pastelink.net Open in urlscan Pro
89.35.29.15 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pastelink.net/6r9a94ti
Submission: On January 08 via manual (January 8th 2023, 10:05:12 pm UTC) from IN — Scanned from NZ

Summary HTTP 278 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 58 IPs in 11 countries across 45 domains to perform 278 HTTP transactions. The main IP is 89.35.29.15, located in London, United Kingdom and belongs to BANDWIDTH-AS, GB. The main domain is pastelink.net. The Cisco Umbrella rank of the primary domain is 68329.
TLS certificate: Issued by R3 on December 2nd 2022. Valid for: 3 months.

This is the only time pastelink.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	89.35.29.15 89.35.29.15	25369 (BANDWIDTH-AS) (BANDWIDTH-AS)
4	142.251.12.95 142.251.12.95	15169 (GOOGLE) (GOOGLE)
1	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.21.93.14 104.21.93.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.4.97 142.250.4.97	15169 (GOOGLE) (GOOGLE)
7	142.250.4.94 142.250.4.94	15169 (GOOGLE) (GOOGLE)
20	172.217.194.155 172.217.194.155	15169 (GOOGLE) (GOOGLE)
3	18.161.20.23 18.161.20.23	16509 (AMAZON-02) (AMAZON-02)
5	74.125.68.138 74.125.68.138	15169 (GOOGLE) (GOOGLE)
1	13.33.30.231 13.33.30.231	16509 (AMAZON-02) (AMAZON-02)
1	172.253.118.155 172.253.118.155	15169 (GOOGLE) (GOOGLE)
1	142.250.4.154 142.250.4.154	15169 (GOOGLE) (GOOGLE)
37	142.251.12.154 142.251.12.154	15169 (GOOGLE) (GOOGLE)
38	172.253.118.132 172.253.118.132	15169 (GOOGLE) (GOOGLE)
1	13.33.88.90 13.33.88.90	16509 (AMAZON-02) (AMAZON-02)
1	172.67.38.106 172.67.38.106	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 13	52.46.130.91 52.46.130.91	16509 (AMAZON-02) (AMAZON-02)
15	74.125.24.132 74.125.24.132	15169 (GOOGLE) (GOOGLE)
4	23.50.117.184 23.50.117.184	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	142.250.4.155 142.250.4.155	15169 (GOOGLE) (GOOGLE)
14 20	74.125.24.156 74.125.24.156	15169 (GOOGLE) (GOOGLE)
9 15	139.5.84.243 139.5.84.243	27381 (CASALE-MEDIA) (CASALE-MEDIA)
8 11	104.254.150.228 104.254.150.228	29990 (ASN-APPNEX) (ASN-APPNEX)
1	182.161.74.19 182.161.74.19	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	182.161.73.148 182.161.73.148	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	34.149.43.113 34.149.43.113	15169 (GOOGLE) (GOOGLE)
3 4	172.217.194.147 172.217.194.147	15169 (GOOGLE) (GOOGLE)
2	172.217.194.95 172.217.194.95	15169 (GOOGLE) (GOOGLE)
23	142.251.10.148 142.251.10.148	15169 (GOOGLE) (GOOGLE)
8	182.161.73.129 182.161.73.129	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1 1	13.33.88.84 13.33.88.84	16509 (AMAZON-02) (AMAZON-02)
2 2	35.213.12.39 35.213.12.39	15169 (GOOGLE) (GOOGLE)
1 1	23.207.36.20 23.207.36.20	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	50.31.142.127 50.31.142.127	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 1	23.207.185.68 23.207.185.68	16625 (AKAMAI-AS) (AKAMAI-AS)
4 9	18.136.159.66 18.136.159.66	16509 (AMAZON-02) (AMAZON-02)
2	23.207.36.196 23.207.36.196	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.11.124.205 23.11.124.205	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	199.187.193.182 199.187.193.182	47043 (SMARTADSE...) (SMARTADSERVER)
1	182.161.73.132 182.161.73.132	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
2	162.19.138.119 162.19.138.119	16276 (OVH) (OVH)
1	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
1	52.76.151.156 52.76.151.156	16509 (AMAZON-02) (AMAZON-02)
7	182.161.73.135 182.161.73.135	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
2	182.161.73.142 182.161.73.142	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
6 10	69.173.158.64 69.173.158.64	26667 (RUBICONPR...) (RUBICONPROJECT)
4 4	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	67.199.150.81 67.199.150.81	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
2	172.217.194.154 172.217.194.154	15169 (GOOGLE) (GOOGLE)
2	216.239.32.3 216.239.32.3	15169 (GOOGLE) (GOOGLE)
1 2	185.84.60.23 185.84.60.23	198622 (ADFORM) (ADFORM)
1 1	103.229.205.243 103.229.205.243	30419 (MEDIAMATH...) (MEDIAMATH-INC)
4	103.231.98.194 103.231.98.194	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 3	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
2 2	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
1 1	34.98.67.3 34.98.67.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	119.9.108.191 119.9.108.191	45187 (RACKSPACE...) (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong)
1	34.126.167.117 34.126.167.117	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	54.254.148.3 54.254.148.3	16509 (AMAZON-02) (AMAZON-02)
1 1	74.125.24.139 74.125.24.139	15169 (GOOGLE) (GOOGLE)
2	74.125.109.135 74.125.109.135	15169 (GOOGLE) (GOOGLE)
1	42.99.140.170 42.99.140.170	4637 (ASN-TELST...) (ASN-TELSTRA-GLOBAL Telstra Global)
1 1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
1	172.253.118.148 172.253.118.148	15169 (GOOGLE) (GOOGLE)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.94.223.37 52.94.223.37	16509 (AMAZON-02) (AMAZON-02)
1	67.199.150.85 67.199.150.85	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1	69.174.120.108 69.174.120.108	() ()
278	58

12 89.35.29.15 (London, United Kingdom)

ASN25369 (BANDWIDTH-AS, GB)
PTR: 15.29.35.89.baremetal.zare.com

pastelink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.12.95 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.21.93.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.adligature.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.4.97 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.4.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 172.217.194.155 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f155.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.161.20.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-161-20-23.bos50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 74.125.68.138 (United States)

ASN15169 (GOOGLE, US)
PTR: sc-in-f138.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.30.231 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-30-231.sin2.r.cloudfront.net

aax-dtb-cf.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.118.155 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f155.1e100.net

adservice.google.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.4.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f154.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 142.251.12.154 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f154.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 172.253.118.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f132.1e100.net

b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.88.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-88-90.sin2.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.38.106 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 52.46.130.91 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 74.125.24.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f132.1e100.net

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.50.117.184 (Jakarta, Indonesia)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-50-117-184.deploy.static.akamaitechnologies.com

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.4.155 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f155.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 74.125.24.156 (United States) 14 redirects

ASN15169 (GOOGLE, US)
PTR: sf-in-f156.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 139.5.84.243 (Canada) 9 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.254.150.228 (Los Angeles, United States) 8 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.74.19 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

rtb.jp2.as.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.148 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

ads.as.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.43.113 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 113.43.149.34.bc.googleusercontent.com

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.194.147 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: si-in-f147.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.194.95 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f95.1e100.net

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 142.251.10.148 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f148.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 182.161.73.129 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.88.84 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-33-88-84.sin2.r.cloudfront.net

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.213.12.39 (Tokyo, Japan) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 39.12.213.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.207.36.20 (Jakarta, Indonesia) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-207-36-20.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.31.142.127 (Itasca, United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.207.185.68 (Jakarta, Indonesia) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-207-185-68.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 18.136.159.66 (Singapore) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-136-159-66.ap-southeast-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.207.36.196 (Jakarta, Indonesia)

ASN16625 (AKAMAI-AS, US)
PTR: a23-207-36-196.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.11.124.205 (Jakarta, Indonesia)

ASN16625 (AKAMAI-AS, US)
PTR: a23-11-124-205.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.187.193.182 (Canada) 1 redirects

ASN47043 (SMARTADSERVER, CA)

ssbsync-us.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.132 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

cat.sg1.as.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.119 (France)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.117 (France)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

lbs.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.76.151.156 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-76-151-156.ap-southeast-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 182.161.73.135 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

pix.as.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 182.161.73.142 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

csm.as.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 69.173.158.64 (Singapore) 6 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 15.197.193.217 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.150.81 (Los Angeles, United States)

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.194.154 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f154.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.32.3 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.84.60.23 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.229.205.243 (Singapore) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 103.231.98.194 (Japan)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.60.146 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.254.65 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com

tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 119.9.108.191 (Hong Kong) 1 redirects

ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.126.167.117 (Singapore)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 117.167.126.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.254.148.3 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-254-148-3.ap-southeast-1.compute.amazonaws.com

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.24.139 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: sf-in-f139.1e100.net

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.109.135 (United States)

ASN15169 (GOOGLE, US)
PTR: syd15s12-in-f7.1e100.net

r2---sn-ntqe6nel.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 42.99.140.170 (Japan)

ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK)
PTR: ip-42-99-140-170.pacnet.net

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.118.148 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f148.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.94.223.37 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.150.85 (Los Angeles, United States)

ASN3257 (GTT-BACKBONE GTT, US)

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.174.120.108 (None, )

ASN- ()

tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
66	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 145 b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 187	569 KB
52	doubleclick.net 14 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 285 googleads.g.doubleclick.net — Cisco Umbrella Rank: 64 cm.g.doubleclick.net — Cisco Umbrella Rank: 321 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 395 bid.g.doubleclick.net — Cisco Umbrella Rank: 956 ad.doubleclick.net — Cisco Umbrella Rank: 214	378 KB
26	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 362 gcdn.2mdn.net — Cisco Umbrella Rank: 1239 r2---sn-ntqe6nel.c.2mdn.net	370 KB
18	amazon-adsystem.com 2 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 394 aax-dtb-cf.amazon-adsystem.com — Cisco Umbrella Rank: 780 s.amazon-adsystem.com — Cisco Umbrella Rank: 396 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 977	59 KB
17	criteo.net static.criteo.net — Cisco Umbrella Rank: 743 pix.as.criteo.net — Cisco Umbrella Rank: 10234 csm.as.criteo.net — Cisco Umbrella Rank: 9735	124 KB
15	casalemedia.com 9 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 843	12 KB
15	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 330	325 KB
13	rubiconproject.com 7 redirects eus.rubiconproject.com — Cisco Umbrella Rank: 832 pixel.rubiconproject.com — Cisco Umbrella Rank: 452 token.rubiconproject.com — Cisco Umbrella Rank: 858 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1711	18 KB
12	pastelink.net pastelink.net — Cisco Umbrella Rank: 68329	220 KB
11	adnxs.com 8 redirects ib.adnxs.com — Cisco Umbrella Rank: 318 secure.adnxs.com — Cisco Umbrella Rank: 670	12 KB
9	sharethrough.com 4 redirects match.sharethrough.com — Cisco Umbrella Rank: 717	3 KB
9	gstatic.com fonts.gstatic.com csi.gstatic.com	94 KB
8	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 741 image6.pubmatic.com — Cisco Umbrella Rank: 996 simage2.pubmatic.com — Cisco Umbrella Rank: 882 image2.pubmatic.com — Cisco Umbrella Rank: 1316 simage4.pubmatic.com — Cisco Umbrella Rank: 1564	25 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 221	226 KB
6	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 666 rtb0.doubleverify.com — Cisco Umbrella Rank: 1080 tps.doubleverify.com	132 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 127 imasdk.googleapis.com — Cisco Umbrella Rank: 477	139 KB
5	google.com 3 redirects adservice.google.com — Cisco Umbrella Rank: 142 www.google.com — Cisco Umbrella Rank: 16	2 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 103	20 KB
4	adsrvr.org 4 redirects match.adsrvr.org — Cisco Umbrella Rank: 456	2 KB
4	adligature.com cdn.adligature.com — Cisco Umbrella Rank: 74387	144 KB
3	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 525	570 B
3	criteo.com rtb.jp2.as.criteo.com — Cisco Umbrella Rank: 13019 ads.as.criteo.com — Cisco Umbrella Rank: 9458 cat.sg1.as.criteo.com — Cisco Umbrella Rank: 10102	48 KB
2	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 723	1 KB
2	semasio.net 1 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1792	1 KB
2	pippio.com 2 redirects pippio.com — Cisco Umbrella Rank: 1122	717 B
2	adform.net 1 redirects c1.adform.net — Cisco Umbrella Rank: 871	967 B
2	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1403 lbs.eu-1-id5-sync.com — Cisco Umbrella Rank: 1874	680 B
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 775	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 411	1 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1457 id5-sync.com — Cisco Umbrella Rank: 522	18 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1879 bcp.crwdcntrl.net — Cisco Umbrella Rank: 1326	10 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 123	148 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 356	6 KB
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 840
1	createjs.com code.createjs.com — Cisco Umbrella Rank: 1929	63 KB
1	simpli.fi um.simpli.fi — Cisco Umbrella Rank: 1282	610 B
1	linksynergy.com 1 redirects tags.rd.linksynergy.com — Cisco Umbrella Rank: 5340	391 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 679	725 B
1	smartadserver.com 1 redirects ssbsync-us.smartadserver.com — Cisco Umbrella Rank: 6147	329 B
1	bluekai.com 1 redirects stags.bluekai.com — Cisco Umbrella Rank: 838	732 B
1	media.net 1 redirects cs.media.net — Cisco Umbrella Rank: 2232	665 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 914	527 B
1	google.co.nz adservice.google.co.nz — Cisco Umbrella Rank: 59899	792 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 943	31 KB
0	ip-api.com Failed pro.ip-api.com Failed
278	45

	Domain	Requested by
32	tpc.googlesyndication.com	pastelink.net securepubads.g.doubleclick.net b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com imasdk.googleapis.com ad.doubleclick.net
28	pagead2.googlesyndication.com	securepubads.g.doubleclick.net b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com pastelink.net ad.doubleclick.net
23	s0.2mdn.net	pastelink.net s0.2mdn.net b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
19	cm.g.doubleclick.net	14 redirects googleads.g.doubleclick.net eus.rubiconproject.com
16	securepubads.g.doubleclick.net	cdn.adligature.com securepubads.g.doubleclick.net pastelink.net b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
15	dsum-sec.casalemedia.com	9 redirects googleads.g.doubleclick.net
15	cdn.ampproject.org	securepubads.g.doubleclick.net
13	s.amazon-adsystem.com	2 redirects c.amazon-adsystem.com s.amazon-adsystem.com match.sharethrough.com ads.pubmatic.com eus.rubiconproject.com
12	pastelink.net	pastelink.net
9	match.sharethrough.com	4 redirects s.amazon-adsystem.com match.sharethrough.com
9	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
9	googleads.g.doubleclick.net	b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com pastelink.net
8	static.criteo.net	ads.as.criteo.com
7	pix.as.criteo.net	ads.as.criteo.com
7	fonts.gstatic.com	fonts.googleapis.com
6	googleads4.g.doubleclick.net	pastelink.net ad.doubleclick.net
6	www.googletagservices.com	b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com cdn.doubleverify.com www.googletagservices.com
6	b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	token.rubiconproject.com	4 redirects eus.rubiconproject.com
5	pixel.rubiconproject.com	2 redirects eus.rubiconproject.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	match.adsrvr.org	4 redirects
4	www.google.com	3 redirects tpc.googlesyndication.com
4	cdn.doubleverify.com	b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com cdn.doubleverify.com pastelink.net
4	cdn.adligature.com	pastelink.net cdn.adligature.com
4	fonts.googleapis.com	pastelink.net securepubads.g.doubleclick.net b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
3	idsync.rlcdn.com	2 redirects ads.pubmatic.com
3	c.amazon-adsystem.com	cdn.adligature.com c.amazon-adsystem.com
2	r2---sn-ntqe6nel.c.2mdn.net
2	pr-bh.ybp.yahoo.com	1 redirects ads.pubmatic.com
2	image2.pubmatic.com	ads.pubmatic.com
2	uipglob.semasio.net	1 redirects ads.pubmatic.com
2	pippio.com	2 redirects
2	simage2.pubmatic.com	ads.pubmatic.com
2	c1.adform.net	1 redirects ads.pubmatic.com
2	csi.gstatic.com	imasdk.googleapis.com
2	secure.adnxs.com	2 redirects
2	csm.as.criteo.net	ads.as.criteo.com
2	eus.rubiconproject.com	s.amazon-adsystem.com eus.rubiconproject.com
2	ads.pubmatic.com	s.amazon-adsystem.com ads.pubmatic.com
2	b1sync.zemanta.com	2 redirects
2	x.bidswitch.net	2 redirects
2	imasdk.googleapis.com	b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
2	www.googletagmanager.com	pastelink.net www.googletagmanager.com
2	cdnjs.cloudflare.com	pastelink.net ads.as.criteo.com
1	tps.doubleverify.com	cdn.doubleverify.com
1	simage4.pubmatic.com	ads.pubmatic.com
1	aax-eu.amazon-adsystem.com	eus.rubiconproject.com
1	px.ads.linkedin.com	eus.rubiconproject.com
1	ad.doubleclick.net	www.googletagservices.com
1	pixel-us-east.rubiconproject.com	1 redirects
1	code.createjs.com	s0.2mdn.net
1	gcdn.2mdn.net	1 redirects
1	um.simpli.fi	ads.pubmatic.com
1	tags.rd.linksynergy.com	1 redirects
1	sync.mathtag.com	1 redirects
1	id5-sync.com	cdn.id5-sync.com
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	image6.pubmatic.com	ads.pubmatic.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	lbs.eu-1-id5-sync.com	cdn.id5-sync.com
1	lb.eu-1-id5-sync.com	cdn.id5-sync.com
1	cat.sg1.as.criteo.com	ads.as.criteo.com
1	ssbsync-us.smartadserver.com	1 redirects
1	stags.bluekai.com	1 redirects
1	cs.media.net	1 redirects
1	s.ad.smaato.net	1 redirects
1	rtb0.doubleverify.com	cdn.doubleverify.com
1	ads.as.criteo.com	b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
1	rtb.jp2.as.criteo.com	pastelink.net
1	cdn.id5-sync.com	pastelink.net
1	tags.crwdcntrl.net	pastelink.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.co.nz	securepubads.g.doubleclick.net
1	aax-dtb-cf.amazon-adsystem.com	c.amazon-adsystem.com
1	code.jquery.com	pastelink.net
0	pro.ip-api.com Failed	cdn.adligature.com
278	77

This site contains links to these domains. Also see Links.

Domain
casino1top.com
www.facebook.com
twitter.com
t.me
api.whatsapp.com
www.reddit.com
www.pinterest.com
www.tumblr.com
www.blogger.com
profitquery.com
www.linkedin.com
share.flipboard.com
social-plugins.line.me
www.meneame.net
diasp.org

Subject Issuer	Validity	Valid
pastelink.net R3	`2022-12-02` - `2023-03-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon	`2022-06-15` - `2023-06-15`	a year	crt.sh
*.google.co.nz GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-21`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-07`	a year	crt.sh
*.jp2.as.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-24` - `2023-03-26`	3 months	crt.sh
*.as.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-20` - `2023-03-18`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-08` - `2023-02-04`	3 months	crt.sh
*.sharethrough.com Amazon	`2022-10-24` - `2023-11-21`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-17` - `2023-04-04`	a year	crt.sh
*.sg1.as.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-19` - `2023-03-21`	3 months	crt.sh
*.eu-1-id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.as.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-12` - `2023-02-10`	3 months	crt.sh
*.id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2022-11-07` - `2023-12-08`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-11-08` - `2023-05-03`	6 months	crt.sh
tls.adobe.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-29` - `2023-05-30`	a year	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2022-07-20` - `2023-07-19`	a year	crt.sh
*.c.docs.google.com GTS CA 1C3	`2022-12-13` - `2023-02-21`	2 months	crt.sh
*.tps.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2022-09-28` - `2023-10-30`	a year	crt.sh

This page contains 33 frames:

Primary Page: https://pastelink.net/6r9a94ti
Frame ID: E13B6323135B8F85D6A8E74E70931A39
Requests: 60 HTTP requests in this frame

Frame: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E9881827A2738A2E4F0C30FD6A712FA9
Requests: 1 HTTP requests in this frame

Frame: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 6AD474E239351A7BEDAC0F1DA2825240
Requests: 22 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t
Frame ID: 438B68DBF652D19FB4BF04368369BF5A
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
Frame ID: DBE39A0FBA43BF9967F4227836657019
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYn4P-vAEwAQ&v=APEucNXwKxbK4sjS6J5r9vI8MyIJWvMLRguLzrypiGMl1C5EjCQf1Za4zWJYMlhd8jpLJc17NZ_zVSD27l8r3bFgsuI955GY0A
Frame ID: BE36DB4FA7495878B0233D40595F82AB
Requests: 5 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
Frame ID: A9C01122E961B1BC025B1CC8124239EC
Requests: 12 HTTP requests in this frame

Frame: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7A88BD19CADF15D534DA46DED47BF697
Requests: 14 HTTP requests in this frame

Frame: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D9AB1AC7938316B8E49B492C19A82602
Requests: 9 HTTP requests in this frame

Frame: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7FC045973C31CE6C866D3A711BECE411
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
Frame ID: 70051EFBF4C03FA322D9326BC98D54C7
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPuq0aYDEMqOxLEDGKjAqtgBMAE&v=APEucNWxX1dv5NFRnTVgCKFpxAxjb7PFYiQzruA9xXzqnWNUD8AFK0OxXhWisunV6rDg_2MX5iP0145c1R5K2cTQ14pZD05-SA
Frame ID: EF15DDF57D49E23A840F26314264A4A9
Requests: 5 HTTP requests in this frame

Frame: https://ads.as.criteo.com/delivery/r/afr.php?z=Y7s-DwAKsAMKaDAUAAliKLrpMqeKi1ptSodIeQ&u=%7CoTJPVoKcUGnJg4gvm%2BHaiDh8QcpxRUlosd0kIabjWPw%3D%7C&c1=2P_wVlUbBFsw5yK-nUdqc6nygJ274zNPTQIufB1xv3LmVsxNlD7xoiJRjE-u8MyoFkwSnvxmwvjn_njP-EuaV3Hzap2ZwjM7StPSTCkJxSARq4sQsPbHe9iB-_yntTvnHZJKCgaewjcTEOTkwpMDpsndJSIGYkZVIOs7MIKAZtqrk34o2z-J0SIJ-sR-Fmzd_hf0das9EDdnS9gkjmSfqlEDQEENGkN6p9A4AMSZrvDF1-5JgFU45N5QOAMXxUDySLhDiaRMwL8GhlIiHLGcLM1BVWJzx0JxnLU7j_rovbBrHGdMgwCjVFS1xo607ud-9fwo0Sf527W9Lh0Bqvts8lCvyAAPgCAK3GnWkp2_KC6905bV920Bt5knvrApnnc3O1mPy1B-GCkbUjqWjwKneeUiiklGBPcL5Xf-5Yd2npbPeZCgdhy17MJaVv_-gDflrcSN5DX0IC9RcnokEkRTb0BG_ssfEjxv7vZGMiFbYVMWj9ET8qgnWTvIJjszMkx2wLYOJY9zveI614XYmNMtRDZg-w0JjWslF2VOktxtmUPIxpWhwgiMh27Iz3kmdCHEXm9ViwHvtDX2wVkjw1pluM9wc8vmBYsaMb28aSNXgC4xlL3X-0gOD0RmNtv1YG1C&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCVOupDz67Y4PgKpTgoAOoxKWYApj80bFcqoTM5IUBwI23ARABIABgq-yxheAYggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTTIAQmpAvG_B6THEqc-4AIAqAMBqgTpAU_QWV-tZEWDylBhWHWMZxEJvbQsF3rOnOHyXCclPqTNdI1X91s76bIqcoXx4vnNVL7ZBfmHc-DWI5vcEObpjKAxxqARb9bZuw9uwVNcFu5YfjuOTWMnEJpCwaZ49hP8lERW6iNzWCUeuZM4x1Mb881eHzBuP5A7kqXOVLmW3DOvpd2o1mlaHw93Eb6E1KcfytqTLmZeqNei9rBK312Az6_pFEEGxKk3cq24T7oRA2KKUYw4LktX3gqGzaoqCYDqQc_jSxbu93sNdhKRGQi2sucFnpGk3wZ7cWbfHEKI83gRHLvLtC4KueV24AQBgAaQqdKQvK-fjRigBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggNCIBhEAEyAooCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1YdgJi8_NkJQZb2064QVmqkgE5Gw%26client%3Dca-pub-1750856239204414%26adurl%3D
Frame ID: 4426E7AD4903E099DDB979FC486A2693
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNaBw4cEEM-GhI4EGOzW19oBMAE&v=APEucNVP9es_fYFnVll7QV-UwQuCqynxfuoz7GxGaerUf7fSdD6p61PK1T042k7pFf7DNrid5808mTuQeuEZEgJtFqcpAyihSQ
Frame ID: C8DF43C22DFE9F294E346328587E8673
Requests: 5 HTTP requests in this frame

Frame: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: FFB0A11D768E2CA27F17C667D1312319
Requests: 17 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 15EB2190473C1145361FB2D7AEC5749F
Requests: 3 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3
Frame ID: DB6E84E2C10FEA8B722DB91FA55ED9CC
Requests: 5 HTTP requests in this frame

Frame: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Frame ID: 3ADC2BB387BF62CBC30D55D358B7E9C4
Requests: 6 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Frame ID: 861557975C9AF635214AF3AD0A73F3AE
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Frame ID: 683BE5832B50B9588DF15839E764D657
Requests: 12 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=9103388006974328131&gdpr=0&gdpr_consent=
Frame ID: A75AD0C5CB61AAE91787C34650FA7B48
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 84D9E030940DEE0D80DF2F9510C88DC4
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D3953B3C9198542E74321FA9A692E31C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4CBDAF161FD9A728980C8198B72F2300
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 539876522471DEF2E1371C4BFAB3FCF6
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
Frame ID: 1D780AA83EFCEE839CE6F1906E42A75E
Requests: 15 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/300x250.html
Frame ID: 223BDD2FE2803F672AB053CCD70E5B25
Requests: 6 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&gdpr=0&gdpr_consent=
Frame ID: BB20702F22AA6B11C05FBD225B43176A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:ca5d63bb-3e13-4400-8f33-f9d8d5b6d8e0&gdpr=0&gdpr_consent=
Frame ID: 96B54F3BB11ABA46022511CC31687BF5
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UID3D3DB3BA-54BE-406E-97F8-5482EBCEBB82
Frame ID: 93533A7387C709EEEEE1829B83CE6D2C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 0F00C124FB455CF4EACB7CBC62202E44
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements3361.js
Frame ID: 6CD7471E345C3EBA870E1E44C837F049
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1B9AA4EE4645B830A93D6538BF3F439B
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Very best Rated Online Casino - Pastelink.net

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

278
Requests

86 %
HTTPS

0 %
IPv6

45
Domains

77
Subdomains

58
IPs

11
Countries

3175 kB
Transfer

8060 kB
Size

65
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://casino1top.com/%EB%89%B4%ED%97%A4%EB%B8%90-%EC%B9%B4%EC%A7%80%EB%85%B8/
Title: https://casino1top.com/뉴헤븐-카지노/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://pastelink.net/6r9a94ti

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=%20https://pastelink.net/6r9a94ti

Search URL Search Domain Scan URL

URL: https://t.me/share/url?url=%20%0Ahttps://pastelink.net/6r9a94ti

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=%20https://pastelink.net/6r9a94ti

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://https://pastelink.net/6r9a94ti&title=%20

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/button/?url=https://pastelink.net/6r9a94ti&description=%20&media=https://pastelink.net/assets/images/pastelink-logo-square.png

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share?v=3&u=https://pastelink.net/6r9a94ti&t=%20&posttype=link

Search URL Search Domain Scan URL

URL: https://www.blogger.com/blog-this.g?u=https://pastelink.net/6r9a94ti&n=%20

Search URL Search Domain Scan URL

URL: https://profitquery.com/add-to/livejournal/?url=https://pastelink.net/6r9a94ti&title=%20

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://pastelink.net/6r9a94ti

Search URL Search Domain Scan URL

URL: https://share.flipboard.com/bookmarklet/popout?v=2&title=%20&url=https://pastelink.net/6r9a94ti

Search URL Search Domain Scan URL

URL: https://social-plugins.line.me/lineit/share?url=https://pastelink.net/6r9a94ti&text=%20

Search URL Search Domain Scan URL

URL: https://www.meneame.net/submit?url=https://pastelink.net/6r9a94ti

Search URL Search Domain Scan URL

URL: https://diasp.org/bookmarklet?url=https://pastelink.net/6r9a94ti&title=%20&jump=doclose

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t

Request Chain 87

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDsjdOEM3Csdp4VcycCe31E&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDsjdOEM3Csdp4VcycCe31E&google_cver=1&C=1

Request Chain 88

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y7s.EWFy-Wpk8GvmZBewPgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&google_hm=2

Request Chain 89

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBr6nJrPyVBxfB2Btuh59VI&google_cver=1

Request Chain 90

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODk0MTY4MzY4MjQ2MjYzMTMxOA%3D%3D

Request Chain 126

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&C=1

Request Chain 127

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y7s.EUNHWFg2urc.nPfKdwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&google_hm=2

Request Chain 128

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEADGX5yhVlySTNbtASpKZhg&google_cver=1

Request Chain 129

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjAxNjgyODAxODc2MDY0NzgzMA%3D%3D

Request Chain 130

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 131

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 132

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&C=1

Request Chain 133

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y7s.EesyhobaCVOdX85l4wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&google_hm=2

Request Chain 134

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEADGX5yhVlySTNbtASpKZhg&google_cver=1

Request Chain 135

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTAyNTY1MDQyODAzNzMzMTAwNw%3D%3D

Request Chain 148

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 155

https://s.ad.smaato.net/c/?adExInit=aps&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsmaato.com%26id%3D%24UID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=dcba1fda

Request Chain 156

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmediagrid.com%26id%3D%24%7BBSW_UUID%7D HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmediagrid.com%26id%3D%24%7BBSW_UUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=mediagrid.com&id=b7fb5578-e99a-4393-a767-4fdfcfc15734

Request Chain 157

https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3162171067444839000V10

Request Chain 158

https://b1sync.zemanta.com/usersync/amazon_tam/?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Doutbrain.com%26id%3D__ZUID__ HTTP 302
https://stags.bluekai.com/site/23178?id=PLNK2A_EPrewxjVLxpj8&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7MV4D233VORRHEYLJNYXGG33NEZSXQY3IMFXGOZJ5MFWWC6TPNZPXIYLNEZUWIPKQJRHEWMSBL5CVA4TFO54GUVSMPBYGUOA HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7MV4D233VORRHEYLJNYXGG33NEZSXQY3IMFXGOZJ5MFWWC6TPNZPXIYLNEZUWIPKQJRHEWMSBL5CVA4TFO54GUVSMPBYGUOA HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=outbrain.com&id=PLNK2A_EPrewxjVLxpj8

Request Chain 162

https://ssbsync-us.smartadserver.com/api/sync?callerId=2 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=9103388006974328131&gdpr=0&gdpr_consent=

Request Chain 193

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1 HTTP 302
https://secure.adnxs.com/getuid?https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=$UID HTTP 302
https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=9025650428037331007

Request Chain 194

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2 HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=18694&gdpr=0&gdpr_consent= HTTP 302
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LCNXB8AW-3-6JKM&gdpr=0

Request Chain 195

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&gdpr=0&gdpr_consent=

Request Chain 196

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4 HTTP 302
https://secure.adnxs.com/getuid?https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=$UID HTTP 302
https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=9025650428037331007

Request Chain 221

https://c1.adform.net/serving/cookie/match?party=14&cid=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&gdpr=0&gdpr_consent=

Request Chain 222

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:ca5d63bb-3e13-4400-8f33-f9d8d5b6d8e0&gdpr=0&gdpr_consent=

Request Chain 224

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PT2zulS-QG6X-FSC6867gg%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 225

https://idsync.rlcdn.com/420486.gif?partner_uid=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDNEM0RCM0JBLTU0QkUtNDA2RS05N0Y4LTU0ODJFQkNFQkI4MhAAGg0Ik_zsnQYSBQjoBxAAQgBKAA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=4b3f33aec57905a27917f4baae87f43aaf02bddbe44d85053520b122a2d0551b791426b5417dce21&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA0YjNmMzNhZWM1NzkwNWEyNzkxN2Y0YmFhZTg3ZjQzYWFmMDJiZGRiZTQ0ZDg1MDUzNTIwYjEyMmEyZDA1NTFiNzkxNDI2YjU0MTdkY2UyMRAAGgwIlPzsnQYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA0YjNmMzNhZWM1NzkwNWEyNzkxN2Y0YmFhZTg3ZjQzYWFmMDJiZGRiZTQ0ZDg1MDUzNTIwYjEyMmEyZDA1NTFiNzkxNDI2YjU0MTdkY2UyMRAAGgwIlPzsnQYSBAgCEABCAEoA&google_gid=CAESELWdzZN6xOcT3tiXQMagfrg&google_cver=1 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
https://idsync.rlcdn.com/458249.gif?partner_uid=48c1c12f-537b-4779-b645-6d844a6fcb23

Request Chain 226

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 227

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=M0QzREIzQkEtNTRCRS00MDZFLTk3RjgtNTQ4MkVCQ0VCQjgy&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 228

