.179.113
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.113 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

564.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

79ba5d42b116c90cad772a4d6761ee73b9e79554408b0f6597d5b0b50f1d7cd5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 12 Dec 2021 20:47:13 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.120.205.162; 37.120.205.162; 564.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 7a9ec989-eaa8-4db5-a6af-f43745676be4
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://nwxp.info
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
182 B 298ms
95ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=34&wv=5.17.0&cb=81381924386
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://nwxp.info
date: Sun, 12 Dec 2021 20:47:13 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
344 B 210ms
134ms XHR
application/json 52.4.33.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969078017d7d72bc347309f5e4000d&pos=nwxp_d300x250&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-33-45.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 9cae7ce2646fcde466b2480d2925f5561270efb68362b0d71a46e3485ee87a86

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://nwxp.info
access-control-allow-credentials: true
content-length: 62

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 117 B
340 B 141ms
87ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=acWXjMpl8r7iokaKj0P0Le
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 7b3076931cd19dc03883be9aa530800517cc1afb3a3d09a72cbd73a4b40b6268

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nwxp.info
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/universal/ 0
190 B 220ms
157ms XHR
text/plain 52.72.165.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.165.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-165-80.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://nwxp.info
Date: Sun, 12 Dec 2021 20:47:13 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/universal/ 0
190 B 185ms
130ms XHR
text/plain 52.72.165.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.165.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-165-80.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://nwxp.info
Date: Sun, 12 Dec 2021 20:47:13 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 118 B
205 B 121ms
92ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=acWXjMpl8r7iokaKj0P0Le
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: e350c4fbaa74272ef69d5c389e18f15d58961bd2613c8b40ea97413f3f353aa2

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nwxp.info
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
540 B 182ms
133ms XHR
application/json 52.4.33.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969078017d7d72bc347309f5e4000d&pos=nwxp_d970x250&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-33-45.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: eb8b89af333156906414350ea46a0149a41ab6be9278a7eca04db8ce67d3591a

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://nwxp.info
access-control-allow-credentials: true
content-length: 62

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 18 KB
12 KB 222ms
179ms XHR
application/json 68.67.179.113
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.113 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

564.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

46d487de0188392da696ae114e47119e102686ebcf7d2e47234403372766f12b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 12 Dec 2021 20:47:13 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.120.205.162; 37.120.205.162; 564.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: ab993b0a-dbe0-4427-acc3-40217cb39e94
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://nwxp.info
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 200 installations Show response
firebaseinstallations.googleapis.com/v1/projects/newworld-xp/ 576 B
476 B 136ms
106ms Fetch
application/json 2607:f8b0:4006:823::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseinstallations.googleapis.com/v1/projects/newworld-xp/installations

Requested by

Host: nwxp.info
URL: https://nwxp.info/static/js/4.f47549fe.chunk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4d61f8fe317a86c23202734216cb578b7e0e5497f875ff0b9356535443c35f7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept: application/json
Referer: https://nwxp.info/
x-goog-api-key: AIzaSyDBtOhgO9tnzJbtj5urn0z5yfp74sj4lYo
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
content-type: application/json

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://nwxp.info
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
vary: Origin, X-Origin, Referer
content-length: 453
x-xss-protection: 0

OPTIONS
H2 200 installations
firebaseinstallations.googleapis.com/v1/projects/newworld-xp/ Frame 0
0 111ms
41ms Preflight
text/html 2607:f8b0:4006:823::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseinstallations.googleapis.com/v1/projects/newworld-xp/installations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key
Origin: https://nwxp.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://nwxp.info
vary: origin referer x-origin
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key
access-control-max-age: 3600
date: Sun, 12 Dec 2021 20:47:13 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 142 KB
53 KB 107ms
53ms Script
application/javascript 2607:f8b0:4006:81e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-JZG051TL00

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ef4f72a1ee665ba952614a5ab0447966af504ba2460bf1dab5e22ec1e1a70849

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54273
x-xss-protection: 0
expires: Sun, 12 Dec 2021 20:47:13 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
343 B 119ms
46ms Ping
text/plain 2607:f8b0:4006:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-JZG051TL00&gtm=2oec10&_p=1762354649&sr=1600x1200&ul=en-us&_fid=efY5OThEbhy9oeqHP5dTEE&cid=2091531726.1639342034&_s=1&dl=https%3A%2F%2Fnwxp.info%2F&dt=NWXP%20-%20New%20World%20Crafting%20%26%20Refining%20XP%20Calculator&sid=1639342033&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&ep.origin=firebase
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-JZG051TL00
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nwxp.info
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 259ms
256ms XHR
text/plain 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3194883367589530&correlator=3423116638017800&output=ldjh&impl=fif&eid=31060438%2C31063915%2C44752541%2C44756717%2C31063911%2C31062931&vrg=2021120601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20211212&iu_parts=308365556%3A22645988281%2Cnadx&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250&prev_scp=ncpm%3D0.05%26refresh%3D30&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1639328552&dt=1639342033750&dlt=1639342033049&idt=496&frm=20&biw=1600&bih=1200&oid=2&adxs=489&adys=529&adks=269889437&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fnwxp.info%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x250&msz=970x0&ga_vid=2091531726.1639342034&ga_sid=1639342034&ga_hid=1762354649&ga_fc=true&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

0a958b37625158aa7661a16d04cbbc0fdaa00408a237578682e561ac314df075

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8260
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nwxp.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 102ms
43ms XHR
application/json 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021120601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65823a66576939566401a901a125d0156b45af7977973700035b717daa099775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Dec 2021 20:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8556
x-xss-protection: 0

GET
H2 200 container.html Show response
506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 424E 6 KB
4 KB 130ms
44ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 12 Dec 2021 20:47:13 GMT
expires: Mon, 12 Dec 2022 20:47:13 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 66 KB
21 KB 267ms
267ms XHR
text/plain 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3194883367589530&correlator=4220456709843668&output=ldjh&impl=fif&eid=31060438%2C31063915%2C44752541%2C44756717%2C31063911%2C31062931&vrg=2021120601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20211212&iu_parts=308365556%3A22645988281%2Cnadx&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=ncpm%3D0.00%26refresh%3D30&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1639328552&dt=1639342033779&dlt=1639342033049&idt=496&frm=20&biw=1600&bih=1200&oid=2&adxs=281&adys=529&adks=3894452490&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fnwxp.info%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x0&ga_vid=2091531726.1639342034&ga_sid=1639342034&ga_hid=1762354649&ga_fc=true&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

a33918a7bfae7dfedc385d42509867c9a522dda6d8f3fbe21fc0edaec3ac5d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21277
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nwxp.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 92ms
40ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Sun, 12 Dec 2021 20:47:13 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 10FB 13 KB
5 KB 56ms
24ms Document
text/html 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Sun, 12 Dec 2021 01:44:16 GMT
expires: Mon, 12 Dec 2022 01:44:16 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 68578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A6E3 783 B
1 KB 95ms
44ms Document
text/html 2607:f8b0:4006:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b20fae35a724881d9dad7c7a03f8844362896db3bf1e7d1c813f235507a21800

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OJdgBSjTTrsW5HlppR81UQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 12 Dec 2021 20:47:14 GMT
date: Sun, 12 Dec 2021 20:47:14 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-OJdgBSjTTrsW5HlppR81UQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 203F 6 KB
3 KB 52ms
22ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 12 Dec 2021 20:47:13 GMT
expires: Mon, 12 Dec 2022 20:47:13 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pixel.png
tracker.nitropay.com/ 73 B
383 B 76ms
56ms Image
image/png 2606:4700::6812:34e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracker.nitropay.com/pixel.png?s=927&wb=eyJhZFVuaXRDb2RlIjoiaG9tZS13aWRlIiwiYmlkZGVyIjoiYWR4IiwiaGVpZ2h0IjoyNTAsIndpZHRoIjo5NzAsImNwbSI6MC4wNSwiY3JlYXRpdmVJZCI6IiIsImhyZWYiOiJodHRwczovL253eHAuaW5mby8iLCJ0aW1lVG9SZXNwb25kIjozMDMsImFjY2VwdGFibGUiOmZhbHNlLCJyZXF1ZXN0SWQiOiI2YWI4YzVjMC1lZDEwLTRlMzUtODhiNi02ZDhjYWY5ODhmZmQiLCJjIjoiQ0EiLCJyIjoiUUMiLCJ0aW1lc3RhbXAiOjE2MzkzNDIwMzQwMzd9

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:34e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3336865c07143159ab73893863070b6d7f0516b0de61a236a0c5c52246cb3b2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:14 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains
content-type: image/png
cache-control: no-cache
cf-ray: 6bc9ce80ec617144-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 73

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 10FB 35 KB
13 KB 50ms
22ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 04:28:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58710
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 12 Dec 2022 04:28:44 GMT

GET
H3 200 container.html Show response
506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1890 6 KB
3 KB 24ms
23ms Document
text/html 2607:f8b0:4006:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 12 Dec 2021 20:47:13 GMT
expires: Mon, 12 Dec 2022 20:47:13 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pixel.png
tracker.nitropay.com/ 73 B
347 B 60ms
59ms Image
image/png 2606:4700::6812:34e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracker.nitropay.com/pixel.png?s=927&wb=eyJhZFVuaXRDb2RlIjoiaG9tZS1zaG9ydCIsImJpZGRlciI6ImFkeCIsImhlaWdodCI6MjUwLCJ3aWR0aCI6MzAwLCJjcG0iOjAsImNyZWF0aXZlSWQiOiIiLCJocmVmIjoiaHR0cHM6Ly9ud3hwLmluZm8vIiwidGltZVRvUmVzcG9uZCI6Mjg5LCJhY2NlcHRhYmxlIjpmYWxzZSwicmVxdWVzdElkIjoiNjI3YWE1ZTMtYmRhNC00MTdiLWJmNTQtODNjZGI2MzY3YTM5IiwiYyI6IkNBIiwiciI6IlFDIiwidGltZXN0YW1wIjoxNjM5MzQyMDM0MDY0fQ%3D%3D&f=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:34e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3336865c07143159ab73893863070b6d7f0516b0de61a236a0c5c52246cb3b2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:14 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains
content-type: image/png
cache-control: no-cache
cf-ray: 6bc9ce80fc857144-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 73

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A6E3 0
0 45ms
45ms Image
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021120601&jk=3194883367589530&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CB91 624 B
975 B 92ms
39ms Document
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2G88ICEMe_gsUCGN6igLoBMAE&v=APEucNU4C-_ag9-DlCWMkhCyLF6lwhVOH7-egY_7qPKdATAGjKX9PCppGlkkuLgm1L6kddQrF5s6__iGiVRIO3BdpA2Zj1tVHA