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMt88Grq0XGz-7kJoj8g6rM&google_cver=1

Request Chain 231

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&gdpr=0&gdpr_consent=

Request Chain 233

https://gcdn.2mdn.net/videoplayback/id/73d54dbbd50de388/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1704751506/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/133AEDE08F72147E4B4405DDF4DCDF3CA037DF2A.2C4F05C497C36F013AC7881A669BAFAB260E7A91/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-ntqe6nel.c.2mdn.net/videoplayback/id/73d54dbbd50de388/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1704751506/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7CE2F966BE033B8BF803C2DC018F06DBB87F71FC.7D3A85433949778F5FB3AAB55CFC1EC99D536BFF/key/cms1/cms_redirect/yes/mh/VH/mip/116.90.74.208/mm/42/mn/sn-ntqe6nel/ms/onc/mt/1673215033/mv/m/mvi/2/pl/24/file/file.mp4

Request Chain 253

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=LCNXB88W-1G-CH8K HTTP 302
https://s.amazon-adsystem.com/ecm3?id=LCNXB88W-1G-CH8K&ex=d-rubiconproject.com&status=ok

Request Chain 255

https://match.adsrvr.org/track/cmf/rubicon HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&gdpr=0&gdpr_consent=&expires=30

Request Chain 256

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCNXB8AW-3-6JKM

Request Chain 257

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJCbpW7iM4e0xW8tTcB_kxs&google_cver=1

Request Chain 259

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TENOWEI4QVctMy02SktN

Request Chain 260

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/fUCYzB9v-Xk5JtnwBKnoGw?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-e87pO1FE2oJzhukh8EhLmSVWyLyzUB_tIt1lqg--~A

Request Chain 261

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTNkODJhY2ZjMmNlNmFlMTVjODE5ZjkxODZlNWJhOTlkNzE1NjI0Yw

Request Chain 262

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=OCOtTMnDRRGhoAn6f8VNiA&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=OCOtTMnDRRGhoAn6f8VNiA

278 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 6r9a94ti Show response
pastelink.net/ 28 KB
8 KB 1230ms
438ms Document
text/html 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

856954362bd0bea0e8310993ae441bda1fbf2e1a1a26c48ca61f53eb0067f98d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 08 Jan 2023 22:04:57 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: SAMEORIGIN

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 825ms
275ms Stylesheet
text/css 142.251.12.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f95.1e100.net

Software

ESF /

Resource Hash

ebfd96030683611d9ed054682f1ddf8b9098bc7d10105602b338605b0ae82a9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 08 Jan 2023 22:04:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 08 Jan 2023 22:04:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 08 Jan 2023 22:04:58 GMT

GET
H2 200 styles.css
pastelink.net/assets/css/ 121 KB
121 KB 395ms
394ms Stylesheet
text/css 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/css/styles.css?q=35

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

db2363029b4f54378ff6662b39bc15138122f515494fc54048fd89a70485fe55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/6r9a94ti
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 06 Jan 2023 14:09:07 GMT
server: nginx
etag: "63b82b83-1e279"
content-type: text/css
accept-ranges: bytes
content-length: 123513

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
31 KB 845ms
280ms Script
application/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/6r9a94ti
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:58 GMT
content-encoding: gzip
x-sp-metadata: HS256.CJqY7Z0GEogBCiRlYjU3ODUzZS1hMWJhLTQzN2UtODFiNy0zZGFhZWNjOTU3YzIQ+OiCoKvU+wIaBgiK/OydBiINMTE2LjkwLjc0LjIwOCj8igIwAzgEQhZUTFNfQUVTXzEyOF9HQ01fU0hBMjU2WiAzZTliMjA2MTAwOThiNmM5YmZmOTUzODU2ZTU4MDE2YRosCAESJDlmOGI3YjVhLTgzYTctNGRiNC1iN2M0LTczOTExMjM1MjkxZhib8QEiGAgCEhRjZHMyNjcubGEzLmh3Y2RuLm5ldA==.360rua6nSWbIK+nW4IlPsgPX3gQNmycZ5jwzzQNwxiE=
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
server: nginx
etag: W/"620cd6ff-15d9d"
vary: Accept-Encoding
x-hw: 1673215498.dop214.la3.t,1673215498.cds238.la3.hn,1673215498.cds267.la3.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 script.min.js Show response
pastelink.net/assets/js/ 41 KB
41 KB 394ms
394ms Script
application/javascript 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/js/script.min.js?q=35

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

190d542d8e593c755fd16e67ca62583e183957829dfb69cc2e00c7bf67df237d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/6r9a94ti
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 17 Nov 2022 12:00:15 GMT
server: nginx
etag: "6376224f-a225"
content-type: application/javascript
accept-ranges: bytes
content-length: 41509

GET
H2 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/ 2 KB
1 KB 440ms
148ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/js.cookie.min.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 7610428
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 772
last-modified: Mon, 04 May 2020 16:11:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec5-6d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fRI%2FL9yw7xJJNd39hSkqowUVA4TDhvUGP%2FU3yZw1C3rPYQ7k1aMRuIvdeaxRNkhdEarQ50QPoT3hdlLJOl27lpB4%2FUkHuYyviTqzJyJyOWD2AuR0WrkI98uBr26syji8GEbZREEz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78683b603fcda949-SYD
expires: Fri, 29 Dec 2023 22:04:58 GMT

GET
H2 200 rules.js Show response
cdn.adligature.com/pl/prod/ 18 KB
5 KB 439ms
150ms Script
application/javascript 104.21.93.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/rules.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/6r9a94ti
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.93.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95b79ad7efde1e0051f941e69fa5dfbc0e6fbb86fc6dc40f9dc534a56f394371

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 450
cf-polished: origSize=30189
x-guploader-uploadid: ADPycduJTkcWj-mucqwxDwlnhF-4B5pem2rR8buSSrcfho5M6PlV2hdWabAffNM4pYFHnNt288vt1q7tTSeP9-6NrWgCyQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 11 Nov 2022 14:54:18 GMT
server: cloudflare
etag: W/"c1add06674d8ee3c323c3b5f066404f6"
vary: Accept-Encoding
x-goog-generation: 1668178458192164
content-type: application/javascript
x-goog-hash: crc32c=6DZcRA==, md5=wa3QZnTY7jwyPDtfBmQE9g==
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OggLd7qxI6I3FqSlKG%2BbWzd9l7PkrM2XMT6RblYgYB2WqiKDNJB5AnWz1O9f9EYymQs8xu7I6UAefoEXDBYUK1wI7054JKc6Jhz%2F4P28RTqyhNIvYiXFyWv%2FX6ZTWo9Fi0wC5M8%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 30189
cf-ray: 78683b603db755b7-SYD
expires: Sun, 08 Jan 2023 22:07:28 GMT

GET
H2 200 css2
fonts.googleapis.com/ 393 B
362 B 825ms
277ms Stylesheet
text/css 142.251.12.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Fugaz+One:wght@400&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f95.1e100.net

Software

ESF /

Resource Hash

8648414c773d07c2dc681d458991cde2fe6162c53cd8c164a65b954909be78b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 08 Jan 2023 22:04:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 08 Jan 2023 22:04:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 08 Jan 2023 22:04:58 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 195 KB
70 KB 836ms
284ms Script
application/javascript 142.250.4.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

517b4e0dfad476698b947f9f05afdf0bd61e053590a6ac4145214e777a64910f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71038
x-xss-protection: 0
last-modified: Sun, 08 Jan 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 08 Jan 2023 22:04:59 GMT

GET
H2 200 advally-5.0.0.js Show response
cdn.adligature.com/rules.js/ 104 KB
28 KB 154ms
153ms Script
application/javascript 104.21.93.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/rules.js/advally-5.0.0.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.93.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a29a65e75a48d9c432611eb70d0377c8610f1874474b65df01aa72fed0235e3

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1896
cf-polished: origSize=171037
x-guploader-uploadid: ADPycdvhNX5etAHPnJL4AE4KK4MAiqqgSa6t_ICOcGFZlG_nb3lYYHbMQDsUfbNHntXqSA9vnAOvGYx1yxuk6X46_dZPPA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 07 Nov 2022 13:53:08 GMT
server: cloudflare
etag: W/"7b1394d4b04bfcbf82f0d4de7ba5a58d"
vary: Accept-Encoding
x-goog-generation: 1667829188108909
content-type: application/javascript
x-goog-hash: crc32c=/7AOYQ==, md5=exOU1LBL/L+C8NTee6WljQ==
cache-control: public, max-age=7200, s-maxage=7200, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jaxaPsAP42rEi6AO6MU%2BhlaXKGaZ7Xz%2Bt2jw89ut4TeY5cG55rUUrmIaI%2Bsd%2FYuCyiPGIxW%2Ba07k1hLo4e7nUzpsWo3e3gnVx71P8LN%2F4cYgp4TSTnQjFpaJW2Dvmjz%2FKB7PqQQ%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 171037
cf-ray: 78683b65e91555b7-SYD
expires: Sun, 08 Jan 2023 23:33:23 GMT

GET
H2 200 rules.css
cdn.adligature.com/pl/prod/ 148 B
641 B 152ms
151ms Stylesheet
application/javascript 104.21.93.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/rules.css
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.93.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd8e217991e65be206db184ca55d6673115a4579c6673739203181999150547b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 450
cf-polished: origSize=294
x-guploader-uploadid: ADPycduCwKAVckGFAscW1QFf32Yh5nT-zKBlEwe23BUIWg9y3rfiVpiJx4jC-Z2plKig1zX3bH3kXZE2svDyKOz2OCPLQw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 11 Nov 2022 14:54:17 GMT
server: cloudflare
etag: W/"53b5e5bc4c7d7cf111b728f22d660fdd"
vary: Accept-Encoding
x-goog-generation: 1668178456885584
content-type: application/javascript
x-goog-hash: crc32c=F8i4jg==, md5=U7XlvEx9fPERtyjyLWYP3Q==
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2aYNHnRTm3xrtWl%2FgYTDQa%2B%2FmD0Hq87FfdeLVibgDv2I8EMPfh2aQO2YW9aL8B0fNxqwD9mYkRz3nSBqjfKyNazo596JYfX2lvtvqWSyPjGrMqgTZjUCAmTPGaF7%2FFfsLhtrwYE%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 294
cf-ray: 78683b65e91355b7-SYD
expires: Sun, 08 Jan 2023 22:03:17 GMT

GET
H2 200 debut_light.png
pastelink.net/assets/images/ 4 KB
4 KB 394ms
393ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/debut_light.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-10c8"
content-type: image/png
accept-ranges: bytes
content-length: 4296

GET
H2 200 pastelink-logo.svg
pastelink.net/assets/images/logo/ 3 KB
3 KB 394ms
394ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-d3d"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3389

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 arrow-down-blue.svg
pastelink.net/assets/images/ 239 B
409 B 393ms
392ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/arrow-down-blue.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-ef"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 239

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 821ms
273ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 19:53:26 GMT
x-content-type-options: nosniff
age: 94293
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jan 2024 19:53:26 GMT

GET
H2 200 moon.svg
pastelink.net/assets/images/ 2 KB
2 KB 396ms
395ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/moon.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-62e"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 1582

GET
H2 200 public-black.svg
pastelink.net/assets/images/ 578 B
749 B 395ms
395ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/public-black.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-242"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 578

GET
H2 200 social-spritesheet.png
pastelink.net/assets/images/ 28 KB
28 KB 394ms
394ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/social-spritesheet.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:04:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-70de"
content-type: image/png
accept-ranges: bytes
content-length: 28894

GET
H2 200 logo-bg-90-tl.svg
pastelink.net/assets/images/ 2 KB
2 KB 397ms
396ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-bg-90-tl.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-933"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2355

GET
H2 200 pastelink-logo-contrast.svg
pastelink.net/assets/images/logo/ 4 KB
4 KB 394ms
394ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo-contrast.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

3a73b36061944ebbb33696553917d393280f796e212afcd09057b441c1168606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-e31"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3633

GET
H2 200 logo-symbol-non-white-bg.svg
pastelink.net/assets/images/ 4 KB
5 KB 395ms
394ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-symbol-non-white-bg.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-11c0"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 4544

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 890ms
350ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 02:36:03 GMT
x-content-type-options: nosniff
age: 156536
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jan 2024 02:36:03 GMT

GET
H2 200 rax_HiWKp9EAITukFsl8Axhf.woff2
fonts.gstatic.com/s/fugazone/v15/ 11 KB
11 KB 840ms
301ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/fugazone/v15/rax_HiWKp9EAITukFsl8Axhf.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Fugaz+One:wght@400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

79e8fb1228cec14f8ec640bfe4a41d30f1ef0f5ed919ae81b8018e54e0296a63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:57:24 GMT
x-content-type-options: nosniff
age: 72455
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11032
x-xss-protection: 0
last-modified: Thu, 21 Apr 2022 17:05:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 01:57:24 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 1103ms
565ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 09:31:45 GMT
x-content-type-options: nosniff
age: 304394
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jan 2024 09:31:45 GMT

GET /
pro.ip-api.com/json/ 0
0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
28 KB 828ms
278ms Script
text/javascript 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-5.0.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

sffe /

Resource Hash

4c9c76da195e2877482a8713859aa95dcf9021f19a521f77d4d5ca60fb91806f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27578
x-xss-protection: 0
server: sffe
etag: "1446 / 981 of 1000 / last-modified: 1673046307"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 08 Jan 2023 22:05:00 GMT

GET
H3 200 prebid.js Show response
cdn.adligature.com/pl/prod/ 350 KB
111 KB 164ms
164ms Script
application/javascript 104.21.93.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/prebid.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-5.0.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.93.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c5bdcb449fb1bfe6c2b49f5dfc6f627c599d795d41bc72cf194b55c619b2f13

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:00 GMT
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=359160
x-guploader-uploadid: ADPycducdmy-H1qwSdfJ1qoldp3doBAOO7i2DsWdgG66WK4KfRYmFPVa6bBQwPO8-Atsf3bHE4MiTzdhwA7nC1LJ8WVs9Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 11 Nov 2022 14:54:15 GMT
server: cloudflare
etag: W/"f97facbb0a8715dfd020c1c728e23c44"
vary: Accept-Encoding
x-goog-generation: 1668178455689352
content-type: application/javascript
x-goog-hash: crc32c=Dp8FQA==, md5=+X+suwqHFd/QIMHHKOI8RA==
cache-control: public, max-age=900, s-maxage=300, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtcagcGQm%2B%2BNRDYohpBfq4%2BnJojjYY%2BvmAoFdx%2BZWm7dZKDTbFZ6Ad%2FMDSTRB%2FFDIzNzlkNAgeuND2zgzzM85n8%2FpqLQaM%2FfzSI4EgVIunsU2aD0FQY55bshwSUgmulWO3HcNTw%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 359160
cf-ray: 78683b6d5b06a947-SYD
expires: Sun, 08 Jan 2023 22:06:33 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 178 KB
45 KB 1102ms
407ms Script
application/javascript 18.161.20.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-5.0.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.161.20.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-161-20-23.bos50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2db364591994c4fb2da18489bf8d4547fac6f633bcea1169e7c68519b47109ff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 21:12:04 GMT
content-encoding: gzip
via: 1.1 6aa8d2883437a2897f326bfc58beed3c.cloudfront.net (CloudFront), 1.1 979fe35fa8f7710002d17fc89319d25c.cloudfront.net (CloudFront)
last-modified: Thu, 22 Dec 2022 18:13:53 GMT
server: AmazonS3
x-amz-cf-pop: IAD89-P2, BOS50-P1
age: 3178
x-amz-server-side-encryption: AES256
etag: W/"b2496fcafcf1daf6223aefe99a0cf048"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: GVo-qmkzwzQO7d1LkXaAqN3F2X7LseAa25oVzHORlAXtE545sMzv4g==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 819ms
272ms Script
text/javascript 74.125.68.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.68.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f138.1e100.net

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 08 Jan 2023 20:30:14 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 5687
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Sun, 08 Jan 2023 22:30:14 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
78 KB 577ms
276ms Script
application/javascript 142.250.4.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

53b58020ab13c091badbe70a0106d146675a1e34aa897fbc4d151f938bd519d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79676
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 08 Jan 2023 22:05:00 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
160 B 573ms
272ms Ping
text/plain 74.125.68.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oe120&_p=1727843758&cid=1989426833.1673215501&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1673215501&sct=1&seg=0&dl=https%3A%2F%2Fpastelink.net%2F6r9a94ti&dt=Very%20best%20Rated%20Online%20Casino%20-%20Pastelink.net&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.125.68.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sc-in-f138.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:01 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2022120801.js Show response
securepubads.g.doubleclick.net/gpt/ 382 KB
129 KB 575ms
274ms Script
text/javascript 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

sffe /

Resource Hash

dcc5f41d1dc04a19dccb2061dc9572cb46c1c19dd89cb5d910752020fa87e791

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 05:51:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 144804
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132306
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 09:38:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 07 Jan 2024 05:51:37 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 73 B
84 B 822ms
275ms XHR
application/json 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

c64cda3c1c7c935b57b27894caec3b370b98d70011c8e5ea2f31691be13c8fe7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60
x-xss-protection: 0
expires: Sun, 08 Jan 2023 22:05:02 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
91 B 574ms
273ms XHR
text/plain 74.125.68.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1727843758&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F6r9a94ti&ul=en-us&de=UTF-8&dt=Very%20best%20Rated%20Online%20Casino%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1818458356&gjid=2054479102&cid=1989426833.1673215501&tid=UA-55088947-2&_gid=2032848358.1673215501&_r=1&gtm=2wg12055WHPWQ&z=1762235363

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.68.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f138.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 1025ms
341ms XHR
application/javascript 18.161.20.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.161.20.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-161-20-23.bos50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 1R3b4YI9dI20q9Y7Gq1DHxVUnq3Fp2gn
content-encoding: gzip
via: 1.1 96d22907f8f90aa9429d7864113e68ae.cloudfront.net (CloudFront)
date: Sun, 08 Jan 2023 01:12:23 GMT
x-amz-cf-pop: BOS50-P1
age: 75160
x-cache: Hit from cloudfront
last-modified: Fri, 23 Dec 2022 01:05:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: skVc1a09DCz7ZEZEDvc3uPl5CjHzHfgwEyWmD2N6tOvB_E9sRLWB6A==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 274ms
273ms XHR
text/plain 74.125.68.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&aip=1&a=1727843758&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F6r9a94ti&ul=en-us&de=UTF-8&dt=Very%20best%20Rated%20Online%20Casino%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABAAAAACAAI~&jid=1638104462&gjid=1355656273&cid=1989426833.1673215501&tid=UA-197326395-9&_gid=2032848358.1673215501&_r=1&_slc=1&z=1539601568

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f138.1e100.net

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 1 KB
1 KB 361ms
360ms XHR
application/json 18.161.20.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fpastelink.net&pubid=7e29cf92-dbd2-479a-865a-9cb3658a40f8
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.161.20.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-161-20-23.bos50.r.cloudfront.net
Software: Server /
Resource Hash: 59b0485c1fec4f53ce71bbf2805f19215f6651cc406e6ff66548444594eebc7b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:02 GMT
via: 1.1 979fe35fa8f7710002d17fc89319d25c.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: BOS50-P1
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1071
x-amz-cf-id: c3ZxqYFeJ9ryp2kyk36POJvRG5cLL87oquOG0GcTtibeBeuxOtQ7Jg==

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa68e17fb13028f96c0d5b38fcf7006182894eb694625f9dedf5824d5066a5f0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 168 B
501 B 750ms
258ms XHR
text/javascript 13.33.30.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpastelink.net%2F6r9a94ti&pid=qFxr2zJ3GGa5I&cb=0&ws=1600x1200&v=22.1213.2134&t=1500&slots=%5B%7B%22sd%22%3A%22advally-adhesion-slot%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FBottom_adhesion_banner%22%7D%2C%7B%22sd%22%3A%22Top_leaderboard%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FTop_leaderboard%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-1%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-2%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-3%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-4%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-5%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22Sidebar_MPU%22%2C%22s%22%3A%5B%22160x600%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FSidebar_MPU%22%7D%5D&schain=1.0%2C1!advally.com%2CP58S175%2C1%2C%2C%2C&pubid=7e29cf92-dbd2-479a-865a-9cb3658a40f8&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A2000%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.30.231 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-30-231.sin2.r.cloudfront.net
Software: Server /
Resource Hash: 178996f91fcc30fcab68d58ab30fdfd3820198e3f6bd9764a71e9c5259cb7f92

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:02 GMT
via: 1.1 75d57b6f1d28b9be49fef8fc0aa4a23c.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: SIN2-P1
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://pastelink.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 168
x-amz-cf-id: 9PhUqaq9vQLJFiX0dzYFt83BGvUGqV3xpX4eISwe1-Dt47WGAFPYKQ==

GET
H2 200 integrator.js Show response
adservice.google.co.nz/adsid/ 107 B
792 B 827ms
275ms Script
application/javascript 172.253.118.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.nz/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f155.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 821ms
274ms Script
application/javascript 142.250.4.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
11 KB 475ms
474ms XHR
text/plain 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1331020994226617&correlator=3583740118908037&eid=31071150%2C31071434%2C44769661&output=ldjh&gdfp_req=1&vrg=2022120801&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CBottom_adhesion_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=1&adks=759513158&sfv=1-0-40&prev_scp=rand_key%3D89&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673215502579&lmt=1673215502&dlt=1673215497909&idt=4580&adxs=436&adys=1105&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2F6r9a94ti&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=516&ohw=1600&ga_vid=1989426833.1673215501&ga_sid=1673215503&ga_hid=1727843758&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

31fd1c15fe0ef080c4827fed24825e229e65268f2617e26a087d3435b3fcdcbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11035
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 49 KB
11 KB 1062ms
1061ms XHR
text/plain 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1331020994226617&correlator=3583740118908037&eid=31071150%2C31071434%2C44769661&output=ldjh&gdfp_req=1&vrg=2022120801&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CTop_leaderboard&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x250&fluid=height&ifi=2&adks=2603746535&sfv=1-0-40&prev_scp=rand_key%3D89&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673215502585&lmt=1673215502&dlt=1673215497909&idt=4580&adxs=310&adys=314&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2F6r9a94ti&frm=20&vis=1&psz=705x153&msz=705x0&fws=4&ohw=1600&ga_vid=1989426833.1673215501&ga_sid=1673215503&ga_hid=1727843758&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

80c03a3e8832d3508d9c9720cb3d39afee4ab76c56110268e65c6df636ffe417

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11600
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 1396ms
1395ms XHR
text/plain 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1331020994226617&correlator=3583740118908037&eid=31071150%2C31071434%2C44769661&output=ldjh&gdfp_req=1&vrg=2022120801&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=3&adks=3770940712&sfv=1-0-40&prev_scp=rand_key%3D89&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673215502588&lmt=1673215502&dlt=1673215497909&idt=4580&adxs=513&adys=724&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2F6r9a94ti&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=1989426833.1673215501&ga_sid=1673215503&ga_hid=1727843758&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

9cf15e528571be00f84f9b280a799b073a03215453e5e3d93b1c44b2f9a89f66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10094
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 48 KB
11 KB 825ms
824ms XHR
text/plain 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1331020994226617&correlator=3583740118908037&eid=31071150%2C31071434%2C44769661&output=ldjh&gdfp_req=1&vrg=2022120801&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=4&adks=3575723800&sfv=1-0-40&prev_scp=rand_key%3D89&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673215502590&lmt=1673215502&dlt=1673215497909&idt=4580&adxs=513&adys=1406&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2F6r9a94ti&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=1989426833.1673215501&ga_sid=1673215503&ga_hid=1727843758&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

b7be6eebfa3a8c5630cb98044910615dc16af310a572cf9bdcdcac55a6f999aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11284
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
8 KB 1558ms
1557ms XHR
text/plain 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1331020994226617&correlator=3583740118908037&eid=31071150%2C31071434%2C44769661&output=ldjh&gdfp_req=1&vrg=2022120801&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=5&adks=375354995&sfv=1-0-40&prev_scp=rand_key%3D89&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673215502592&lmt=1673215502&dlt=1673215497909&idt=4580&adxs=513&adys=2136&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2F6r9a94ti&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=1989426833.1673215501&ga_sid=1673215503&ga_hid=1727843758&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

8b54c4743838c668f636b725048a8c49e938e39e5dba0010736a4c61d2d2b1f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8252
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 60 KB
13 KB 1778ms
1777ms XHR
text/plain 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1331020994226617&correlator=3583740118908037&eid=31071150%2C31071434%2C44769661&output=ldjh&gdfp_req=1&vrg=2022120801&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=6&adks=3771912056&sfv=1-0-40&prev_scp=rand_key%3D89&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673215502593&lmt=1673215502&dlt=1673215497909&idt=4580&adxs=513&adys=2818&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2F6r9a94ti&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=1989426833.1673215501&ga_sid=1673215503&ga_hid=1727843758&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

852b1efb7e420c2ac3d2b080f2e33a4880f4ce0dcf707089c0cf78708e62c1ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12945
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 75 KB
23 KB 2022ms
2021ms XHR
text/plain 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1331020994226617&correlator=3583740118908037&eid=31071150%2C31071434%2C44769661&output=ldjh&gdfp_req=1&vrg=2022120801&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=7&adks=3537739154&sfv=1-0-40&prev_scp=rand_key%3D89&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673215502595&lmt=1673215502&dlt=1673215497909&idt=4580&adxs=513&adys=3548&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=4&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2F6r9a94ti&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=1989426833.1673215501&ga_sid=1673215503&ga_hid=1727843758&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

71d2dc37259f80bcc0c49d3bff57ede25c7faafd6bd9afbd83d727e29cc54751

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23652
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
8 KB 1259ms
1258ms XHR
text/plain 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1331020994226617&correlator=3583740118908037&eid=31071150%2C31071434%2C44769661&output=ldjh&gdfp_req=1&vrg=2022120801&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CSidebar_MPU&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600&ifi=8&adks=3854452215&sfv=1-0-40&prev_scp=rand_key%3D89&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673215502597&lmt=1673215502&dlt=1673215497909&idt=4580&adxs=1071&adys=521&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2F6r9a94ti&frm=20&vis=1&psz=168x607&msz=160x-1&fws=4&ohw=1600&ga_vid=1989426833.1673215501&ga_sid=1673215503&ga_hid=1727843758&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

4fa438ed643d0f285efbfadc7141af8a164830fd00d32492dd8fd58cbbb98eea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7977
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
13 KB 827ms
280ms XHR
application/json 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

f4cd8266dad1068d1561a698d2d82141de54b92c57a0342c8e0e8bc40e12a228

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12456
x-xss-protection: 0

GET
H2 200 container.html Show response
b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E988 6 KB
3 KB 822ms
273ms Document
text/html 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 22:05:03 GMT
expires: Mon, 08 Jan 2024 22:05:03 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16576/ 32 KB
10 KB 741ms
262ms Script
text/javascript 13.33.88.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/6r9a94ti
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.88.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-88-90.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b9bc9c5d136e5e10a89c8902b5c6540cd738265af675ed3e3984e28c0c14f02

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 20:15:11 GMT
content-encoding: gzip
via: 1.1 b238fef36fc101d581d2aebbbc69d9a6.cloudfront.net (CloudFront)
last-modified: Thu, 05 Jan 2023 20:07:47 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P2
age: 6595
x-amz-server-side-encryption: AES256
etag: W/"322a4a4dadec5839e9040f77edf9282d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age: 86400
x-amz-cf-id: J79307mRBwfe7J-BoIUeDmGKBtx-TmwilU7nif5RFow79DoTdIPiQw==

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 57 KB
17 KB 441ms
150ms Script
text/javascript 172.67.38.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.38.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39fae3dc476aaaa594e2c963401633dd5d02eccb3c175eda03912cfe0f91c92e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:05 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
server: cloudflare
x-amz-request-id: CD58YD2EN90NG0QK
age: 1106
etag: W/"9ee82d693d1e83b3a37ee20226716f78"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 78683b8c89a6a973-SYD
x-amz-id-2: K9aI2PqGOPN6UOVDm8H0a8lsmxQepU2j2RuPKp5Sg9oKpKLPS25SnmMagqIye+f9ZBOSxDQAjCE=

GET
H2 200 container.html Show response
b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6AD4 6 KB
3 KB 288ms
275ms Document
text/html 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 22:05:03 GMT
expires: Mon, 08 Jan 2024 22:05:03 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

iu3 Show response
s.amazon-adsystem.com/ Frame 438B
Redirect Chain

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t

338 B
1 KB

368ms
368ms

Document
text/html

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

bf293c6ec64062426d963624d5727bf3ef92eb7c478399918c502635c0c69726

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 338
Content-Type: text/html;charset=ISO-8859-1
Date: Sun, 08 Jan 2023 22:05:04 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 0D154KNXSJKJSWK9EEK3

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Sun, 08 Jan 2023 22:05:04 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 27W12YRN9ZJRP1PZBKNG

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame DBE3 221 KB
61 KB 826ms
273ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 07 Jan 2023 11:08:49 GMT
age: 125775
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 07 Jan 2024 11:08:49 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame DBE3 14 KB
5 KB 273ms
272ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 08 Jan 2023 17:19:31 GMT
age: 17134
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 08 Jan 2024 17:19:31 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame DBE3 94 KB
28 KB 317ms
316ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 07 Jan 2023 22:13:41 GMT
age: 85884
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 07 Jan 2024 22:13:41 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame DBE3 5 KB
2 KB 310ms
309ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 08 Jan 2023 02:17:25 GMT
age: 71260
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 08 Jan 2024 02:17:25 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame DBE3 40 KB
13 KB 273ms
273ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 06 Jan 2023 20:42:02 GMT
age: 177783
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 06 Jan 2024 20:42:02 GMT

GET
DATA 200
OK truncated
/ Frame DBE3 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3db30ecf1da1177ab8c973328d82f8c90ea3919bb046739ccbf70d1e07408f8d

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 12567430394631731807
tpc.googlesyndication.com/simgad/ Frame DBE3 94 KB
94 KB 294ms
292ms Image
image/gif 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12567430394631731807

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

87863146a10bce78c0d5c0acca57de5bb147c4dcb008d2cd49f3a849dfd9ad4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:03 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96068
x-xss-protection: 0
last-modified: Sun, 25 Dec 2022 17:33:20 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 08 Jan 2024 22:05:03 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/abg/ Frame DBE3 3 KB
3 KB 277ms
275ms Image
image/png 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/en.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:19:54 GMT
x-content-type-options: nosniff
server: cafe
age: 38709
etag: 15880770647744369592
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2982
x-xss-protection: 0
expires: Mon, 09 Jan 2023 11:19:54 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame DBE3 344 B
570 B 275ms
272ms Image
image/png 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 15:28:35 GMT
x-content-type-options: nosniff
server: cafe
age: 23788
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Mon, 09 Jan 2023 15:28:35 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DBE3 0
0 283ms
283ms Image
text/html 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cc24ZDj67Y7rnN4W61AbEh7fwBZHj06Bu3o6MrYgR29keEAEgiYvEUGCr7LGF4BigAdzFhJUDyAED4AIAqAMByAMIqgSbAk_QWubRaHezLuEh2pdnsULQKSjq0jiB7hTKDqOj25fHEhXHMRRIeApIDXA-sHCYlSkpAai8mu782h-k6nMhm5xe32Xg4wcX5jYhxZSFqSmovEW_zz1ssIcInyiu_PTTlIdGSl02234EB0nF40jcIv5P8gQ3-CGbTSlfc4k_pq7CelaoOHvlzSsGO7PqlEFuE8BYN5zAXYlw5nK38GtjMsRd-XZpBvpyLbDFNIZ5EFQi1NfcnNUOTQMVeReDMdYUaHIvG0-txXvZYOdYT8_LSg6kn3I7tkVxKMrr8GL8FfWlif5egU-RjFKorW91D6mq8n70vTM1Jd1Rp2A0G4N8p_Fl5kUwDr8fzZ4wpmsnBmhIUfA37RnVvUPCQSjABOyshrKhBOAEAZIFBAgEGAGSBQQIBRgEoAYDgAeMuvtqqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ2c4B0ggPCIBhEAEYHTICigI6AoBAgAoByAsB2BMN0BUBmBYBgBcBshceChwIABIUcHViLTE3NTA4NTYyMzkyMDQ0MTQY-t58&sigh=dFXC2Tbw2tQ&uach_m=[UACH]&cid=CAQSTADq26N95MrJTDcyp_X431iwyjjOF7k8fiYwqj-Y8GUsTyG44WmscSoD2S9ZYnhmcxgK38BCfOqd8c37eocZAD9cYCshBzfyO7LLgisYASAT
Requested by: Host: pastelink.net
URL: https://pastelink.net/6r9a94ti
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.194.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: si-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 277ms
274ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 22:05:05 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BE36 624 B
917 B 825ms
276ms Document
text/html 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYn4P-vAEwAQ&v=APEucNXwKxbK4sjS6J5r9vI8MyIJWvMLRguLzrypiGMl1C5EjCQf1Za4zWJYMlhd8jpLJc17NZ_zVSD27l8r3bFgsuI955GY0A

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 22:05:04 GMT
expires: Sun, 08 Jan 2023 22:05:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6AD4 15 KB
12 KB 846ms
297ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dmwi1FWXPwhPQIclDxiBLid93F112FqP3h1hSFI9nPzLrwfWCEcLrsP6V_DRURYrkDO9bSyklW4SdxI9058OtbrZLQhqwvpwR_13btAmbq3okbnWKDPcwEzvnqMC7QYUEaOvijKxgOwrXVZzWQAIiFElY3YJ2NXUOQ91yT6vklpl26ekU&cry=1&dbm_d=AKAmf-ByJgOa7_QTD3rUuEusrhASHSrQC2TCY8wOi3Vr28DuyA1pB9Q60v58GhQ7F5F9K9SoiFw0ktK3grB7wRVuZnKEUIQyR5kWTZJZ9UZJNTpLxmgGv-MIGhgbFCx-0WyAicZJ52bJQoEo9xIs3tJFUArwhUKRhs1as5GSPRZjPD6sU8LmqOug8_zP3doBk8MeV9qLHDMGs6p_JC2Bi42p97a0vieiNEvjg7Q2n0myiNQjhMurCmc_5DfUYDZ1CHgmFRqap91KlN_JkH74C-6z0Z8UbuRnuZTEtxC1sdS611zML_jqYm5A8Qjmf-iZglwmVNu_Py_4dNogk3lmsEhESO8raCP6XJC3rNZ4plliWOfmx1NL9vKG-lnqoWR5BrdGhpeoKKx-hgzODN2Lp5mxX2jCI4yMGP5utHxXScsHLAeBary-uqocwn5ouvaDHWlmeA1_6zeO5z3x6ua7Q8XaGYc--UFVei1NiC6ChF3aINsr1XSi7ENHyUMM6LsBp-lbYGZJ4TnBpVYFrkiU7CTycfcLAAWr7wDuGpE8ddfzPCOwnIgVlg7281W3MHb4RlS_igsrepubIhLBNinGKXBnLMwTbXz_skK7wK3k09LzF27rQpx89CQ1jON1eME60GcjzklmmF1JqgPYBcdoihIa9WA2IH6c3SZvDHLWtc3qwPmmXb1iMXY8RP6JW39KVrDLD1MwxnPnP2QSnJjOZXXnBlm6OVsfFClToGTvln37fnTTgdFxEXBgexWsIWwjH-UbEK1Qys-syERNxI4LXzb1zEh3s-5xHyMWYDBEFo_z_WxBOnRWNRyl-_k5UiV8mnYhXp-BELrgbMzSJS00Ns99tvZGsPUc2pn7nGoea7Smt8fz7nDwMAhIVoCcbtTbqxc9kSkPY1ao7mtHzsJnnVTDRlTPZDDGkRLf5USt29AZZvxjAx8t4LVYXHyEw7cJY8hFKZNM6eNYZ12lglc7QXhaDj3ELCY2mTMGrz50xuoMYV3DZPZBqeO-MDHcwS89iY-ULVlrrMeAwfBgP41e-clLh6CucNcI_8wnGbdw7T9D9fkkarBTiIdOr3vnNGT2WJnpRChO64qlWkEFwRvIWKVreT3IqPJRI7SkQuyDat5oiNUqXs4TZfpIFuK3IJMI0QWGEv8Vl50CWCZz4dCBquzseWweWJT5lBhBUpJOPSgdE27EuPJj5PcgCwUk2rnS0pC4Uak5u4UjzdWfFUMo3km0I-c8UI9ld01xEtMoYuBVzhFx8RaSAy_NSbubEzDBvtEEYkoPEiLi1vEbW_iqnQv5p7nqDFvPzeKhbpruBrfjJaKE9HSm9YUrJHwB-xrK9UnvftIV3-X7FZWmtAFA1TtjgxWRWqWeygfkAEUgKxIk5HcajiDGQacUg7Sqzu0TS4EveTKQZa_sho_ViKP49ot6dvqvnTtdiM6zs1Dlwzy6dIo-__PD-Jd6-XVunmBWuVpEdcbbLe4M1hQs5GtqfQPPavurIlOaeQwq2grv5LuErTVJ1hezVPtHVvJps2ydKCpkuKEd3uU6fm87CLdrLKeYN8cfIoETvdO7aP4xKsqbiT-J2fR4G7XercouPN1e1-BkRNCVkGvYPWG0TMMRSFdw2zh5fkS5u3pV33V-9BWhMgyZtBNvAqft-LeWC2BvYz3fHJu-Xf-Jdz9IVA9CIK0poK0hwvhmUY_WO2N06zcgRA2hzqVJymSwL5pOR-tvJ-3Eu4pR8j8P3YP20zmk_XHK21WnIxQg9DSqOWB_MSIaYKAHkMvrVY85w6mC5PF6zWt3A28pEfsiT-0w0mbmD-puan3fm5UeiB4txKfiSJak17LXlbmVGC1cOERZDJ_K1P4XX-kc_pRuF3rigLPVJ5oWQfcyEiQQLeADe9mGnw-DZV50aXsbavnpfx0LEC3A4bNXm0dh-S1176pbKhD5ahqhN9MiG3vZWeqdCNE-6I17GGRerXfwW6n1CK8sXsnhfxTlpVgI9yNQce5cvHVo8E6VGLSvy17iFMHLPtLOOllNp5c0ojN-fRPR_UVcJoxKjmhL836GdolMrPHqI4YHbNhvGHGERzD4SadePSKp8Cf_soSTUHuGxpky1FvQEm2qtzzM424rASZ3Hr2jVrfk_ykCTqQ85HbRwUOqtTMVaKca45o03OlG3ViM6U7MKu4bX8shHuPj7kyrw7hDy6hC6ujhT6Xq-BbBbwnv3te3XBnQ0XzsqDBz1ZyRNIrO2z2YOtF9eLBcsvm-Eu5h6djG2JZHL-2TWy5JEYvAjG0HpkugpLZQje_d5_E8lPfpCDsrHzfONG86dja_9h4ecZfclVtXTwvzvaoJ9zsXH6lOKM5BBnr8aZzVysCgBT2jMO7JxAsxw0vgDqTbRpoNzzITCw7x9T_x9BmIcr-sNALHvBAl1f5bc0Cmk37lyhlN4yyVOFly2Snm7nElpEWmgKB-ARE8HM0ksSqa-3lCZmqaEKF6VwPs2CVCFZeVgBPu9p5wey3OidARFKGxtz_AvilJI61W41H43XbZuN64UEoRZ_lN3ziGOEDy5NJVsZ0V_-ZjK_1LVzg1-XAuwWgDtNsxpQZh7XoFJ51hru0Yge5SLDWIEuW8DJor2J-QY6h86mCHUwM6Iy9dn6eBNGejYqA3YWmXQTcIM_HLLbibGonK5N7OSsz7RD1bkRdwnPCeelyNkG5yf0bZ8glkcILIKM0N3KIegxxIgUvNlOQ6IGnYSUWgLgntIibfP6ZzceYJW1yDYo2pFMubawSDXMpFgjKvRsgqtDPBoPblxxy3EihAZHvDc9pwU4knapyl5LVYSwLm-6Pavo6uXr9i8nIXdTOowKYrhIAQ6ZhYvWdz6Nm5wZQ0OVpDYwZm2LUaMXFmhpJIEgZpg7YHN3pIWZeG8e6A3h1doTAkAI6_5yA4Lfc-di-d3pTotUf1v9LaSG13dS73n7a-iy496Or5tjf9sz9NC1Uo4-5E54_QHWRVYJtQM8K-1e7AMcveBw7BJS0eogM_U6Dh2tmprKWlozUrzidi3GEdaqSVAJFqGH6dVjo_XTVepAqYvytP2J0h9iPTf8PDeDLKNGbuQgLxyEpwCPbZWmHDw2ZN-75F5uM4BzFWHBHevun0Lqd0yfiezvS_0g3bJ9gKxzlpXhx-nQo4VDeG53ZMsPh9QwU7cGiCl7ngGcND9MWj6qLpDS8ss3RV3s4AjvXGjTvR7tEobbbcaUv-LOMTxoNZrnaRH5ZCK2i1_854claGBQOz7n-43dRHbBqzkQZ2r43brVF4mBDlPdAvpdfXreMYXHKE5eXx-JFEYR1c7f7_l4m-R6mccI2EcU3FtBt1cLTau3LAD5p1Nq-m19vPH6UsPioGjTOcwK-mM4QPv0vImda42kaMKFXnaoK4vnInKDuOyRXQ5a3ea4NgtOu1_Ydu5rxOZLEjpy04HcQhEwG9LxUI6QMKzdbwfM4dpn2o9Kpu8TOX&cid=CAQSTADq26N9LlKiNeFiWDNfxv046xO9waOYjgXzlmq2HjXWpRy5pXetEZJDlTjAYsBtXo8sXgdxkgIoD-DSiKYpk3_9JJRbC2kkfxo0KVEYASAT&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

036ed3cc77be485b205c12d12c3b972e6fc10259373007cd8fff7ebd9af14490

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11521
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6AD4 42 B
63 B 821ms
275ms Image
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B5ji3lokatvpcS18dlt8_oRHJhY4xDAw8_ae7YCxugqMKTsEgQu7IOiCrDuZ3smh-UcOL0lQ1GGWbdFfVDHcnuvBDr41OziMXQJNgko-woH1bPrnA

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 6AD4 2 KB
1 KB 778ms
254ms Script
application/javascript 23.50.117.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115843&plc=4214585&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hqSLBtCZN36-LxJ2M17Rl2&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=14587568821&DVP_DBM_4=396329375&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/6r9a94ti&DVP_PP_BUNDLE_ID=
Requested by: Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.50.117.184 Jakarta, Indonesia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-50-117-184.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: d8b1280df015b12fd4ea4138faad855238e57f1819a6d2b854d0fd9879532805

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 22:05:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 20 Dec 2022 11:37:28 GMT
Server: Microsoft-IIS/10.0
ETag: "f3ae98706714d91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1170

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 6AD4 8 KB
4 KB 782ms
257ms Script
application/javascript 23.50.117.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hqSLBtCZN36-LxJ2M17Rl2&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=14587568821&DVP_DBM_4=396329375&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/6r9a94ti&DVP_PP_BUNDLE_ID=
Requested by: Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.50.117.184 Jakarta, Indonesia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-50-117-184.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 1ee7683924cda35b36fcb20030ff8a126d20f8797dde8b4420ab4472cdd2f928

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 22:05:04 GMT
Content-Encoding: gzip
Last-Modified: Thu, 05 Jan 2023 12:36:40 GMT
Server: Microsoft-IIS/10.0
ETag: "03cec5b221d91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3314

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 6AD4 3 KB
1 KB 273ms
273ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/window_focus_fy2021.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 17:22:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16938
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 17:22:46 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 6AD4 18 KB
8 KB 811ms
810ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

727e6a1f4a634d6298af8636fd331912b036b6f7783c771d2e06baeb82e2341e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 21:25:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2352
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7527
x-xss-protection: 0
server: cafe
etag: 8658061406568722807
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 21:25:51 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6AD4 156 KB
48 KB 821ms
273ms Script
text/javascript 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 22:05:04 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame A9C0 221 KB
60 KB 860ms
591ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 07 Jan 2023 11:08:49 GMT
age: 125775
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 07 Jan 2024 11:08:49 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame A9C0 14 KB
5 KB 272ms
272ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 08 Jan 2023 17:19:31 GMT
age: 17134
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 08 Jan 2024 17:19:31 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame A9C0 94 KB
28 KB 273ms
272ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 07 Jan 2023 22:13:41 GMT
age: 85884
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 07 Jan 2024 22:13:41 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame A9C0 5 KB
2 KB 273ms
272ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 08 Jan 2023 02:17:25 GMT
age: 71261
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 08 Jan 2024 02:17:25 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame A9C0 40 KB
13 KB 274ms
273ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 06 Jan 2023 20:42:02 GMT
age: 177784
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 06 Jan 2024 20:42:02 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/abg/ Frame A9C0 3 KB
3 KB 577ms
276ms Image
image/png 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:19:54 GMT
x-content-type-options: nosniff
server: cafe
age: 38710
etag: 15880770647744369592
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2982
x-xss-protection: 0
expires: Mon, 09 Jan 2023 11:19:54 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame A9C0 344 B
407 B 584ms
283ms Image
image/png 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 15:28:35 GMT
x-content-type-options: nosniff
server: cafe
age: 23789
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Mon, 09 Jan 2023 15:28:35 GMT

GET
DATA 200
OK truncated
/ Frame A9C0 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bbda6c308938984ee98147ad8dc2ecdb5ad7efc3739afb595d4f44000e6b7462

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 12862583482329930892
tpc.googlesyndication.com/simgad/ Frame A9C0 126 KB
126 KB 595ms
294ms Image
image/gif 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12862583482329930892

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

29e7d6851d1add0eefff9233a93de6f21054953551959e00bcc671a32e043aa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:04 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 129329
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 05:10:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 08 Jan 2024 22:05:04 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A9C0 0
0 281ms
281ms Image
text/html 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CM3BoDz67Y6KEEIXqoQOqhK_gCo2696Jujt7xorcP3evav80BEAEghpukkAFgq-yxheAYoAG6lIftAcgBA6kCxceDRK1LpT7gAgCoAwHIAwiqBIQCT9AYG7e287ZPLIU0FHrmUB8a3ZDMZdCNZe3KTBFTPJlOJoa5h0KNsWMLcqPwzEpCq6IvYpfN7_BFA_NvX5nNBZ_iJ0piAKL5MnnEGON4bVs6koCQcnyJBbwnGexbGrhx9sILeoOVqyPzHsrmEOtuQS-NmDQHntq8wp8KKLWSdLoBuMUmp9AxgTARB796iFnbYNXFP_mMs7I3ZBo0GwcFA1D3xkqx7rLB_g_OdnTTv2PiCUMa-m3qZqfstvOnnE6hbaBiY1rJnrtaU7shR42z7LvsXxMsOtsqKVsMyQUzzgVp53zHo_EnB7Mtj5vXmz5aL7129AVZzLpExvIx61EeU4ZLAa_ABNvNp_7iA-AEAZIFBAgEGAGSBQQIBRgEoAYDgAeu6_iSAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEKLeBdIIDwiAYRABGB0yAooCOgKAQIAKA8gLAdgTAtAVAYAXAbIXHgocCAASFHB1Yi05NjAyNTE5NTAyNjE4MjYyGPrefA&sigh=TVI0K1KkaUA&uach_m=[UACH]&cid=CAQSSwDq26N9II-NlLYWrkmEHHkmnKk-cDrMA62MGzjZdm1FElJ9YeTyRtK2KxDDjq-Zy1KcZZZ_4mvAWEY-I7AlwP8O2bvJoRUU06vk3hgBIBM
Requested by: Host: pastelink.net
URL: https://pastelink.net/6r9a94ti
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.194.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: si-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html Show response
b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7A88 6 KB
3 KB 709ms
408ms Document
text/html 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 22:05:03 GMT
expires: Mon, 08 Jan 2024 22:05:03 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D9AB 6 KB
3 KB 573ms
272ms Document
text/html 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 22:05:03 GMT
expires: Mon, 08 Jan 2024 22:05:03 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7FC0 6 KB
3 KB 530ms
278ms Document
text/html 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 22:05:03 GMT
expires: Mon, 08 Jan 2024 22:05:03 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BE36
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDsjdOEM3Csdp4VcycCe31E&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDsjdOEM3Csdp4VcycCe31E&google_cver=1&C=1

43 B
766 B

338ms
337ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDsjdOEM3Csdp4VcycCe31E&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYn4P-vAEwAQ&v=APEucNXwKxbK4sjS6J5r9vI8MyIJWvMLRguLzrypiGMl1C5EjCQf1Za4zWJYMlhd8jpLJc17NZ_zVSD27l8r3bFgsuI955GY0A
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:05 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEDsjdOEM3Csdp4VcycCe31E&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BE36
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y7s.EWFy-Wpk8GvmZBewPgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&google_hm=2

43 B
894 B

337ms
337ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYn4P-vAEwAQ&v=APEucNXwKxbK4sjS6J5r9vI8MyIJWvMLRguLzrypiGMl1C5EjCQf1Za4zWJYMlhd8jpLJc17NZ_zVSD27l8r3bFgsuI955GY0A
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame BE36
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBr6nJrPyVBxfB2Btuh59VI&google_cver=1

43 B
1 KB

546ms
274ms

Image
image/gif

104.254.150.228
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBr6nJrPyVBxfB2Btuh59VI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYn4P-vAEwAQ&v=APEucNXwKxbK4sjS6J5r9vI8MyIJWvMLRguLzrypiGMl1C5EjCQf1Za4zWJYMlhd8jpLJc17NZ_zVSD27l8r3bFgsuI955GY0A

Protocol

HTTP/1.1

Server

104.254.150.228 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:05 GMT
AN-X-Request-Uuid: ad2f8086-08bd-4e65-b7fd-ddad0b9bf3fb
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 116.90.74.208; 116.90.74.208; 907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBr6nJrPyVBxfB2Btuh59VI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame BE36
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODk0MTY4MzY4MjQ2MjYzMTMxOA%3D%3D

170 B
243 B

576ms
276ms

Image
image/png

74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODk0MTY4MzY4MjQ2MjYzMTMxOA%3D%3D

Requested by

Protocol

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 08 Jan 2023 22:05:05 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 116.90.74.208; 116.90.74.208; 907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a148bc45-e9bb-4327-9e0a-4bfc8e7aa27b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODk0MTY4MzY4MjQ2MjYzMTMxOA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6AD4 41 KB
15 KB 273ms
273ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dmwi1FWXPwhPQIclDxiBLid93F112FqP3h1hSFI9nPzLrwfWCEcLrsP6V_DRURYrkDO9bSyklW4SdxI9058OtbrZLQhqwvpwR_13btAmbq3okbnWKDPcwEzvnqMC7QYUEaOvijKxgOwrXVZzWQAIiFElY3YJ2NXUOQ91yT6vklpl26ekU&cry=1&dbm_d=AKAmf-ByJgOa7_QTD3rUuEusrhASHSrQC2TCY8wOi3Vr28DuyA1pB9Q60v58GhQ7F5F9K9SoiFw0ktK3grB7wRVuZnKEUIQyR5kWTZJZ9UZJNTpLxmgGv-MIGhgbFCx-0WyAicZJ52bJQoEo9xIs3tJFUArwhUKRhs1as5GSPRZjPD6sU8LmqOug8_zP3doBk8MeV9qLHDMGs6p_JC2Bi42p97a0vieiNEvjg7Q2n0myiNQjhMurCmc_5DfUYDZ1CHgmFRqap91KlN_JkH74C-6z0Z8UbuRnuZTEtxC1sdS611zML_jqYm5A8Qjmf-iZglwmVNu_Py_4dNogk3lmsEhESO8raCP6XJC3rNZ4plliWOfmx1NL9vKG-lnqoWR5BrdGhpeoKKx-hgzODN2Lp5mxX2jCI4yMGP5utHxXScsHLAeBary-uqocwn5ouvaDHWlmeA1_6zeO5z3x6ua7Q8XaGYc--UFVei1NiC6ChF3aINsr1XSi7ENHyUMM6LsBp-lbYGZJ4TnBpVYFrkiU7CTycfcLAAWr7wDuGpE8ddfzPCOwnIgVlg7281W3MHb4RlS_igsrepubIhLBNinGKXBnLMwTbXz_skK7wK3k09LzF27rQpx89CQ1jON1eME60GcjzklmmF1JqgPYBcdoihIa9WA2IH6c3SZvDHLWtc3qwPmmXb1iMXY8RP6JW39KVrDLD1MwxnPnP2QSnJjOZXXnBlm6OVsfFClToGTvln37fnTTgdFxEXBgexWsIWwjH-UbEK1Qys-syERNxI4LXzb1zEh3s-5xHyMWYDBEFo_z_WxBOnRWNRyl-_k5UiV8mnYhXp-BELrgbMzSJS00Ns99tvZGsPUc2pn7nGoea7Smt8fz7nDwMAhIVoCcbtTbqxc9kSkPY1ao7mtHzsJnnVTDRlTPZDDGkRLf5USt29AZZvxjAx8t4LVYXHyEw7cJY8hFKZNM6eNYZ12lglc7QXhaDj3ELCY2mTMGrz50xuoMYV3DZPZBqeO-MDHcwS89iY-ULVlrrMeAwfBgP41e-clLh6CucNcI_8wnGbdw7T9D9fkkarBTiIdOr3vnNGT2WJnpRChO64qlWkEFwRvIWKVreT3IqPJRI7SkQuyDat5oiNUqXs4TZfpIFuK3IJMI0QWGEv8Vl50CWCZz4dCBquzseWweWJT5lBhBUpJOPSgdE27EuPJj5PcgCwUk2rnS0pC4Uak5u4UjzdWfFUMo3km0I-c8UI9ld01xEtMoYuBVzhFx8RaSAy_NSbubEzDBvtEEYkoPEiLi1vEbW_iqnQv5p7nqDFvPzeKhbpruBrfjJaKE9HSm9YUrJHwB-xrK9UnvftIV3-X7FZWmtAFA1TtjgxWRWqWeygfkAEUgKxIk5HcajiDGQacUg7Sqzu0TS4EveTKQZa_sho_ViKP49ot6dvqvnTtdiM6zs1Dlwzy6dIo-__PD-Jd6-XVunmBWuVpEdcbbLe4M1hQs5GtqfQPPavurIlOaeQwq2grv5LuErTVJ1hezVPtHVvJps2ydKCpkuKEd3uU6fm87CLdrLKeYN8cfIoETvdO7aP4xKsqbiT-J2fR4G7XercouPN1e1-BkRNCVkGvYPWG0TMMRSFdw2zh5fkS5u3pV33V-9BWhMgyZtBNvAqft-LeWC2BvYz3fHJu-Xf-Jdz9IVA9CIK0poK0hwvhmUY_WO2N06zcgRA2hzqVJymSwL5pOR-tvJ-3Eu4pR8j8P3YP20zmk_XHK21WnIxQg9DSqOWB_MSIaYKAHkMvrVY85w6mC5PF6zWt3A28pEfsiT-0w0mbmD-puan3fm5UeiB4txKfiSJak17LXlbmVGC1cOERZDJ_K1P4XX-kc_pRuF3rigLPVJ5oWQfcyEiQQLeADe9mGnw-DZV50aXsbavnpfx0LEC3A4bNXm0dh-S1176pbKhD5ahqhN9MiG3vZWeqdCNE-6I17GGRerXfwW6n1CK8sXsnhfxTlpVgI9yNQce5cvHVo8E6VGLSvy17iFMHLPtLOOllNp5c0ojN-fRPR_UVcJoxKjmhL836GdolMrPHqI4YHbNhvGHGERzD4SadePSKp8Cf_soSTUHuGxpky1FvQEm2qtzzM424rASZ3Hr2jVrfk_ykCTqQ85HbRwUOqtTMVaKca45o03OlG3ViM6U7MKu4bX8shHuPj7kyrw7hDy6hC6ujhT6Xq-BbBbwnv3te3XBnQ0XzsqDBz1ZyRNIrO2z2YOtF9eLBcsvm-Eu5h6djG2JZHL-2TWy5JEYvAjG0HpkugpLZQje_d5_E8lPfpCDsrHzfONG86dja_9h4ecZfclVtXTwvzvaoJ9zsXH6lOKM5BBnr8aZzVysCgBT2jMO7JxAsxw0vgDqTbRpoNzzITCw7x9T_x9BmIcr-sNALHvBAl1f5bc0Cmk37lyhlN4yyVOFly2Snm7nElpEWmgKB-ARE8HM0ksSqa-3lCZmqaEKF6VwPs2CVCFZeVgBPu9p5wey3OidARFKGxtz_AvilJI61W41H43XbZuN64UEoRZ_lN3ziGOEDy5NJVsZ0V_-ZjK_1LVzg1-XAuwWgDtNsxpQZh7XoFJ51hru0Yge5SLDWIEuW8DJor2J-QY6h86mCHUwM6Iy9dn6eBNGejYqA3YWmXQTcIM_HLLbibGonK5N7OSsz7RD1bkRdwnPCeelyNkG5yf0bZ8glkcILIKM0N3KIegxxIgUvNlOQ6IGnYSUWgLgntIibfP6ZzceYJW1yDYo2pFMubawSDXMpFgjKvRsgqtDPBoPblxxy3EihAZHvDc9pwU4knapyl5LVYSwLm-6Pavo6uXr9i8nIXdTOowKYrhIAQ6ZhYvWdz6Nm5wZQ0OVpDYwZm2LUaMXFmhpJIEgZpg7YHN3pIWZeG8e6A3h1doTAkAI6_5yA4Lfc-di-d3pTotUf1v9LaSG13dS73n7a-iy496Or5tjf9sz9NC1Uo4-5E54_QHWRVYJtQM8K-1e7AMcveBw7BJS0eogM_U6Dh2tmprKWlozUrzidi3GEdaqSVAJFqGH6dVjo_XTVepAqYvytP2J0h9iPTf8PDeDLKNGbuQgLxyEpwCPbZWmHDw2ZN-75F5uM4BzFWHBHevun0Lqd0yfiezvS_0g3bJ9gKxzlpXhx-nQo4VDeG53ZMsPh9QwU7cGiCl7ngGcND9MWj6qLpDS8ss3RV3s4AjvXGjTvR7tEobbbcaUv-LOMTxoNZrnaRH5ZCK2i1_854claGBQOz7n-43dRHbBqzkQZ2r43brVF4mBDlPdAvpdfXreMYXHKE5eXx-JFEYR1c7f7_l4m-R6mccI2EcU3FtBt1cLTau3LAD5p1Nq-m19vPH6UsPioGjTOcwK-mM4QPv0vImda42kaMKFXnaoK4vnInKDuOyRXQ5a3ea4NgtOu1_Ydu5rxOZLEjpy04HcQhEwG9LxUI6QMKzdbwfM4dpn2o9Kpu8TOX&cid=CAQSTADq26N9LlKiNeFiWDNfxv046xO9waOYjgXzlmq2HjXWpRy5pXetEZJDlTjAYsBtXo8sXgdxkgIoD-DSiKYpk3_9JJRbC2kkfxo0KVEYASAT&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56233
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 06:27:51 GMT

GET
H/1.1 200
OK dvbs_src_internal115.js Show response
cdn.doubleverify.com/ Frame 6AD4 59 KB
19 KB 277ms
277ms Script
application/javascript 23.50.117.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal115.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115843&plc=4214585&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hqSLBtCZN36-LxJ2M17Rl2&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=14587568821&DVP_DBM_4=396329375&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/6r9a94ti&DVP_PP_BUNDLE_ID=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.50.117.184 Jakarta, Indonesia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-50-117-184.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 4804c2aedacd4aeaa883f9ee68a46db16fca0019e321d2991ccc16531d57f7aa

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 22:05:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 20 Dec 2022 11:38:02 GMT
Server: Microsoft-IIS/10.0
ETag: "096c846714d91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19510

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame 7005 221 KB
60 KB 576ms
271ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 07 Jan 2023 11:08:49 GMT
age: 125775
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 07 Jan 2024 11:08:49 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 7005 14 KB
5 KB 272ms
272ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 08 Jan 2023 17:19:31 GMT
age: 17135
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 08 Jan 2024 17:19:31 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 7005 94 KB
28 KB 287ms
287ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 07 Jan 2023 22:13:41 GMT
age: 85885
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 07 Jan 2024 22:13:41 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 7005 5 KB
2 KB 330ms
329ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 08 Jan 2023 02:17:25 GMT
age: 71261
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 08 Jan 2024 02:17:25 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 7005 40 KB
13 KB 333ms
333ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 06 Jan 2023 20:42:02 GMT
age: 177784
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 06 Jan 2024 20:42:02 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7005 8 KB
990 B 579ms
274ms Stylesheet
text/css 142.251.12.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f95.1e100.net

Software

ESF /

Resource Hash

74017d97a0876e72ef09a14ea0b3ad49a744811c726e7b05e305d4a6e3e07612

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 08 Jan 2023 22:05:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 08 Jan 2023 20:48:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 08 Jan 2023 22:05:04 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 7005 3 KB
3 KB 283ms
283ms Image
image/png 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:19:54 GMT
x-content-type-options: nosniff
server: cafe
age: 38710
etag: 15880770647744369592
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2982
x-xss-protection: 0
expires: Mon, 09 Jan 2023 11:19:54 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 7005 344 B
368 B 282ms
282ms Image
image/png 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 15:28:35 GMT
x-content-type-options: nosniff
server: cafe
age: 23789
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Mon, 09 Jan 2023 15:28:35 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7005 0
0 283ms
283ms Image
text/html 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Ca65LDz67Y5DnPNGR1AaNrZ6YAdDkvIduvbGyqpoQsJAfEAEgiYvEUGCr7LGF4BigAcjblusoyAEBqQLFx4NErUulPuACAKgDAaoEpAJP0Bzm5R5wNfYN2Jtb4NYwr0J02Cn6gzNQuR5TwP2IB8LuJ0MI813MF2kQVi3c5Mzv-xqDzC1i3-B-iGx8Bux68v-WxdVnUHE-VOxi-DZD7BtRhsjZqGKoq2vrR2F5_GpUvHeIdGhsaSAlf01FoKE5LCHVhkXMeTGTnemzffvcmUAX6ZsGu_P-n6QvV8uRHdmqBFM2EVfcrgYk7u1Y1EZBZ3xG9oGSPGyKuaibfYtJNrh759UNy1m2GIXvtvwVKIW55irOir4w-anJdj9UT8BHdwhjm1pbOW7OH4ddCQWitONQC6BLmJjTiLKoj-R2H5It0drQng5tQzLqfhlzZPvJmtYqehIqRHffQL4TrQ_RcKKfh38Y3DlKBKb-hgA-KxOnOyQXwATG2-KPlwTgBAGSBQQIBBgBkgUECAUYBIAHyJPnygOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDb4QLSCA8IgGEQARgdMgKKAjoCgECACgHICwHYEw2IFAXQFQGAFwGyFx4KHAgAEhRwdWItMTc1MDg1NjIzOTIwNDQxNBj63nw&sigh=X952vjFLl7w&uach_m=[UACH]&cid=CAQSSwDq26N9Dwxy39BIZS6trfy0gkjNOMepnfnAY6umxWIABzBfjp3jEV6_fig-AGLrmD7g4AhcsbVKlbSuCHb8fj1hmlc-2zGCiNWbXxgBIBM&template_id=5020
Requested by: Host: pastelink.net
URL: https://pastelink.net/6r9a94ti
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.194.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: si-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 7005 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 7005 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ac5c38d4203f642a1bb83eef1dfaf555ff589797336565c735fc63aa5e0ff178

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EF15 624 B
245 B 278ms
276ms Document
text/html 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPuq0aYDEMqOxLEDGKjAqtgBMAE&v=APEucNWxX1dv5NFRnTVgCKFpxAxjb7PFYiQzruA9xXzqnWNUD8AFK0OxXhWisunV6rDg_2MX5iP0145c1R5K2cTQ14pZD05-SA