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 12 Dec 2021 20:47:14 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Dec 2021 20:47:14 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 00BB 51 KB
24 KB 128ms
76ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DY7Pfh5P4mOtm_NuW0_XiA2g5EQ_xyWdEvYUab6J0nkxckYI2o1JS0at2vgv4BVhNdRzLQMr5l4cTYvX-VmIgccayvV2GcUuosPP_U8rN8YAq8VC89Upb7qZRL-uJvwuELXZHkAlqCFREobMqfLf88S2P5Og&dbm_d=AKAmf-A2aMYYGmvGvvJ02ouoiORL6aIjYygVf_iTkfaH49Mhjd0TP15hTiImcmLjidG22qKmRDmhuoIT--oOZ-f_kYUZNFFGZhPytdpIXnrtU5eVuzed792Cm5eOM_f9jJx6k5nFVsAbi1zgq1WYSyhZSHKqeSKjHFd9YtuBAhJdmOyNnpGOVXXItdJfkOOAhVfJxjsqlOdYki8WsFKeQe7DAUF5hzG3ZqturujkShwT6LcvupRENBUg1up-Q_87JhTAOLKwuLHn9nnqKWWy8IRm8LD737cY79YsEzzTxs9fBxUSKwzt-Glqs45ngFkhRenYM6dKVHGJz8uxKwj55mKjiyxqBzGPlSJ5bkuVka0nm2tdp4COZ7VD6xvtnDs2aL1gODSh9A-tpKW9bACfzw3-GFcfIXjGy2kucWRzZhRWSL_KCYV4GvnQIyv1dyZLABuJVjCmIfayBOGPm3gtkZsr0TlxV43dPBCVc0Shi4E-PalUuaUEq6gpYg8FiQ-jmkR3djyGfgpcYGolwBdvYOIG-FqBuippt2YrS6vwaP5H4dL87I5S_tzWlbHgShMAVTdUA_hGkCz8VU-7L3pnOlB5n9xRjYFnZ3cSxXvImpA6H_KktfabFujoL51HyGYeGXjFkkuoIQVooyo3QiRNAlLhVzueH61tFKyKHfGUJpgDq9I1wTW0fIXOpr8yN9AHqUk8q6dOYMzGtlZ9lzVRuMKzeCRU4IZeIzcsB2Fuwz43yHPbrzb0fijwnFup4KegAdFConr1C-FtmWW3Z41OmlFEymNvQYGK47QcmYZnrnEd_IPZre7BQUXIqKQKWnDXQd0hJhqXkX2z85IQLXPVDNrje18KVjjh_-KeKsdEOBBqus9DgvMJcqnCAQCdyHJxEQ7A46qXeAg341ZG6LbSe-AzfVPqhfDKXyggETKIYc9PjyomxcdxxATwCcY6Nl1B6rT_sdWeb4_LrlgADxf6d76bmg7w3Cs9mD1kChjzIpvLXxBzIS5dAvah4mUbwmYUTBeF7cHTPH9ME5GIfLFlVCLcKbfCj1Ec2eZpIjT-5hJMkuStALS3IYIHFgZDa1iiC1tE2OZbs6Hrf0LP4owBJ-sp3FdxLP5NaT7SDLAN1L7yy_Qwq0DzgUY5x6XCR4M2sElVgeEphHcTfCT0ihwbhRmtezY7TQh5Ngbe6bkITzL1w2mGg39NzjFS6c-z3-POe7qQdW6ptuimtK6pejKq2mMiV5ftiuvlqg2UpPVSaBTuKv_mAPbjLlObgqdeooMYLfPJoEoX4mDg6qADbtvRSdhVS3B5n4zt8K73U3vLuJNOawI00-6dCbSLMaGDZFcrFgsgnFj31BKVRow-WAeU1yslkTLeCJ-TeUOTRO3laFjgafXffbdLtCetwgdhQRu8fcKTkL6bNPES1r8oDI6XSy6NSIPB7ak4iZQro2hTen2hQaiWVeTXXCRDnfRZWTP1_nRk-6BzzNjMaIKUbSHslsqdLWxGHc9Jlq29Pca8RDdjW0i8gBP2UNYVkv1O0Y2VF3Pa-pI3AIbT8zi-6i-MrhDQJNvq6XFpn7zWgpo92RbkjjniRWUpjrFe9__Fzad4QkRq3sLlx8ykH_ZwsZz3iT0EbkVgTel7hDqzMcSCXd5Rl6RycHyT8sXuQeW9BzUPizEhschCWe9fCe1Ivq-P9BNwsWlaw59V6BfuReKOVhSsWl740nCBZTWie5FT3xI-GJlScOBo9eIvxeWLZLQWukXpBBvP8DlRUl8zC3mMtv_6aXTtRG-wW6sbGfBZYmAz0M1fKxoeVjBsJ77fBjb2GjxswkFZNYsxqHbqnWhcAgYK-SkSlzv5lS5bwk3rYy8FNG3XmygTTVvWPNivfFT__Pqh7OmBcIDGjeRGkPCYFbRT74RU7dK4wJgfzocDplCzE05UYAwC2AI8zK3ui9KKEpGyWswinTn5VvgUnQpoY26fWEANUvEW1zXS8i125pxIT55h-dF8XIxdBRHuqwc31eqlrlescNfnMnkPsZXSIIjfJtshsM7VGiYAadgc8_PlS9HAFsZryDdWyux6CMb3yB6wlrovpnwjV8TljLsdWUuBNee03MeE3HPrRNQ73drEKjDLNjsgoSXYz51T8DYMWGbQsJrygFMbwRQ53q5HO-sc0UG8txLWpU2J5RevWwejn5W7Xn1Qev8V2x-Ujda8HK8nQksiWYKwvKolcRWZw8JH8T-q49SEbxe7aUKhlzDrjcT7ggIeJYFP22Ao3rsjyPKoc1zVi2KUQhcwcOwumS0Qc19qA5EUbXGU8TTgR86OSxKtte2njpbqxCSo29EpxWqtNsRdwDnumelNTE_RC26_1DiWsDSiHJx2OnBte1t5IMChfAwaLlbmCKtjyx5tsbEA2ruA44tK-uPy_gCFm95MxaiDjqqA07mLnSUoWfluPBaHCk87tOPPDLYDfpBIPP1dvoOEXOdjfzRdAQjlpyQ_wL7dlQrclhgyOP4u482jm7FFM7Lcwn9L5rCV8XG40mhAegpBGDHEc5zBF7eAxaPho2gUzlX9dhNVYKUYtIzQEnztsbvoV2LR1COb24Uto7wckYYDLfbnuFqeEmovNFqZ5FfJoDi7QbEZeGi7-DYGZg4Q8fvzvSWv1kG8wt48kjq8t9KKE7ajl_aJbpVvjVcvSR8GIGIOos3wy0pTrl4PuZnKO4Fa8QiiTEXSZsMDWV1WEmOa1GpT1JkUagzaTp1cF8tPaM7OMIn3Bp-kJZGJT34PZtqPFxJfCow9DZjGBAIsFh_L07qtRQkEDyuQyRNpH-sfhBq1sqmWdjzkM3gX83QI5-OAiAqvgm7WoVqgb49afB555WTElftg_x5i6PsVn2vf5c24lTWUajJa63ZqyzUkPeRERAjwVHKJ7C4u8gg1QrSJ6Gmc5cyrEiGZ9kpfWUrmU2o8qABmwySrm9n04FUImcrg5HcanjvzC1tx2tcvratUn9zljhkX-UKWKCsbgaBg9os1iH9bG9agZCar-wd3ubPraJ9lHbMEsV2JNyunyYHqPbJu9GVs793FrJAWHyogRw2C8WFu8-fLVrxVycfIIsMfMTOVYaso_KKt7-qUIapt2fBtA2zHm7lL03BadPGeN79X7tApw_5KD0rZrpWzSlKC3jB-&cid=CAASFeRongTLtuoCIHL_B62PXcRfjSIcCQ&rfl=2%2Chttps%253A%252F%252Fnwxp.info%252F%240

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15702cdc240d5214ccad01a1cb6bff49741aaf83956f1448aa194bc1eb652f94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24607
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 00BB 2 KB
1 KB 26ms
25ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:28:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1099
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Dec 2021 20:28:55 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 00BB 119 KB
37 KB 153ms
87ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 12 Dec 2021 20:47:14 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 00BB 15 KB
6 KB 26ms
25ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:38:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 527
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Dec 2021 20:38:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 00BB 0
0 74ms
39ms Image
text/html 2607:f8b0:4006:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSlkHdqj8P21u_Jj1ldmN92d9-YDaZXpi6ll9N6otkcw2k_rdPjl_fxLA8-nyYKmw0dtaPz0MyApWUwa72mW0y-FQgcqg
Requested by: Host: nwxp.info
URL: https://nwxp.info/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 00BB 42 B
63 B 41ms
41ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A_XR5NVH7d9XNOBKI6CApvajsMXLGRFz6OuocoyE_dQpjqL1LQ01Fl1_v_EndE03gdlvvmmDPz_ASW3GILoOsoAtVjRp_zUtA4I4cOe8pX3-9xVUs

Requested by

Host: nwxp.info
URL: https://nwxp.info/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 1890 19 KB
8 KB 25ms
25ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
URL: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 302
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Dec 2021 20:42:12 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 1890 8 KB
1 KB 100ms
42ms Stylesheet
text/css 2607:f8b0:4006:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
URL: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 12 Dec 2021 20:40:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 12 Dec 2021 20:47:14 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 12 Dec 2021 20:47:14 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/ Frame 1890 14 KB
3 KB 83ms
21ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.css

Requested by

Host: 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
URL: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 11 Dec 2021 03:48:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 147546
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 10:36:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Dec 2022 03:48:08 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/ Frame 1890 355 KB
123 KB 84ms
23ms Script
text/javascript 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js

Requested by

Host: 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
URL: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425d7478422a02b8592686dd947b18cae0ca66ab39dc437067219356fb7a0a61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 11 Dec 2021 03:48:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 147546
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125995
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 10:36:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Dec 2022 03:48:08 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 1890 15 KB
6 KB 28ms
27ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
URL: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:38:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 527
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Dec 2021 20:38:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1890 0
0 71ms
40ms Image
text/html 2607:f8b0:4006:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRf23TjNVYjeS35LlYn4ZeNKnITMGLUP7EHdiSyALpbKE_sA2JHbz_NR_loggiwpMquDoSXVixRlP_e950UN3u-cQeB6w
Requested by: Host: 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
URL: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CB91
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDN-OWaWUX9X2v221Im4whM&google_cver=1

43 B
1012 B

39ms
34ms

Image
image/gif

184.29.129.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDN-OWaWUX9X2v221Im4whM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2G88ICEMe_gsUCGN6igLoBMAE&v=APEucNU4C-_ag9-DlCWMkhCyLF6lwhVOH7-egY_7qPKdATAGjKX9PCppGlkkuLgm1L6kddQrF5s6__iGiVRIO3BdpA2Zj1tVHA
Protocol: HTTP/1.1
Server: 184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-29-129-7.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Dec 2021 20:47:14 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 12 Dec 2021 20:47:14 GMT

Redirect headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDN-OWaWUX9X2v221Im4whM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CB91
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbZf0ie1Pit5lSI1QNiUxAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO3P6B219K6ElmQTLgSNaP0&google_cver=1

43 B
892 B

34ms
33ms

Image
image/gif

184.29.129.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO3P6B219K6ElmQTLgSNaP0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2G88ICEMe_gsUCGN6igLoBMAE&v=APEucNU4C-_ag9-DlCWMkhCyLF6lwhVOH7-egY_7qPKdATAGjKX9PCppGlkkuLgm1L6kddQrF5s6__iGiVRIO3BdpA2Zj1tVHA
Protocol: HTTP/1.1
Server: 184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-29-129-7.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Dec 2021 20:47:14 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 12 Dec 2021 20:47:14 GMT

Redirect headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO3P6B219K6ElmQTLgSNaP0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame CB91
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIlXlBfbNb4lDoI1knYGm7o&google_cver=1

43 B
1006 B

21ms
21ms

Image
image/gif

68.67.179.113
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIlXlBfbNb4lDoI1knYGm7o&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2G88ICEMe_gsUCGN6igLoBMAE&v=APEucNU4C-_ag9-DlCWMkhCyLF6lwhVOH7-egY_7qPKdATAGjKX9PCppGlkkuLgm1L6kddQrF5s6__iGiVRIO3BdpA2Zj1tVHA

Protocol

HTTP/1.1

Server

68.67.179.113 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

564.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Dec 2021 20:47:14 GMT
X-Proxy-Origin: 37.120.205.162; 37.120.205.162; 564.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 49dbd0ad-fd03-475c-ad15-8848f4d76c3f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIlXlBfbNb4lDoI1knYGm7o&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame CB91
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTcyNDAwODIzNjEwODk0OTU0Ng%3D%3D

170 B
243 B

54ms
39ms

Image
image/png

142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTcyNDAwODIzNjEwODk0OTU0Ng%3D%3D