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 22:05:04 GMT
expires: Sun, 08 Jan 2023 22:05:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7A88 81 KB
34 KB 301ms
297ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dd6CWTHY-OS1CtJlH9ReQ69qmYcRmtP6ptneINN2TmE2S5wfXk1KMCTtnU5LtipNoL-ZKzmUlFDMYxzpyqYo-QZgZleQ&cry=1&dbm_d=AKAmf-C1nt9s8qlVf56vYhnyoRKMmBUPyh7yx3jIlZq25RBn4rJeoqkVNhe4p6XYzulG9W4z6FoQfacZKpNVZx7-hRnxjwpe7tsP6zkAt20M19lYHRgrv4DUqLbMnzQUHm6etauRKKEWBZHJ5a_HMUeqMFdiYJFvmPTiWTQH6Gs6E7sBKkkfHTDodo3_nJvaX8IPvUTp18F7F85aQWmCXNwKdRTT2tKzgrMcmUV0Hsiop1gNGmQbsmUtMoL5xWK3Dmm1lxNcWSh1sJIOofnU4wrfcg-LLcFbsQdI2TQu5R0PcROiElrL-dPfXXn40qBc0AaQvhlgrZNhNVCIF7RwMlZA8c9KeceemmtDfuTni2Q2hkpDSKxAC9itnrgcNAyKOn5iuZLd3mK3ud2NGeenJNjm0zmCK8MQWT9eUQGIN2mLEtWprktfD2RrqvSHixtwHhQrd8Hke_yj44FrN6xrg2pzG3sKHycSgNmWoOf3TjlpPA6-zoKsTUcH1Ph3pUAF0pYGDdRzpM-mGx2BCD5kgLFVWHlehdGmU3H_I71Mn8nbwwankL6pOvM80HElnrsx_3EYIQlU6b6_oRbjU2WDod66NxvkgXfmp9EDiZy5i8oqYUT3qekR7XcxaLBh0ln7ve5Idc6sYvivEJ2dJtiq1Rl0YWbbOP3NIWk3wgvqX1HspZL62WHOT45b9TltlMwBKZ6e3N_dfS5uah2wALsMM0hyp9_afea-squSoFn3FIuHHPEkP7KW2csodOYs8Mx1DuFh3Xgp9KZ-h3SxPnbOoYhpP2nek_ZWKALtLX1VS_HyJu1TcwTMoAHzwY0b96A4VKgrojqXV_fKzzeHhw9TLipgzruoKj3ZSeFGF5QQmaMpHib1d07iJb3YRgQz0JNePrMR-8qzkE8XUZdiLwu6chMM4saTb7t7dK-7ecNgdja-erFFw_9ssWXPIaGhLWNEzFLi5oO1SGAn1M7mYRkYis8upfYxNfGSM1qS6j-gXwTPTkvktAro1oI5l0obSi3U-dZf4UEDlHNJuOQpFId91eCd1XgvNjP_nezGTiBqPhjIPo7NDALBygmdbYf-iUB0obhEiJkTlO6UBBjm04ulqFpWDTrNYQuR6lbXD9WkaAcNmnc90l8acSRVeW4yvguTwxqMZjMAGt4XjzfyuhfEwgUF-dwMHxZGMtG37bIiflqu2fkK3UVYJ0hPeqVpC21rrjJAnUEdwsD3XeIYMi8HGL0yZRy8vncnwotq0xZJIczbdFh1nqijolZ8Tpy7q1Od1tf7VdirwqWfJUpT3F6l44WZqTxXQSLihjpWX0mAOCKl_ESoq950zHYloRZaVaLNPfriQQ0nr93MB9NFlAHSI_gZku9Lwh_g2xUWwk_CIcnGMM04wy9lz0SwIXCtefreuZbar7FUdxLth4pdTwW2XdEXJUnpCrj-T9JwkeYQTAVa2y6Scw_xK4nUipEK7xpGQedbhEae2F1dBmW5wVQSKwxWurCxOBxMLdt7u0LRFC0VrXS9_zJ3HKqZzd3NUfWjll3wYcmt0bqrTyJXu9EaAsq1CB9-6pQXWa6v5opNIXJ0StIV3pAJ042gZAaPY2kwN00YEk116yw5L9H_qIPMLLmxYgfD3XE36B7uFt2HCQSKem0pt1CP1j4IWlg5u5I-QIRW_W3xNZ0b9LKZ_T6IzFfHEFJqhZvZXI-qJulu3mxDxCdevzXlgjgMFcUnQ1YTnEVNzbhGbovhdo0_P5m1nR2duY-Vyp7-2uZMOWpxqm106lfRWUGbxhJeeBNqT-2f1hXZulQHpLGC43mR7AIvu8nQjXRYueRfSinwQYuYUpufORPd2xbJclVY5rA_hWuq-1FPLsVGmrGv-Srt6mlrlI6hWsxrH4GgUxcI32Cs9Qz7oJv1skmTdjAnUPNybGBxA54tZ-ZJqA2-srwZqvEYMu3ho3RX_9qbmnaTHe3W92Utq6jxnjso7kDBqMn-DGoLaincak9G6O4MvjAWXZW7fYDSP6OW4BofFmCQnh9SeHqeema9OHhOe6Ff5WzGpErGmdE3QPzNynBH4pZvimIfaHPoG5l_mUmLAqta8v52BEG1xfdF8ZXaDxEowmiWZiFy6k9Fsj1hVKqEhoo1jFFiNnbp9AGgxC9OtVwg5u1ob1b8BIn6SrD6-u2rbpf5FFzwITzoxz-alvfzB-HxsC4O7QRHzLZgqAq2QhSuJDrkaFOYH377J1vdFSQUkIEj59EB56p8gNx_5TjftCE8JSadX3URBwmapJWW-tB4G-w-8ek-fDmSpsfvHn3ucxo26piH-GjRjV4Xuu6xKLkyt025j_7u0_cHnDFJr66Fh8UsXjzwk5fwCDrCKdYp_Gv3R0pAwAIVWJhGZL7ABWYs2XBpMnNyJAQ8So1buqefPo-u-a9K18r3DTWCcgt4VFfPbXsvgbt_CbaDOJoi6DKCe-VAx4gkt1yh4xIf7axvisRRNPqSoStKHFDsVjUSIMazOFeNmOnr08kYkwARnzVpB3IIwzTLTBIcgLrqxcJ1Zjme39sDL8jaCpru3UP0AVjBmXQECSlKQ4i4aNdr80znitMiy9SzuFw4KnpNY9YtlLFUdrKCXZTCpGO2VHyn7cd51uGmPDluRRC6kGb0QI30QvxK2yW0NNcugkwUHEuOMy8JcqarEggheI7h3vbJqh2umV_ge1sbRkMfHWSEtE37Xud3Qj7VxgMpRX7ebEq2K1ticys3DFPu40npDqydKvM5h-t49zUM6yITWAoijoOvHoRejGOOMJZtalJLUVZRc0_a2FANnm3Ooc5y3zcZr49cfQE-rrYposNs_LMkZ7-dvHFzUQAEgYXR2MlmxMKP2j4yqsK8Uq1BRBGnSDu_eJoDI3AkIDOQoeN8JdRXVHgic4onD3-Y5pO1FSPxYvbTuw49jr1s7dYD2ECu1NZSZjVJiTAFRcSq63U8WXulR0GvQWzjjcKlLjXInHaGj3yaXtVEqoSaakTuwJwS3zWtUHzTkc2Jj9I5aNhbyakP9Wim9SOQeBSYqXCDQq9XPx6ZCJCtu1sz7ah3FpWTEqbnqmHZL9WwLrSeXanq2tuLHVeblnUk9ZiaLrVJSfeu3i8QHn70R2R47d6CKZRlPLQlGdj8qhHUFkhnsC0Q3PlKBBVyQqF8hP_9aQU-Ek0wmG13yGHw1ZIvG-_P0jf60fUQUlqcK81yfsnS1Ku7AxGenGB2-9XxvcZ7UXZk-8EBmCpesQ6a4gQmULVNJB6wllZhs5ydNHON-iYubHc7ffNSyMaUjsr0oTXRVurIzTnL4A&cid=CAQSTADq26N9phW9KeKBOJpnEawT1xqbzBsEopohuCvbF5_WqmNoHKw8WUrpSbL5xhjcBB_KjZusUlzay8WvAG4mlxPfp5BfmyBZpC_tQggYASAT&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

3c9f4f986a802b7c4113821ba402d31c7bf23b2fe34844fab801f09322101da8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34955
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7A88 42 B
63 B 281ms
278ms Image
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DgI9_Bjatu6zkQx74i7cpcZjtzE4A-SbNc5wVXS5erZVmCai6_paSsmijgbr9yEVLjfmvq3P8G_5GXxz3BMKnFAzQQ8p4BLyihzTBFON5U29sX-yI

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 7A88 3 KB
1 KB 279ms
276ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/window_focus_fy2021.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 17:22:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16938
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 17:22:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 7A88 18 KB
7 KB 284ms
281ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

727e6a1f4a634d6298af8636fd331912b036b6f7783c771d2e06baeb82e2341e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 21:25:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2353
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7527
x-xss-protection: 0
server: cafe
etag: 8658061406568722807
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 21:25:51 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7A88 156 KB
48 KB 576ms
274ms Script
text/javascript 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 22:05:05 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D9AB 0
0 282ms
281ms Fetch
text/html 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CQwCdDz67Y4PgKpTgoAOoxKWYApj80bFcqoTM5IUBwI23ARABIABgq-yxheAYggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTTIAQmpAvG_B6THEqc-4AIAqAMBqgTmAU_QWV-tZEWDylBhWHWMZxEJvbQsF3rOnOHyXCclPqTNdI1X91s76bIqcoXx4vnNVL7ZBfmHc-DWI5vcEObpjKAxxqARb9bZuw9uwVNcFu5YfjuOTWMnEJpCwaZ49hP8lERW6iNzWCUeuZM4x1Mb881eHzBuP5A7kqXOVLmW3DOvpd2o1mlaHw93Eb6E1KcfytqTLmZeqNei9rBK312Az6_pFEEGxKk3cq24T7oRA2KKUYw4LktX3gqGzaoqCYDqQY3haoQLOfJziZvgh-PgKCQsipsz1Shjme4sSthBTWY9BFwgJVD14AQBgAaQqdKQvK-fjRigBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggNCIBhEAEyAooCOgKAQIAKAfoLAggBgAwB0BUBgBcBshccChoSFHB1Yi0xNzUwODU2MjM5MjA0NDE0GPrefA&sigh=6GzlBqlGWAU&uach_m=[UACH]&cid=CAQSSwDq26N95NgF6lSQln3sAXi3emqImpBEsUcDzgaAbU57LZCe51-KSuRaTxuRMwblhjanIkeeKHS9xUWB5nmp_0K1NBVayqsi1dOzZxgBIBM
Requested by: Host: pastelink.net
URL: https://pastelink.net/6r9a94ti
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.194.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: si-in-f155.1e100.net
Software: /
Resource Hash

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.jp2.as.criteo.com/google/auction/ Frame D9AB 0
0 963ms
325ms Fetch 182.161.74.19
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.jp2.as.criteo.com/google/auction/notify?profile=14&payload=kKPhEaOzWawC-gFi-C0SAgAAABhMXkAqKIAjEA8-u2O8ibOZJl1ih8TskAASAAA&wp=Y7s-DwAKsAMKaDAUAAliKLrpMqeKi1ptSodIeQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.19 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:04 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 131656
content-length: 0

GET
H2 200 afr.php Show response
ads.as.criteo.com/delivery/r/ Frame 4426 141 KB
48 KB 749ms
276ms Document
text/html 182.161.73.148
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.as.criteo.com/delivery/r/afr.php?z=Y7s-DwAKsAMKaDAUAAliKLrpMqeKi1ptSodIeQ&u=%7CoTJPVoKcUGnJg4gvm%2BHaiDh8QcpxRUlosd0kIabjWPw%3D%7C&c1=2P_wVlUbBFsw5yK-nUdqc6nygJ274zNPTQIufB1xv3LmVsxNlD7xoiJRjE-u8MyoFkwSnvxmwvjn_njP-EuaV3Hzap2ZwjM7StPSTCkJxSARq4sQsPbHe9iB-_yntTvnHZJKCgaewjcTEOTkwpMDpsndJSIGYkZVIOs7MIKAZtqrk34o2z-J0SIJ-sR-Fmzd_hf0das9EDdnS9gkjmSfqlEDQEENGkN6p9A4AMSZrvDF1-5JgFU45N5QOAMXxUDySLhDiaRMwL8GhlIiHLGcLM1BVWJzx0JxnLU7j_rovbBrHGdMgwCjVFS1xo607ud-9fwo0Sf527W9Lh0Bqvts8lCvyAAPgCAK3GnWkp2_KC6905bV920Bt5knvrApnnc3O1mPy1B-GCkbUjqWjwKneeUiiklGBPcL5Xf-5Yd2npbPeZCgdhy17MJaVv_-gDflrcSN5DX0IC9RcnokEkRTb0BG_ssfEjxv7vZGMiFbYVMWj9ET8qgnWTvIJjszMkx2wLYOJY9zveI614XYmNMtRDZg-w0JjWslF2VOktxtmUPIxpWhwgiMh27Iz3kmdCHEXm9ViwHvtDX2wVkjw1pluM9wc8vmBYsaMb28aSNXgC4xlL3X-0gOD0RmNtv1YG1C&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCVOupDz67Y4PgKpTgoAOoxKWYApj80bFcqoTM5IUBwI23ARABIABgq-yxheAYggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTTIAQmpAvG_B6THEqc-4AIAqAMBqgTpAU_QWV-tZEWDylBhWHWMZxEJvbQsF3rOnOHyXCclPqTNdI1X91s76bIqcoXx4vnNVL7ZBfmHc-DWI5vcEObpjKAxxqARb9bZuw9uwVNcFu5YfjuOTWMnEJpCwaZ49hP8lERW6iNzWCUeuZM4x1Mb881eHzBuP5A7kqXOVLmW3DOvpd2o1mlaHw93Eb6E1KcfytqTLmZeqNei9rBK312Az6_pFEEGxKk3cq24T7oRA2KKUYw4LktX3gqGzaoqCYDqQc_jSxbu93sNdhKRGQi2sucFnpGk3wZ7cWbfHEKI83gRHLvLtC4KueV24AQBgAaQqdKQvK-fjRigBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggNCIBhEAEyAooCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1YdgJi8_NkJQZb2064QVmqkgE5Gw%26client%3Dca-pub-1750856239204414%26adurl%3D

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.148 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

82101b6ea2b770f8eba9fd2d791a86d93b7b0be0839f1ca73c6ab0160e182c1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 22:05:04 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.as.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.as.criteo.net/heavyad?cppv=3&cpp=009Ra4ivMw2JVoDoUo0Vu7JsRjo6PNR1mybSSosFd3g34iheiS7Ppv6s1uUr2v_VGwhLxcJYg-UZcscOjdRd8pG6jdQZvcxS4a_WIk_YG-f_dhNPiev4aW60nGPJ8hX-gNT4ydcW3hU1BJF21EjMrfO0qmeU_XbhCDes7KRixmiv1NLVC4lnpRvrUrnDBQOBh1bQMfhQJaPIkV6l8mWoxJ8iypUmhOmI5isf8qJ3ns8j-ALAYiKYdMiff8d1FtpnzBEQqnOtq2Di4sei"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 41739664
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame D9AB 3 KB
1 KB 512ms
511ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/window_focus_fy2021.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 17:22:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16938
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 17:22:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame D9AB 18 KB
7 KB 316ms
314ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

727e6a1f4a634d6298af8636fd331912b036b6f7783c771d2e06baeb82e2341e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 21:25:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2353
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7527
x-xss-protection: 0
server: cafe
etag: 8658061406568722807
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 21:25:51 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame D9AB 24 KB
6 KB 358ms
357ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 02:22:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 157332
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 07 Jan 2024 02:22:52 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D9AB 156 KB
48 KB 731ms
428ms Script
text/javascript 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 22:05:05 GMT

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame 6AD4 1 KB
902 B 2121ms
243ms Script
text/javascript 34.149.43.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_747483342598&jsTagObjCallback=__tagObject_callback_747483342598&num=6&ctx=1828362&cmp=115843&plc=4214585&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=747483342598&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.40&dvpx_strhd=0.40&brid=3&brver=89&bridua=3&dup=null&turl=https://pastelink.net/6r9a94ti&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hqSLBtCZN36-LxJ2M17Rl2&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=14587568821&DVP_DBM_4=396329375&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=4&fcifrms=9&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=163&eparams=DC4FC%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETar9EEADTbpTauTau3d_adc6g24_dce2%603b7h5%60e6eec3ce6e%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETaueCh2hcE%3A&dvp_exetime=6.30&callbackName=__verify_callback_747483342598
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal115.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.43.113 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 113.43.149.34.bc.googleusercontent.com
Software: /
Resource Hash: d657f58376a49a151dadb695e4305a5faaffccef0e5ae4a34e57b2b56b1f0ecd

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Content-Encoding: br
X-DV-Response: 1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Expires: 01/07/2023 22:05:06

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C8DF 624 B
245 B 285ms
283ms Document
text/html 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNaBw4cEEM-GhI4EGOzW19oBMAE&v=APEucNVP9es_fYFnVll7QV-UwQuCqynxfuoz7GxGaerUf7fSdD6p61PK1T042k7pFf7DNrid5808mTuQeuEZEgJtFqcpAyihSQ

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 22:05:04 GMT
expires: Sun, 08 Jan 2023 22:05:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7FC0 81 KB
34 KB 350ms
347ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cz370cohqpoxbL-mrzElam8dBnDWQBfVYv--cETYEiOInGkaEEWGwhGAiqPNm8T_HTZyj-xTi_wkAtE95uNganxNvNVQ&cry=1&dbm_d=AKAmf-BiTCuo61xnFduFji-Ud60YPGF4D6Q9qUsOW4m1FIRFSMusNfDhpVfWolSbTVt6-ITa23CPiUy5plrCtJlJ3vwOEb--IRn4wGrad3gHSBQ1336JYC-wdfp9O3E31OjAGGZ9fG5kTuKLGhlwS3rsGURw07fInMNQpAxAeV33zSyqcDs2kfCIFJBibC2pSHG9WobXxj_7_8Lmld_pTKD0XqnIGxXRAauq7LI0WcyhOUHnL2T12A5OYxGaEFl579F0KTMWtBEA8bEkjIwFzfoclAgFwhfPXs40i0go05UCJPusbEv6jS23fzSsVHcFvPJJBnUfrOOGQM7gs6a3A3aprP51IJQFtkNOlDHpRaW5VASB5ulzantNNivxrOSINbAvnKusgrb_S3HYYKaJnIw6PgmqHdA2klwkc7Rbg7CYSmMwAtUWR2HVHlu81aq1RXcVY-oMNMJsz9_56hu4jABvKNe9C6N44c0tgLb1B5jRuNJb6TJnJ8LBsLe4EXJnWEmcYGDDE5IHV69MSqaqKPtnfTvMkmXzhUyW_zU8q6djUaJn6jSXBB_7XprbetrDv-U_-M1B_TBHfxeKY9vVFpBRBS61TjLKH0CgWRGDc7ZD8VKtxPt4Dk8LYKRVQClu2OuRH46ZTqfbw1k6918eB2dFSK8u2RHX6KeQcqfr_R8738kJZByJUpyDBnzv--ijABAYLILp2LnpTRxIQRNXb5ml0Q_Jn9BbpQlKLAH4cX0TSJxdhYQhnNhsLkkNGBRS-lYA694UpmeiAC4VNEItOLVyWhbFKbUlPUXCdlCfdiOs9aoYrUfU48Gc72-UL1h5XzP-4Dpwxnic4Dzjw0C5MYl3cjV97340bI8paQnvGNwgKrKWi3izsJ2l4racKgxXucwatfB5vZ9ZXOb4CzXCviR-K715rC2DiseO9HBXSW8fhT5BNFzfG0l4fYv0jkeLjxzk9smgb-U347zbVsrjtkYXzbVmLgTL1OQwYcxC6oXXVfuY6aKwvozfZuZ7NVdltPSuNtH63gugrTF4X9ETvbE8XK_gFbTiGn3nOr43pP5QFpeyLR3egY6vNxIu5eMlk_6OIvY8IY7H-3VRUgks6keJTex9EHLEVB-fNg7lwgU7qQZSDMDCS4M4yZuLI1ituO2G-h2n931Q7Y_nczGZrPXqBLVrNXOSjjnCaROdg-VwwG4EemNxXOxCwDSvoxPt1ULiwLiFFU6KYRxo6Im4jVd-m6Yfs1QkWiMf4KGEVaczDsbDxBeVqq1DxIH4GVTAEfaIVJLRdycU033JGCp0hguok51pOgd8pyO4UNLRBkOwoVOiZ7S6olL5ths590j9BnvQ-QHfqyBkU7v6X1CiXSvFtAtZY6XIWd8M5Xe92ovRe80JCo6Fa2gazhXo6p5qObvzz2ZSZjmvDYLsGclWydeusnwCqSLpr7p1L4j8et6Hb3YAK9ahzICQQynfErMF3HhAkBW90Vm1tm1eVbbfsSBHSyTutY5SIfE_n_EQ5W7zZ4AbExw_WHdUpnjeuUKZtNSU1Ld4KULLAjDc6fubvI354PZlMeHZICn20DEWRoonHXw1RF5h9rOE9nzMjwiyelPegqJRMril5OSYOPemto9IAc5sHNfTH2BrfPdXSoocJp5YU2E43WBtP-z_IFLxkIjcv814jkminbiR8M39jwgL3CMmkepb1lueCTRVzqlSYzZD0pvs9vd6dnv2OlNooQ7ar8fd-ky1NxvQcMxNYGVUuQN-p3xvmuHYTn4qUpOUmkgi27cPqNsur1g4Y5zgm6AQxmeG_NbdjYgu578KYuGqqvk4sQt3yjEDH64vd54IvhOzXNr4TprsfpbX-RQ5yvk5zIn98SKG3P3Nkroy6x9Dkzc1Tq6GfkBq47pL19Ch5Kpz_7WlVIKoe8GgsWhTqVdq_xOkaHKEpnxcDDSxcy5VNTS21EjxiAHdgF980egPVB74Amk-IfMl65NgsOnpuJOk0F8_Hm0YM-wqE9PO0V8JTvsB299LrSDla2kelVTwBd7HGj8RbstE22VgA7K1SzKayLNcnf8VjNkSHlWzvaA9Qsy7FGrFYDUqheEGZSdEv_ZQmjKUz6-_q9dArPUReJnM8iZfWXWd-jHQYCVPnDhvikajd6zqiqflyr4Gk4eaIhubh9nojhNYpzkvBbbILFBzHa9H2zD9F638k2yX-nNOosvbp8_VbbjMLNuf13ssYHQxxtd9RVHrZ1VNgCmL2QSEmDzsRXhKxEY4-xCrxKcTleQuxSpeU9eFgbGeHpfMy_8of1umEAXYqZFSItQb9fC0vqrwyejGeTtPuugA8mutxsX2VqB_LRfJ3KIp3_hrwD3uCkMrkI-gHpluIaQvjqZnSjCTPCI8YruwgF-P59pY1mtAZ0-otsbxV0PxSlpBwrVfOm4jxqHCATn_CBzIPbr5BSeGg2R893f6XXQRAMypygs7fu6mmO7DQMjlO989WXc8OJ17J0ZhpD1n5MpIaMFdxDRwjDQQrfddg8dDkSE0LDUU4WTVuxkkfoyXXomYfEdpg4IEiYNi-EbCI_41a8iicNo7jCEW2i80tVSVj6MweA2GsAiiYUZKPtoqL_a3zrbGx752ZeMLHD70OuovTiUHT0DfB_aHZKaIx8zzS_ZO-WBmTbw5oT4sbfP_zSJ7OM9nvVhwwLQsNJEsbnttzIE7QdcRckXRGlB3ScmfZvPo9uM2GjL5MwtIeb4zS34Sb-QlTvWMiSob7bwbbUMRHC1fLygFP96S2cDoaezYO2N4T8k0aRdIAQpnjEeE-74c2AP1aoSbYI-ywQfyq8FwQnK7G7kmzpuhiT3zKvfT2VDWPKMG8Xix-2ZmAuQAt6f5OcPkqJv3tOH5I7yj43Z2HcpqMZH39CvWFstyU1jcDuEYTXTLIB10QXnjBPnE6jfq_M-BuVjqNC8Ceth4us3vnpYSmkoRmc5RUTJ7fFhpgLGJ4Vi9Qev1tJspPqdd9Sd2xfqXfPo7d5iVLyn9BqKnVzwSnCDAfK0nULF10EXo0Lymgi6c0UrLGoGLV1wzNuUVpHtb97jl_YP-exlw_9EfvNZ5R6r0ZomKl6IbAN4h9dD1s6fRRuqjXKJRtNqJ_tolWiYn3zg0156cyMfd2xpk9DGff5YIqR3lwJPQpKYSBBG4_mUds28r6yBwCKolzi3gmfjxtaxQkjOIN5wLv_tapRB2F8RvT85cuoWvsl03TF31oF8qL32qV_7b44k0k2ZSaqmQFCO8J1J8me--bfZo-3VXdJpXXFbJB_7kA2IHGLC8DSR-jtWtdxxTvvCwTAM6hGLib8hdZv32xySCAjI_Y-kx_z-3L3yJP_uqLTeP0Z5aDOgOwxDoLtqgEWj_V44W1Sr6fFrQTguYfg_qMqj0cYWtrrbr-4O1DGJI1ROZSZYh7wtWMNk2-8nTtMHEoe1M6XSZK7pYXi_NGmnn_MskBgGvWjaDaemVa_S2GCaKf-FGI4YrxR2zzjtMdNhFMWqfLtwqEj28Big&cid=CAQSTADq26N9VMDSErmuaFhEh2WaAxUCw0yop7KFC38iFvV0sD-2NyRlbXMAUM_XgXOgaMT6xiFyx7DJ9CN3Y98rVUsijfsqsR5VuhJsrOoYASAT&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

40aa59352e967ab950a8030dbca3178a506e6df7fd90a9e4682b4fc95d278a55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35127
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FC0 42 B
63 B 560ms
557ms Image
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BMLRjjqNEVvS_UcZ51H8NWTT-jY8ISclCULYDAM4Im2l_1fYqNKnoBg7yY1B1ufAOrpgaEuc37Gha0dp4lzrkTEJ4S4-C29bXf830fSyMj3CuKuhs

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 7FC0 3 KB
1 KB 412ms
409ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/window_focus_fy2021.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 17:22:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16938
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 17:22:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 7FC0 18 KB
7 KB 304ms
300ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

727e6a1f4a634d6298af8636fd331912b036b6f7783c771d2e06baeb82e2341e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 21:25:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2353
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7527
x-xss-protection: 0
server: cafe
etag: 8658061406568722807
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 21:25:51 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7FC0 156 KB
48 KB 802ms
501ms Script
text/javascript 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 22:05:05 GMT

GET
H3 200 container.html Show response
b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FFB0 6 KB
3 KB 276ms
275ms Document
text/html 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 22:05:03 GMT
expires: Mon, 08 Jan 2024 22:05:03 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 15EB 22 KB
8 KB 277ms
277ms Document
text/html 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 103202
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 17:25:02 GMT
expires: Sun, 07 Jan 2024 17:25:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame EF15
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&C=1

43 B
766 B

353ms
353ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPuq0aYDEMqOxLEDGKjAqtgBMAE&v=APEucNWxX1dv5NFRnTVgCKFpxAxjb7PFYiQzruA9xXzqnWNUD8AFK0OxXhWisunV6rDg_2MX5iP0145c1R5K2cTQ14pZD05-SA
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame EF15
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y7s.EUNHWFg2urc.nPfKdwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&google_hm=2

43 B
766 B

352ms
351ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPuq0aYDEMqOxLEDGKjAqtgBMAE&v=APEucNWxX1dv5NFRnTVgCKFpxAxjb7PFYiQzruA9xXzqnWNUD8AFK0OxXhWisunV6rDg_2MX5iP0145c1R5K2cTQ14pZD05-SA
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame EF15
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEADGX5yhVlySTNbtASpKZhg&google_cver=1

43 B
1 KB

547ms
278ms

Image
image/gif

104.254.150.228
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEADGX5yhVlySTNbtASpKZhg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPuq0aYDEMqOxLEDGKjAqtgBMAE&v=APEucNWxX1dv5NFRnTVgCKFpxAxjb7PFYiQzruA9xXzqnWNUD8AFK0OxXhWisunV6rDg_2MX5iP0145c1R5K2cTQ14pZD05-SA

Protocol

HTTP/1.1

Server

104.254.150.228 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:05 GMT
AN-X-Request-Uuid: 30406765-4fa4-4b69-9e62-53b5b9710bd1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 116.90.74.208; 116.90.74.208; 907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEADGX5yhVlySTNbtASpKZhg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF15
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjAxNjgyODAxODc2MDY0NzgzMA%3D%3D

170 B
188 B

543ms
276ms

Image
image/png

74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjAxNjgyODAxODc2MDY0NzgzMA%3D%3D

Requested by

Protocol

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 08 Jan 2023 22:05:05 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 116.90.74.208; 116.90.74.208; 907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 1fde9d2a-8893-4032-a136-1193e9c27c89
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjAxNjgyODAxODc2MDY0NzgzMA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame DBE3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

276ms
276ms

Image
text/html

142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: pastelink.net
URL: https://pastelink.net/6r9a94ti
Protocol: H3
Server: 142.251.12.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: se-in-f154.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Sun, 08 Jan 2023 22:05:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame A9C0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

275ms
274ms

Image
text/html

142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: pastelink.net
URL: https://pastelink.net/6r9a94ti
Protocol: H3
Server: 142.251.12.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: se-in-f154.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Sun, 08 Jan 2023 22:05:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C8DF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&C=1

43 B
766 B

341ms
340ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNaBw4cEEM-GhI4EGOzW19oBMAE&v=APEucNVP9es_fYFnVll7QV-UwQuCqynxfuoz7GxGaerUf7fSdD6p61PK1T042k7pFf7DNrid5808mTuQeuEZEgJtFqcpAyihSQ
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C8DF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y7s.EesyhobaCVOdX85l4wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&google_hm=2

43 B
766 B

337ms
337ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNaBw4cEEM-GhI4EGOzW19oBMAE&v=APEucNVP9es_fYFnVll7QV-UwQuCqynxfuoz7GxGaerUf7fSdD6p61PK1T042k7pFf7DNrid5808mTuQeuEZEgJtFqcpAyihSQ
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECaW7HAY-ok4EEV_STKzPZg&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame C8DF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEADGX5yhVlySTNbtASpKZhg&google_cver=1

43 B
1 KB

577ms
306ms

Image
image/gif

104.254.150.228
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEADGX5yhVlySTNbtASpKZhg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNaBw4cEEM-GhI4EGOzW19oBMAE&v=APEucNVP9es_fYFnVll7QV-UwQuCqynxfuoz7GxGaerUf7fSdD6p61PK1T042k7pFf7DNrid5808mTuQeuEZEgJtFqcpAyihSQ

Protocol

HTTP/1.1

Server

104.254.150.228 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:05 GMT
AN-X-Request-Uuid: 8f051cf1-b643-4ad9-b02c-26e52794488d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 116.90.74.208; 116.90.74.208; 907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEADGX5yhVlySTNbtASpKZhg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C8DF
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTAyNTY1MDQyODAzNzMzMTAwNw%3D%3D

170 B
188 B

538ms
283ms

Image
image/png

74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTAyNTY1MDQyODAzNzMzMTAwNw%3D%3D

Requested by

Protocol

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 08 Jan 2023 22:05:05 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 116.90.74.208; 116.90.74.208; 907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 36181fa4-1ea6-4f3e-827b-4d54fcc0dca5
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTAyNTY1MDQyODAzNzMzMTAwNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK pr Show response
s.amazon-adsystem.com/v3/ Frame DB6E 2 KB
2 KB 340ms
340ms Document
text/html 52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

b8754628fa1706263ba78669f8bbce607951ae9169732bb063d5e2ab50f02247

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 1788
Content-Type: text/html;charset=ISO-8859-1
Date: Sun, 08 Jan 2023 22:05:05 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: 48G7MPWH3FTZGVNP7Q52

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 7005 28 KB
28 KB 573ms
273ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 10:58:27 GMT
x-content-type-options: nosniff
age: 212798
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 10:58:27 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame FFB0 22 KB
9 KB 274ms
273ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite_fy2021.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

6366bfede901f183b516c7361e3dd409ec31355afc6b0f48d152fd5a1cae5a4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 15:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24012
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8895
x-xss-protection: 0
server: cafe
etag: 5139089157766378523
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 15:24:53 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame FFB0 8 KB
716 B 276ms
275ms Stylesheet
text/css 142.251.12.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f95.1e100.net

Software

ESF /

Resource Hash

684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 08 Jan 2023 22:05:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 08 Jan 2023 21:45:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 08 Jan 2023 22:05:05 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230104_RC00/ Frame FFB0 14 KB
3 KB 826ms
273ms Stylesheet
text/css 172.217.194.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230104_RC00/outstream.min.css

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f95.1e100.net

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Jan 2023 15:07:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 370654
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Wed, 04 Jan 2023 11:40:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jan 2024 15:07:31 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230104_RC00/ Frame FFB0 390 KB
132 KB 827ms
274ms Script
text/javascript 172.217.194.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230104_RC00/outstream.min.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f95.1e100.net

Software

sffe /

Resource Hash

375bab585cf2a387b8061143ca2f4b310c6f68511daacdc1d45cdeac8005db45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Jan 2023 23:25:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 340751
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134996
x-xss-protection: 0
last-modified: Wed, 04 Jan 2023 11:40:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jan 2024 23:25:54 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame FFB0 18 KB
7 KB 301ms
300ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

cafe /

Resource Hash

727e6a1f4a634d6298af8636fd331912b036b6f7783c771d2e06baeb82e2341e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 21:25:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2354
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7527
x-xss-protection: 0
server: cafe
etag: 8658061406568722807
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 21:25:51 GMT

GET
DATA 200
OK truncated
/ Frame D9AB 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f76dab3fcd27e8f4df9aa0f8cbceef3f1901eb2d809068e3bb1d2c37828ed45f

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 7A88 106 KB
38 KB 820ms
272ms Script
text/javascript 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Origin: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 19:04:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10809
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Jan 2023 19:04:56 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/ Frame 7A88 8 KB
3 KB 272ms
272ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dd6CWTHY-OS1CtJlH9ReQ69qmYcRmtP6ptneINN2TmE2S5wfXk1KMCTtnU5LtipNoL-ZKzmUlFDMYxzpyqYo-QZgZleQ&cry=1&dbm_d=AKAmf-C1nt9s8qlVf56vYhnyoRKMmBUPyh7yx3jIlZq25RBn4rJeoqkVNhe4p6XYzulG9W4z6FoQfacZKpNVZx7-hRnxjwpe7tsP6zkAt20M19lYHRgrv4DUqLbMnzQUHm6etauRKKEWBZHJ5a_HMUeqMFdiYJFvmPTiWTQH6Gs6E7sBKkkfHTDodo3_nJvaX8IPvUTp18F7F85aQWmCXNwKdRTT2tKzgrMcmUV0Hsiop1gNGmQbsmUtMoL5xWK3Dmm1lxNcWSh1sJIOofnU4wrfcg-LLcFbsQdI2TQu5R0PcROiElrL-dPfXXn40qBc0AaQvhlgrZNhNVCIF7RwMlZA8c9KeceemmtDfuTni2Q2hkpDSKxAC9itnrgcNAyKOn5iuZLd3mK3ud2NGeenJNjm0zmCK8MQWT9eUQGIN2mLEtWprktfD2RrqvSHixtwHhQrd8Hke_yj44FrN6xrg2pzG3sKHycSgNmWoOf3TjlpPA6-zoKsTUcH1Ph3pUAF0pYGDdRzpM-mGx2BCD5kgLFVWHlehdGmU3H_I71Mn8nbwwankL6pOvM80HElnrsx_3EYIQlU6b6_oRbjU2WDod66NxvkgXfmp9EDiZy5i8oqYUT3qekR7XcxaLBh0ln7ve5Idc6sYvivEJ2dJtiq1Rl0YWbbOP3NIWk3wgvqX1HspZL62WHOT45b9TltlMwBKZ6e3N_dfS5uah2wALsMM0hyp9_afea-squSoFn3FIuHHPEkP7KW2csodOYs8Mx1DuFh3Xgp9KZ-h3SxPnbOoYhpP2nek_ZWKALtLX1VS_HyJu1TcwTMoAHzwY0b96A4VKgrojqXV_fKzzeHhw9TLipgzruoKj3ZSeFGF5QQmaMpHib1d07iJb3YRgQz0JNePrMR-8qzkE8XUZdiLwu6chMM4saTb7t7dK-7ecNgdja-erFFw_9ssWXPIaGhLWNEzFLi5oO1SGAn1M7mYRkYis8upfYxNfGSM1qS6j-gXwTPTkvktAro1oI5l0obSi3U-dZf4UEDlHNJuOQpFId91eCd1XgvNjP_nezGTiBqPhjIPo7NDALBygmdbYf-iUB0obhEiJkTlO6UBBjm04ulqFpWDTrNYQuR6lbXD9WkaAcNmnc90l8acSRVeW4yvguTwxqMZjMAGt4XjzfyuhfEwgUF-dwMHxZGMtG37bIiflqu2fkK3UVYJ0hPeqVpC21rrjJAnUEdwsD3XeIYMi8HGL0yZRy8vncnwotq0xZJIczbdFh1nqijolZ8Tpy7q1Od1tf7VdirwqWfJUpT3F6l44WZqTxXQSLihjpWX0mAOCKl_ESoq950zHYloRZaVaLNPfriQQ0nr93MB9NFlAHSI_gZku9Lwh_g2xUWwk_CIcnGMM04wy9lz0SwIXCtefreuZbar7FUdxLth4pdTwW2XdEXJUnpCrj-T9JwkeYQTAVa2y6Scw_xK4nUipEK7xpGQedbhEae2F1dBmW5wVQSKwxWurCxOBxMLdt7u0LRFC0VrXS9_zJ3HKqZzd3NUfWjll3wYcmt0bqrTyJXu9EaAsq1CB9-6pQXWa6v5opNIXJ0StIV3pAJ042gZAaPY2kwN00YEk116yw5L9H_qIPMLLmxYgfD3XE36B7uFt2HCQSKem0pt1CP1j4IWlg5u5I-QIRW_W3xNZ0b9LKZ_T6IzFfHEFJqhZvZXI-qJulu3mxDxCdevzXlgjgMFcUnQ1YTnEVNzbhGbovhdo0_P5m1nR2duY-Vyp7-2uZMOWpxqm106lfRWUGbxhJeeBNqT-2f1hXZulQHpLGC43mR7AIvu8nQjXRYueRfSinwQYuYUpufORPd2xbJclVY5rA_hWuq-1FPLsVGmrGv-Srt6mlrlI6hWsxrH4GgUxcI32Cs9Qz7oJv1skmTdjAnUPNybGBxA54tZ-ZJqA2-srwZqvEYMu3ho3RX_9qbmnaTHe3W92Utq6jxnjso7kDBqMn-DGoLaincak9G6O4MvjAWXZW7fYDSP6OW4BofFmCQnh9SeHqeema9OHhOe6Ff5WzGpErGmdE3QPzNynBH4pZvimIfaHPoG5l_mUmLAqta8v52BEG1xfdF8ZXaDxEowmiWZiFy6k9Fsj1hVKqEhoo1jFFiNnbp9AGgxC9OtVwg5u1ob1b8BIn6SrD6-u2rbpf5FFzwITzoxz-alvfzB-HxsC4O7QRHzLZgqAq2QhSuJDrkaFOYH377J1vdFSQUkIEj59EB56p8gNx_5TjftCE8JSadX3URBwmapJWW-tB4G-w-8ek-fDmSpsfvHn3ucxo26piH-GjRjV4Xuu6xKLkyt025j_7u0_cHnDFJr66Fh8UsXjzwk5fwCDrCKdYp_Gv3R0pAwAIVWJhGZL7ABWYs2XBpMnNyJAQ8So1buqefPo-u-a9K18r3DTWCcgt4VFfPbXsvgbt_CbaDOJoi6DKCe-VAx4gkt1yh4xIf7axvisRRNPqSoStKHFDsVjUSIMazOFeNmOnr08kYkwARnzVpB3IIwzTLTBIcgLrqxcJ1Zjme39sDL8jaCpru3UP0AVjBmXQECSlKQ4i4aNdr80znitMiy9SzuFw4KnpNY9YtlLFUdrKCXZTCpGO2VHyn7cd51uGmPDluRRC6kGb0QI30QvxK2yW0NNcugkwUHEuOMy8JcqarEggheI7h3vbJqh2umV_ge1sbRkMfHWSEtE37Xud3Qj7VxgMpRX7ebEq2K1ticys3DFPu40npDqydKvM5h-t49zUM6yITWAoijoOvHoRejGOOMJZtalJLUVZRc0_a2FANnm3Ooc5y3zcZr49cfQE-rrYposNs_LMkZ7-dvHFzUQAEgYXR2MlmxMKP2j4yqsK8Uq1BRBGnSDu_eJoDI3AkIDOQoeN8JdRXVHgic4onD3-Y5pO1FSPxYvbTuw49jr1s7dYD2ECu1NZSZjVJiTAFRcSq63U8WXulR0GvQWzjjcKlLjXInHaGj3yaXtVEqoSaakTuwJwS3zWtUHzTkc2Jj9I5aNhbyakP9Wim9SOQeBSYqXCDQq9XPx6ZCJCtu1sz7ah3FpWTEqbnqmHZL9WwLrSeXanq2tuLHVeblnUk9ZiaLrVJSfeu3i8QHn70R2R47d6CKZRlPLQlGdj8qhHUFkhnsC0Q3PlKBBVyQqF8hP_9aQU-Ek0wmG13yGHw1ZIvG-_P0jf60fUQUlqcK81yfsnS1Ku7AxGenGB2-9XxvcZ7UXZk-8EBmCpesQ6a4gQmULVNJB6wllZhs5ydNHON-iYubHc7ffNSyMaUjsr0oTXRVurIzTnL4A&cid=CAQSTADq26N9phW9KeKBOJpnEawT1xqbzBsEopohuCvbF5_WqmNoHKw8WUrpSbL5xhjcBB_KjZusUlzay8WvAG4mlxPfp5BfmyBZpC_tQggYASAT&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 15:19:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24307
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 15:19:58 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame 7A88 28 KB
11 KB 274ms
274ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 17:18:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17198
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 17:18:27 GMT

GET
H3 200 sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js Show response
pagead2.googlesyndication.com/bg/ Frame 15EB 36 KB
16 KB 308ms
307ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

sffe /

Resource Hash

b14e828cf0e3d31af68db645e32ec8c04a113529f475d9d04bc9d1bafc67c626

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 13:29:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30961
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16096
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 13:29:04 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 7005
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

275ms
274ms

Image
text/html

142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: pastelink.net
URL: https://pastelink.net/6r9a94ti
Protocol: H3
Server: 142.251.12.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: se-in-f154.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Sun, 08 Jan 2023 22:05:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 7FC0 106 KB
37 KB 954ms
617ms Script
text/javascript 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Origin: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 19:04:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10809
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Jan 2023 19:04:56 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/ Frame 7FC0 8 KB
3 KB 273ms
273ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cz370cohqpoxbL-mrzElam8dBnDWQBfVYv--cETYEiOInGkaEEWGwhGAiqPNm8T_HTZyj-xTi_wkAtE95uNganxNvNVQ&cry=1&dbm_d=AKAmf-BiTCuo61xnFduFji-Ud60YPGF4D6Q9qUsOW4m1FIRFSMusNfDhpVfWolSbTVt6-ITa23CPiUy5plrCtJlJ3vwOEb--IRn4wGrad3gHSBQ1336JYC-wdfp9O3E31OjAGGZ9fG5kTuKLGhlwS3rsGURw07fInMNQpAxAeV33zSyqcDs2kfCIFJBibC2pSHG9WobXxj_7_8Lmld_pTKD0XqnIGxXRAauq7LI0WcyhOUHnL2T12A5OYxGaEFl579F0KTMWtBEA8bEkjIwFzfoclAgFwhfPXs40i0go05UCJPusbEv6jS23fzSsVHcFvPJJBnUfrOOGQM7gs6a3A3aprP51IJQFtkNOlDHpRaW5VASB5ulzantNNivxrOSINbAvnKusgrb_S3HYYKaJnIw6PgmqHdA2klwkc7Rbg7CYSmMwAtUWR2HVHlu81aq1RXcVY-oMNMJsz9_56hu4jABvKNe9C6N44c0tgLb1B5jRuNJb6TJnJ8LBsLe4EXJnWEmcYGDDE5IHV69MSqaqKPtnfTvMkmXzhUyW_zU8q6djUaJn6jSXBB_7XprbetrDv-U_-M1B_TBHfxeKY9vVFpBRBS61TjLKH0CgWRGDc7ZD8VKtxPt4Dk8LYKRVQClu2OuRH46ZTqfbw1k6918eB2dFSK8u2RHX6KeQcqfr_R8738kJZByJUpyDBnzv--ijABAYLILp2LnpTRxIQRNXb5ml0Q_Jn9BbpQlKLAH4cX0TSJxdhYQhnNhsLkkNGBRS-lYA694UpmeiAC4VNEItOLVyWhbFKbUlPUXCdlCfdiOs9aoYrUfU48Gc72-UL1h5XzP-4Dpwxnic4Dzjw0C5MYl3cjV97340bI8paQnvGNwgKrKWi3izsJ2l4racKgxXucwatfB5vZ9ZXOb4CzXCviR-K715rC2DiseO9HBXSW8fhT5BNFzfG0l4fYv0jkeLjxzk9smgb-U347zbVsrjtkYXzbVmLgTL1OQwYcxC6oXXVfuY6aKwvozfZuZ7NVdltPSuNtH63gugrTF4X9ETvbE8XK_gFbTiGn3nOr43pP5QFpeyLR3egY6vNxIu5eMlk_6OIvY8IY7H-3VRUgks6keJTex9EHLEVB-fNg7lwgU7qQZSDMDCS4M4yZuLI1ituO2G-h2n931Q7Y_nczGZrPXqBLVrNXOSjjnCaROdg-VwwG4EemNxXOxCwDSvoxPt1ULiwLiFFU6KYRxo6Im4jVd-m6Yfs1QkWiMf4KGEVaczDsbDxBeVqq1DxIH4GVTAEfaIVJLRdycU033JGCp0hguok51pOgd8pyO4UNLRBkOwoVOiZ7S6olL5ths590j9BnvQ-QHfqyBkU7v6X1CiXSvFtAtZY6XIWd8M5Xe92ovRe80JCo6Fa2gazhXo6p5qObvzz2ZSZjmvDYLsGclWydeusnwCqSLpr7p1L4j8et6Hb3YAK9ahzICQQynfErMF3HhAkBW90Vm1tm1eVbbfsSBHSyTutY5SIfE_n_EQ5W7zZ4AbExw_WHdUpnjeuUKZtNSU1Ld4KULLAjDc6fubvI354PZlMeHZICn20DEWRoonHXw1RF5h9rOE9nzMjwiyelPegqJRMril5OSYOPemto9IAc5sHNfTH2BrfPdXSoocJp5YU2E43WBtP-z_IFLxkIjcv814jkminbiR8M39jwgL3CMmkepb1lueCTRVzqlSYzZD0pvs9vd6dnv2OlNooQ7ar8fd-ky1NxvQcMxNYGVUuQN-p3xvmuHYTn4qUpOUmkgi27cPqNsur1g4Y5zgm6AQxmeG_NbdjYgu578KYuGqqvk4sQt3yjEDH64vd54IvhOzXNr4TprsfpbX-RQ5yvk5zIn98SKG3P3Nkroy6x9Dkzc1Tq6GfkBq47pL19Ch5Kpz_7WlVIKoe8GgsWhTqVdq_xOkaHKEpnxcDDSxcy5VNTS21EjxiAHdgF980egPVB74Amk-IfMl65NgsOnpuJOk0F8_Hm0YM-wqE9PO0V8JTvsB299LrSDla2kelVTwBd7HGj8RbstE22VgA7K1SzKayLNcnf8VjNkSHlWzvaA9Qsy7FGrFYDUqheEGZSdEv_ZQmjKUz6-_q9dArPUReJnM8iZfWXWd-jHQYCVPnDhvikajd6zqiqflyr4Gk4eaIhubh9nojhNYpzkvBbbILFBzHa9H2zD9F638k2yX-nNOosvbp8_VbbjMLNuf13ssYHQxxtd9RVHrZ1VNgCmL2QSEmDzsRXhKxEY4-xCrxKcTleQuxSpeU9eFgbGeHpfMy_8of1umEAXYqZFSItQb9fC0vqrwyejGeTtPuugA8mutxsX2VqB_LRfJ3KIp3_hrwD3uCkMrkI-gHpluIaQvjqZnSjCTPCI8YruwgF-P59pY1mtAZ0-otsbxV0PxSlpBwrVfOm4jxqHCATn_CBzIPbr5BSeGg2R893f6XXQRAMypygs7fu6mmO7DQMjlO989WXc8OJ17J0ZhpD1n5MpIaMFdxDRwjDQQrfddg8dDkSE0LDUU4WTVuxkkfoyXXomYfEdpg4IEiYNi-EbCI_41a8iicNo7jCEW2i80tVSVj6MweA2GsAiiYUZKPtoqL_a3zrbGx752ZeMLHD70OuovTiUHT0DfB_aHZKaIx8zzS_ZO-WBmTbw5oT4sbfP_zSJ7OM9nvVhwwLQsNJEsbnttzIE7QdcRckXRGlB3ScmfZvPo9uM2GjL5MwtIeb4zS34Sb-QlTvWMiSob7bwbbUMRHC1fLygFP96S2cDoaezYO2N4T8k0aRdIAQpnjEeE-74c2AP1aoSbYI-ywQfyq8FwQnK7G7kmzpuhiT3zKvfT2VDWPKMG8Xix-2ZmAuQAt6f5OcPkqJv3tOH5I7yj43Z2HcpqMZH39CvWFstyU1jcDuEYTXTLIB10QXnjBPnE6jfq_M-BuVjqNC8Ceth4us3vnpYSmkoRmc5RUTJ7fFhpgLGJ4Vi9Qev1tJspPqdd9Sd2xfqXfPo7d5iVLyn9BqKnVzwSnCDAfK0nULF10EXo0Lymgi6c0UrLGoGLV1wzNuUVpHtb97jl_YP-exlw_9EfvNZ5R6r0ZomKl6IbAN4h9dD1s6fRRuqjXKJRtNqJ_tolWiYn3zg0156cyMfd2xpk9DGff5YIqR3lwJPQpKYSBBG4_mUds28r6yBwCKolzi3gmfjxtaxQkjOIN5wLv_tapRB2F8RvT85cuoWvsl03TF31oF8qL32qV_7b44k0k2ZSaqmQFCO8J1J8me--bfZo-3VXdJpXXFbJB_7kA2IHGLC8DSR-jtWtdxxTvvCwTAM6hGLib8hdZv32xySCAjI_Y-kx_z-3L3yJP_uqLTeP0Z5aDOgOwxDoLtqgEWj_V44W1Sr6fFrQTguYfg_qMqj0cYWtrrbr-4O1DGJI1ROZSZYh7wtWMNk2-8nTtMHEoe1M6XSZK7pYXi_NGmnn_MskBgGvWjaDaemVa_S2GCaKf-FGI4YrxR2zzjtMdNhFMWqfLtwqEj28Big&cid=CAQSTADq26N9VMDSErmuaFhEh2WaAxUCw0yop7KFC38iFvV0sD-2NyRlbXMAUM_XgXOgaMT6xiFyx7DJ9CN3Y98rVUsijfsqsR5VuhJsrOoYASAT&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 15:19:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24307
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 15:19:58 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame 7FC0 28 KB
11 KB 274ms
274ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 17:18:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17198
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 17:18:27 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 4426 2 KB
1 KB 707ms
234ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.as.criteo.com
URL: https://ads.as.criteo.com/delivery/r/afr.php?z=Y7s-DwAKsAMKaDAUAAliKLrpMqeKi1ptSodIeQ&u=%7CoTJPVoKcUGnJg4gvm%2BHaiDh8QcpxRUlosd0kIabjWPw%3D%7C&c1=2P_wVlUbBFsw5yK-nUdqc6nygJ274zNPTQIufB1xv3LmVsxNlD7xoiJRjE-u8MyoFkwSnvxmwvjn_njP-EuaV3Hzap2ZwjM7StPSTCkJxSARq4sQsPbHe9iB-_yntTvnHZJKCgaewjcTEOTkwpMDpsndJSIGYkZVIOs7MIKAZtqrk34o2z-J0SIJ-sR-Fmzd_hf0das9EDdnS9gkjmSfqlEDQEENGkN6p9A4AMSZrvDF1-5JgFU45N5QOAMXxUDySLhDiaRMwL8GhlIiHLGcLM1BVWJzx0JxnLU7j_rovbBrHGdMgwCjVFS1xo607ud-9fwo0Sf527W9Lh0Bqvts8lCvyAAPgCAK3GnWkp2_KC6905bV920Bt5knvrApnnc3O1mPy1B-GCkbUjqWjwKneeUiiklGBPcL5Xf-5Yd2npbPeZCgdhy17MJaVv_-gDflrcSN5DX0IC9RcnokEkRTb0BG_ssfEjxv7vZGMiFbYVMWj9ET8qgnWTvIJjszMkx2wLYOJY9zveI614XYmNMtRDZg-w0JjWslF2VOktxtmUPIxpWhwgiMh27Iz3kmdCHEXm9ViwHvtDX2wVkjw1pluM9wc8vmBYsaMb28aSNXgC4xlL3X-0gOD0RmNtv1YG1C&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCVOupDz67Y4PgKpTgoAOoxKWYApj80bFcqoTM5IUBwI23ARABIABgq-yxheAYggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTTIAQmpAvG_B6THEqc-4AIAqAMBqgTpAU_QWV-tZEWDylBhWHWMZxEJvbQsF3rOnOHyXCclPqTNdI1X91s76bIqcoXx4vnNVL7ZBfmHc-DWI5vcEObpjKAxxqARb9bZuw9uwVNcFu5YfjuOTWMnEJpCwaZ49hP8lERW6iNzWCUeuZM4x1Mb881eHzBuP5A7kqXOVLmW3DOvpd2o1mlaHw93Eb6E1KcfytqTLmZeqNei9rBK312Az6_pFEEGxKk3cq24T7oRA2KKUYw4LktX3gqGzaoqCYDqQc_jSxbu93sNdhKRGQi2sucFnpGk3wZ7cWbfHEKI83gRHLvLtC4KueV24AQBgAaQqdKQvK-fjRigBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggNCIBhEAEyAooCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1YdgJi8_NkJQZb2064QVmqkgE5Gw%26client%3Dca-pub-1750856239204414%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 03 Jan 2024 22:05:05 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame 4426 2 KB
1 KB 708ms
236ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 03 Jan 2024 22:05:05 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 4426 308 B
636 B 707ms
235ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:05 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Wed, 03 Jan 2024 22:05:05 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame DB6E
Redirect Chain

https://s.ad.smaato.net/c/?adExInit=aps&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsmaato.com%26id%3D%24UID
https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=dcba1fda

43 B
479 B

349ms
349ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=dcba1fda

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: GBZ84TR89N80G55MPCG9
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Sun, 08 Jan 2023 22:05:06 GMT
via: 1.1 29ec57392a878e133a2e208c0dbdc3e2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: SIN2-P2
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=dcba1fda
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: r1ZUx1H6yg0-FSViYGr6hQrHNextPCipoeu3e8ETooaSjvc4xMcagg==

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame DB6E
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmediagrid.com%26id%3D%24%7BBSW_UUID%7D
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmediagrid.com%26id%3D%24%7BBSW_UUID%7D
https://s.amazon-adsystem.com/ecm3?ex=mediagrid.com&id=b7fb5578-e99a-4393-a767-4fdfcfc15734

43 B
479 B

450ms
345ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=mediagrid.com&id=b7fb5578-e99a-4393-a767-4fdfcfc15734

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:07 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 8Q3K3YRDTBHND0874KDV
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=mediagrid.com&id=b7fb5578-e99a-4393-a767-4fdfcfc15734
Date: Sun, 08 Jan 2023 22:05:06 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame DB6E
Redirect Chain

https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3162171067444839000V10

43 B
479 B

632ms
344ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3162171067444839000V10

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 9QGVGWGN4J3NX8ZG24SR
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3162171067444839000V10
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 154
X-MNET-HL2: E
Expires: Sun, 08 Jan 2023 22:05:06 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame DB6E
Redirect Chain

https://b1sync.zemanta.com/usersync/amazon_tam/?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Doutbrain.com%26id%3D__ZUID__
https://stags.bluekai.com/site/23178?id=PLNK2A_EPrewxjVLxpj8&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7MV4D233VORRHEYLJNYXGG33NEZSXQY3IMFXGOZJ5MFWWC6TPNZPXIYLNEZUWIPKQJRHEWMSBL5CVA4TFO54GU...
https://s.amazon-adsystem.com/ecm3?ex=outbrain.com&id=PLNK2A_EPrewxjVLxpj8

43 B
479 B

342ms
342ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=outbrain.com&id=PLNK2A_EPrewxjVLxpj8

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:08 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: GHAGM0MDVYVFMMPC3819
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:07 GMT
Content-Type: text/html; charset=utf-8
Location: https://s.amazon-adsystem.com/ecm3?ex=outbrain.com&id=PLNK2A_EPrewxjVLxpj8
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 101
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 / Show response
match.sharethrough.com/jwumXNuB/v1/ Frame 3ADC 427 B
612 B 720ms
236ms Document
text/html 18.136.159.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.136.159.66 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-136-159-66.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 335093b334d9b3408701be8db700e3c46b4fe4db2ffca0032f14bb224accb77c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

content-length: 427
date: Sun, 08 Jan 2023 22:05:06 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 8615 16 KB
6 KB 763ms
254ms Document
text/html 23.207.36.196
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.207.36.196 Jakarta, Indonesia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-207-36-196.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=152094
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 22:05:06 GMT
expires: Tue, 10 Jan 2023 16:20:00 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 683B 281 B
554 B 754ms
249ms Document
text/html 23.11.124.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.11.124.205 Jakarta, Indonesia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-11-124-205.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 22:05:06 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame A75A
Redirect Chain

https://ssbsync-us.smartadserver.com/api/sync?callerId=2
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=9103388006974328131&gdpr=0&gdpr_consent=

43 B
479 B

412ms
343ms

Document
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=9103388006974328131&gdpr=0&gdpr_consent=

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Sun, 08 Jan 2023 22:05:06 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: V2C1AB5JXH8BB80P4Y7Q

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 22:05:05 GMT
location: https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=9103388006974328131&gdpr=0&gdpr_consent=

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7A88 41 KB
15 KB 273ms
273ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56234
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 06:27:51 GMT

GET
DATA 200
OK truncated
/ Frame 7A88 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6d84cfa0edcabf43848c4af7e1e16f0e254d6787481e3126584f79c4eb6d7ccf

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 4426 293 B
621 B 596ms
235ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:05 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Wed, 03 Jan 2024 22:05:05 GMT

GET
H2 200 lg.php
cat.sg1.as.criteo.com/delivery/ Frame 4426 43 B
348 B 710ms
237ms Image
image/gif 182.161.73.132
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.sg1.as.criteo.com/delivery/lg.php?cppv=3&cpp=KUcAVZRfoeJzV4r1WvBsPo6IkBswFBAxA49nq1qYD5eEjKGwcbJtKfODbmEL9t5Medfyxi-GKL6izpkjVyvnz4lZGhvqCYciMCNQ5hmjsBCT5UNMNd2z7iBBHGMH98Ekxg7B53aRmpBhE8g4ONb9FU5N_KrxbfejNC9qhYnqi6LaRyELpSEYKbyWPHqCBWPCyoskbNBHdg3js-aKlG4SXO8uFHwFey2Hu843YBdRwXn7GWUNnRXsvD0Aojruvl-AkptfgWmZhCtZFrtjsrP9TIjKemBJtcObEFQbSmy0ymv_4pDo2wc9BjhbPwIkSvblcmDDRbzvWLLDY1jNDHKUIA9xR6AUScbWFuzNWtdlXCyepy6RrON0YTHvM_3o1OWMMZkUUDhYQQA-NN4ozOBMS6STs4aJko8Ut0vqfRod_WljptzE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.132 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:05 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1806708
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
400 B 1189ms
394ms XHR
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

97bb755740484ce41edec546d022848acb4f1a542d226c893196d2bda18599c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://pastelink.net
date: Sun, 08 Jan 2023 22:05:05 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK v1 Show response
lbs.eu-1-id5-sync.com/lbs/ 34 B
280 B 1198ms
397ms XHR
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lbs.eu-1-id5-sync.com/lbs/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

25e05083446394b44eea8c7f9a64fe5227261632d792a07087a65f7010c2b3ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://pastelink.net
date: Sun, 8 Jan 2023 22:05:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 34
vary: Origin
content-type: application/json

GET
H2 200 d92bafdc02c143feaf3ebf2a104b5093_dax.woff
static.criteo.net/design/dt/ Frame 4426 22 KB
22 KB 722ms
251ms Font
application/octet-stream 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/d92bafdc02c143feaf3ebf2a104b5093_dax.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

0ffbd5311f578cf5ae5a3e73da32ce165ca780a4854d7fe770699fa85ed87a06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.as.criteo.com/
Origin: https://ads.as.criteo.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:06 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 01 Mar 2018 16:56:12 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5a9830ac-57bc"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 03 Jan 2024 22:05:06 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7FC0 41 KB
15 KB 275ms
274ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56234
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 06:27:51 GMT

GET
DATA 200
OK truncated
/ Frame 7FC0 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3a4dcb7e052c652bfbba3512fe46b7d11b56e673eb9faaca6d8b747c1e07006

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 4426 12 KB
5 KB 298ms
152ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 197305
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KG4G5LFxCF2X2jLJsCSNrMzHfvI8RdUMx08gYgmM22RyvfwhUgUTXL8gFGUrZ8LXj2OBZuTvNvds4kjpue8BBRsICOBQCUV%2FVfr2cG7%2B%2B3lvi7qZ69NId2SPVVuI%2BFxM0B6HLi7%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78683b929b8ca941-SYD
expires: Fri, 29 Dec 2023 22:05:06 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 15EB 0
20 B 277ms
277ms Image
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BAhDaED67Y4DCCpCIjMwP6Z-k-A8AAAAAOAHgBAI&bg=!6Oul66_NAAYDMoyoIzI7ACkAdvg8Wu5LDAvth0jeEZIg_P2nb_ETLG7Henj5SIU0caZEk5dYXiro9QIAAAChUgAAAAVoAQcKAJ2Y1v5hl59tNE45u8GmaTfpfhQSWDvdfylhYB_5QShl1piEKrITfBxmzZuCusyo0W4_m12uqUasD0RgmCbXgEIKSFsbHR3pl1V2x3gpJhhUgX9UnHKLCUyURyWRuNRi5Po5n7t79A99XcJlJRbV-q1rWKhCOpDo0Lkm2f53dgVb6IvibJqonhRwTgLrujg4wPAiWD_cwaEwvhOhQBF0mQLw8Nbrtsi5W2-KD1sAqahcASvV3_yRVZpvc5SQyYtweVKSbuBneKKq2wuRtL7aIiJPiZP3eKPpGD6EIa246wXIVYt8FUkMTAKuTFPC7ZEove0GHMMicfy6bBmlDJpwbH7j3zwDZqXHTdJRqicjyA3TVlLdZIIJ2YeHMHEn0C2pllfIRpljBqqGQ1TBbguu6hBMKdbUimxuExA7a2bmzxyDDVEQZbO64qm9dvFpZRxRbKdJZSBeHI8H2yEAKJW75x93h4EIKL5i--Nh5O_zTV0qsIlfarks48v1SWmc_lziK_t5JZ_6_mX-MwoykkxAyGeBFaN9Ul6ErYU2IAambFgdCHYNOHs2WV8Sn1celdFmHR_A3pw_ixuZZ6e-9JAbTsLsnTCyDnOAsqlL8rIIk0YvaofV7w8ZxFz4Bz2msvq2GAk5JAiCrv1mbInLQXigQweReJanm_HiVMpApmaXCmMPkeH1PXBI5EVof_qgUJhjt7QvaDPCcRprfAV18Nv5VBmDIHxAYCPflUcGjkw4dSQQ5W0ZN7ZI8oJF22KCm5KK3A4a4yNfCVMDw9myHFnD8NtwFIcpvCoZ5dxAj1amo_jP28Tqff17KKsIgVi6I2zoGuGkauPOGVGwH3z8vUIOLSvVBnv3shLEkVPiwh86CuLSlwinrrA-idp28Uc45rbo7ZZxtWzD4sGb3zNiG-K7R4ON7iJt9T0AmpsKpJ4LJAG-s6R1tFq2Ri_5mnbrFOTqpVJgeO641VicT1uS9tTBO_gJDx0PJEzLO2xD3oDVi9ma_UXqVSZOhU3dezwURyCOslJDQLyAfNNToU98_B9XpNuz65dpY-4GE3O_5FXZhJ4Sx447Xudrwk2gGTy7qvslpKz5stTWcqKnndeQ6GZhkagFFZIptnAZgokuEMvnTqON4nz-xN8NXPIF6N2iCZQXzt8byAO5XnQtCWQ71CTbG38CZgM0U7hq7bz8wtwMT08cNMUB4092jWpVnttqWU2NYkQ

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 84D9 22 KB
8 KB 274ms
273ms Document
text/html 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 103203
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 17:25:02 GMT
expires: Sun, 07 Jan 2024 17:25:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 156 B
612 B 730ms
251ms XHR
application/json 52.76.151.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.76.151.156 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-76-151-156.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: ef72a18579969dab38b1a879a31d5f3884a79809b6a15ffe9811e80a2614cf10

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://pastelink.net
cache-control: no-cache
x-server: 10.42.31.239
access-control-allow-credentials: true
content-length: 156
expires: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D395 13 KB
5 KB 280ms
279ms Document
text/html 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 48989
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 08:28:36 GMT
expires: Mon, 08 Jan 2024 08:28:36 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4CBD 783 B
1 KB 826ms
278ms Document
text/html 172.217.194.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f147.1e100.net

Software

GSE /

Resource Hash

f36d73fe2fd65ee67027d06cb735f5509d2d32dd74a8b153e3570db0b9d0b96c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-awuOqMD7zTXYOj0DqP7RaA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-awuOqMD7zTXYOj0DqP7RaA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 22:05:06 GMT
expires: Sun, 08 Jan 2023 22:05:06 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 4426 12 KB
6 KB 251ms
251ms Script
text/javascript 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:06 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 03 Jan 2024 22:05:06 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame 4426 11 KB
11 KB 1207ms
729ms Image
image/png 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?h=76&m=0&partner=86523&q=80&r=0&u=http%3A%2F%2Fstatic.sg1.as.criteo.net%2Fdesign%2Fdt%2F24511%2F210624%2F388285805f944707b2d798c1befb98f0_logo_h.png&v=3&w=596&s=x1wS6dS8U2tGmOy-qVDjNtV4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

f82499ad8aed7bf29d03132b260b3bfaacb59994449373c97ed02113d6affba2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:05 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=27752939
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 10826
expires: Sun, 26 Nov 2023 03:14:06 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame 4426 8 KB
9 KB 756ms
278ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=86523&q=80&r=0&u=https%3A%2F%2Fwww.shavershop.co.nz%2Fdw%2Fimage%2Fv2%2FABCZ_PRD%2Fon%2Fdemandware.static%2F-%2FSites-shavershop-master-catalog%2Fdefault%2Fdw4c364f0e%2Fhires%2Fmen%2F010994.jpg%3Fsw%3D260&v=3&w=400&s=rm6chuCNGjiUgnJ1X11ij-Bj&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

3fd64a5a09e8835b18d7d49380ce3868ce615820400cb4d950881662bcf4c321

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:06 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2341855
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8592
expires: Sun, 05 Feb 2023 00:36:02 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame 4426 6 KB
7 KB 730ms
252ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=86523&q=80&r=0&u=https%3A%2F%2Fwww.shavershop.co.nz%2Fdw%2Fimage%2Fv2%2FABCZ_PRD%2Fon%2Fdemandware.static%2F-%2FSites-shavershop-master-catalog%2Fdefault%2Fdw77acc9d8%2Fhires%2Fmen%2Fbeard-trimmers%2F09685-712_kit_HiRes.jpg%3Fsw%3D260&v=3&w=400&s=gXjXdw0jIrwDZXFdSvPKC9VZ&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