Requested by

Protocol

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 12 Dec 2021 20:47:14 GMT
X-Proxy-Origin: 37.120.205.162; 37.120.205.162; 564.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 3d8dd9ba-f4b6-4bfd-a3d7-415ea0d31db2
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTcyNDAwODIzNjEwODk0OTU0Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 1890 0
327 B 88ms
37ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~kx3px55g&c=1492464380733&slotId=746232190366.5&qqid=COj33fyQ3_QCFRMihgodYoIGlQ&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 1890 15 KB
16 KB 76ms
22ms Font
font/woff2 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 01:28:42 GMT
x-content-type-options: nosniff
age: 242312
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 10 Dec 2022 01:28:42 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 1890 15 KB
15 KB 80ms
30ms Font
font/woff2 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 16:23:56 GMT
x-content-type-options: nosniff
age: 447798
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 07 Dec 2022 16:23:56 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1890 0
20 B 36ms
35ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=ChV7o0V-2YajLMpPEmATihJqoCZ7frsFmrNbxpYYPz7e-z4gKEAEgwrrtZ2D96KKB8AOgAdv0tboCyAEFqAMByAObBKoE7QFP0N2GCoxP87IoVxVP1fT1voKGVT0Vlsgm0kdesMXYtfyWbUQoLI2_E2NHA0u7jHz2lHq9uWqEl-cbhKabUI6rJjQOqRYfIDaPzgL6-RWrFtmYGsHIcUfG-Y7WjuAEyjfTRRPyj2FUhD81KL-TrPkzecNNqclXVa14qDRmWHAigEDweByefK2nLVLXgWAUs5xLCx3j0-ZxvkR4INNhrNDKORwkBIavFmFLxeCvRgkRg94ZTBMtUdfliuXFQK8F-OJS2tlzXah-kVyM9rEUj28S-iq1U5lmEXjDznCCQiTufMRyRr6qoy4kVA03OVbABOnf2_vwA-AEA5AGAaAGToAHjYvKxQGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgdgAoDmAsByAsBgAwBsBOUvKgNyBPPl-neA9gTCogUGtgUAdAVAfgWAYAXAQ&eventType=clickstring&clientTime=1639342034267&ai=ChV7o0V-2YajLMpPEmATihJqoCZ7frsFmrNbxpYYPz7e-z4gKEAEgwrrtZ2D96KKB8AOgAdv0tboCyAEFqAMByAObBKoE7QFP0N2GCoxP87IoVxVP1fT1voKGVT0Vlsgm0kdesMXYtfyWbUQoLI2_E2NHA0u7jHz2lHq9uWqEl-cbhKabUI6rJjQOqRYfIDaPzgL6-RWrFtmYGsHIcUfG-Y7WjuAEyjfTRRPyj2FUhD81KL-TrPkzecNNqclXVa14qDRmWHAigEDweByefK2nLVLXgWAUs5xLCx3j0-ZxvkR4INNhrNDKORwkBIavFmFLxeCvRgkRg94ZTBMtUdfliuXFQK8F-OJS2tlzXah-kVyM9rEUj28S-iq1U5lmEXjDznCCQiTufMRyRr6qoy4kVA03OVbABOnf2_vwA-AEA5AGAaAGToAHjYvKxQGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgdgAoDmAsByAsBgAwBsBOUvKgNyBPPl-neA9gTCogUGtgUAdAVAfgWAYAXAQ

Requested by

Host: 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
URL: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 1890 29 KB
14 KB 183ms
99ms XHR
text/xml 142.251.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-Bec7wdYMVHj03KN0_PCqp5baxBQdFkxtOTqv_0pIso05EUiJmkApU15NrV6JZKUkQyFxvQY_yO4FXnZOOdIulG3O-Gdw&dbm_d=AKAmf-BWUtKwDNRxreCuwzgpClZP-Qz3VgM4qKxFL2DJx6_qRLb0IMXHi3VTFNOs938iL-9Cu-6H4fD2nOJdisPospyp3J74jm13hfGm5g9fl99tZErXxs1H0AlP1oaJUPVRtzwfmk_z8W2PPOdb2ihgtVNgBuUI5ELijk5RHxjdmm6arJ4sMyNLhe8usty0aTPwBlN86PsCgZTcI3bZLIDrGw2_OqlztJhGrumZYwaQ4bLBv_-O6MAHe8Dn6kBfYr6BZ-ZtnW_oDzAe_NMF40ciGwWOqh0MCsjNny3Sb4On__zdf9i6F_7Tqz9fkMNhoFkDvKIoIC4npQNvXXyFQ5pPHThgl_NWe-Ya--AsMvsPcUk6j4hl4bqyn-Wtg2aZ-FRzeWP7YVNTn6MxOo_DjtuXfZ3bBDliOzbPOYBFFScksQH2IgfMfFv4qLgBZ0JSo2ZG7RFsbKk_9cUfKB-hgKX-akL2HTkcKiBi6TWv-ktseKt_tm266CxzA5a_WOOEPCox5xP43ytUrO13PdkqreM7n4-7s57jCEUxo2YL_PDdA-mdvvryAyJi5MsE0OpSA7746KERu0hebUDvFjX_I9OZOw9t8gavN0oUkZQ7YdhnTcmUWgMpcOvS8-0kx3m2AxPWYua_b4H-FeKtvXfyr5AlxWaPXLeSOPQNuVMn2v18lTiRBFhrKRYhNWQp1OhMFYRh3w-IG1DlxN7MuqIHBAX8lqAIS-6rxr4Us17XX5PeqD6KVedJwzlN4kkr_OIPGn3D2r8n7GBqyErMzrQrjyISfNHXa0sctAxaSJfTPsr3bSVFg1LpoPPQ4ylhsS0ZKuVZQoSh1IevMkIW_2UBDRTvePRr9PMMtup5urVV83pNMRnNS9v3jtxFztJJ8xx8CHjbLcu2BcW33AFMFQbTZe5cCJU91CnO3KXiFyX9x1waKAvsBI8Df8nw8lBiqN-OCc722UgTpdnKNbeYuxdQvyD0fMv9pa7gH6i7YoO2UvFcgNWK73ELDlSj8htBUR583PDgjlI77gmY7OtEdkZ39fdmsTqRLE6EUr9cswqpitoLDQqmrLDHZwC26-kZK7zUtow_AnyIJSeUrKMmk9ySaTiG8FdPisCRQgxJaVTrbfF2glG759IKMvuTnlNJVkSDyU2ot1IB27KfUg4hIKzo_WF5frPXecgW7h0x3ugZlDb6bQLU7w_iD_hyzUfWLgnKEoKYPQqPnGjmVQVIaN5hXi3iAmk0refG77SLJpBiZa8gcqP_nSGM06zztLUhPZJerpSTl4n8gaL_Wtri_8JWj-dfjEMfN44JdCq7u2WjFrZD3rGbkpY_viazddMdjvkg8_A9Q3JR87_LVp729DQMe-yeVOIZcRdbemZmdKSG_8LV97VcLk55uY1keTIU00P-CupK0gY3o7ttIUiPm9ghY5ucBJ1c3wtIqYL2SHmoytoW7lGyJ7EXsvJvRcJ0QpxJlpW5V3Sqe2o0chyHuRWWSEpQJBm5c1ipAWxBSOtMbuhg4gRBZe5MhSIeJfcfl-ypMuhjs5qGg9z1jZUACy_PYyf1PHDCYGwSr2fq3hkeofqKCLFz5j44OMzNHUcLvWkIwcdJXskBDM4PeB2o-yjwOnp7g08kEaLPJNfCKbkOYZ7xQfmyZtenLVClUOpC_QSrAmUAZ6WNhV64cdTT-3Ho_fmPVb14hPwS2hNEX3jVE7eerPBgJ_tq4CrxpjsBDE6meslJWchDpQfmciZgFh2j_9JhRN5gxoe_YxZ_s0nHILZvOWSTrsuIEmp_8nrcDDmBx5lrM9-f35Zb1skDDmY55jHnzfQN-IwH4Z2q-FoSZEFLjeLKFfLLWmkYOlfrCtDm5yVbEibdhyK-PEJqyi15UeL5G7NRqFiUhCor_lL6LLg4fbs9_Epj6dMeGeUDYCBys8NQ-QQoJHKJyMjhA-CLM19TXxj7JV5PJA0rV1rpeD3cnlBKoL5JdWFmBuJe39Jvh-GGKwghXOvS-XJWmngnSqiq0vYpS1JBkGexq6PABAbDkpCe0B4n7dUXp6oysnbc857Fg6In3Z1YKGi1PsShT5UV35f8Koy-iMdGhY5WLq8gpOp9YEcBVyrPXusHR7YM2zO3asO1zgG7BznQva6uEpC5Ybo_sTIkQ-JI9y4wmZDYeCn4kb7vBQ7Sn3dUS92NSZEiVtzMKmX7GsbqflL79TXviF52KWH4cd8prX9O5kY_w23FAEFg6okXfUU55HPit39_tbfVy6m3EsmBzTUtmmsbQMs1OwPzUHCdolfX-OkJbctaw_DXhztCqRyUIpCw1VZWRw2yFacPlTjzJLbwYdKF8z6s8aQ1zZDyhREv5ZJEv_9d_89_LrdHNGpxYnRxkfyFtQQvh2BjSZ1FhbteaTd_i5gqt0Z3th3z1lXFX0Auoq2uvSIWrmFxOxpI96SP_k4XUt9m0cDZN1r8gVNj-ir1aswMxwtAyO5NYWmFbMA0SXCJgC-xFA5FrgaCDwYFnSQk0t4kNcHyaTpY0t_yaBu7YU7D3SDVbdJmeTf19untmCJrThWKwD1CJXYwwWPmTL_Nvf9HSFaHq2gz5fC-ZOJzj_4iKSk4BO-owQ93IrqymVTqeszAkfkL2Ux4BCvLNU1khgx-MJx98Ad1fW1E21n_ULu0ykTg-BcK2SMldBQ8aJUEbdnHPZtCJ5TGAoBlpsLi7tBaUT1Zx0GCBOOFFD32uYXNSAsSJga7_qKtLji_4PBmOs_11U0U-Ajiw-kNxfU7KOgqjMV8KdBfKYQ3SF7RPOulzVyYySN-cZG_clFffkyy1h1-pBxOnG6sD-lQGY2Yv3pL-IGoKA6_FL4n0k_kfM1BR8FMeQkibHaMva2pPo7wAZjIBbbpYYkLFdEyxEwyb894YQA1IFgA7BTEYj8rdIZBIPI69YgXmjlFB4ZmxFz7FrObL1K6SJL-U_IWwHv48jtvCtIvrGITPu_i-ECADGU5Br9th8Tno8lnJCFhzMEsahEQFDI9_1SLaeZsjjZjDn1f8LiHXb6MOLDH-vah0FgwklTAGxhmjWt8SL0byzeQC7OXbSBRIvN4dxjpkwbkAvpzGkum&cid=CAASFeRoL_rcLjKSYh4v0nCzL-mTofkuWQ&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

gm-in-f157.1e100.net

Software

cafe /

Resource Hash

a7b156eda6a71fc6c0329ecb26937f637abc151bd6ed08eacdd9dc23618cd6d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13944
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1890 0
0 46ms
46ms Fetch
text/html 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C2JiG0V-2YajLMpPEmATihJqoCZ7frsFmrNbxpYYPz7e-z4gKEAEgwrrtZ2D96KKB8AOgAdv0tboCyAEFqAMBqgTqAU_Q3YYKjE_zsihXFU_V9PW-goZVPRWWyCbSR16wxdi1_JZtRCgsjb8TY0cDS7uMfPaUer25aoSX5xuEpptQjqsmNA6pFh8gNo_OAvr5FasW2ZgawchxR8b5jtaO4ATKN9NFE_KPYVSEPzUov5Os-TN5w02pyVdVrXioNGZYcCKAQPB4HJ58ractUteBYBSznEsLHePT5nG-RHgg02Gs0Mo5HCQEhq8WYUvF4K9GCRGD3kFNidjCRaIYRXveo59mgNkF1PKCtpsQQGlfeyKnZjvi9U_KhYOyu9fgaE7b4-P9ObNSkrIBpKJYl8AE6d_b-_AD4AQDiAXbjqH1OJIFBggDEAEYAZIFBggbEAIYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGToAHjYvKxQGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHChDDlxoYzY6RuwHSCAcIiGEQARgdgAoDyAsBsBOUvKgNyBPPl-neA9gTCogUGtgUAdAVAYAXAbIXHgocCAASFHB1Yi05ODcyMjMzNjg5Njg5NzQ2GMzCIQ&sigh=KLtUx3Yo3Pw&uach_m=[UACH]&cid=CAQSPgCNIrLM9PgvtY4DaXpAo2iTW-4TirUTnvXHBpt4I-NLGizH0C_RigXVfNEDTRyPukkgFAOIJGTbS-7AAYHd&vt=10
Requested by: Host: 506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
URL: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s71-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 1890 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 73c8bf86e4b1be07f5ca92e64dfa47f06ae8ad13740277d8b89aa9b3b217781c