7a853a299cc35f118b7f35a212de71be45f2321cba7642c8d2f68d26de80f6e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:06 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1203045
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6528
expires: Sun, 22 Jan 2023 20:15:51 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame 4426 25 KB
25 KB 898ms
557ms Image
image/png 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=86523&q=80&r=0&u=https%3A%2F%2Fwww.shavershop.co.nz%2Fdw%2Fimage%2Fv2%2FABCZ_PRD%2Fon%2Fdemandware.static%2F-%2FSites-shavershop-master-catalog%2Fdefault%2Fdw967bcbb1%2Fhires%2F010568_new1.png%3Fsw%3D260&v=3&w=400&s=i3euvzEj7_1RO6xv5laTZbRH&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

7095ea0f67218d088539f194bc8630ad4fb3f802acb624eedddc70902eddae50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:06 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=2406534
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 25415
expires: Sun, 05 Feb 2023 18:34:00 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame 4426 7 KB
7 KB 807ms
508ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=86523&q=80&r=0&u=https%3A%2F%2Fwww.shavershop.co.nz%2Fdw%2Fimage%2Fv2%2FABCZ_PRD%2Fon%2Fdemandware.static%2F-%2FSites-shavershop-master-catalog%2Fdefault%2Fdw63e929ae%2Fhires%2Fmen%2Fhair-clippers%2F010688.jpg%3Fsw%3D260&v=3&w=400&s=lKcw8IxB4LfLOk32W4PHgPPy&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

4d3c008872afac7e6b74cbd494547c4de4b56caff68d2974b1fb6ef4477c269c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:06 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1388686
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7378
expires: Tue, 24 Jan 2023 23:49:53 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame 4426 9 KB
9 KB 940ms
775ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=86523&q=80&r=0&u=https%3A%2F%2Fwww.shavershop.co.nz%2Fdw%2Fimage%2Fv2%2FABCZ_PRD%2Fon%2Fdemandware.static%2F-%2FSites-shavershop-master-catalog%2Fdefault%2Fdw6a0db2a6%2Fhires%2F010720.jpg%3Fsw%3D260&v=3&w=400&s=pDDsl-GuHhbAKcCHFdKfwimY&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

ceefbcad694825db30df15f5e1cd21e39bfd328332fca2bf916c133a85be1774

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:05 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2539578
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8952
expires: Tue, 07 Feb 2023 07:31:25 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame 4426 22 KB
22 KB 762ms
762ms Image
image/png 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=86523&q=80&r=0&u=https%3A%2F%2Fwww.shavershop.co.nz%2Fdw%2Fimage%2Fv2%2FABCZ_PRD%2Fon%2Fdemandware.static%2F-%2FSites-shavershop-master-catalog%2Fdefault%2Fdw6c0aa063%2Fhires%2F011598_1.png%3Fsw%3D260&v=3&w=400&s=n1zHHrOBofI7c1E7CEeUtN9Z&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

ea16b20e324d70a5e33a0fde0fd691c92549eb978c3a42b766ea2add9c9b2701

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:06 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=2300651
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22234
expires: Sat, 04 Feb 2023 13:09:18 GMT

POST
H2 200 all
csm.as.criteo.net/ Frame 4426 0
127 B 713ms
236ms Ping
text/plain 182.161.73.142
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.as.criteo.net/all?cppv=3&cpp=009Ra4ivMw2JVoDoUo0Vu7JsRjo6PNR1mybSSosFd3g34iheiS7Ppv6s1uUr2v_VGwhLxcJYg-UZcscOjdRd8pG6jdQZvcxS4a_WIk_YG-f_dhNPiev4aW60nGPJ8hX-gNT4ydcW3hU1BJF21EjMrfO0qmeU_XbhCDes7KRixmiv1NLVC4lnpRvrUrnDBQOBh1bQMfhQJaPIkV6l8mWoxJ8iypUmhOmI5isf8qJ3ns8j-ALAYiKYdMiff8d1FtpnzBEQqnOtq2Di4sei&sds=2&rev=84230&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.142 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.as.criteo.com/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 08 Jan 2023 22:05:06 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 4426 2 KB
1 KB 235ms
234ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:06 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 03 Jan 2024 22:05:06 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 4426 2 KB
1 KB 243ms
243ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:06 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 03 Jan 2024 22:05:06 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5398 22 KB
8 KB 274ms
273ms Document
text/html 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 103204
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 17:25:02 GMT
expires: Sun, 07 Jan 2024 17:25:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js Show response
pagead2.googlesyndication.com/bg/ Frame 84D9 36 KB
16 KB 273ms
272ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

sffe /

Resource Hash

b14e828cf0e3d31af68db645e32ec8c04a113529f475d9d04bc9d1bafc67c626

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 13:29:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30962
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16096
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 13:29:04 GMT

GET
H3 200 sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js Show response
pagead2.googlesyndication.com/bg/ Frame D395 36 KB
16 KB 272ms
272ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

sffe /

Resource Hash

b14e828cf0e3d31af68db645e32ec8c04a113529f475d9d04bc9d1bafc67c626

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 13:29:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30962
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16096
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 13:29:04 GMT

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame 3ADC 43 B
479 B 344ms
343ms Image
image/gif 52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=sharethrough.com&id=b0a54b01-f26b-4595-acc8-1854f4c4f0e2

Requested by

Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:06 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 23Y9ECPSP26W25C8Z6K5
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 3ADC
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1
https://secure.adnxs.com/getuid?https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=$UID
https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=9025650428037331007

68 B
279 B

236ms
236ms

Image
image/png

18.136.159.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=9025650428037331007
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 18.136.159.66 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-136-159-66.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

Date: Sun, 08 Jan 2023 22:05:07 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 116.90.74.208; 116.90.74.208; 907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 93544d06-7e65-447c-a272-f48bf6666fe7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=9025650428037331007
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 3ADC
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2
https://pixel.rubiconproject.com/exchange/sync.php?p=18694&gdpr=0&gdpr_consent=
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LCNXB8AW-3-6JKM&gdpr=0

68 B
279 B

235ms
235ms

Image
image/png

18.136.159.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LCNXB8AW-3-6JKM&gdpr=0
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 18.136.159.66 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-136-159-66.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LCNXB8AW-3-6JKM&gdpr=0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: beb52df1a5a4b2f2cb3f37642c514298
Expires: 0

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 3ADC
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&gdpr=0&gdpr_consent=

68 B
279 B

236ms
236ms

Image
image/png

18.136.159.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&gdpr=0&gdpr_consent=
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 18.136.159.66 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-136-159-66.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 323

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 3ADC
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4
https://secure.adnxs.com/getuid?https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=$UID
https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=9025650428037331007

68 B
279 B

236ms
236ms

Image
image/png

18.136.159.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=9025650428037331007
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 18.136.159.66 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-136-159-66.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

Date: Sun, 08 Jan 2023 22:05:07 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 116.90.74.208; 116.90.74.208; 907.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 626010cd-ae17-4eb2-9fdb-e9f24c30d661
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=9025650428037331007
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 683B 34 KB
10 KB 254ms
253ms Script
text/html 23.11.124.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.11.124.205 Jakarta, Indonesia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-11-124-205.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 9d92a5d3b8b4d6cf4b48c0460bbdcffd2a9ce2ac28fb1d86e4d61e5d70c73af0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 22:05:06 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Jan 2023 06:46:20 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=31234
Connection: keep-alive
Content-Length: 10067
Expires: Mon, 09 Jan 2023 06:45:40 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 8615 2 KB
2 KB 708ms
235ms Script
text/html 67.199.150.81
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=4029409&p=156011&s=165626&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.199.150.81 Los Angeles, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 51ee2b58163223b10c0184fc2e8f33c156dc0afb58d613d69a3b367e795848d1

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 22:05:06 GMT
content-length: 1650
content-type: text/html; charset=UTF-8

GET
H3 200 sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js Show response
pagead2.googlesyndication.com/bg/ Frame 5398 36 KB
16 KB 273ms
272ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

sffe /

Resource Hash

b14e828cf0e3d31af68db645e32ec8c04a113529f475d9d04bc9d1bafc67c626

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 13:29:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30962
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16096
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 13:29:04 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 4 KB
1 KB 872ms
324ms Document
text/html 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

b698182e7078746469f9a6b20f9c939148ba261117efb0df7733e464bea2b77b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1443
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 22:05:07 GMT
expires: Mon, 08 Jan 2024 22:05:07 GMT
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7A88 0
0 833ms
282ms Fetch
image/gif 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstQMd0Tp75Tq65m1KyPd8jnMoNupMigROBd1fTUzdPBCCuNjB2JSfRsK0VgnsvzG9AK2mLQSJKRQBJDfbXMW4oWabLPKeioUcpAp4jH5LCBt7xRQMWMD8hE9sUt12ajHY0sF6wQ0ufJDmMCrU2cwKDYvTYwnMRvVLIZm5Kd-Wh2E552Z5L53VYK-RA1v-U4x5R80QiPeG9b1xYAOhS-zdbg1Ifu6co58eJjzFIRWHSHUcRbgH_RxETdpEXZ0B2FZCf_p8xfWkYOk8E0qMhQ44VC8XU1dhlVa4PLHlksdcHSUV3vXwaj2gu3tVvV8zAdNWUr84mm_t_f-MJRqY8X9KHAQwQcZ1K0K1H8R13v19XVBi2Sj2aieFkJeC7caQO3tBXFjDi_ZcvpJqYlcTq5fQg7Z35qeyqWysFA5xUxnC0fNH-sBIlb8ra3iK6E1OCAXJ769de0Hdqo4wZZEzCtvBeKTA5JaPjHn7KvWgnLkTkmoxAmHhPvBp5q89hyl7goranxZAdedHZGZ9_FN1xbhtwmhFaqNB5QbJtT39i3cDY99f2JcVlIZ1JQ6ChIcbeuUdmSVVo7LFCd1fwUETaMpgcSaFp3ufS3BsNPoB9alENpdvoL2x3FpIKjjl_cFsw3FqLLhvSMaAwkPaZwGLwjM70L2MyrGMhafSDe-BCyW7gFP6ddHSGJgKdDP5-iZQMeP5XBHiKtkkaaQEtltG1nSVs82qGRa4nip8laRLCoHdk7NoWBNWpDhvhUSnRHr7c6hPt85lF7YsQjBJ8Pbrr3N2BK4N6gOLhREgAgrlBv3WaXOJPBDnAy85n5IeZP5ALD37xc9XaPYxTBIgGFOFVbjKjMF68aXa2OYyP9613RGj6TNCSTagw0i_tzkNvDK4vMbI-OebdnRRn6RiQusMObbRHGNVBw8I0rJ58Oqh5rZjWYct5nQ0s8eDgOUi5P5LHIE1lC_0gPJCUupTZMGnsVdrHM4BjbET2_BsaS4QMCY6yGehAj26c3BXcGklh0CVrij5jZHjy4Qa_je_30hMwGf0DUn_4wGZgOWKUKZgvtkjbqwmPKFN72ADa9byruDq7XRnmrawY_NZtcI2gMlzO-vOArKEktUFileZ48XXe8NBDCgKe1u3n1i0H2nUttIl_Yc3ymru7MaXZep1gtzJrbgUZNlgxQhbH3XjENGvw_j848Mjdt-J47LEvZLfssxWZ6lRabafNA171i-KCP9egl7xwd2pnUAum4le9C-KHqqHRUqba4&sai=AMfl-YSeu7YFfyBwJo2-HubXk2UhFhForSZpy94vllYxaqW2m-4Z9TSL3XiQeA6oHAcAK-SQo07ci-cSh66h114H4NWGf6Hq4w6nfDUQqK95Ck3B-lX2qXeWO_tqLNlQ1-MR4ZU1odwfH9W_pw7f90sfzYj5Ki6CPO7DyZGrEn0-Oru1_7LLcCYO7RbafWtMlc9OCD_oP9Pck2DDPDljUnaIWUu9oL6D3m4zYD45ko1sGaDcmBtoGj7AqWHAU9isEUdCrg-JMnlZx7UQeaj2hQ7cEnriI4VFRDMoAiFW4WnFkQ&sig=Cg0ArKJSzCksaNygVk0DEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1173&cbvp=1&cstd=1170&cisv=r20230104.30088&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 08 Jan 2023 22:05:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 22:05:06 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 683B 284 B
932 B 989ms
236ms Image
image/jpg 69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 284
X-RPHost: 6690dc791bf02dde8c4051a04cfd7bb8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame D395 0
11 B 273ms
273ms Image
text/plain 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Rclq2Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.253.118.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sl-in-f132.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:06 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 84D9 0
20 B 277ms
276ms Image
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BrdsOED67Y__bLueC3LUPq52h-AMAAAAAOAHgBAI&bg=!FBelF1PNAAYDMoyoIzI7ACkAdvg8WqaY73GsATGtpEkSPVMlFqN0kAUdwa62p7nlq5lT8wBXQ3259QIAAAB9UgAAAARoAQeZAugEqCUsCcRSqQuJtoXb0Ih9T4cYd5G_EchckMbloJYvpQ3qBoRX2vo26F_3O6UC11ccMQkcSv6rEs4rjTCJ3mCHeRGmngDM-X2m3uI5M5exRiCwO6hH3XXZIwh_rSBCkL9-JYikaWGRjbQZCT9Qvl6bCc7ZRrJC-4Q3LoCbrKiqe20Ilf9BHgqZCF5P86oh2MSjOpgDzFY_kn9d9eavV52aU8Vxujjs48ZRC8VZ3EtF_W-qdm1ytSXmc5Q0wBRCES4dc771ftvgTJUM6lMv1fO1A3KbRSOS6JVEZaLnBUyEFWzmmsif9V6WLfwAlMj2asU4WRVy28324xq26cSMP1Vlbey8Lhp5dfOgtf8AFfK27EHrdh__W4Ig8A8FUkJM__rhP6OcG3E_KgPQKOLZo1QA9Z5tMp9CIUZwG84gJN2Q-0uIcfLVwOJajdOxc461wEtb2aZLpWl0lzOmpQ1ZU8dO6vWc8HiUPrYrmqmuRgsSgGRWh_SUJwugIq85N2UtHNNXZC_Z4IfHnnm7mQcOk2PU592-93kgGAHSaEhMJr_ZoHERh8xObihqTh6T6tNBzDzAPbsyuk4ozmJoudKjPp5L_uwVagtqI-SrghGhzDGzOeYkKirtShruh3dB1I1JaGvxaYqmxPwBqM-jCYIYkUjDadSWFHnTp35O34M3XjNfGmLxMFdwaLcHzlHOslsCK019c28Hr_x0kliU0IDwmBNoURvmK5iceD7NaMlJvo9XC2QZnYfFRXYfJAcQYVt8sMvb3Ey63H8Iykq3amgptSmIfMLWzuRWWlxFbjYXbmt5udQ7cRo9DByybBLVhHHAFiCG4CibHx6EyTGfrfpAu1RjFQcO-ZhbyI96-2fa99qvyqxpupB3I-rkws9pT_I4gZBdBcx0jj71YiMLcw7HnyuZ_ZMXKOAICyiWbcIYfOXeLriX0mkfKM4lUwTcISOofECfF9XmzRAsDdaO5iLnc1MaXVeZ2Xe42v4

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7A88 42 B
174 B 577ms
276ms Fetch
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsut8faTSVc1WJE5F0Ddaq6IH35qm2ldIUjNL_yGmSVy5RjANOrWc6XxjvOg__2UHBLR04u1M5yq3FkE3_Z4OOiaigYO1euMC_iKo-nWlK_v1WlRrOctPXktK6YHU4nMDsryOyI&sai=AMfl-YTki-UDvqVjI8WY58mHTClqZOh8zsjhGjHqR8g3w4XHfZnNR-17lQ9p8nGt6C-EXAolHw8RfIm73aNZvIa8rOcbTrjk_H84SHVeJto5ammsm4HpY7FhFfET3FtujHewvnLHBjJgc1eJJySS_chz&sig=Cg0ArKJSzEJLRdiSx6dWEAE&cid=CAQSTADq26N9phW9KeKBOJpnEawT1xqbzBsEopohuCvbF5_WqmNoHKw8WUrpSbL5xhjcBB_KjZusUlzay8WvAG4mlxPfp5BfmyBZpC_tQggYASAT&id=lidar2&mcvt=1011&p=521,1071,1121,1231&mtos=1011,1011,1011,1011,1011&tos=1011,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3854452215&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673215503911&rpt=1558&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 300x250.html Show response
s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/ Frame 223B 6 KB
2 KB 607ms
273ms Document
text/html 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/300x250.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

3af9dd00f817facea898c826029f7cc0c0301c249da1adff3872671046d64b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 1129
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2270
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 21:46:17 GMT
expires: Mon, 08 Jan 2024 21:46:17 GMT
last-modified: Thu, 24 Nov 2022 05:03:40 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7FC0 0
0 620ms
284ms Fetch
image/gif 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv0IMlZj2WOqXKDBj6mpAJIb5qV3RLhQP-x5mGMk_W2u93em_CGQdUH8S7dFSDqY1UTReGUpiIFzEHXvKr-o74NcpFuMNkq5hM0oIicKyvjuXZUZy6kT9oNtyo1QI-Ri3DXoyROXdURsuPYd7XmVAgi1l_aB46BtQD7k4FAldIvM32RJEwihB_m5Tt0Ae7l2a7E9FD4-oUqBoqDP9LoiJO3in8j1X2EglmA3WtRSZFY-m3R9Z00ZfTfZnNHWidWy764EGHsXf0_uft14Z8lysGP-xNZ6zhOLutwnU1VLoHwL0__rMCZFLn_upQkBsfLBKW-lEa-YCbafaZJ0p_JEhIGSS0_HBedm1_MHYkYWLQiLoh9riwkuD3CnvFvbxR6IY-Px7fhGi4ux7s-aV_ALCZre458dv4OvOFpL18oig8MunPO_4oN3LDBUwH92UsHkGnXbfAd4wNJOgmd_fnqExODTcBwJhcHf1SBK5aPRAd-Ci6xN1RkM5exK9jumiRq8WQqiQkoWEyX1vMJ4zh5P2-5IJPRM_AF0cf7bKI53AXJEzyhIpmKuT1a-Xs0caPXxahgRT-2YQn2lLgIDoL-yprkp2PUTM9XZdji7_yy9GUn0H9wIKf1cfcY7ZNUgdNgeCosOnKnwb8sgxFAMfvDy2Heu_B_zhRoSD8DimP_WRktRIfg5TEgE5BJIUMg_b1Ngds1W6kkUWVvI87pGxCkuSAzzA_HO6Df1vmkI1bw1JtR_XQo1VeZ-meVdY27X7Ff8LEC0ocMGKuLnha_Cg2UajrKOG3JBa5Z8P5WlPayuwya5uTU5ZGYAXp5wgL4vziKXphx5t0eyBJomu4fBi2sWQ6dIDlnSI9fjb-Y_iVISubeZjXpUspFIwceTQNqfbkgwCzvIUHrwWJvZfptOEE4Qn4QlDOUcVShKih2jqEG_cA_y8ug9MV0364InPFgcNPwx6g8IUX1pZcgCNhJ8dSKMv2SMa89-twP9GRyZuqAzDufHpgaf7PCBwYXkNL0d927oB7MAfSrqtHywqAMgseXN9ziB9HbyOmvBnWe5rfi4BpWTu1QQb_qDpsMEkokDULy9LzMUV85dHbY9L3YC87HBh1Y3YRf8UFk-jVR-BMg5Igu4p2E1e-deIZfrYA3D37fkPREZXwIH6deR8mqfCdcHC1yiL27aDPEjA5C2lrQqJaqXKOVgC0X0Hm2Zq8HCZBhTTFlOZVNccPca3rNpSXNRFQhlzk_ggzHgGKBLIEG7cBNL-g4pX69cCUb7qu5Qhrt1nVz3wolTj0yUheoYCZYiu3z1gctTMYGw_gwAE5cUYMoHw&sai=AMfl-YRlYz1PKmx057AzeH4DsMTFMiek7ynpIayWVgsUJXqJDxTJ8TuDpQUGeIyM_tOOtKhS3-21HSGMll8hpaS-WY3O1B1kpU9cVf0Ynjzn1Dr0twxKeun1Npl0L6_7eYFVRnx3iWEV-ibObXbZqtDFuM1MXedFQi1s7jUL7qPP6zVtrQWkXuNhwVjE0d6ZsKvWGRcW1a_IfduTyJWepzLegZLWy_vHuPA0MnXgKV5s3xDuamCOxwRyRFGcyqE_BncGlnFjVt-gIVJlIC5yCxg2SftReCStJZnI0pAfyTvfig&sig=Cg0ArKJSzEXiQrdjHedSEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1177&cbvp=1&cstd=1175&cisv=r20230104.39682&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 08 Jan 2023 22:05:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 22:05:06 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D9AB 42 B
108 B 575ms
274ms Fetch
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuZd0IEZsaSHdLxsMpNvlfOA5ZC-mrDDPije0bRyXUzPF6nyuPiO9ymRxEbzANAAj8vFXykZzZNBUj_B93Mu-L6kLsE&sig=Cg0ArKJSzNYr8lEEJMeoEAE&id=lidar2&mcvt=1008&p=974,513,1224,813&mtos=0,1008,1008,1008,1008&tos=0,1008,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=0.9&if=1&vu=1&app=0&itpl=20&adk=3770940712&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673215504061&rpt=1530&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4CBD 0
0 275ms
274ms Image
text/html 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120801&jk=1331020994226617&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.12.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: se-in-f154.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5398 0
20 B 278ms
277ms Image
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BbgNgED67Y8H0NYyIvwSKvq-wDwAAAAA4AeAEAg&bg=!-Pul-7_NAAYDMoyoIzI7ACkAdvg8WrH2UaaWnX2LccEHFKB0YeOwnJ3vxH2hEMClnWGGUK4g6XvcswIAAABhUgAAAAJoAQeZAuzNcBwtRS12uKeIzR3Lu_WYYIRLGoZaQGWYNUn6NtdIxdATyqTR4fZAQ5WMElf6spK11lPmwMdLI795nnfd6uiJXK7BPbtfLDP7rVfOIXIC4k0QQRmN60mqBd1ga4LTm2r62gNJXCXIFlZIKw2u-xD3JpZSehYx5n7N19GqL4B-nIwKyVYQLyTD489q3rIcBHXJaghs5LdiVP5F8Utf6taPYGWj0-6KuHed4eXNjDwP9U4ZliiHumBLoLLweWm5m1SXZVk9W6a9mOPQ1v95eDVzPcwUbDmkpm7CNPiVpwIkkOPWrDB2nD73FsZ4kk7LsEbLLlWqGxASdHGTsMgFQE_I5Wn7xipL3OUlBLi2LHHACslvEJJLc4VAncCjoHP__0Bo6HR_PmCmiF-Z8JfI6eERsy10KGphjkoxBXBC7cqNzeLJGQkSssivbupLqCJINmVEeqsJvyTFPqB1HcbU8pxVJNzeMRAMMnFQaDar5EirOK0ItMaVqOI8Q_pKQW7BppT-sy07whRlYcqAT1jpvhpk9IaSPrIrbZNRCJagKxDRsmLQZfN7RcDGgMI5ulrvoCiteMuRrCc9A34VscK3_fULyth-xJ80OwzFfSKIzSmzY-8OW3GA616HinMu0a8oPfHm_hu5UT3hlkssM6uIjr8SumM9rq782i_vrvjJV4-m1V1MJ3EEBPctZ9SLlt9uorly_d-pai_O8sjA-wZwzZrjYyvsLw5kEfZNLE-XCnksIkb1j5IJ7u6hUnQBUjX6NIZ9TqKcv-vGj5rkOcZcyTJ39aRGZ38pp41DejLkPrXcnBUyKWGmGIrljJtWvzc4Q1TwSsVnh4dnxTK0bOPWGdmh5pyu6gjGbiEFezbHbTAK8RZO0_32h7Bjtk42Dl7SaBZRIYGiPxSgUXAUIEr-lkcIqsz7kNv4Byh2C8w4HqeY_UdXQfyCQ_JQAertXmFD0G31hic-Rd_otFquY3JWIo7iVNLryJlRuv6LsaWl

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame FFB0 0
327 B 616ms
234ms Ping
image/gif 216.239.32.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lcnxb7r9&c=7499230686172&slotId=3749615343086&qqid=CLf5ir79uPwCFQeDaAodpscMWw&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230104_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:07 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame FFB0 15 KB
16 KB 274ms
273ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 06:38:18 GMT
x-content-type-options: nosniff
age: 314808
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jan 2024 06:38:18 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame FFB0 15 KB
15 KB 288ms
287ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Jan 2023 09:18:08 GMT
x-content-type-options: nosniff
age: 391618
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jan 2024 09:18:08 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FFB0 0
20 B 276ms
275ms Image
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CQRnRED67Y7exDIeGogOmj7PYBdvbiJlupsabgeAQwJrMtt4JEAEgiYvEUGCr7LGF4BigAfe19rooyAEFqQLFx4NErUulPqgDAcgDmwSqBKACT9AzlGP2npGBkKmdBuLxkJSj_NikgNi-V69LhONsP03UZvprXFHXm3PuQQAobgLUhwxkozM9mg3JcedSIYPl2DChYzSua5BuZD3H74YQBC2qoDqg5Mlj-C0uG7bcy2ey7Rnn9RmJJR71ikEqOap6mHzGlz_n3zsdH0c5PECrH-1if4Y9m-jACQv68OkxrHy9DyupiTjOB13hDnRlOSyZAKAntmwqxlZkO0nE5PDMmK2PTYrQHQuyLstRn0honhDHdU2loIdWW5bDYL4mkt5sYmCr6yURCksmI2dOhrjGDPoswAgojz2pviDy2kcerK5pMU1KsJ6Mc-Nv_RHesmdPyA_YUrdRv3c7vXDhT5Gx-gAZj2KAKMZ_BQzGKzHIhKl3wATJ6vnroATgBAOQBgGgBnaAB_ftxpoDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQIAKAcgLAeALAYAMAbATrs3bEcgTzYbW4QPYEwqIFAbYFAHQFQH4FgGAFwE&eventType=clickstring&clientTime=1673215506704&ai=CQRnRED67Y7exDIeGogOmj7PYBdvbiJlupsabgeAQwJrMtt4JEAEgiYvEUGCr7LGF4BigAfe19rooyAEFqQLFx4NErUulPqgDAcgDmwSqBKACT9AzlGP2npGBkKmdBuLxkJSj_NikgNi-V69LhONsP03UZvprXFHXm3PuQQAobgLUhwxkozM9mg3JcedSIYPl2DChYzSua5BuZD3H74YQBC2qoDqg5Mlj-C0uG7bcy2ey7Rnn9RmJJR71ikEqOap6mHzGlz_n3zsdH0c5PECrH-1if4Y9m-jACQv68OkxrHy9DyupiTjOB13hDnRlOSyZAKAntmwqxlZkO0nE5PDMmK2PTYrQHQuyLstRn0honhDHdU2loIdWW5bDYL4mkt5sYmCr6yURCksmI2dOhrjGDPoswAgojz2pviDy2kcerK5pMU1KsJ6Mc-Nv_RHesmdPyA_YUrdRv3c7vXDhT5Gx-gAZj2KAKMZ_BQzGKzHIhKl3wATJ6vnroATgBAOQBgGgBnaAB_ftxpoDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQIAKAcgLAeALAYAMAbATrs3bEcgTzYbW4QPYEwqIFAbYFAHQFQH4FgGAFwE

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame FFB0 30 KB
16 KB 301ms
296ms XHR
text/xml 74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-CZ9KAcWVzbgVt5JUEKNOPHUyJJB-VZj9ucmqUQT7WytGVdljXR13iCJ6ltl6D-lKqRgWhoFY4ExHuEJyi16Jnkzc_BEQ&cry=1&dbm_d=AKAmf-BwmY_EYGTsvKDS6tNKQrVmaGrkoj63JNH1S8fsUwIu4DG27kJph1SpGRBCu2DBFLTK1C0E4-E0XSdjXb1slCiSWLJ80t-5pf6HVZy-bWtRVZHSxd4ylI0jpKrefT80wF4sUiRnGCYFW8Qo5g5IWTHbkvXBzq9TrfnG2uI1EMpG9Dy4ousSEYBw6lvhzrV5oJ-jf4o0Au3d6fd3qC0NqtYIDnZaNZ4cwS0qskExVPOqfsnd5gt-hInjx5xZBDHLrQ0gDe2RK5Hj2n_8lUFMzUCAAydTUZZriG_iZiwz7YFfkjjVwIRoPUFKakHBUDimlUmGNJJ6WC-igLvLGg9yLlTuaqqci8qmquThK_oGH1JL9Cs0PFDafYe-1dKYZ0aLShJwjWEk8304batUjC-39Y3uADObITdTkk7twNpLGmk5E0Ts0JUsgGCGZQ0EdZMD-NXD3AX9yunruGdSWq9xbmTqG0v9B7EZoN_eDl_hEARw8n_q6pXmwFGRkOx8BvTXsaPdmbu6eZ5Uxzx6fewLEddo91CF7FYyHeJDi25vKcNgmx4o0ElXeForHFROCLvmbEnKIlC_qmyT38RxwTXjoXXFHFPMMp5gWr6k7loNc3Mrx037jZ7qPqJooH7eaJoWzYBXedbtD9-BwuMYrtNAkv1J3RHTVGZbUBWcYIfq0_SFw0A0wgEnvhwhW4OYsU8FSHMvm1K13F-9QjgloKqWBT7C6273OqmmrumgmvilqMr0aIs1xAyjhmCc-q5qAU_o4-P7MoP8UEl8YrhNL8KF08oPMMQOB_xEVIMUSQtIx2lhscbxapLBwBTAiLUwD43Uc_kH1d8grjzD82sjbn6rODIsBsy2pE6AxKWZhNMOsudXS1JQnzxkDLaKcxqArMKJHB904pyV0FbKE-M6zoNg3YopZyvP4VagQhm5-jzwPMbDcWZQwWR2lC8Q_qLMf7cAqc7CUVILm0zp16XIb02w6vFthLjFePextlXL2XZNj5HfEBZBxxx1xGAdueCOMmU_-iLqT5O_ZVVwfdOdrd4pNxAvMBIf6SEqwabx9BoYXAIuPBkxNGS-v77tzcYQi977pQY3nUJxR3GeXRfRCDRLN9RP9sYsV7boHYrd0-_1_EBp0OXkIU9XZFu13v90YdRahT9xlfdFAHU8ZIrshFeogX6aHM0c9SiXk3x5ollWCTz936WQdGOSfyhVJeMGP164lNFTUr-PZHNs3eMAr_ZvARMQL9jkKjQLUvHvXykfC56Jt0W03WKpzVS-xI3e4mUOYD7u4Im0YpnhJGbajW1NdnUors5JnTYN4F4YoePC0UohQsl9ygCqhWY0ZaxAxd-tSNbT55BuASXKbcDYFPNENTpupZGmu18ATFj6XtjgWPK0bKAc8u3VbxU8k6T8AXHshdQ1qPGQLOirCH9_PMytvwaJ2v8KuM1Inzz5xapERHha_643lbsPMA-zXwC7qRihUrM6QnuhTb5myAWPqZrY1k4Y69SaJi14pjRdhSW5yWJSlqKFxYUf2TshDBD0OHfO_U8wzTP0kt9zQqsGlRRnK3wHcY0iTETmGkQmqm-LDSVE1DPS8Snwd4TOpJi5P9Ri8KLhG0Hiopm6oZpNEUtXg1DrDb-lHvltYgcRJu5mZL3ZOVLZkaDuCJDIBR6__85OjdxiA9NqcVFXUmIh14tTcEyXHGn0VWS6DUfq99IrLlSrkFsRwOAkQUpc7cstSg1hZ8W979akhtSf4gybIK78SevQu7YJgjYtOw77nRwexfEbMyj4cBYErGR3gvzf4Zx-cbgtrQURfz6qZ_mQyS8AhZeEtQ81E86VPGEqs6lHJSeOOOBQ3ubSWRBh8Lpc85zOKaOcKWLg9ccURb-crCR2MJ6Dnlg4jF3h61_riqVe3k_cPryOjYtgY_VCdi_ExADxJL8EJFGtQSlBKnbCF95rWUG13TwHxQjzLy1nLkRgzh8Ul_BuQnUu83aaiFGF5TfZLKGGzv24yOpOgzMUV2ZCeKBjux8lc8g8wa9H98z1HVuHvwyGVPrFOAorCxceNB93AS6BrEq56GgJXxyePbk9OKtsU4pApJzoOvrXZ9k9OjHWh5HH5pS7B9p36PxXuuCmRSGu7NjbZPtkyU3TgFa69gXzKIDHmiZVKIXnYH1SQguwgroMaoQDD4mi40Rn398ll3cITl7XawT2lp2dzs5v3JQKhJmiuwNkxXiJl08O0_OG2UTEoF_e0EA9NMX2bPr2vgT9NQIwI4KUC3vrqPs4uEUkdPE9Z7C7rFdhrP5oZX0SkaJIs45YFXTBDraQuCXzvyhwPEJIYWgbrf3puFUtgbaGckmbqNpvoSD8Q6t2wvYb0vzxRSWevwMoEbDVoAH88fykr442dZlHjoyR41lf52TJEG-EE2YCBdkRZ-qrtHD2vpfFrdgLBi5Smd1cv74phwVTvTB-J0LVS7tpPEchPqXGA9ayLSTF1Vz1OU9HfOj-Qr2WPi6mlNn9O6AALhWIY_VDwFTfi8XuDNK4x4Mob0D4fb6myd23sO1hXVTdtUw0S1g0EB3jTTujSjlok8VXpPIPocYP-ccKXV7FDhV7w7oSK2PvbCLTuzhOPgolEL4exiJ4ttPdI-z0Ym_SOqSdWW0_jUvhMbwHDvsJy9syfihcQew4U0sKpa4BNv7muN_osX5gW0QPEBZHV_Pufo924B7UODMISHu0isNHzLJMFiD22AKisy9zCKLuR4ZR3RxnkJEkQyyQCvxJQEt8-X3o7XYZIPvwUAR9PyiidWOrv9I8AJM0UkoZfNdIyW-8UOpHz95xDClXxt2No_g-u-FDWQQ-j01RbPATlhj8DZugzIY7RT27WXykJWB7XeLl4gXDNqsWUj2veQap6aQG903wzqIEPP3-muHfyPAkVTk5neFKi96anCTAXBr56AKSes4b7fh1CmiL0srRJyaRc4xtYHC2DmdNmYbziMdjXn5Zs2mlIUV-dqeo2tlDBbb1Vmr4tV_nNNDbz1_XFfTQ7IX-DlhHqOSf39hvIr7g2TlTgGfoC8moFHiYZanukyQudMkV9kNsTHMBfI0tVOhkAWi1WbU_nFwPdI2Cmkwry26txXg5ImYPR0E168V91axLtr2aS9kV50hJMFUFGoxs6Q1rYt0Uug34nwF4fbdbZcmf5XOHoMnZ6Ip2f0SKklDlDv828CfQz0fH2UCAriVBRtPUokTSwNCayZ7fphYCCY3XGx1KqN4khZYYeF2bioLoVzeTvKmLyDnidQEny--I_3Tzi4QDNkDp9gIgsvd7k8HI-wnxB47tRN3ervyxd_UZ54vm9qPDesoZjcQsm0tECX6GBNxMfjzoOVw-Insu-3UtU1LY6CoXRo-JJc6SFLi5nAHvw6fZK3flhumPTt9d2rlagoxy13OUuxADn-TltNdeYQugImrvgBGcDgq_-dNenMbVUjD0zJQxe_AbDV-gAtvYYeju7O7SkvaA34iMGFDn22FX75NThQR020a_tt2NHc5jGNNZ9IO__ETmvl5fUJsmPVAQ8OHeBTvRFHi8LxGP8zWgoTJysbE4mR0RkaVoO6CsH5LBjdmURVoIkytSJk_snyrtH4OwBp9zgws4rJHt3uGmY4okbcdGTElbOVr827uNOJ4-xv1Bs_FjrbL_onLKV3g9FvAD6eypylGVnTBbAxnrjJjI5JOMfM4AWd3CEWcZOzyrcy3zcXUsPsC2fIvYQcReRF0KBdi4WvZZLBbDNioQKybkwuXv_iVNcI6L5sM-pKOt3zX8lPKmCNBHTuiyaPqeg09Pa7JhI7O0X9ak4w6XwDR9aQ&cid=CAQSSwDq26N9guIZoalTSan7EKrI0zzfNFemhXKdEKf3KYkTaa8TMvlUgPGa8U8dtnoesPCHoY25QfRXhphjqt3aNGLaeBJjCKnm_MQttxgBIBM&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230104_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