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 00BB 24 KB
9 KB 21ms
21ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DY7Pfh5P4mOtm_NuW0_XiA2g5EQ_xyWdEvYUab6J0nkxckYI2o1JS0at2vgv4BVhNdRzLQMr5l4cTYvX-VmIgccayvV2GcUuosPP_U8rN8YAq8VC89Upb7qZRL-uJvwuELXZHkAlqCFREobMqfLf88S2P5Og&dbm_d=AKAmf-A2aMYYGmvGvvJ02ouoiORL6aIjYygVf_iTkfaH49Mhjd0TP15hTiImcmLjidG22qKmRDmhuoIT--oOZ-f_kYUZNFFGZhPytdpIXnrtU5eVuzed792Cm5eOM_f9jJx6k5nFVsAbi1zgq1WYSyhZSHKqeSKjHFd9YtuBAhJdmOyNnpGOVXXItdJfkOOAhVfJxjsqlOdYki8WsFKeQe7DAUF5hzG3ZqturujkShwT6LcvupRENBUg1up-Q_87JhTAOLKwuLHn9nnqKWWy8IRm8LD737cY79YsEzzTxs9fBxUSKwzt-Glqs45ngFkhRenYM6dKVHGJz8uxKwj55mKjiyxqBzGPlSJ5bkuVka0nm2tdp4COZ7VD6xvtnDs2aL1gODSh9A-tpKW9bACfzw3-GFcfIXjGy2kucWRzZhRWSL_KCYV4GvnQIyv1dyZLABuJVjCmIfayBOGPm3gtkZsr0TlxV43dPBCVc0Shi4E-PalUuaUEq6gpYg8FiQ-jmkR3djyGfgpcYGolwBdvYOIG-FqBuippt2YrS6vwaP5H4dL87I5S_tzWlbHgShMAVTdUA_hGkCz8VU-7L3pnOlB5n9xRjYFnZ3cSxXvImpA6H_KktfabFujoL51HyGYeGXjFkkuoIQVooyo3QiRNAlLhVzueH61tFKyKHfGUJpgDq9I1wTW0fIXOpr8yN9AHqUk8q6dOYMzGtlZ9lzVRuMKzeCRU4IZeIzcsB2Fuwz43yHPbrzb0fijwnFup4KegAdFConr1C-FtmWW3Z41OmlFEymNvQYGK47QcmYZnrnEd_IPZre7BQUXIqKQKWnDXQd0hJhqXkX2z85IQLXPVDNrje18KVjjh_-KeKsdEOBBqus9DgvMJcqnCAQCdyHJxEQ7A46qXeAg341ZG6LbSe-AzfVPqhfDKXyggETKIYc9PjyomxcdxxATwCcY6Nl1B6rT_sdWeb4_LrlgADxf6d76bmg7w3Cs9mD1kChjzIpvLXxBzIS5dAvah4mUbwmYUTBeF7cHTPH9ME5GIfLFlVCLcKbfCj1Ec2eZpIjT-5hJMkuStALS3IYIHFgZDa1iiC1tE2OZbs6Hrf0LP4owBJ-sp3FdxLP5NaT7SDLAN1L7yy_Qwq0DzgUY5x6XCR4M2sElVgeEphHcTfCT0ihwbhRmtezY7TQh5Ngbe6bkITzL1w2mGg39NzjFS6c-z3-POe7qQdW6ptuimtK6pejKq2mMiV5ftiuvlqg2UpPVSaBTuKv_mAPbjLlObgqdeooMYLfPJoEoX4mDg6qADbtvRSdhVS3B5n4zt8K73U3vLuJNOawI00-6dCbSLMaGDZFcrFgsgnFj31BKVRow-WAeU1yslkTLeCJ-TeUOTRO3laFjgafXffbdLtCetwgdhQRu8fcKTkL6bNPES1r8oDI6XSy6NSIPB7ak4iZQro2hTen2hQaiWVeTXXCRDnfRZWTP1_nRk-6BzzNjMaIKUbSHslsqdLWxGHc9Jlq29Pca8RDdjW0i8gBP2UNYVkv1O0Y2VF3Pa-pI3AIbT8zi-6i-MrhDQJNvq6XFpn7zWgpo92RbkjjniRWUpjrFe9__Fzad4QkRq3sLlx8ykH_ZwsZz3iT0EbkVgTel7hDqzMcSCXd5Rl6RycHyT8sXuQeW9BzUPizEhschCWe9fCe1Ivq-P9BNwsWlaw59V6BfuReKOVhSsWl740nCBZTWie5FT3xI-GJlScOBo9eIvxeWLZLQWukXpBBvP8DlRUl8zC3mMtv_6aXTtRG-wW6sbGfBZYmAz0M1fKxoeVjBsJ77fBjb2GjxswkFZNYsxqHbqnWhcAgYK-SkSlzv5lS5bwk3rYy8FNG3XmygTTVvWPNivfFT__Pqh7OmBcIDGjeRGkPCYFbRT74RU7dK4wJgfzocDplCzE05UYAwC2AI8zK3ui9KKEpGyWswinTn5VvgUnQpoY26fWEANUvEW1zXS8i125pxIT55h-dF8XIxdBRHuqwc31eqlrlescNfnMnkPsZXSIIjfJtshsM7VGiYAadgc8_PlS9HAFsZryDdWyux6CMb3yB6wlrovpnwjV8TljLsdWUuBNee03MeE3HPrRNQ73drEKjDLNjsgoSXYz51T8DYMWGbQsJrygFMbwRQ53q5HO-sc0UG8txLWpU2J5RevWwejn5W7Xn1Qev8V2x-Ujda8HK8nQksiWYKwvKolcRWZw8JH8T-q49SEbxe7aUKhlzDrjcT7ggIeJYFP22Ao3rsjyPKoc1zVi2KUQhcwcOwumS0Qc19qA5EUbXGU8TTgR86OSxKtte2njpbqxCSo29EpxWqtNsRdwDnumelNTE_RC26_1DiWsDSiHJx2OnBte1t5IMChfAwaLlbmCKtjyx5tsbEA2ruA44tK-uPy_gCFm95MxaiDjqqA07mLnSUoWfluPBaHCk87tOPPDLYDfpBIPP1dvoOEXOdjfzRdAQjlpyQ_wL7dlQrclhgyOP4u482jm7FFM7Lcwn9L5rCV8XG40mhAegpBGDHEc5zBF7eAxaPho2gUzlX9dhNVYKUYtIzQEnztsbvoV2LR1COb24Uto7wckYYDLfbnuFqeEmovNFqZ5FfJoDi7QbEZeGi7-DYGZg4Q8fvzvSWv1kG8wt48kjq8t9KKE7ajl_aJbpVvjVcvSR8GIGIOos3wy0pTrl4PuZnKO4Fa8QiiTEXSZsMDWV1WEmOa1GpT1JkUagzaTp1cF8tPaM7OMIn3Bp-kJZGJT34PZtqPFxJfCow9DZjGBAIsFh_L07qtRQkEDyuQyRNpH-sfhBq1sqmWdjzkM3gX83QI5-OAiAqvgm7WoVqgb49afB555WTElftg_x5i6PsVn2vf5c24lTWUajJa63ZqyzUkPeRERAjwVHKJ7C4u8gg1QrSJ6Gmc5cyrEiGZ9kpfWUrmU2o8qABmwySrm9n04FUImcrg5HcanjvzC1tx2tcvratUn9zljhkX-UKWKCsbgaBg9os1iH9bG9agZCar-wd3ubPraJ9lHbMEsV2JNyunyYHqPbJu9GVs793FrJAWHyogRw2C8WFu8-fLVrxVycfIIsMfMTOVYaso_KKt7-qUIapt2fBtA2zHm7lL03BadPGeN79X7tApw_5KD0rZrpWzSlKC3jB-&cid=CAASFeRongTLtuoCIHL_B62PXcRfjSIcCQ&rfl=2%2Chttps%253A%252F%252Fnwxp.info%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:45:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Dec 2021 20:45:52 GMT

GET
H2 200 17813116473085353708
s0.2mdn.net/simgad/ Frame 00BB 51 KB
51 KB 122ms
33ms Image
image/jpeg 2607:f8b0:4006:822::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/17813116473085353708

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e44aee54ee95b546ff1663e15c75539f21fcf64669346c4836cd409a0b16828

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:42:42 GMT
x-content-type-options: nosniff
age: 536672
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51800
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 16:31:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:42:42 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 00BB 8 KB
3 KB 21ms
21ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:37:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 559
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Dec 2021 20:37:55 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 00BB 0
571 B 120ms
49ms Ping
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsugwolz5yNiBnFN8AwU-JTFT9VNUSy3NHHtvHrjL4TMvwSWtd9zgSOQ57ymZOQvxL8X_EzEZkfhpSTDu1SPPfpL8eyKB8aqLarUjl9Ge5JdpOEF4LPxWCa9jjhWOQYP1mhGPvPci87ccJ8JMtaNAxMjwFOc74fNnb51bdwHj_RV_Lf51uvEnhtrC5V-bpqebXlVHsneY3NJFE4vtMEXfM4hDqxPZPfetXCaEBzW0yZxqICr-CV5cxkZLqrh_CUI_fU5RuEqciJwx82lZHT_Bdr0DJ456o789ZObK18Ixu8_M55isTxwuTcQb2BjkP0-RA34ZpbUcPoP-yOWBseaTIE7_VEpRqLS7oBOp3duebkz0jsVY07iLlho951tchAPFJn6F-JxwTU_a2QVlaPXPrU08AnU4tAfYRdWHdruWQMUsRY0ZscIFRf-i-TeQAuNvuHGSJmLiA85iDVMfS8j5kjCpY-k5hEHsQxCdTsJ6P1U3VydtitvMZnH4YRGfqrybwAbt3wOKBxhe4wk9rQQ3CawZ6_bstQQ2qgn3qLLFIPuzKODAaeiUlzc8uxK3Ud3l80bSMZaQQ3vVhj0qMW66e9n6ENJb9jHYThBbqB7F9ESXfD_8Ug___rH0PMJW0DbrsevxUyZwsjYA1fS-ew3fm7dcDPduqlKdieEVPtdFnWCClcJvZ0mmTpoH7P5nSPQWFKxR-RdcFUn2nd_debE1qLjGlNFc4McycwDe2QZXiIzxvwSOdFA0g1BJI8kzGL6kGwa8KioBvJGrP4cOqiSXwsqtBDVyDFEkBex80UiQyXR2PbC1tHIXket1nyLiI1zBeU_nr6IVzHjr58O07GpcFKHWzpjIa8vhQTn77RxYOLJPO6M-VXPVFwdilUuNC24iMBct81iPknJbT0ppKTouYNs44rw5tGKQOnyQA4MewF1LGbEXCJSz7SNVMeY0fkZGxN_7Ze0DMhy3UAWEViMvxWl3Q0a0O69ncgvcWn8Vm3sAZOHg7Esxenk604g-qnZ3k-qw4exoXVVDnX7DdX_4CwiK9qb0ruL98lpXJqbwk6cxORVmW704uibxXiBoxddwmnSehIcye_D5YM2bBfu_4yCxZXu7Z09We4Ypjai6PmPdTNsQZCXUU8C3ELQAHnB_nk9VRqhTY8yyHWiX5fH4tQ&sai=AMfl-YQCSD2UHQa5i-mvKMTsnkfETh2XxFDQNo4XCb4Q5gx_zBRCWYTyT2rgXezpyAwnEA5IPHAXpOWyETWzvwMJSvPw34CEfpeWgSEcwBJw7dFoD8WTl-1DI_ZWAiLdUG5e9DpqY2WxkyatGFO3qHby8mq4aTcfjRO-T2TdJzQ&sig=Cg0ArKJSzP6qJpmjI8KtEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211207.56548&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 12 Dec 2021 20:47:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 00BB 41 KB
15 KB 25ms
25ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 04:28:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58713
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 12 Dec 2022 04:28:41 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 38ms
38ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021120601&jk=3194883367589530&bg=!bW6lbirNAAZKWFskSlg7ACkAdvg8WrbSoxhV8eIBkxppyyx38hRbQZllOAgP30PAfKzzn4XLCI_z2gIAAABmUgAAADpoAQeZAsC4cIuZFsIYbjHW8P3QFNq6jN8RXrF_-zb_BxxDyTM9IpupT4gC0_3gT8b-0bxCmk0crZ6AhwchyueGDs3iK-H7D3K6-bsvstap5HeYT9KiiDgBX4boaLvewcdBpU6FW1vWT5EJ5vBz44WjlkgbpYmKKLBee1V9XW8F8YGC-9TK3O8PMqVNOpkuiCd8TekVxv-s7h4Qii9VubrnVR2QSb9Tk7ZbYMmySN0a5V0-n9Q1olirKpu7jfQwg_QuVPrGhyHG7TNw8yihQ-ciLom0SLJlA8jt90Kfnw-cG1HXHrOCfg2QhdSY4z4ZMz4SOPWPRi5uAX19IByyJjo10P1khaPfaz5aHERmNv9dyerW5TEVIj64wehVwbq48rYr8KVbZ08zQH-RC4gfEcPK5DW9azCYISW8mOFKEOdFtvkcRnI7WlMxqeZvm2IasyQW0phjqNjSutgbTMceQzJGF_sGelLecULDlwVB0hff_9_cfyhXUz0NS9IWQjkSq-iUVBpLB123nDxpC5toBNPjc96BknnsJHV1Gtt2r_hcu6eOVAmXKWNTg5lPvVsfg6A95iuafWs5OlvqpydQh35NcHKn6ilkOCTa6D0WuWKPGHls2ng_jpoQOkOm8Jh-8KV8YrVdbD99KEdWBBV44AP894WrRv0LF8Oy9unVYR1PudiIrX8vcZXlmM7kfjEokjbuFTh19WnpopYJWmydlpr47rGgYd18ao_nHLNKVVpK1T87MFSUzQCY4QSPsPzMcrMdsS-nE8JItiFQltZo83BkveQiYg8sd26kZ68XFa91Ih2Eoy8xx2W9MaFv43BbnwJejwU8Nze5qXHJ7XPKONdGxnQgsDFpYAHH89EDXiFlLHSkrRBiKGRCSDzS094JS6kUf9gfx1wbrCAFSPu4sDCbxpCRcMDFZj8LpQqPP0aD_YOKPJf22Q

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 00BB 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 18d02d8fed20bedc701c3c759fd59e4e74f2c37e44dfb1658bc76a09cc212d66

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 00B8 22 KB
8 KB 29ms
28ms Document
text/html 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Sun, 12 Dec 2021 04:28:43 GMT
expires: Mon, 12 Dec 2022 04:28:43 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 58711
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 00B8 35 KB
13 KB 22ms
21ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 04:28:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58710
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 12 Dec 2022 04:28:44 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 00BB 0
23 B 75ms
45ms Ping
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 publishertag.prebid.113.js Show response
static.criteo.net/js/ld/ 85 KB
27 KB 85ms
28ms Script
text/javascript 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.113.js
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:14 GMT
content-encoding: gzip
last-modified: Wed, 08 Sep 2021 12:50:31 GMT
server: nginx
etag: W/"6138b197-1532d"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 13 Dec 2021 20:47:14 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 1890 41 KB
15 KB 28ms
28ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 11 Dec 2021 03:48:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 147545
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Dec 2022 03:48:09 GMT

HEAD
H/1.1

200
OK

file.mp4
r1---sn-ab5szn7y.c.2mdn.net/videoplayback/id/46a14387e9f7512b/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3781467698/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame 1890
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/46a14387e9f7512b/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3781467698/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sig...
https://r1---sn-ab5szn7y.c.2mdn.net/videoplayback/id/46a14387e9f7512b/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3781467698/sparams/acao,ctier,expire,id,ip,ipbits,i...

0
0

84ms
21ms

Fetch
video/mp4

2607:f8b0:4006:38::7
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-ab5szn7y.c.2mdn.net/videoplayback/id/46a14387e9f7512b/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3781467698/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5FF725462DFE283F8D996B551A6EC151419FEFFE.821A965980610C98472C4357A6E1F028E384A26E/key/cms1/cms_redirect/yes/mh/EA/mip/2a0d:5600:9:4b02:ca::1/mm/42/mn/sn-ab5szn7y/ms/onc/mt/1639341056/mv/u/mvi/1/pl/49/file/file.mp4

Protocol

HTTP/1.1

Server

2607:f8b0:4006:38::7 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Sun, 12 Dec 2021 20:47:14 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1403296
Last-Modified: Mon, 15 Nov 2021 23:41:37 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Sun, 12 Dec 2021 20:47:14 GMT

Redirect headers

date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 654
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
location: https://r1---sn-ab5szn7y.c.2mdn.net/videoplayback/id/46a14387e9f7512b/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3781467698/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5FF725462DFE283F8D996B551A6EC151419FEFFE.821A965980610C98472C4357A6E1F028E384A26E/key/cms1/cms_redirect/yes/mh/EA/mip/2a0d:5600:9:4b02:ca::1/mm/42/mn/sn-ab5szn7y/ms/onc/mt/1639341056/mv/u/mvi/1/pl/49/file/file.mp4
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 1890 0
17 B 68ms
36ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~kx3px55p&c=1492464380733&slotId=746232190366.5&qqid=COj33fyQ3_QCFRMihgodYoIGlQ&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=551&mt=video%2Fmp4&vs=1024x576&ulv=1&cll=0&vmfc=18&vhc=0&msm=1&aits=17%2C36%2C18%2C22%2C37%2C59%2C342%2C343%2C344%2C345%2C346%2C347%2C692%2C43%2C44%2C45%2C46%2C0&webm=3&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm&hvmf=false&vms=1&bit=347&vsrc=doubleclick_dmm&ape=1&met.4=videopreviewvisible.kb
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame D0B5 23 KB
9 KB 26ms
26ms Document
text/html 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8727
date: Sat, 11 Dec 2021 03:47:57 GMT
expires: Sun, 11 Dec 2022 03:47:57 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 147557
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame BA4B 11 KB
5 KB 300ms
99ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=nwxp.info

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

9413ac70f0dfa293eae8e934799be6a1cde8cd96db876ce9bd127c41630847ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 1934
date: Sun, 12 Dec 2021 20:47:14 GMT
content-length: 4683

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 83 KB
26 KB 93ms
40ms XHR
text/javascript 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.113.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: nginx /
Resource Hash: 3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:47:14 GMT
content-encoding: gzip
last-modified: Thu, 11 Nov 2021 06:35:11 GMT
server: nginx
etag: W/"618cb99f-14b33"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 13 Dec 2021 20:47:14 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame D0B5 35 KB
13 KB 23ms
22ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 04:28:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58710
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 12 Dec 2022 04:28:44 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 00B8 0
20 B 48ms
48ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BO04w0l-2YcaKDPCIoPMP3uug6AEAAAAAOAHgBAI&bg=!rq2lrenNAAZKWFskSlg7ACkAdvg8WucJNn_LUxRk6bFMfFWC4mdWWOVPEOuyvHF0RLBYU5HefaY7DgIAAACXUgAAAAloAQeZAz9UXmbCUzGWs3K312nYrZyyrpDAQ5-vfdj2hZgkw6gskYuPFTdRuzQCx2lzuj1DnDH1NXNBMabF2D8xzpwgJVtAltRThNqnJveXAhcC6ZHqbEhUEzmJ5ES-wpT9_qI--gUChziFbw9NmgPh33ZDqUljJLUo-pVlb-M_8NwobsLDYB3bN1MU-t2P-kb_mNuTcvjNQ9uZa-pNpmAkR_0GKiSbhPJfLRly61nUwFGelHxHAuP3SeY3r_fHzRY3peEXUwGMfc2AzkzH8zLPwZ-ZtDeMo14kCNeulhr5c0q_1p4CjWtRXsf0VeTuW8H9UrijoYe7N9KGwq5to12RSVCYEoVuKGVuFo2rLQ5pKThlZrtupekp4UcLT2sPFYN_KS2GmRdlvxUmccBk6mv0vWS1lh4fYI2Wk-bvgeICFCMC48O26_rUKvrJEwZcTAQoqbsVOeHwW2T_BXYSJFMdX-TwT-KnsBRIAAe4nZXaLG1mkauSbPzktP_Oss37rgSXctaS2rgr4DXbhZREW41kPR0qwWgKpoLcufiTay1ohp6uYBqmEbgp1g3AaU70qftG4DHB7HM-Jb9GwfEnVzU2orL78zwUgJsIwPR6DPo0qaGa2IYBNPofHdQTG9kumXu_iM1rdRcr8PorDTAlqnoLgnzY1tlUwm6jz7oOYYqwgW1he4A5mfhZar_FgCPc5yszzddTqXzvc3a7CdarE7XgQ5LJp47ypPKtR9Ft9RVQEYZFFXlrT2nBNEMlaPJl4kMmJMw0RYAf22OpVSSn2WpR4gT7vUVD_xsMvBXuSD_a3h-DDxiqGg_YLdQ0JBYz1m11sVYd1wtrUUU644-ajmBT9bsDpSCMLHIO-4XKCd4yxcNqAm63RvtAUXmubCt2I6Lih2UEYjKChYYnGUlisqDByMKfjLrENRfQnsI17uocegA3uN49n8PS6E7JY3rDG2k1uOQ7MUNGJ2ieohrJCHP4wwkIwWfAVl3Fue_-3lzs7S4M1IssqL30VeyuehuTYt69oigjWahhQ27_LmJ3e0Y0_Aw3yqJ48Iwj9jwVGc26zNnAUAIAgjYPzMYkMYVZ5dpEnP7vVv7UXvU3V0mPt6KFXqqAzv8

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 206 file.mp4
r1---sn-ab5szn7y.c.2mdn.net/videoplayback/id/46a14387e9f7512b/itag/347/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3781467698/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame 1890 1 MB
1 MB 55ms
27ms Media
video/mp4 2607:f8b0:4006:38::7
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:38::7 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

098831d338fb6d5963c86377c1ebe3e425cdad0df3a981be7c6613aa62ccc5f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range: bytes=0-

Response headers

date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-1403295/1403296
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1403296
expires: Sun, 12 Dec 2021 20:47:14 GMT
last-modified: Mon, 15 Nov 2021 23:41:37 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
client-protocol: quic