cafe /

Resource Hash

44a018f733bf607868028c226576648ed4aeef4718ecb91e0cfb775b72cb04d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16391
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FFB0 0
0 277ms
276ms Fetch
text/html 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CBKyvED67Y7exDIeGogOmj7PYBdvbiJlupsabgeAQwJrMtt4JEAEgiYvEUGCr7LGF4BigAfe19rooyAEFqQLFx4NErUulPqgDAaoEnQJP0DOUY_aekYGQqZ0G4vGQlKP82KSA2L5Xr0uE42w_TdRm-mtcUdebc-5BAChuAtSHDGSjMz2aDclx51Ihg-XYMKFjNK5rkG5kPcfvhhAELaqgOqDkyWP4LS4bttzLZ7LtGef1GYklHvWKQSo5qnqYfMaXP-ffOx0fRzk8QKsf7WJ_hj2b6MAJC_rw6TGsfL0PK6mJOM4HXeEOdGU5LJkAoCe2bCrGVmQ7ScTk8MyYrY9NitAdC7Iuy1GfSGieEMd1TaWgh1ZblsNgviaS3mxiYKvrJREKSyYjZ06GuMYM-izAUCk9V6GUwMBI_6g-nPKjBosKhnLJ7KIBGRNmU2zC59J7r5Jj1SND6Dpmv6ku6P2Hr17071MdtkWhA1PABMnq-eugBOAEA4gF1NflsEiSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBnaAB_ftxpoDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwoQtqICGNGzut0B0ggPCIBhEAEYHTICigI6AoBAgAoByAsBsBOuzdsRyBPNhtbhA9gTCogUBtgUAdAVAYAXAbIXHgocCAASFHB1Yi0xNzUwODU2MjM5MjA0NDE0GPrefA&sigh=VYfJi0mQoKE&uach_m=[UACH]&cid=CAQSSwDq26N9guIZoalTSan7EKrI0zzfNFemhXKdEKf3KYkTaa8TMvlUgPGa8U8dtnoesPCHoY25QfRXhphjqt3aNGLaeBJjCKnm_MQttxgBIBM&vt=10
Requested by: Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.194.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: si-in-f155.1e100.net
Software: /
Resource Hash

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame FFB0 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e7be7ad8c4dd3fab74dbe061500f8f6135106c48b2e4ff470d5f151a9ebdfe3a

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200 1102.json Show response
id5-sync.com/g/v2/ 462 B
1 KB 1197ms
395ms XHR
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/1102.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

d8a0c5eb038eb78e1f2a4867349b08c00c5a6f2060ad68add444998910385564

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="CAO PSA OUR"
access-control-allow-credentials: true

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 6AD4 28 KB
11 KB 274ms
274ms Script
text/javascript 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal115.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

sffe /

Resource Hash

c9406a92f81fad251295cd64386a8bb62ee7503f589ae1b96893faae2f4fcb18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 21:57:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 427
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10900
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 17:19:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sun, 08 Jan 2023 22:57:59 GMT

POST
H2 200 all
csm.as.criteo.net/ Frame 4426 0
128 B 537ms
236ms Ping
text/plain 182.161.73.142
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.142 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.as.criteo.com/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 08 Jan 2023 22:05:07 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame BB20
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&gdpr=0&gdpr_consent=

35 B
468 B

264ms
264ms

Document
image/gif

185.84.60.23
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.84.60.23 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Sun, 08 Jan 2023 22:05:07 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
date: Sun, 08 Jan 2023 22:05:07 GMT
expires: -1
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&gdpr=0&gdpr_consent=
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 96B5
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:ca5d63bb-3e13-4400-8f33-f9d8d5b6d8e0&gdpr=0&gdpr_consent=

42 B
327 B

235ms
235ms

Document
image/gif

103.231.98.194
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:ca5d63bb-3e13-4400-8f33-f9d8d5b6d8e0&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.231.98.194 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 22:05:07 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Sun, 08 Jan 2023 22:05:07 GMT
Expires: Sun, 08 Jan 2023 22:05:06 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 277 3f0ad7a master nrt-pixel-x16 config:1.0.0
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:ca5d63bb-3e13-4400-8f33-f9d8d5b6d8e0&gdpr=0&gdpr_consent=

GET
H/1.1 200
OK ecm3 Show response
s.amazon-adsystem.com/ Frame 9353 43 B
479 B 346ms
343ms Document
image/gif 52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UID3D3DB3BA-54BE-406E-97F8-5482EBCEBB82

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Sun, 08 Jan 2023 22:05:07 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: PM0JK06XRGDQWY4N6Z7A

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 8615
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PT2zulS-QG6X-FSC6867gg%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

16 KB
16 KB

252ms
251ms

Image
text/html

23.207.36.196
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 23.207.36.196 Jakarta, Indonesia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-207-36-196.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=152093
accept-ranges: bytes
content-length: 5554
expires: Tue, 10 Jan 2023 16:20:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

458249.gif
idsync.rlcdn.com/ Frame 8615
Redirect Chain

https://idsync.rlcdn.com/420486.gif?partner_uid=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDNEM0RCM0JBLTU0QkUtNDA2RS05N0Y4LTU0ODJFQkNFQkI4MhAAGg0Ik_zsnQYSBQjoBxAAQgBKAA
https://pippio.com/api/sync?pid=5324&it=1&iv=4b3f33aec57905a27917f4baae87f43aaf02bddbe44d85053520b122a2d0551b791426b5417dce21&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA0YjNmMzNhZWM1NzkwNWEyNzkxN2Y0YmFhZTg3ZjQzYWFmMDJiZGRiZTQ0ZDg1MDUzNTIwYjEyMmEyZDA1NTFiNzkxNDI2YjU...
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA0YjNmMzNhZWM1NzkwNWEyNzkxN2Y0YmFhZTg3ZjQzYWFmMDJiZGRiZTQ0ZDg1MDUzNTIwYjEyMmEyZDA1NTFiNzkxNDI2YjU0MTdkY2UyMRAAGgwIlPzsnQYSBAgCEABCAEoA&goog...
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
https://idsync.rlcdn.com/458249.gif?partner_uid=48c1c12f-537b-4779-b645-6d844a6fcb23

42 B
60 B

320ms
320ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458249.gif?partner_uid=48c1c12f-537b-4779-b645-6d844a6fcb23
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:10 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/458249.gif?partner_uid=48c1c12f-537b-4779-b645-6d844a6fcb23
date: Sun, 08 Jan 2023 22:05:10 GMT
via: 1.1 google
x-samesite: secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
content-type: text/html; charset=utf-8

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 8615
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&sInitiator=external&gdpr=0&gdpr_consent=

42 B
570 B

269ms
268ms

Image
image/gif

119.9.108.191
RACKSPACE-AP Rack...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: HTTP/1.1
Server: 119.9.108.191 , Hong Kong, ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 42
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=3D3DB3BA-54BE-406E-97F8-5482EBCEBB82&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 8615
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=M0QzREIzQkEtNTRCRS00MDZFLTk3RjgtNTQ4MkVCQ0VCQjgy&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
95 B

710ms
235ms

Image
image/gif

103.231.98.194
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 103.231.98.194 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 22:05:07 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 8615
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMt88Grq0XGz-7kJoj8g6rM&google_cver=1

42 B
527 B

706ms
234ms

Image
image/gif

103.231.98.194
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMt88Grq0XGz-7kJoj8g6rM&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 103.231.98.194 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 22:05:07 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMt88Grq0XGz-7kJoj8g6rM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 8615 43 B
610 B 825ms
272ms Image
image/gif 34.126.167.117
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.126.167.117 , Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

117.167.126.34.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sat, 07 Jan 2023 22:05:07 GMT

GET
H2 200 3D3DB3BA-54BE-406E-97F8-5482EBCEBB82
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 8615 43 B
603 B 717ms
241ms Image
image/gif 54.254.148.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/3D3DB3BA-54BE-406E-97F8-5482EBCEBB82?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.254.148.3 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-254-148-3.ap-southeast-1.compute.amazonaws.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 8615
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&gdpr=0&gdpr_consent=

42 B
507 B

707ms
235ms

Image
image/gif

103.231.98.194
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 103.231.98.194 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 22:05:07 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:06 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 355

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame FFB0 41 KB
15 KB 273ms
273ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230104_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 13:19:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 204329
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 13:19:38 GMT

HEAD
H/1.1

200
OK

file.mp4
r2---sn-ntqe6nel.c.2mdn.net/videoplayback/id/73d54dbbd50de388/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1704751506/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame FFB0
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/73d54dbbd50de388/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1704751506/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
https://r2---sn-ntqe6nel.c.2mdn.net/videoplayback/id/73d54dbbd50de388/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1704751506/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

434ms
142ms

Fetch
video/mp4

74.125.109.135
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-ntqe6nel.c.2mdn.net/videoplayback/id/73d54dbbd50de388/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1704751506/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7CE2F966BE033B8BF803C2DC018F06DBB87F71FC.7D3A85433949778F5FB3AAB55CFC1EC99D536BFF/key/cms1/cms_redirect/yes/mh/VH/mip/116.90.74.208/mm/42/mn/sn-ntqe6nel/ms/onc/mt/1673215033/mv/m/mvi/2/pl/24/file/file.mp4

Protocol

HTTP/1.1

Server

74.125.109.135 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s12-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 22:05:08 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 4314439
Last-Modified: Wed, 28 Dec 2022 17:38:18 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Sun, 08 Jan 2023 22:05:08 GMT

Redirect headers

date: Sun, 08 Jan 2023 22:05:07 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 643
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
location: https://r2---sn-ntqe6nel.c.2mdn.net/videoplayback/id/73d54dbbd50de388/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1704751506/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7CE2F966BE033B8BF803C2DC018F06DBB87F71FC.7D3A85433949778F5FB3AAB55CFC1EC99D536BFF/key/cms1/cms_redirect/yes/mh/VH/mip/116.90.74.208/mm/42/mn/sn-ntqe6nel/ms/onc/mt/1673215033/mv/m/mvi/2/pl/24/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 impl_v92.js Show response
www.googletagservices.com/dcm/ Frame 6AD4 60 KB
23 KB 274ms
273ms Script
text/javascript 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v92.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

sffe /

Resource Hash

8acf96115cb55ad61bfdc24b7918a946d1b983ac14062a584dbbe8744021430a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 07:55:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50990
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23563
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 16:32:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 07:55:17 GMT

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 223B 236 KB
63 KB 1253ms
428ms Script
text/javascript 42.99.140.170
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/300x250.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 42.99.140.170 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS: ip-42-99-140-170.pacnet.net
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:08 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Sun, 08 Jan 2023 22:20:08 GMT

GET
H3 200 300x250.js Show response
s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/ Frame 223B 134 KB
24 KB 275ms
274ms Script
application/x-javascript 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

4729086be7d14a25727f44339c6bbcab18bd5648e2b031ebb4893c9385bba5be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 21:46:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1130
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24645
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 05:03:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 21:46:17 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame A9C0 42 B
64 B 277ms
276ms Image
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssKtWUjg9_u3H-6Zfg_uvKzVBvqMhSNQYfe7NUh9Ml2DZEiVUmCkuJMd9nZskJz7EqYr-lZrYXkZBT8Ua4PVnnvT8MYM0z02idD7i4tatJXJjk7IA51c-xH3DwYWYlfMpu37AE&sai=AMfl-YQoKtpx0LayjckRwLktvNSei3AjXGtiQrAnSyXdct_92xnY--wHJcu4qy3po9o5CZV7x9n-tTvljyQY2t52rV7YOTpT2pcxv670bw7weiR0UliOTlGEzyaVJf0nBwkl47IGh35X0aGx9GVukv0&sig=Cg0ArKJSzG26-D2D3MwJEAE&cid=CAQSSwDq26N9II-NlLYWrkmEHHkmnKk-cDrMA62MGzjZdm1FElJ9YeTyRtK2KxDDjq-Zy1KcZZZ_4mvAWEY-I7AlwP8O2bvJoRUU06vk3hgBIBM&id=ampim&o=310,314&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1011&mtos=0,0,1011,1011,1011&tos=0,0,1011,0,0&tfs=2397&tls=3408&g=100&h=100&tt=3408&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 1 KB
435 B 284ms
283ms Stylesheet
text/css 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

eaccab0d7807d8dd694e0b782725db5c754ccf17c0fcfe4a0e14e8f7c9576e88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 407
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:07 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 3 KB
3 KB 373ms
373ms Image
image/png 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

ab6656930d9ac061d19b3b05d337430bc122257bf1024f785435f058ba33f9fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3254
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:07 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 2 KB
2 KB 890ms
886ms Image
image/png 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

1849c9a56cccf8dd27a019816c9c797ca12ba45ef9fa3ef35a710607267907a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:08 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2322
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:08 GMT

GET
H3 200 logo_text1.png
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 1 KB
1 KB 891ms
887ms Image
image/png 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/logo_text1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

6ffebafbe127b2fae69ae7cf3bbf3941e7a9c20d7cd4db0e5ec83588f31f412d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:08 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1265
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:08 GMT

GET
H3 200 logo_text2.png
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 1 KB
1 KB 900ms
897ms Image
image/png 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/logo_text2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

7504603235f4efc995f1ca30ca274acfa983879adf05814df69e64be37ccb899

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:08 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1206
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:08 GMT

GET
H3 200 logo_text3.png
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 2 KB
2 KB 902ms
899ms Image
image/png 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/logo_text3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

0862cb559cfdba7b84c9e5fc17dd8ee53bc4483b9514c811d291ff08bd714abc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:08 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1809
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:08 GMT

GET
H3 200 logo_text4.png
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 2 KB
2 KB 895ms
891ms Image
image/png 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/logo_text4.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

3ae2264b05c4ef78344d6b5e84c7a011bdd133b853ea684f09bf4891a69446e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:08 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1646
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:08 GMT

GET
H3 200 text1.png
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 2 KB
2 KB 373ms
372ms Image
image/png 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/text1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

4d099e0324c934c7a047e964d2678d9d52215e154d2d55ce64e001d5bb1871df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1565
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:07 GMT

GET
H3 200 text2.png
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 2 KB
2 KB 379ms
379ms Image
image/png 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/text2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

b0df5dba97bf00a14dbd822074d8155a71388505ca60d0168c9b778cd44c294c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1544
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:07 GMT

GET
H3 200 helmet.png
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 27 KB
27 KB 454ms
454ms Image
image/png 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/helmet.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

92291b9d0f4735cea077796c484d712302bc10a6b1f2e5d14bcf28da19bdf794

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27233
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:07 GMT

GET
H3 200 falcon.png
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 14 KB
14 KB 385ms
384ms Image
image/png 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/falcon.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

e514012457f89297e80626b68ba2e3c8bee1944bd58d3ef5abc80b15a9ddce44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14183
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:07 GMT

GET
H3 200 sprite_small.png
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 81 KB
81 KB 283ms
283ms Image
image/png 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/sprite_small.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

9ad6c6f50ba2bdbf5463b162a3b0ab664c2553af8bc661cb71a7ccccdc7f282b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 82751
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:07 GMT

GET
H3 200 tweenmax_1.19.1_92cf05aba6ca4ea5cbc62b5a7cb924e3_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1D78 110 KB
37 KB 276ms
275ms Script
text/javascript 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.19.1_92cf05aba6ca4ea5cbc62b5a7cb924e3_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

62b1cff44a5e34b9587ad49f7ca951160f1559c5c545bcf99e13574ccaa5425a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37930
x-xss-protection: 0
last-modified: Tue, 20 Jun 2017 21:14:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Jan 2023 22:05:07 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/12594573598897311880/160x600/ Frame 1D78 2 KB
644 B 862ms
861ms Script
application/x-javascript 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

49eac9b255928757af0d79195791e82d72a07f2d8933077e3cf077958416cbc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12594573598897311880/160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 616
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 22:05:08 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 0F00 23 KB
9 KB 276ms
274ms Document
text/html 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 179100
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8727
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 06 Jan 2023 20:20:07 GMT
expires: Sat, 06 Jan 2024 20:20:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 683B
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=LCNXB88W-1G-CH8K
https://s.amazon-adsystem.com/ecm3?id=LCNXB88W-1G-CH8K&ex=d-rubiconproject.com&status=ok

43 B
479 B

344ms
343ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=LCNXB88W-1G-CH8K&ex=d-rubiconproject.com&status=ok

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:09 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 1GRFCW4TQ0TGTA6943Y3
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://s.amazon-adsystem.com/ecm3?id=LCNXB88W-1G-CH8K&ex=d-rubiconproject.com&status=ok
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: d5a7ef20801cf5cb1ee516b6110e672f
Expires: 0

GET
H2 200 B9689862.280630144;dc_ver=92.271;sz=728x90;u_sd=1;dc_adk=356101026;ord=4v008o;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=TOiE... Show response
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/ Frame 6AD4 54 KB
26 KB 859ms
303ms Script
text/javascript 172.253.118.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280630144;dc_ver=92.271;sz=728x90;u_sd=1;dc_adk=356101026;ord=4v008o;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=TOiETUIOyu;stc=1;chaa=1;sttr=363;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v92.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f148.1e100.net

Software

cafe /

Resource Hash

b24ea49ee3bc230ce2e230ac52b6ee943de256b47f3a5b02c93836b9b2e82551

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26184
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 683B
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&gdpr=0&gdpr_consent=&expires=30

42 B
740 B

237ms
236ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&gdpr=0&gdpr_consent=&expires=30
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Server: 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 0ed95c36ed1932be3ba76fc523a6e179
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:07 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&gdpr=0&gdpr_consent=&expires=30
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 289

GET
H2

999

setuid
px.ads.linkedin.com/ Frame 683B
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCNXB8AW-3-6JKM

0
0

613ms
321ms

Image
text/html

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCNXB8AW-3-6JKM
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCNXB8AW-3-6JKM
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 0ed95c36ed1932be3ba76fc523a6e179
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 683B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJCbpW7iM4e0xW8tTcB_kxs&google_cver=1

42 B
740 B

236ms
236ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJCbpW7iM4e0xW8tTcB_kxs&google_cver=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Server: 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: d264e84c9dc1a645a3048554992c5d82
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJCbpW7iM4e0xW8tTcB_kxs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dcm
aax-eu.amazon-adsystem.com/s/ Frame 683B 43 B
855 B 1723ms
484ms Image
image/gif 52.94.223.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.94.223.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:09 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: H19XAEND6JFSEPN15RCH
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 683B
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TENOWEI4QVctMy02SktN

170 B
188 B

277ms
276ms

Image
image/png

74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TENOWEI4QVctMy02SktN

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TENOWEI4QVctMy02SktN
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 0ed95c36ed1932be3ba76fc523a6e179
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 683B
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/fUCYzB9v-Xk5JtnwBKnoGw?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-e87pO1FE2oJzhukh8EhLmSVWyLyzUB_tIt1lqg--~A

42 B
740 B

237ms
236ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-e87pO1FE2oJzhukh8EhLmSVWyLyzUB_tIt1lqg--~A
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Server: 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 6690dc791bf02dde8c4051a04cfd7bb8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Sun, 08 Jan 2023 22:05:08 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-e87pO1FE2oJzhukh8EhLmSVWyLyzUB_tIt1lqg--~A
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 683B
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTNkODJhY2ZjMmNlNmFlMTVjODE5ZjkxODZlNWJhOTlkNzE1NjI0Yw

170 B
188 B

277ms
276ms

Image
image/png

74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTNkODJhY2ZjMmNlNmFlMTVjODE5ZjkxODZlNWJhOTlkNzE1NjI0Yw

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTNkODJhY2ZjMmNlNmFlMTVjODE5ZjkxODZlNWJhOTlkNzE1NjI0Yw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 0ed95c36ed1932be3ba76fc523a6e179
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 683B
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=OCOtTMnDRRGhoAn6f8VNiA&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=OCOtTMnDRRGhoAn6f8VNiA

43 B
479 B

343ms
342ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=OCOtTMnDRRGhoAn6f8VNiA

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:08 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 5V80GKHBFV9RSAAZKJTG
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=OCOtTMnDRRGhoAn6f8VNiA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: d335433bbbe0efeac67146df47932f6f
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 200 sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js Show response
pagead2.googlesyndication.com/bg/ Frame 0F00 36 KB
16 KB 272ms
272ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

sffe /

Resource Hash

b14e828cf0e3d31af68db645e32ec8c04a113529f475d9d04bc9d1bafc67c626

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 13:29:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30963
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16096
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 13:29:04 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0F00 0
20 B 277ms
276ms Image
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BWqOvEj67Y-OENJ2Y9fwP242_kAQAAAAAOAHgBAI&bg=!5uWl5aHNAAYDMoyoIzI7ACkAdvg8WshtEmhlqyjJSuYooKv4QmHVtnlp-m7a5flNScFXSj2OzRiVqQIAAABVUgAAAAJoAQeZAulTDuEQLqf_vnA3II3eBCCM8Qqj5Ites_I6Ghu1InH09yW01VXpEuHmXm2-JQs7e_Ah2YmzkXkKw8A8e8MWKFUMxddsIk4nlU5a8XxJT7x2x7ObNkohnNiN9zhqHVW-KiFpWW_TlIERgsnUhkB7Jkxfk2PpJUGpjBqs2xc9H3rchG4U4dMIbNEWH8lpY1vfGyLLOqbclbH6DaCjrmGvDOgmANCbipNi_7UrIvYJuO4SzSwgtE7FBdM4w01E8RIUeFr6adWUpnH19eHM4crJkKM3d5l7DqS_HZJBlrVJ36VGFt4BneFaz9m9M2DkQzFMGcjGVn0CzNyKpziM6noseGqw1oyVm36aLtTekZNhul0X0F5g04OzCDwiQk9FY0_20JqJgy5p_SD7O2DDg8dqaojSoyzxvzqncYYCdGknGK1vlsI-VpZ3wn_Xaho3CfniJ6o8SiFUrY4d1smuQj-YKq73VbeXDYAiGoRu9w-daIQAYD2XhyY1oyUiKugUGn3qlOCB8D7CxoGEDaC1DwZrft-dcSa5VBiIVvcafBblpWTY17NNjXDkzdJSDYY4frO9q2G82DPcl0SIUxJ6fOendgfQ2E7o6KrrMbF690Bmc0lwvpc5GnSxe9fLSAaUt8Z2IO4lWlImXo4atn_w6b_kRKG62-MgJZXtq06a8Y17mBWlGeolrGB-Uax2Y8qQrgMrgAlQLnUpCQZUlx3eBjVftsSbtjIFT9Xzhy-O_HwyFNI44Ak24dWj-5Yv9Nd4jKAounSd5o-w2aYqkpinookPBzFsc9eP2l8wHy0F0aHw6qgVWSjQ6Qia5xlOn_th8Q-8X8C4oL76yijYszadoxY4UNbllkbya3FhUwe-gchn3EmAqu0ONlzMBKB8rcsRgQteKLWZ8liWioFJpuCLkAamqmowJMI01W3YwDeROG2KmsMK61treOosHDO925ReYzFQVKsR22P_t_L4QRXFWz2EYBiUg1Hv5N2GL8sR

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 273ms
273ms Ping
text/plain 74.125.68.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oe120&_p=1727843758&cid=1989426833.1673215501&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAI&sid=1673215501&sct=1&seg=0&dl=https%3A%2F%2Fpastelink.net%2F6r9a94ti&dt=Very%20best%20Rated%20Online%20Casino%20-%20Pastelink.net&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.68.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sc-in-f138.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 206 file.mp4
r2---sn-ntqe6nel.c.2mdn.net/videoplayback/id/73d54dbbd50de388/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1704751506/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame FFB0 129 KB
0 285ms
142ms Media
video/mp4 74.125.109.135
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.109.135 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s12-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

expires: Sun, 08 Jan 2023 22:05:08 GMT
date: Sun, 08 Jan 2023 22:05:08 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-4314438/4314439
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 4314439
last-modified: Wed, 28 Dec 2022 17:38:18 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
client-protocol: quic

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7A88 0
0 279ms
279ms Fetch
image/gif 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstQMd0Tp75Tq65m1KyPd8jnMoNupMigROBd1fTUzdPBCCuNjB2JSfRsK0VgnsvzG9AK2mLQSJKRQBJDfbXMW4oWabLPKeioUcpAp4jH5LCBt7xRQMWMD8hE9sUt12ajHY0sF6wQ0ufJDmMCrU2cwKDYvTYwnMRvVLIZm5Kd-Wh2E552Z5L53VYK-RA1v-U4x5R80QiPeG9b1xYAOhS-zdbg1Ifu6co58eJjzFIRWHSHUcRbgH_RxETdpEXZ0B2FZCf_p8xfWkYOk8E0qMhQ44VC8XU1dhlVa4PLHlksdcHSUV3vXwaj2gu3tVvV8zAdNWUr84mm_t_f-MJRqY8X9KHAQwQcZ1K0K1H8R13v19XVBi2Sj2aieFkJeC7caQO3tBXFjDi_ZcvpJqYlcTq5fQg7Z35qeyqWysFA5xUxnC0fNH-sBIlb8ra3iK6E1OCAXJ769de0Hdqo4wZZEzCtvBeKTA5JaPjHn7KvWgnLkTkmoxAmHhPvBp5q89hyl7goranxZAdedHZGZ9_FN1xbhtwmhFaqNB5QbJtT39i3cDY99f2JcVlIZ1JQ6ChIcbeuUdmSVVo7LFCd1fwUETaMpgcSaFp3ufS3BsNPoB9alENpdvoL2x3FpIKjjl_cFsw3FqLLhvSMaAwkPaZwGLwjM70L2MyrGMhafSDe-BCyW7gFP6ddHSGJgKdDP5-iZQMeP5XBHiKtkkaaQEtltG1nSVs82qGRa4nip8laRLCoHdk7NoWBNWpDhvhUSnRHr7c6hPt85lF7YsQjBJ8Pbrr3N2BK4N6gOLhREgAgrlBv3WaXOJPBDnAy85n5IeZP5ALD37xc9XaPYxTBIgGFOFVbjKjMF68aXa2OYyP9613RGj6TNCSTagw0i_tzkNvDK4vMbI-OebdnRRn6RiQusMObbRHGNVBw8I0rJ58Oqh5rZjWYct5nQ0s8eDgOUi5P5LHIE1lC_0gPJCUupTZMGnsVdrHM4BjbET2_BsaS4QMCY6yGehAj26c3BXcGklh0CVrij5jZHjy4Qa_je_30hMwGf0DUn_4wGZgOWKUKZgvtkjbqwmPKFN72ADa9byruDq7XRnmrawY_NZtcI2gMlzO-vOArKEktUFileZ48XXe8NBDCgKe1u3n1i0H2nUttIl_Yc3ymru7MaXZep1gtzJrbgUZNlgxQhbH3XjENGvw_j848Mjdt-J47LEvZLfssxWZ6lRabafNA171i-KCP9egl7xwd2pnUAum4le9C-KHqqHRUqba4&sai=AMfl-YSeu7YFfyBwJo2-HubXk2UhFhForSZpy94vllYxaqW2m-4Z9TSL3XiQeA6oHAcAK-SQo07ci-cSh66h114H4NWGf6Hq4w6nfDUQqK95Ck3B-lX2qXeWO_tqLNlQ1-MR4ZU1odwfH9W_pw7f90sfzYj5Ki6CPO7DyZGrEn0-Oru1_7LLcCYO7RbafWtMlc9OCD_oP9Pck2DDPDljUnaIWUu9oL6D3m4zYD45ko1sGaDcmBtoGj7AqWHAU9isEUdCrg-JMnlZx7UQeaj2hQ7cEnriI4VFRDMoAiFW4WnFkQ&sig=Cg0ArKJSzCksaNygVk0DEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3265&vt=11&dtpt=2092&dett=3&cstd=1170&cisv=r20230104.30088&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 22:05:08 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 276ms
276ms Image
text/html 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120801&jk=1331020994226617&bg=!Y2ClYCTNAAYDMoyoIzI7ACkAdvg8WpabcwLpxuFsg8Z8oHt5OcQq34LHwZZTJl91uAhSGhhyGtGmfwIAAACFUgAAAARoAQcKADXto-jvVFejooEsSVzK7_P5inwUfMncUSqtohEqiu3XqRmQ6o1iIKQPGn3hK6-GcJnysho5LZkCsEY8l_IwbYC7_58dYSeU_tUvD2lysWMzkiOK20mnj_sNn9bC_zRo1G75Y0Kswcf-LCsiScXok2Rfc4kYvwBDaN04Gd5DL8OoNJjYVObb497nok4a3kzA1mjxwg-LbX6HjjYOat0L5uU7-yHVAfuOnDQrGSPVg19qCob-ru89Ux9VQbjjbljdU97bFQYdP6HmeuZojx8UNnROnGLzrtyRyJTab7qhBQzyGUgNskpF7B7OBmtIL5pavW30OtR5nwWBa1q5hDcbXLzrMuKAW-dyMT9dq3Ku_CS7WEk6jwzao-wLbAoLkOeUly39IX6DGbXpKEjp7LWZ3JowvQ51-jl7nDz1nUcNk3hpxpEowxQJTPtoslZQxnIpx2Rmy0hYUO_DMQ8ukSolkOwmSVHtzNeuZ1jj0eAI-pzZ2aU3uUm57IWVWeeI8zmJw9teWj5bp97DQTB-gjkgNSSKfn8YjXIhFtBIQRDcqMLotfYBqV-pTTu80JGujmoLQT-bkmpJpmm7sWMK8_kvqmFqRHL7v4D1S3rEinnDGK0mmtXPZh_9xH8kihXJhxJHIdFZuBPVB9j6rnkyxvUaWd_3OlTsTcZQVJLIKn9Om5fwXoufZDa6mQcmihwhJ8u8Q8XdfCaIL1fkuc_IIjWy40Q8qCpEFqCiiOO1FgkkTDhJdIeW7vmfBLFSS3r3Rg6VW7c81FKukWWmJs5Im28-DaWQWBBPRzHyXlf4AssTSyDs69D9wz0dXy43Zw-ysen1VQHeJaO8K0wWCgG9Y7zXOpD_S5kQ_MZ1dPLSNsW7ECoVuVQ-v091WuJLwWFV73Hfz8EdHfVhl11BLfm3IZfFmUQn9gTJ-_Xsy1uzcy_MZwjXConD-gp05CaPyuNTuMgNk4fq7CaBrP9imMGKvdwfXZbT5gIHRfNkwx4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.12.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: se-in-f154.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/ Frame 6AD4 8 KB
3 KB 272ms
272ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280630144;dc_ver=92.271;sz=728x90;u_sd=1;dc_adk=356101026;ord=4v008o;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=TOiETUIOyu;stc=1;chaa=1;sttr=363;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 15:19:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24310
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 15:19:58 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6AD4 0
0 277ms
276ms Fetch
image/gif 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssmsqHIfRPAvDXBFGhUB6o54iXIDG3f5EHzxsLHGTWG8ZQBmRX2BJz6gQr_93UILOb5dQw94jn7JxAfMhx8rDmRbtlSEBWoNhbvNSROxOz_AiX_X_DMjAwX3XlrG4aDim2LTNcouxPb5nL_4L_DFZpXee-UVQ&sai=AMfl-YQocuQEuqMF1IXOLKBJun4_CurI2ojHmsYM3VjEEO0emJcMmRPk4484KMmBUe-dD1NrOjw8mW7qrMK5f8dDytvt5clWNU8BTWzz_6A4&sig=Cg0ArKJSzG5PMugyS2VEEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230104.77494&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 22:05:08 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6AD4 41 KB
15 KB 273ms
273ms Script
text/javascript 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56237
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 06:27:51 GMT