POST
H3 204 csi
csi.gstatic.com/ Frame 1890 0
17 B 37ms
36ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~kx3px5cf&c=1492464380733&slotId=746232190366.5&qqid=COj33fyQ3_QCFRMihgodYoIGlQ&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=551&mt=video%2Fmp4&vs=1024x576&ple=0&umsem=0&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fgcdn.2mdn.net%252Fvideoplayback%252Fid%252F46a14387e9f7512b%252Fitag%252F347%252Fsource%252Fdoubleclick_dmm%252Fctier%252FL%252Facao%252Fyes%252Fip%252F0.0.0.0%252Fipbits%252F0%252Fexpire%252F3781467698%252Fsparams%252Fid%252Citag%252Csource%252Cctier%252Cacao%252Cip%252Cipbits%252Cexpire%252Fsignature%252F7EA3CB57CEAB5D2AABAD7E1DBA905BC4613EBDAF.91CA226E7109D17924DBFD8E49E61FAB700A3932%252Fkey%252Fck2%252Ffile%252Ffile.mp4&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D0B5 0
20 B 40ms
39ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BVyS50l-2YYf-GOqqhAbZpqmwCQAAAAA4AeAEAg&bg=!jY6ljsrNAAZKWFskSlg7ACkAdvg8WhwtY5VFHbGOc6_vSw-HbBOZEcdAjjzIja_4UGOgN38LeU2TcgIAAABnUgAAAAZoAQcKAF1BaslC5cSc6rG5GJJY25D4V8AsylOWuekpV2Jv0tHECm07onmMmn8ofsaPtRUoMjggKqA3wWhPEE541d_5M9LrlznZqH7TCIeSw0D6Tb0C6PXAVKKRjSsI6AK_IEOZAwivCd05hvbGs5Z6-JuQH9nGakQlYHxlW9DSND1So23l9Q4zkn3Hg_a-IV7HZGK-QGmcdNqmkJxO59QPeSFKR3shfY7JhM2F-PoJzvsLtKqsGPT4dA94BJWozmSRa34qUVsSnd_vZJT9xgC0V3N36tpHKjH3HhNgtdy4M9GGYnMFRMx1y-9nBWKSrp5RFOFmZxo8RpLOhX8E4-_qVlgzrrU_PmaxXbFoJuaKaDTPCKUaJFYup2tUEAnh0WFa72zG0zGOZ8TguEG_VTwHqYEL0hViPl1ebfEQUvwSuti8ZNBsQ8MiC4SvcdLirE_hcg54DXutGIMH9pDftNBaXpx7hPP4lSGoAfa3tRZn3Q9JDAx6BaAYhtXdzo8UZia_iO4ypJK1TPtT6vEr4rR1AU6ZfyJjvVo2-H4Hjkem400AgTGwNFUD9_GnVDF97JAajYHiJTRur7kCN7mDWduigm7O4tfsGzWODj9AEPQ-aNCw08mhgBcgsgjoWq2k0Ho9UdSWuxPLgzUHexGQx_30KKWJ5jmP1StnhmDHOSk0MKOFUmB0Scka_t7ktgiQaK7G0QO-kYPWixlDE_TfLcdh-XWoNkGeKA_zEGnni5Vk0uaDq61PADl7MwWj3fIQbCf7L2-f9LglOVpfnULicaVRZOZ-2Jvl6h1dgkPecDGc5veHRLzafMmrYyHAuMLAicQtZHhS1_aMzzgrYQwAXPQ45t2xazt1Bqb1R32_gqU20yzAUlmqwvb_CJmSq6QKDZRHIoHGDTferrwAlz6i7o9USadXfxoY2tXCu88jwvJf3pZmPcQ_DU5h04kd56JhqIYOEdIHjH8F2nkEFVxx7H6zX8sWUv6QgFPg8WUNbdUNddYweaivCdnL5DsM8h5YFsPWIgPjgvffWI8ldayRC2DGP5UMosshKuNorH1oQs117e2V1x8IbGIkbtWPZIYbWiXMcKh9EfYpwYEiRSh0Rab5F95i_KSEqLeKr57cOpf1kMTbG6qbqzYzKnePZxZrVEHpCtWrGSKR1SWir_FsAw

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIh6-B_ZDf9AIVahXBCh1ZUwqWEAAYACCh1ZVNOhoIla31xQEQ6d_b-_ADGM-X6d4DIKzW8aWGD0ITCOj33fyQ3_QCFRMihgodYoIGlQ;dc_rmcid=CAASFeRoL_rcLjKSYh4v0nCzL-mTofkuWQ;eps=CIhhEAEYHQ;met=1;acvw=sv%3D20211103%...
ade.googlesyndication.com/ddm/activity/ Frame 1890 42 B
494 B 108ms
45ms Image
image/gif 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIh6-B_ZDf9AIVahXBCh1ZUwqWEAAYACCh1ZVNOhoIla31xQEQ6d_b-_ADGM-X6d4DIKzW8aWGD0ITCOj33fyQ3_QCFRMihgodYoIGlQ;dc_rmcid=CAASFeRoL_rcLjKSYh4v0nCzL-mTofkuWQ;eps=CIhhEAEYHQ;met=1;acvw=sv%3D20211103%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D0%26dur%3D15018%26vmtime%3D5%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D687468945%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1639342034842;dc_rfl=[URL_SIGNALS];ecn1=1;etm1=0;eid1=11;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 1890 42 B
64 B 73ms
41ms Image
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=ChV7o0V-2YajLMpPEmATihJqoCZ7frsFmrNbxpYYPz7e-z4gKEAEgwrrtZ2D96KKB8AOgAdv0tboCyAEFqAMByAObBKoE7QFP0N2GCoxP87IoVxVP1fT1voKGVT0Vlsgm0kdesMXYtfyWbUQoLI2_E2NHA0u7jHz2lHq9uWqEl-cbhKabUI6rJjQOqRYfIDaPzgL6-RWrFtmYGsHIcUfG-Y7WjuAEyjfTRRPyj2FUhD81KL-TrPkzecNNqclXVa14qDRmWHAigEDweByefK2nLVLXgWAUs5xLCx3j0-ZxvkR4INNhrNDKORwkBIavFmFLxeCvRgkRg94ZTBMtUdfliuXFQK8F-OJS2tlzXah-kVyM9rEUj28S-iq1U5lmEXjDznCCQiTufMRyRr6qoy4kVA03OVbABOnf2_vwA-AEA5AGAaAGToAHjYvKxQGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgdgAoDmAsByAsBgAwBsBOUvKgNyBPPl-neA9gTCogUGtgUAdAVAfgWAYAXAQ&sigh=k_Kv6wBxWLM&label=part2viewed&ad_mt=6&acvw=sv%3D20211103%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D0%26dur%3D15018%26vmtime%3D5%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D687468945%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1639342034842

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1890 0
24 B 55ms
54ms Image
image/gif 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuPPQ-Wu80zeax3IpyYOFdKarFUrD53FCqh9Xrr1Vw8hFg517NWYRiKXZMNrh5IJC8b90Y-XzJAGLGG47HKFHXDdDPlWEFu90Cx7epQgqeDmAtqFtPvzX2r_llBy4DAtFeGqswt-MDVzUyOj4qp8jY7Di_mR6Lw6yi5x1uZnFXY8edq7dsVSdj1EzIFhXnX3_o6r0KDMyDVaa5KlvnTnPIvYpFmtoh5Z-_7fyuVL8aNZSCErBVDGVguxSxpwqkQWxmh0cmOJeSz6b0LN7_ngCHspQUtQ8fvBTp2MqNCXHLXRMERyuDwAi24r9U4zUf9EhaYHIbfu9ka9B_-kYhO6Ks1tTOJ-l73iRaVFqgV0fTuJi2Et0NrFpFEgqRn3Z8NwF8nF_tROId99Yq6d0aQXAK-KlBMKJ8l8uoriNcsBH4cOdpDGal-AsvCSegL8jP8rut4jWf-qzdOZf4KsYY70uyeoGdeLdBfdNC1sRtcVfL2dFNMxlOUCymLMO2ChtI_faX6rVA-r1HT-2GC1fxIz7hYSvlSVFSl0oWPcEa3uGtqsFOTWnF1hzDNIWuQKDHHdZl7NGJnOnNtyaX2L-oZzmJTZkqJ7DxDzYzHZ2Hv_SFhcpkrEYprlVJL3XZUy0JIwpcoiaIm7mZS2iZZr0rxxa8F9ovhTvXCUBiixcgPNgZgF1QWWGzIRHNvoOdeAGfNfU0XnBkOG_-KlV-POBsOASjtsob1HNwixHg3fRlT20Yj3IgTlyP2iBPGAQcUirAWddqY9iUrerLd2mpT8HV7WJ0l-4k5H6R8znAe_ItpPSUjH9D9IItP_Aw9-KhedDvDMBgj_SWmz24sp2Wy5_YnmmPLi_kacI8B7UMtCbfnD6J4jXk3FCWaDblHAYg2LtX-OlYDMGYbgLa8siRKq7WM8B8sHj-zhWL4GXGvJcTfu9LtEWv9hJ1BJp_CkNtV_t0RD1j_j-8c60dT5sC_-xpvXQ9EBsqBvX5fjIfvFEyimYVrJZrRwN7pdOhdGqZoq8TzBYrnuwPLUHGHj4Sez4O4TzXQ1IvCmtzNmRR_fVyyfwAdEOHUk4wS3x1dUN95aejR49l6UmwpgExLlbFYVag&sai=AMfl-YSiHTaG4UgiTjCl9vzxESypzjqtlQz12-db1QiaJ5GibId-K3b0k96iKV05JrBu3HN1oX4Mx4NnFyEW_uYJa8_S0xfJewJcF1k_4hFdWimcGCUBeV0TlRopzCOLidR0mOhg_9XVivUIHS9waqkKW6n3A51cSLB1544wsC0&sig=Cg0ArKJSzEjTgrqHryu3EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 12 Dec 2021 20:47:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1890
Redirect Chain

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjl5QIQnNLqAhjNjpG7ASABMAE&v=APEucNVQ71bgNaScS2Ta1hZB4yCAvemyTLemfW-kI0WT1neNMLggE7Q0FIlLPkrwYZl3UvUaqDWiUaWVYDUX-NFkdax2pSwpQQ
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO3P6B219K6ElmQTLgSNaP0&google_cver=1

43 B
892 B

34ms
34ms

Image
image/gif

184.29.129.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO3P6B219K6ElmQTLgSNaP0&google_cver=1
Protocol: HTTP/1.1
Server: 184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-29-129-7.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Dec 2021 20:47:15 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 12 Dec 2021 20:47:15 GMT

Redirect headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO3P6B219K6ElmQTLgSNaP0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1890 0
20 B 44ms
42ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIh6-B_ZDf9AIVahXBCh1ZUwqWEAAYACCh1ZVNOhoIla31xQEQ6d_b-_ADGM-X6d4DIKzW8aWGD0ITCOj33fyQ3_QCFRMihgodYoIGlQ;dc_rmcid=CAASFeRoL_rcLjKSYh4v0nCzL-mTofkuWQ;eps=CIhhEAEYHQ;met=1;acvw=sv%3D20211103%...
ade.googlesyndication.com/ddm/activity/ Frame 1890 42 B
107 B 106ms
45ms Image
image/gif 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIh6-B_ZDf9AIVahXBCh1ZUwqWEAAYACCh1ZVNOhoIla31xQEQ6d_b-_ADGM-X6d4DIKzW8aWGD0ITCOj33fyQ3_QCFRMihgodYoIGlQ;dc_rmcid=CAASFeRoL_rcLjKSYh4v0nCzL-mTofkuWQ;eps=CIhhEAEYHQ;met=1;acvw=sv%3D20211103%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D0%26dur%3D15018%26vmtime%3D5%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D687468945%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1639342034842;ecn1=1;etm1=0;eid1=200101;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 1890 42 B
64 B 40ms
38ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss_VidpHOa4snD1wbMVDxqiHigrPEemgV1ERa-_lUyAiuUj7i5JNwXGsIXG1ejwf3W2oN8uSLyG54Z6Zyr6ALU-N3ro3rZwmKVamqABQ4Wq99Yadxg&sai=AMfl-YTNh8OioHPuHVC41Uimj58NLarZ4LY20nQLiUrmPTpfjJhTyumOmfidEBxHkukeWJrgPQtlppQ4tUH4wpweMRgOEtsC8YjqWd8xlfmupMtFwL7Ta7L9VED_GgvmwvQ&sig=Cg0ArKJSzNvEk1azSQBdEAE&cid=CAASFeRoL_rcLjKSYh4v0nCzL-mTofkuWQ&id=lidarv&acvw=sv%3D20211103%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D0%26dur%3D15018%26vmtime%3D5%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D687468945%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1639342034842&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 1890 42 B
64 B 70ms
40ms Image
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=ChV7o0V-2YajLMpPEmATihJqoCZ7frsFmrNbxpYYPz7e-z4gKEAEgwrrtZ2D96KKB8AOgAdv0tboCyAEFqAMByAObBKoE7QFP0N2GCoxP87IoVxVP1fT1voKGVT0Vlsgm0kdesMXYtfyWbUQoLI2_E2NHA0u7jHz2lHq9uWqEl-cbhKabUI6rJjQOqRYfIDaPzgL6-RWrFtmYGsHIcUfG-Y7WjuAEyjfTRRPyj2FUhD81KL-TrPkzecNNqclXVa14qDRmWHAigEDweByefK2nLVLXgWAUs5xLCx3j0-ZxvkR4INNhrNDKORwkBIavFmFLxeCvRgkRg94ZTBMtUdfliuXFQK8F-OJS2tlzXah-kVyM9rEUj28S-iq1U5lmEXjDznCCQiTufMRyRr6qoy4kVA03OVbABOnf2_vwA-AEA5AGAaAGToAHjYvKxQGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgdgAoDmAsByAsBgAwBsBOUvKgNyBPPl-neA9gTCogUGtgUAdAVAfgWAYAXAQ&sigh=k_Kv6wBxWLM&label=vast_creativeview&ad_mt=6&acvw=sv%3D20211103%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D0%26dur%3D15018%26vmtime%3D5%26is%3D18%26i0%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D687468945%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1639342034842

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 1890 0
17 B 37ms
36ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~kx3px5iw&c=1492464380733&slotId=746232190366.5&qqid=COj33fyQ3_QCFRMihgodYoIGlQ&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=551&mt=video%2Fmp4&vs=1024x576&dm=15000&event_name=first_play&asset_bytes=216413&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=11&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=1&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=ff.u7~videopreviewstarted.u9
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:14 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame BA4B
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=nwxp.info&sn=ChromeSyncframe&so=0&topUrl=nwxp.info&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=a6QQvHw0bllIV1F3TTcvNmg5bmRPYmt2Q2phTW1rZFRMRCtvK2NzU0hzU2RaRFdGRTRsMXdTU2lrVUdvWnVGQ3Y4cnlIeVg0Z1owRVd2UlVUcUJaTGR1d2FHUHhlRTV5NTIzcnZhSjU2RWJRR3lFWkhad0hOM1I5U1NaY3...

433 B
619 B

91ms
28ms

Fetch
application/json

74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=a6QQvHw0bllIV1F3TTcvNmg5bmRPYmt2Q2phTW1rZFRMRCtvK2NzU0hzU2RaRFdGRTRsMXdTU2lrVUdvWnVGQ3Y4cnlIeVg0Z1owRVd2UlVUcUJaTGR1d2FHUHhlRTV5NTIzcnZhSjU2RWJRR3lFWkhad0hOM1I5U1NaY3Q5blZrMFpueHZCRitSbzI5ZzFJWU9IeGhXeWkxaFRwNkpSV003Nndjb2R4b1U1NWRVK2p3NW9CQ25BclRsWmVHWkI2NjVZU1pYNnBrVWtSb01uZWxHWHpUbWx1Sys0SmtDOWlIRGFzNGhQS0lwb1U2ZldaeTg2eENWQ2wrMDRrRWJOdHhZbUFDZ3M1WUZSMXlIZDBCUlZYbFlTL0ZBQT09fA&cppv=2

Protocol

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Resource Hash

4c8df7a0666cd1fe30ba0a78899fae8b254b10b2bf3f488ef10348bd8ef15d2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Sun, 12 Dec 2021 20:47:14 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 5166
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sun, 12 Dec 2021 20:47:14 GMT
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=a6QQvHw0bllIV1F3TTcvNmg5bmRPYmt2Q2phTW1rZFRMRCtvK2NzU0hzU2RaRFdGRTRsMXdTU2lrVUdvWnVGQ3Y4cnlIeVg0Z1owRVd2UlVUcUJaTGR1d2FHUHhlRTV5NTIzcnZhSjU2RWJRR3lFWkhad0hOM1I5U1NaY3Q5blZrMFpueHZCRitSbzI5ZzFJWU9IeGhXeWkxaFRwNkpSV003Nndjb2R4b1U1NWRVK2p3NW9CQ25BclRsWmVHWkI2NjVZU1pYNnBrVWtSb01uZWxHWHpUbWx1Sys0SmtDOWlIRGFzNGhQS0lwb1U2ZldaeTg2eENWQ2wrMDRrRWJOdHhZbUFDZ3M1WUZSMXlIZDBCUlZYbFlTL0ZBQT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1634
content-length: 541
expires: 0

POST
H3 204 6ab8c5c0-ed10-4e35-88b6-6d8caf988ffd
tracker.nitropay.com/viewability/ 0
264 B 58ms
57ms Ping
text/plain 2606:4700::6812:34e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracker.nitropay.com/viewability/6ab8c5c0-ed10-4e35-88b6-6d8caf988ffd?viewable=true&timeInView=1001

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:34e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 12 Dec 2021 20:47:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains
cf-ray: 6bc9ce871beb7144-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H3 204 627aa5e3-bda4-417b-bf54-83cdb6367a39
tracker.nitropay.com/viewability/ 0
264 B 56ms
55ms Ping
text/plain 2606:4700::6812:34e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracker.nitropay.com/viewability/627aa5e3-bda4-417b-bf54-83cdb6367a39?viewable=true&timeInView=1000

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:34e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 12 Dec 2021 20:47:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains
cf-ray: 6bc9ce874c177144-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 00BB 42 B
64 B 71ms
40ms Fetch
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvYgXLEwtJNMoVEXdA_qCEOXaALJ5iLe5WsM8DQ74r4yA9ps47CfgKNVouIh4KkvsX5YEcBXEX8m0cKcx1VzhhVzSAiA6rRbY-OTw&sai=AMfl-YRvb00SIbinnvRfUmzkNKrQUhO4X7q-WlPwAQzkTTwjDlMamDBcuNz_V__VDf4UWKno82U1fvBUpmuibCw1ZgQlNrlBHtE3Ubkr4-o5rIssRf3ZBTX8skCiCGonq7Ll&sig=Cg0ArKJSzFkOJItBsncdEAE&cid=CAASFeRongTLtuoCIHL_B62PXcRfjSIcCQ&id=lidar2&mcvt=1000&p=529,589,623,1317&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=269889437&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639342034111&rpt=352&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
539 B 84ms
27ms XHR
application/json 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=aqo03op&fmt=json
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 7f4e385b456251f3ef8b8b1427e43ad9de8c248d02d03ea5cd57a8a4664ff51b

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 12 Dec 2021 20:47:16 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nwxp.info
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Tue, 11 Jan 2022 20:47:16 GMT

GET
H3 200 dc_oe=ChMIh6-B_ZDf9AIVahXBCh1ZUwqWEAAYACCh1ZVNOhoIla31xQEQ6d_b-_ADGM-X6d4DIKzW8aWGD0ITCOj33fyQ3_QCFRMihgodYoIGlQ;dc_rmcid=CAASFeRoL_rcLjKSYh4v0nCzL-mTofkuWQ;eps=CIhhEAEYHQ;met=1;acvw=sv%3D20211103%...
ade.googlesyndication.com/ddm/activity/ Frame 1890 42 B
63 B 74ms
42ms Image
image/gif 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIh6-B_ZDf9AIVahXBCh1ZUwqWEAAYACCh1ZVNOhoIla31xQEQ6d_b-_ADGM-X6d4DIKzW8aWGD0ITCOj33fyQ3_QCFRMihgodYoIGlQ;dc_rmcid=CAASFeRoL_rcLjKSYh4v0nCzL-mTofkuWQ;eps=CIhhEAEYHQ;met=1;acvw=sv%3D20211103%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,169,299%26tos%3D2010,0,0,0,0%26mtos%3D2010,2010,2010,2010,2010%26amtos%3D0,0,0,0,0%26mcvt%3D2010%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2172%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D43%26pst%3D0%26dur%3D15018%26vmtime%3D2180%26dtos%3D2010%26dtoss%3D1%26dvs%3D2010%26dfvs%3D2010%26dvpt%3D2172%26is%3D275%26i0%3D18%26ic%3D16777473%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D687468945%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,2010;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.02%26t%3D1639342034842;ecn1=1;etm1=0;eid1=200000;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 1890 42 B
64 B 44ms
44ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss_VidpHOa4snD1wbMVDxqiHigrPEemgV1ERa-_lUyAiuUj7i5JNwXGsIXG1ejwf3W2oN8uSLyG54Z6Zyr6ALU-N3ro3rZwmKVamqABQ4Wq99Yadxg&sai=AMfl-YTNh8OioHPuHVC41Uimj58NLarZ4LY20nQLiUrmPTpfjJhTyumOmfidEBxHkukeWJrgPQtlppQ4tUH4wpweMRgOEtsC8YjqWd8xlfmupMtFwL7Ta7L9VED_GgvmwvQ&sig=Cg0ArKJSzNvEk1azSQBdEAE&cid=CAASFeRoL_rcLjKSYh4v0nCzL-mTofkuWQ&id=lidarv&acvw=sv%3D20211103%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,169,299%26tos%3D2010,0,0,0,0%26mtos%3D2010,2010,2010,2010,2010%26amtos%3D0,0,0,0,0%26mcvt%3D2010%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2172%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D43%26pst%3D0%26dur%3D15018%26vmtime%3D2180%26dtos%3D2010%26dtoss%3D1%26dvs%3D2010%26dfvs%3D2010%26dvpt%3D2172%26is%3D275%26i0%3D18%26ic%3D16777473%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D687468945%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,2010&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.02%26t%3D1639342034842

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 66ms
36ms Ping
text/plain 2607:f8b0:4006:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-JZG051TL00&gtm=2oec10&_p=1762354649&sr=1600x1200&ul=en-us&_fid=efY5OThEbhy9oeqHP5dTEE&cid=2091531726.1639342034&_s=2&dl=https%3A%2F%2Fnwxp.info%2F&dt=NWXP%20-%20New%20World%20Crafting%20%26%20Refining%20XP%20Calculator&sid=1639342033&sct=1&seg=1&en=page_view&_et=3&ep.origin=firebase&ep.page_path=%2F
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-JZG051TL00
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://nwxp.info/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nwxp.info
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame B2EB 52 KB
17 KB 46ms
12ms Document
text/html 151.101.129.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Sun, 12 Dec 2021 02:31:41 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sun, 12 Dec 2021 20:47:18 GMT
Age: 65737
X-Served-By: cache-lga21940-LGA, cache-yul12826-YUL
X-Cache: HIT, HIT
X-Cache-Hits: 1, 431125
X-Timer: S1639342039.777714,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 7A85 52 KB
17 KB 53ms
20ms Document
text/html 151.101.129.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-927.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://nwxp.info/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Sun, 12 Dec 2021 02:31:41 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sun, 12 Dec 2021 20:47:18 GMT
Age: 65737
X-Served-By: cache-lga21940-LGA, cache-yul12827-YUL
X-Cache: HIT, HIT
X-Cache-Hits: 1, 433501
X-Timer: S1639342039.786269,VS0,VE0
Vary: Accept-Encoding

GET

/
de.tynt.com/deb/ Frame 084F
Redirect Chain

https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=acWXjMpl8r7iokaKj0P0Le&gdpr_consent=undefined&us_privacy=1---&gdpr=0
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=acWXjMpl8r7iokaKj0P0Le&gdpr_consent=undefined&us_privacy=1---&gdpr=0

0
0

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B2EB 0
733 B 30ms
30ms Script
text/html 68.67.179.113
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.113 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

564.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Dec 2021 20:47:18 GMT
X-Proxy-Origin: 37.120.205.162; 37.120.205.162; 564.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 03ef18dc-7314-4a98-80aa-f21633d5d8bf
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 7A85 0
733 B 40ms
40ms Script
text/html 68.67.179.113
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.113 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

564.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Dec 2021 20:47:18 GMT
X-Proxy-Origin: 37.120.205.162; 37.120.205.162; 564.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 2b3b44be-74af-494b-9b2f-ea8c983f1b04
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIh6-B_ZDf9AIVahXBCh1ZUwqWEAAYACCh1ZVNOhoIla31xQEQ6d_b-_ADGM-X6d4DIKzW8aWGD0ITCOj33fyQ3_QCFRMihgodYoIGlQ;dc_rmcid=CAASFeRoL_rcLjKSYh4v0nCzL-mTofkuWQ;eps=CIhhEAEYHQ;met=1;acvw=sv%3D20211103%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,169,299%26tos%3D3776,0,0,0,0%26mtos%3D3776,3776,3776,3776,3776%26amtos%3D0,0,0,0,0%26mcvt%3D3776%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D3938%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D46%26pst%3D0%26dur%3D15018%26vmtime%3D3948%26dtos%3D1766%26dtoss%3D2%26dvs%3D1766%26dfvs%3D1766%26dvpt%3D1766%26is%3D275%26i0%3D18%26i1%3D275%26ic%3D0%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D3776,3776,3776,3776,3776%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D687468945%26psm%3D15%26psv%3D14%26psfv%3D14%26psa%3D0%26pngs%3D9s,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,3776;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.02%26t%3D1639342034842;ecn1=1;etm1=0;eid1=960584;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 1890 42 B
64 B 39ms
38ms Image
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=ChV7o0V-2YajLMpPEmATihJqoCZ7frsFmrNbxpYYPz7e-z4gKEAEgwrrtZ2D96KKB8AOgAdv0tboCyAEFqAMByAObBKoE7QFP0N2GCoxP87IoVxVP1fT1voKGVT0Vlsgm0kdesMXYtfyWbUQoLI2_E2NHA0u7jHz2lHq9uWqEl-cbhKabUI6rJjQOqRYfIDaPzgL6-RWrFtmYGsHIcUfG-Y7WjuAEyjfTRRPyj2FUhD81KL-TrPkzecNNqclXVa14qDRmWHAigEDweByefK2nLVLXgWAUs5xLCx3j0-ZxvkR4INNhrNDKORwkBIavFmFLxeCvRgkRg94ZTBMtUdfliuXFQK8F-OJS2tlzXah-kVyM9rEUj28S-iq1U5lmEXjDznCCQiTufMRyRr6qoy4kVA03OVbABOnf2_vwA-AEA5AGAaAGToAHjYvKxQGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiGEQARgdgAoDmAsByAsBgAwBsBOUvKgNyBPPl-neA9gTCogUGtgUAdAVAfgWAYAXAQ&sigh=k_Kv6wBxWLM&label=videoplaytime25&ad_mt=3949&acvw=sv%3D20211103%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,169,299%26tos%3D3776,0,0,0,0%26mtos%3D3776,3776,3776,3776,3776%26amtos%3D0,0,0,0,0%26mcvt%3D3776%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D3938%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D46%26pst%3D0%26dur%3D15018%26vmtime%3D3948%26dtos%3D1766%26dtoss%3D2%26dvs%3D1766%26dfvs%3D1766%26dvpt%3D1766%26is%3D275%26i0%3D18%26i1%3D275%26ic%3D0%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D3776,3776,3776,3776,3776%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D687468945%26psm%3D15%26psv%3D14%26psfv%3D14%26psa%3D0%26pngs%3D9s,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,3776&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.02%26t%3D1639342034842

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Dec 2021 20:47:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=acWXjMpl8r7iokaKj0P0Le&gdpr_consent=undefined&us_privacy=1---&gdpr=0

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nitropay.com/	1970-01-19 23:22:23	Name: __cf_bm Value: xf8TROoaViIr6Y5hAPBdA8KEymkyTf1WnItrRYXzogg-1639342033-0-ASH5bvjM8I9OhF3wn+v6NmFLFMuJPvZbxSid6juYUFMymgZFn9oF6Zptz/l+bOuutZHLi2KeM7BTEkL3o2UKoJY=
nwxp.info/	1970-01-20 00:05:34	Name: _pbjs_userid_consent_data Value: 6683316680106290
.adnxs.com/	1970-01-20 01:31:58	Name: icu Value: ChgI5YA9EAoYASABKAEw0b_ZjQY4AUABSAEQ0b_ZjQYYAA..
.yahoo.com/	1970-01-20 08:08:19	Name: A3 Value: d=AQABBNFftmECEBiiv_VlrzY74I-4Ym9_yHIFEgEBAQGxt2HAYQAAAAAA_eMAAA&S=AQAAAvEmGQdBKi1QuGkJznOHWTI
.adnxs.com/	1970-01-20 01:31:58	Name: uuid2 Value: 5724008236108949546
.nwxp.info/	1970-01-20 16:53:34	Name: _ga Value: GA1.1.2091531726.1639342034
.nwxp.info/	1970-01-20 16:53:34	Name: _ga_JZG051TL00 Value: GS1.1.1639342033.1.1.1639342033.0
.nwxp.info/	1970-01-20 08:43:58	Name: __gads Value: ID=2e4b5182a81c98d6-2232f4e0707b00a9:T=1639342033:S=ALNI_MYXT1ezrX8eXysjOdru1FL4sFqpIA
.doubleclick.net/	1970-01-20 16:53:34	Name: IDE Value: AHWqTUn1tVUTZq55GXltqdtNgLeMlpSAJE17VD3AEiyTl6ZcWkiaymM8AmN0cdxUt7w
.casalemedia.com/	1970-01-20 08:07:58	Name: CMID Value: YbZf0ie1Pit5lSI1QNiUxAAA
.casalemedia.com/	1970-01-20 01:31:58	Name: CMPS Value: 141
.adnxs.com/	1970-01-20 01:31:58	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVKx2.M6!]tbPl1M>e)ZlrFUfJ+tGXxoT>14.DB-@9Y<[LL]Zi]fXYoO:nc?0XH5lf7)bpRzqF1`b`$:7hKh
.casalemedia.com/	1970-01-20 01:31:58	Name: CMPRO Value: 128
.casalemedia.com/	1970-01-19 23:23:48	Name: CMST Value: YbZf0mG2X9IA
.casalemedia.com/	1970-01-20 08:07:58	Name: CMRUM3 Value: 2d61b65fd22760CAESEO3P6B219K6ElmQTLgSNaP0
.criteo.com/	1970-01-20 08:43:58	Name: uid Value: f0808f48-aa02-4bb4-bb29-92a48f33e078
.nwxp.info/	1970-01-20 08:43:58	Name: cto_bundle Value: R4WbbV9BZVYlMkJVM01jNmkwdzdRYmUzaGh3NFVFSjI4b1VzeDlwczFGQVhEbXFWM05nV3pnSWpNZlRjcUlGTDM2eSUyRlQ4ZFNkVXZWbUZ6RFMlMkYxVzk4TFRjdGlNOU04cmpRcHVBMWExZWhsUCUyRlJwc3lyVE9lJTJGSFZldiUyRlo4d0E5Q1BRRkszRUN1YTN5Z2JkWlVXWWZLR2MwY0MwRXclM0QlM0Q
.adsrvr.org/	1970-01-20 08:07:58	Name: TDID Value: 269f678a-141a-4f23-874a-4139259da070
nwxp.info/	1970-01-20 00:48:46	Name: na-unifiedid Value: %7B%22TDID%22%3A%22269f678a-141a-4f23-874a-4139259da070%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222021-12-12T20%3A47%3A16%22%7D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js(Line 346) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js(Line 346) Message: Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

506c579fa6b81a54c704e4e24b736246.safeframe.googlesyndication.com
acdn.adnxs.com
ade.googlesyndication.com
bid.g.doubleclick.net
bidder.criteo.com
btlr.sharethrough.com
c2shb.ssp.yahoo.com
cm.g.doubleclick.net
csi.gstatic.com
de.tynt.com
dsum-sec.casalemedia.com
firebase.googleapis.com
firebaseinstallations.googleapis.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
imasdk.googleapis.com
marketingplatform.google.com
match.adsrvr.org
mug.criteo.com
nwxp.info
pagead2.googlesyndication.com
r1---sn-ab5szn7y.c.2mdn.net
s.nitropay.com
s0.2mdn.net
securepubads.g.doubleclick.net
ssc.33across.com
static.criteo.net
tpc.googlesyndication.com
tracker.nitropay.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www3.doubleclick.net
de.tynt.com
142.250.65.162
142.250.80.34
142.250.80.66
142.251.35.162
142.251.4.157
15.197.193.217
151.101.129.108
178.250.2.131
184.29.129.7
199.36.158.100
2001:4860:4802:32::3
2606:4700::6812:24e
2606:4700::6812:34e
2607:f8b0:4006:38::7
2607:f8b0:4006:808::200e
2607:f8b0:4006:80a::200a
2607:f8b0:4006:816::2002
2607:f8b0:4006:817::2004
2607:f8b0:4006:817::200a
2607:f8b0:4006:81c::2001
2607:f8b0:4006:81c::200e
2607:f8b0:4006:81d::2002
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81e::2008
2607:f8b0:4006:81e::200e
2607:f8b0:4006:822::2003
2607:f8b0:4006:822::2006
2607:f8b0:4006:822::200a
2607:f8b0:4006:823::200a
2607:f8b0:4006:824::2001
2620:100:a001::4
2a02:2638:1::13
34.149.20.76
52.4.33.45
52.72.165.80
68.67.179.113
74.119.119.139
037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051
04da66e0f7eb917ad715feac54e5bd617c9baa98a6ac4380cbed7db82908fadc
098831d338fb6d5963c86377c1ebe3e425cdad0df3a981be7c6613aa62ccc5f0
0a958b37625158aa7661a16d04cbbc0fdaa00408a237578682e561ac314df075
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
15702cdc240d5214ccad01a1cb6bff49741aaf83956f1448aa194bc1eb652f94
18d02d8fed20bedc701c3c759fd59e4e74f2c37e44dfb1658bc76a09cc212d66
1d03a900e76c71569c70cd2b88ca5529f3bd53b98aae61c12a9a82dfecc7577d
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1e44aee54ee95b546ff1663e15c75539f21fcf64669346c4836cd409a0b16828
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
21227e820d1bce2a33aa72cec5b4f33ab23e5380e29c2b6ae2f0f5251e7fa909
230947c8c508bc8db9d4f257682e2f94461682b599177ba5ffa1e5e570248466
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
3336865c07143159ab73893863070b6d7f0516b0de61a236a0c5c52246cb3b2e
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
38258a3aa023ee5b5f45a8c149fd28449112dc4bf60411d2c88a4a6e33506df4
3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
425d7478422a02b8592686dd947b18cae0ca66ab39dc437067219356fb7a0a61
46d487de0188392da696ae114e47119e102686ebcf7d2e47234403372766f12b
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c8df7a0666cd1fe30ba0a78899fae8b254b10b2bf3f488ef10348bd8ef15d2b
4d61f8fe317a86c23202734216cb578b7e0e5497f875ff0b9356535443c35f7d
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65823a66576939566401a901a125d0156b45af7977973700035b717daa099775
6b347452e0f47adcd4448605049e7dfcf89a958fccd7a04b8067c42201bcabd2
73c8bf86e4b1be07f5ca92e64dfa47f06ae8ad13740277d8b89aa9b3b217781c
79ba5d42b116c90cad772a4d6761ee73b9e79554408b0f6597d5b0b50f1d7cd5
7b3076931cd19dc03883be9aa530800517cc1afb3a3d09a72cbd73a4b40b6268
7f4e385b456251f3ef8b8b1427e43ad9de8c248d02d03ea5cd57a8a4664ff51b
80ad5f20f4b35943618ca2614a543c12a3fc1acae1ef2aec5ab151e3608b42d8
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
9413ac70f0dfa293eae8e934799be6a1cde8cd96db876ce9bd127c41630847ee
9cae7ce2646fcde466b2480d2925f5561270efb68362b0d71a46e3485ee87a86
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee
a33918a7bfae7dfedc385d42509867c9a522dda6d8f3fbe21fc0edaec3ac5d4b
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7b156eda6a71fc6c0329ecb26937f637abc151bd6ed08eacdd9dc23618cd6d2
b0c91b01cd76427f13786a8dc33fe15dda1f234fae381388ce3744fe611be5e0
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b20fae35a724881d9dad7c7a03f8844362896db3bf1e7d1c813f235507a21800
ba50a4b97ab061dcf48db74f5c5fede646344a5593473c377797888e32e7d907
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccf634e17fe9bc4165d7473e3651a9da1e2c2b693be634ae7f46d155322624e5
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
e2308b7a7af98b5390fe3d58e5b771d001d402c12fb0475efe4f66c53f70d800
e350c4fbaa74272ef69d5c389e18f15d58961bd2613c8b40ea97413f3f353aa2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad
eb8b89af333156906414350ea46a0149a41ab6be9278a7eca04db8ce67d3591a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4f72a1ee665ba952614a5ab0447966af504ba2460bf1dab5e22ec1e1a70849
f1741f477a2dece83f0b75c26c220647df0716cc82bc29c449af3462f7232337
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

nwxp.info Open in urlscan Pro 199.36.158.100 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

110 Requests

92 %HTTPS

59 %IPv6

20 Domains

39 Subdomains

37 IPs

2 Countries

2566 kBTransfer

4707 kBSize

19 Cookies

5 Outgoing links

Redirected requests

110 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

nwxp.info Open in urlscan Pro
199.36.158.100 Public Scan

Screenshot
Live screenshot

Full Image

110
Requests

92 %
HTTPS

59 %
IPv6

20
Domains

39
Subdomains

37
IPs

2
Countries

2566 kB
Transfer

4707 kB
Size

19
Cookies

110 HTTP transactions
2 data transactions