GET
H3 200 16962963768266320094
s0.2mdn.net/simgad/ Frame 6AD4 33 KB
33 KB 274ms
273ms Image
image/jpeg 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16962963768266320094

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

7e59de22c6072d54a3ef78dc879a5d0f08233ba9c4f913eb010cc89b61e3ac33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 19:27:46 GMT
x-content-type-options: nosniff
age: 95842
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34175
x-xss-protection: 0
last-modified: Thu, 26 May 2022 20:29:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 19:27:46 GMT

GET
H/1.1 200
OK dv-measurements3361.js Show response
cdn.doubleverify.com/ Frame 6CD7 554 KB
106 KB 277ms
277ms Script
application/javascript 23.50.117.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements3361.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/6r9a94ti
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.50.117.184 Jakarta, Indonesia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-50-117-184.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 730ae96ad02feab707b335d3091217e7a13fd261626c1f681ba79e25af424f12

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 22:05:08 GMT
Content-Encoding: gzip
Last-Modified: Thu, 05 Jan 2023 10:19:35 GMT
Server: Microsoft-IIS/10.0
ETag: "80d57035ef20d91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 108467

GET
DATA 200
OK truncated
/ Frame 6AD4 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: df63da6a2d031ae79b7b06251911a727719d5b4f973dd9af5897347640060a4b

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 csi
csi.gstatic.com/ Frame FFB0 0
17 B 521ms
235ms Ping
image/gif 216.239.32.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lcnxb7rm&c=7499230686172&slotId=3749615343086&qqid=CLf5ir79uPwCFQeDaAodpscMWw&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=954&mt=video%2Fmp4&vs=640x360&ulv=1&cll=0&vast_v=2.0&vmfc=11&vhc=0&msm=1&aits=0%2C18%2C22%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=web_video_ads&ape=1&ple=0&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230104_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 IMG01.jpg
s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/images/ Frame 223B 38 KB
38 KB 274ms
274ms Image
image/jpeg 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/images/IMG01.jpg?1669082133440

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

a369759ad1c042c0bcf780737b30408247d856598e5cbdccae335364d290fbcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 21:46:18 GMT
x-content-type-options: nosniff
age: 1130
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38753
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 05:03:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 21:46:18 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7FC0 0
0 277ms
276ms Fetch
image/gif 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv0IMlZj2WOqXKDBj6mpAJIb5qV3RLhQP-x5mGMk_W2u93em_CGQdUH8S7dFSDqY1UTReGUpiIFzEHXvKr-o74NcpFuMNkq5hM0oIicKyvjuXZUZy6kT9oNtyo1QI-Ri3DXoyROXdURsuPYd7XmVAgi1l_aB46BtQD7k4FAldIvM32RJEwihB_m5Tt0Ae7l2a7E9FD4-oUqBoqDP9LoiJO3in8j1X2EglmA3WtRSZFY-m3R9Z00ZfTfZnNHWidWy764EGHsXf0_uft14Z8lysGP-xNZ6zhOLutwnU1VLoHwL0__rMCZFLn_upQkBsfLBKW-lEa-YCbafaZJ0p_JEhIGSS0_HBedm1_MHYkYWLQiLoh9riwkuD3CnvFvbxR6IY-Px7fhGi4ux7s-aV_ALCZre458dv4OvOFpL18oig8MunPO_4oN3LDBUwH92UsHkGnXbfAd4wNJOgmd_fnqExODTcBwJhcHf1SBK5aPRAd-Ci6xN1RkM5exK9jumiRq8WQqiQkoWEyX1vMJ4zh5P2-5IJPRM_AF0cf7bKI53AXJEzyhIpmKuT1a-Xs0caPXxahgRT-2YQn2lLgIDoL-yprkp2PUTM9XZdji7_yy9GUn0H9wIKf1cfcY7ZNUgdNgeCosOnKnwb8sgxFAMfvDy2Heu_B_zhRoSD8DimP_WRktRIfg5TEgE5BJIUMg_b1Ngds1W6kkUWVvI87pGxCkuSAzzA_HO6Df1vmkI1bw1JtR_XQo1VeZ-meVdY27X7Ff8LEC0ocMGKuLnha_Cg2UajrKOG3JBa5Z8P5WlPayuwya5uTU5ZGYAXp5wgL4vziKXphx5t0eyBJomu4fBi2sWQ6dIDlnSI9fjb-Y_iVISubeZjXpUspFIwceTQNqfbkgwCzvIUHrwWJvZfptOEE4Qn4QlDOUcVShKih2jqEG_cA_y8ug9MV0364InPFgcNPwx6g8IUX1pZcgCNhJ8dSKMv2SMa89-twP9GRyZuqAzDufHpgaf7PCBwYXkNL0d927oB7MAfSrqtHywqAMgseXN9ziB9HbyOmvBnWe5rfi4BpWTu1QQb_qDpsMEkokDULy9LzMUV85dHbY9L3YC87HBh1Y3YRf8UFk-jVR-BMg5Igu4p2E1e-deIZfrYA3D37fkPREZXwIH6deR8mqfCdcHC1yiL27aDPEjA5C2lrQqJaqXKOVgC0X0Hm2Zq8HCZBhTTFlOZVNccPca3rNpSXNRFQhlzk_ggzHgGKBLIEG7cBNL-g4pX69cCUb7qu5Qhrt1nVz3wolTj0yUheoYCZYiu3z1gctTMYGw_gwAE5cUYMoHw&sai=AMfl-YRlYz1PKmx057AzeH4DsMTFMiek7ynpIayWVgsUJXqJDxTJ8TuDpQUGeIyM_tOOtKhS3-21HSGMll8hpaS-WY3O1B1kpU9cVf0Ynjzn1Dr0twxKeun1Npl0L6_7eYFVRnx3iWEV-ibObXbZqtDFuM1MXedFQi1s7jUL7qPP6zVtrQWkXuNhwVjE0d6ZsKvWGRcW1a_IfduTyJWepzLegZLWy_vHuPA0MnXgKV5s3xDuamCOxwRyRFGcyqE_BncGlnFjVt-gIVJlIC5yCxg2SftReCStJZnI0pAfyTvfig&sig=Cg0ArKJSzEXiQrdjHedSEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3467&vt=11&dtpt=2290&dett=3&cstd=1175&cisv=r20230104.39682&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/6r9a94ti

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 22:05:08 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1B9A 22 KB
8 KB 274ms
273ms Document
text/html 172.253.118.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 103206
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 17:25:02 GMT
expires: Sun, 07 Jan 2024 17:25:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6AD4 0
0 277ms
277ms Fetch
image/gif 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssmsqHIfRPAvDXBFGhUB6o54iXIDG3f5EHzxsLHGTWG8ZQBmRX2BJz6gQr_93UILOb5dQw94jn7JxAfMhx8rDmRbtlSEBWoNhbvNSROxOz_AiX_X_DMjAwX3XlrG4aDim2LTNcouxPb5nL_4L_DFZpXee-UVQ&sai=AMfl-YQocuQEuqMF1IXOLKBJun4_CurI2ojHmsYM3VjEEO0emJcMmRPk4484KMmBUe-dD1NrOjw8mW7qrMK5f8dDytvt5clWNU8BTWzz_6A4&sig=Cg0ArKJSzG5PMugyS2VEEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=299&vt=11&dtpt=298&dett=2&cstd=0&cisv=r20230104.77494&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 22:05:08 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 8615 0
260 B 712ms
235ms Script
text/plain 67.199.150.85
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156011&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.199.150.85 Los Angeles, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 22:05:09 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 200 IMG02.jpg
s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/images/ Frame 223B 18 KB
18 KB 275ms
275ms Image
image/jpeg 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/images/IMG02.jpg?1669082133440

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

e798c161757429a6043d2293bba94f80a4cfac0768ae2003a16fe8e02843f1e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 21:46:18 GMT
x-content-type-options: nosniff
age: 1131
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18740
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 05:03:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 21:46:18 GMT

GET
H3 200 sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js Show response
pagead2.googlesyndication.com/bg/ Frame 1B9A 36 KB
16 KB 272ms
272ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

sffe /

Resource Hash

b14e828cf0e3d31af68db645e32ec8c04a113529f475d9d04bc9d1bafc67c626

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 13:29:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30965
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16096
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 13:29:04 GMT

GET
H3 200 IMG03.jpg
s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/images/ Frame 223B 3 KB
3 KB 274ms
274ms Image
image/jpeg 142.251.10.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/images/IMG03.jpg?1669082133440

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f148.1e100.net

Software

sffe /

Resource Hash

70e9b79a3e04b8822cfa269d4051a6510bb6aaebaa666324caf19fa6e7e3d1c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1150492247587012836/LFA0010-PL-AO-HTML5D-CVP-PLGeneric-300x250-Desktop/300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 21:46:18 GMT
x-content-type-options: nosniff
age: 1131
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2967
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 05:03:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 21:46:18 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 6CD7 694 B
681 B 1822ms
242ms Script
text/javascript 69.174.120.108

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=811&ttfrms=27&brid=3&brver=89.0.4389.72&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETar9EEADTbpTauTau3d_adc6g24_dce2%603b7h5%60e6eec3ce6e%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETaueCh2hcE%3A&srcurlD=0&aUrlD=-1&ssl=https:&uid=1673215509457659&jsCallback=dvCallback_1673215509457325&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=3361&tgjsver=3361&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2Fb50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&fcifrms=11&brh=2&sdf=2&dvp_epl=281&noc=4&nav_pltfrm=Win32&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://pastelink.net/6r9a94ti&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hqSLBtCZN36-LxJ2M17Rl2&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=14587568821&DVP_DBM_4=396329375&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=17980310423.462696&dvp_tukv=4399745004.580749&dvp_uuid=1621808199550.0796&dvp_strhd=0.40000152587890625&dvpx_strhd=0.40000152587890625&dvp_tuid=1186452259334&jurtd=4147365975
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements3361.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 69.174.120.108 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4204f007f1439ca3c8ef32e906e70b213fb7f8a8f554f74d29d6a5362681bbdd

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 22:05:11 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Expires: 01/07/2023 22:05:11

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1B9A 0
20 B 277ms
277ms Image
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BbhHvFD67Y4XhCNrn3LUPzIWEoAUAAAAAOAHgBAI&bg=!ZmWlZSHNAAYDMoyoIzI7ACkAdvg8WgeT1l0aAIEjzzDVc1FA8NnGJkdHWI4_ys4kG9so-tcEQKlJzQIAAACCUgAAAARoAQcKAJqcgVgwzSENpsGsJtcAXZniEtBjZFoVLLH5a6QPZOdwEC0RU9cb4kKL-hBnHd3OnTMIERYbev3YB_pAYXvpu6OSirhb4Zd3wSBmAz-wrup457bPPPddN7ap3gFJJOH2XufvgCWPY-6IU1TiFQABbyukfYeMOREWQ-z-2d45hM8cn_oILEIRFdIJH_lc96VON_RJ_MxbH5t9FkgGmQLgtFLdgELNyEyh7nO60XZaVvUW3QXH0Sw6aeSQjDdRUOMWEnXSwvJP46wrpwA89uM3rEVo9a9ZH5ql-8cxey4a8aEgUwD3joI7xXWnxARjTUAe_WnbCBcNEjh39XjIPxWWtb2dOV2-_z_g3EvHR7nByvkyPT0rmQlMXHzAqNFMiHeUgPzoDjYqas7j3SYqQBE20Bys7Csev5nASzZ6jJKkSsWEQRvamY97hz3fyYK46oUousX0JN4XS19J_EUrrNv_OtSlsqEfO8Yn-Ab9sKkcajMACwD_feH3Vt2YI0Zf9ep_nSRPcKNfUOmCSy_gvC-sWfYMKkUcwbu0Z2PtGvLTytdXn_9hE_danxKnGKaOd4zd53l_yyFoBNtLRDqN4PmUryUO2P1SXvFqEhh4dv9_JGHenJyZvMZDiO7H_NeL5tdNAWDXFzYgQxnhg4XCLLa_jbTFrgA3XMsvNf9avboSrbe0sKSOG9DRxHnqdtHOA-wDskGMfdClVFW8kgZSmfPQ9HnvoKAyik1mnBV71HLD8Ufp0TRZNccMN4xV6jOk2g4i1k-6R4UirfksiW30gjxZjYsmdYT_kYtY3sZJ0NNA5X2ZGt4FQCLSue3Rv4GlmcG4lUsi9_nZgeFl1HP-tYP65kLxWUmfARrcfWYax5gWoBzYrs0T4JvIl6QPVNcmRL-75TIm1dGicGFdtc4zyUYWGjvYpdK3qi5U-Rlebbstw0ZXk9ZMjLhJBUlEbkr16jbVBuJGx3fzD9D2VluHL-SRr7o2aSmNfGpkZQU9myIvZ3LLTmwFRV3a7ssiwb_4XZJZdL3gFQoiGXpgM3bkOXCev0_9yR_zrn-KzvK8Ma6QAwIeXmPhX_pNGZJ-nug9sSz-dtnOAH1_yPWZmDxKU9Z83mI4E11-ROZ9MtIpc1_mlbH_Z5_PWkbNSXBvf6Z7uinoM872tvAS8seJ0S-El3tlEDlVF_BZqs559AEU6ZU_Hw

Requested by

Host: b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6AD4 42 B
64 B 274ms
274ms Fetch
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu1tK2dV2LbEH_YOMiLNevwd8dJujdHco6b1vdNDZxoBGwv92Vn9CHW9hEAmOE4C0CQKEGhbpf6kl_t1B1l-C5Ze3uPbxcu&sig=Cg0ArKJSzEGLpiguJs7AEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=356101026&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673215503140&rpt=5738&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6AD4 42 B
64 B 276ms
276ms Fetch
image/gif 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstp0XfPdJVUazfxhxjx6GQx1dcPfirU0i6Z1qFe3LBJUaPYJYz65KB2oA9c_vv_rXT0mEi25d_0nRc6m9RBRFemtLCPNihFqL-5UxSE7mZCeHF0OcDOEk-Xb-Z-SEZsPMV3Vkg&sai=AMfl-YSHvAHcBIhQ2ywtTmh0r6vfj2Ub1bH79XJvGejNr5irUMxQMwcaNDnBEVYhZdFhSq_82k7msRrfnJRQ3mptp86DP1hzP2gEOTcGTqe-kb_q6lXSFaSqVLtBTMHWehWyOWPbZemn56sMmtLr3fpH&sig=Cg0ArKJSzInrHih8k77xEAE&cid=CAQSTADq26N9LlKiNeFiWDNfxv046xO9waOYjgXzlmq2HjXWpRy5pXetEZJDlTjAYsBtXo8sXgdxkgIoD-DSiKYpk3_9JJRbC2kkfxo0KVEYASAT&id=lidar2&mcvt=1003&p=1105,436,1199,1164&mtos=0,1003,1003,1003,1003&tos=0,1003,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&vu=1&app=0&itpl=20&adk=759513158&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673215503140&rpt=5735&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 22:05:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pro.ip-api.com
URL: https://pro.ip-api.com/json/?key=ZxSSLwZtxrKxQbv&fields=status,countryCode,region

Verdicts & Comments Add Verdict or Comment

170 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

65 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
pastelink.net/	1970-01-20 09:36:55	Name: PHPSESSID Value: uqlp0k6ct80b9crmlqrmerigt7
.pastelink.net/	1970-01-20 10:56:31	Name: _gcl_au Value: 1.1.1660543179.1673215500
.pastelink.net/	1970-01-20 18:22:55	Name: _ga Value: GA1.2.1989426833.1673215501
.pastelink.net/	1970-01-20 08:48:21	Name: _gid Value: GA1.2.2032848358.1673215501
.pastelink.net/	1970-01-20 08:46:55	Name: _gat_UA-55088947-2 Value: 1
pastelink.net/	1970-01-20 08:48:21	Name: plTest Value: true
.pastelink.net/	1970-01-20 08:46:55	Name: _gat_advallyTrackerpl Value: 1
pastelink.net/	1970-01-20 09:30:07	Name: _pbjs_userid_consent_data Value: 3524755945110770
.pastelink.net/	1970-01-20 18:22:55	Name: _ga_S3DKHVPF03 Value: GS1.1.1673215501.1.0.1673215504.0.0.0
.doubleclick.net/	1970-01-20 18:22:55	Name: IDE Value: AHWqTUnZO-c-ybGgPLXz48SEbTqE6QJg5G_PwccvD4er-fI6X2i2Ddw5w2Kyk6wnY6w
.pastelink.net/	1970-01-20 18:08:31	Name: __gads Value: ID=4935262586c39d21:T=1673215502:S=ALNI_Mbf6XppI7SRjjpKVwU9ZZSIlZHGwg
.pastelink.net/	1970-01-20 18:08:31	Name: __gpi Value: UID=00000ba02fa136a8:T=1673215502:RT=1673215502:S=ALNI_MZW5M14QUQ7dPVll4lJZOoDwS2_tg
.amazon-adsystem.com/	1970-01-20 15:09:57	Name: ad-id Value: A9IddhkYi0Rth2xKyN9i1p4
.amazon-adsystem.com/	1970-01-20 18:22:55	Name: ad-privacy Value: 0
.adnxs.com/	1970-01-20 10:56:31	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVOf6IJ(!]tbPl1M>e)ZlrFUfJ+tGXxp:QlP.pESbhxEX6L7?Qjs(NXp)db#q9OHx#Bx3If)y3KL9D3I?+eh83#S
.adnxs.com/	1970-01-20 10:56:31	Name: uuid2 Value: 9025650428037331007
.smaato.net/	1970-01-20 09:17:09	Name: SCM Value: dcba1fda
.smaato.net/	1970-01-20 09:02:02	Name: SCMaps Value: dcba1fda
.sharethrough.com/	1970-01-20 09:30:07	Name: stx_user_id Value: b0a54b01-f26b-4595-acc8-1854f4c4f0e2
.media.net/	1970-01-20 17:32:31	Name: visitor-id Value: 3162171067444839000V10
.bidswitch.net/	1970-01-20 17:32:31	Name: tuuid Value: b7fb5578-e99a-4393-a767-4fdfcfc15734
.bidswitch.net/	1970-01-20 17:32:31	Name: c Value: 1673215506
.bidswitch.net/	1970-01-20 17:32:31	Name: tuuid_lu Value: 1673215506
.smartadserver.com/	1970-01-20 18:17:09	Name: pid Value: 9103388006974328131
.crwdcntrl.net/	1970-01-20 15:15:43	Name: _cc_dc Value: 2
.crwdcntrl.net/	1970-01-20 15:15:43	Name: _cc_id Value: f61acc7adaff737204bc1c705553d0af
.pastelink.net/	1970-01-20 15:15:43	Name: _cc_id Value: f61acc7adaff737204bc1c705553d0af
.pastelink.net/	1970-01-20 08:48:21	Name: panoramaId_expiry Value: 1673301906352
.casalemedia.com/	1970-01-20 17:32:31	Name: CMID Value: Y7s.Ehlpf7vWsSBnPrJXRgAA
.casalemedia.com/	1970-01-20 10:56:31	Name: CMPS Value: 4726
.casalemedia.com/	1970-01-20 10:56:31	Name: CMPRO Value: 4726
.zemanta.com/	1970-01-20 17:32:31	Name: zuid Value: PLNK2A_EPrewxjVLxpj8
.adsrvr.org/	1970-01-20 17:32:31	Name: TDID Value: 7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b
.pubmatic.com/	1970-01-20 10:56:31	Name: KADUSERCOOKIE Value: 3D3DB3BA-54BE-406E-97F8-5482EBCEBB82
.pubmatic.com/	1970-01-20 10:56:31	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 08:48:21	Name: pi Value: 156011:2
.pubmatic.com/	1970-01-20 10:56:31	Name: DPSync3 Value: 1674345600%3A226_201_197%7C1673740800%3A164
.pubmatic.com/	1970-01-20 10:56:31	Name: SyncRTB3 Value: 1674345600%3A7_71_54_220_21_13
.casalemedia.com/	1970-01-20 10:56:31	Name: CMTS Value: 4686
.yahoo.com/	1970-01-20 17:32:53	Name: A3 Value: d=AQABBBM-u2MCEKRWnoijBTuWCFOANLZ4ZngFEgEBAQGPvGPFYwAAAAAA_eMAAA&S=AQAAAhz2WJM4NOZoSs9KJB3reII
.mathtag.com/	1970-01-20 18:12:50	Name: uuid Value: ca5d63bb-3e13-4400-8f33-f9d8d5b6d8e0
.adsrvr.org/	1970-01-20 17:32:31	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwjQi5v0zfO4OxAFEhYKB3J1Ymljb24SCwimr6z6zfO4OxAFGAEgAigCMgsI0IOeoeTzuDsQBTgBWghwdWJtYXRpY2AC
.adform.net/	1970-01-20 09:31:33	Name: C Value: 1
.bluekai.com/	1970-01-20 13:07:33	Name: bku Value: ikG99O1Irtwu6jyE
.bluekai.com/	1970-01-20 13:07:33	Name: bkpa Value: KJyWyB+rQM9R9mY7buTN+GMKZ9VOcTo+3R92lu0/ERS7szO12dEf8Z1dIEAZi2UbLp2+JO1fcctkzFYdgfBigX58dEcTDp2LF34o1u/u/xy/ylWhFrd5f1d4tFFDpg34sXnycw6yFrX5y7YXwFtkfHssggNKMtNlxHQxQH1ii5Mi79jJANBECTWgmVQ5CT6DPrFRJR6WjbCM9k0kxNJ/gi3BrP+hauuRWaPVPj8SPQCgLGyxAqgSfYtCcWhVrZnJxKLTqvHy6kenHmGmZLg5F3M0PwBb08ShiG/s0ZVxcPEB85jZCpnbcyOIwkvG
.semasio.net/	1970-01-20 17:32:31	Name: SEUNCY Value: 8134A23CD2FBA412
.simpli.fi/	1970-01-20 17:33:57	Name: suid Value: 328F2BB01CDE42EA8CB2DEA195CE7822
.pubmatic.com/	1970-01-20 09:30:07	Name: KRTBCOOKIE_377 Value: 6810-7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&KRTB&22918-7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b&KRTB&23031-7ced1664-9c20-4b53-8fb5-e45d8d9a3e1b
.pubmatic.com/	1970-01-20 09:30:07	Name: PugT Value: 1673215507
.pubmatic.com/	1970-01-20 09:30:07	Name: KRTBCOOKIE_27 Value: 16735-uid:ca5d63bb-3e13-4400-8f33-f9d8d5b6d8e0&KRTB&16736-uid:ca5d63bb-3e13-4400-8f33-f9d8d5b6d8e0&KRTB&23019-uid:ca5d63bb-3e13-4400-8f33-f9d8d5b6d8e0&KRTB&23114-uid:ca5d63bb-3e13-4400-8f33-f9d8d5b6d8e0
.doubleclick.net/	1970-01-20 08:46:59	Name: DSID Value: NO_DATA
.pubmatic.com/	1970-01-20 09:30:07	Name: KRTBCOOKIE_80 Value: 22987-CAESEMt88Grq0XGz-7kJoj8g6rM&KRTB&16514-CAESEMt88Grq0XGz-7kJoj8g6rM&KRTB&23025-CAESEMt88Grq0XGz-7kJoj8g6rM&KRTB&23386-CAESEMt88Grq0XGz-7kJoj8g6rM
.id5-sync.com/	1970-01-20 10:56:31	Name: id5 Value: 0e908572-1d67-78dc-b43f-2fa07b814b9d#1673215507753#1
.adform.net/	1970-01-20 10:13:19	Name: uid Value: 2254148336590963933
.rlcdn.com/	1970-01-20 10:13:19	Name: pxrc Value: CJP87J0GEgUI6AcQABIFCOhHEAA=
.pippio.com/	1970-01-20 17:32:31	Name: did Value: 0BU3SBVpiHMjvyGh
.pippio.com/	1970-01-20 17:32:31	Name: didts Value: 1673215508
.pippio.com/	1970-01-20 10:13:19	Name: nnls Value:
.rubiconproject.com/	1970-01-20 17:32:31	Name: khaos Value: LCNXB88W-1G-CH8K
.rubiconproject.com/	1970-01-20 17:32:31	Name: audit Value: 1\|TUIh4pzeqCZ59jTsMf7AjUgZXd8Yys5EnGRSSzrWdAd163fKDzeGgnIzNmLRJAn7F2Q6IPtJSMTqFTrNE4+z9kqVaHlG5SlgpmvllXEtYN4=
.pubmatic.com/	1970-01-20 09:30:07	Name: SPugT Value: 1673215509
.pippio.com/	1970-01-20 10:13:19	Name: pxrc Value: CJX87J0GEgQIAhAAEgYI7OsBEAA=
.linksynergy.com/	1970-01-20 17:32:31	Name: rmuid Value: 48c1c12f-537b-4779-b645-6d844a6fcb23
.linksynergy.com/	1970-01-20 17:32:31	Name: icts Value: 2023-01-08T22:05:10Z
.rlcdn.com/	1970-01-20 17:32:31	Name: rlas3 Value: xWQIXJHKUVdKXrCuX4CjsfjjCnPiFkeFP6Ui5rdXnp8=

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v92.js(Line 99) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCNXB8AW-3-6JKM Message: Failed to load resource: the server responded with a status of 999 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax-dtb-cf.amazon-adsystem.com
aax-eu.amazon-adsystem.com
ad.doubleclick.net
ads.as.criteo.com
ads.pubmatic.com
adservice.google.co.nz
adservice.google.com
b1sync.zemanta.com
b50254e8ac0546a1b3f9d16e664b46e6.safeframe.googlesyndication.com
bcp.crwdcntrl.net
bid.g.doubleclick.net
c.amazon-adsystem.com
c1.adform.net
cat.sg1.as.criteo.com
cdn.adligature.com
cdn.ampproject.org
cdn.doubleverify.com
cdn.id5-sync.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.createjs.com
code.jquery.com
cs.media.net
csi.gstatic.com
csm.as.criteo.net
dsum-sec.casalemedia.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
id5-sync.com
idsync.rlcdn.com
image2.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
lb.eu-1-id5-sync.com
lbs.eu-1-id5-sync.com
match.adsrvr.org
match.sharethrough.com
pagead2.googlesyndication.com
pastelink.net
pippio.com
pix.as.criteo.net
pixel-us-east.rubiconproject.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
pro.ip-api.com
px.ads.linkedin.com
r2---sn-ntqe6nel.c.2mdn.net
rtb.jp2.as.criteo.com
rtb0.doubleverify.com
s.ad.smaato.net
s.amazon-adsystem.com
s0.2mdn.net
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssbsync-us.smartadserver.com
stags.bluekai.com
static.criteo.net
sync.mathtag.com
tags.crwdcntrl.net
tags.rd.linksynergy.com
token.rubiconproject.com
tpc.googlesyndication.com
tps.doubleverify.com
uipglob.semasio.net
um.simpli.fi
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
pro.ip-api.com
103.229.205.243
103.231.98.194
104.17.24.14
104.21.93.14
104.254.150.228
107.178.254.65
119.9.108.191
13.107.42.14
13.33.30.231
13.33.88.84
13.33.88.90
139.5.84.243
142.250.4.154
142.250.4.155
142.250.4.94
142.250.4.97
142.251.10.148
142.251.12.154
142.251.12.95
15.197.193.217
162.19.138.117
162.19.138.119
172.217.194.147
172.217.194.154
172.217.194.155
172.217.194.95
172.253.118.132
172.253.118.148
172.253.118.155
172.67.38.106
18.136.159.66
18.161.20.23
182.161.73.129
182.161.73.132
182.161.73.135
182.161.73.142
182.161.73.148
182.161.74.19
185.84.60.23
199.187.193.182
216.239.32.3
23.11.124.205
23.207.185.68
23.207.36.196
23.207.36.20
23.50.117.184
34.126.167.117
34.149.43.113
34.98.67.3
35.190.60.146
35.213.12.39
42.99.140.170
50.31.142.127
52.46.130.91
52.76.151.156
52.94.223.37
54.254.148.3
67.199.150.81
67.199.150.85
69.16.175.42
69.173.151.100
69.173.158.64
69.174.120.108
74.125.109.135
74.125.24.132
74.125.24.139
74.125.24.156
74.125.68.138
89.35.29.15
01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d
036ed3cc77be485b205c12d12c3b972e6fc10259373007cd8fff7ebd9af14490
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0862cb559cfdba7b84c9e5fc17dd8ee53bc4483b9514c811d291ff08bd714abc
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ffbd5311f578cf5ae5a3e73da32ce165ca780a4854d7fe770699fa85ed87a06
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b
15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc
178996f91fcc30fcab68d58ab30fdfd3820198e3f6bd9764a71e9c5259cb7f92
1849c9a56cccf8dd27a019816c9c797ca12ba45ef9fa3ef35a710607267907a0
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
190d542d8e593c755fd16e67ca62583e183957829dfb69cc2e00c7bf67df237d
1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0
1b9bc9c5d136e5e10a89c8902b5c6540cd738265af675ed3e3984e28c0c14f02
1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1ee7683924cda35b36fcb20030ff8a126d20f8797dde8b4420ab4472cdd2f928
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
25e05083446394b44eea8c7f9a64fe5227261632d792a07087a65f7010c2b3ed
29e7d6851d1add0eefff9233a93de6f21054953551959e00bcc671a32e043aa4
2db364591994c4fb2da18489bf8d4547fac6f633bcea1169e7c68519b47109ff
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31fd1c15fe0ef080c4827fed24825e229e65268f2617e26a087d3435b3fcdcbc
335093b334d9b3408701be8db700e3c46b4fe4db2ffca0032f14bb224accb77c
375bab585cf2a387b8061143ca2f4b310c6f68511daacdc1d45cdeac8005db45
39fae3dc476aaaa594e2c963401633dd5d02eccb3c175eda03912cfe0f91c92e
3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d
3a73b36061944ebbb33696553917d393280f796e212afcd09057b441c1168606
3ae2264b05c4ef78344d6b5e84c7a011bdd133b853ea684f09bf4891a69446e7
3af9dd00f817facea898c826029f7cc0c0301c249da1adff3872671046d64b40
3c5bdcb449fb1bfe6c2b49f5dfc6f627c599d795d41bc72cf194b55c619b2f13
3c9f4f986a802b7c4113821ba402d31c7bf23b2fe34844fab801f09322101da8
3db30ecf1da1177ab8c973328d82f8c90ea3919bb046739ccbf70d1e07408f8d
3fd64a5a09e8835b18d7d49380ce3868ce615820400cb4d950881662bcf4c321
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40aa59352e967ab950a8030dbca3178a506e6df7fd90a9e4682b4fc95d278a55
4204f007f1439ca3c8ef32e906e70b213fb7f8a8f554f74d29d6a5362681bbdd
44a018f733bf607868028c226576648ed4aeef4718ecb91e0cfb775b72cb04d8
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4729086be7d14a25727f44339c6bbcab18bd5648e2b031ebb4893c9385bba5be
4804c2aedacd4aeaa883f9ee68a46db16fca0019e321d2991ccc16531d57f7aa
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
49eac9b255928757af0d79195791e82d72a07f2d8933077e3cf077958416cbc7
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311
4c9c76da195e2877482a8713859aa95dcf9021f19a521f77d4d5ca60fb91806f
4d099e0324c934c7a047e964d2678d9d52215e154d2d55ce64e001d5bb1871df
4d3c008872afac7e6b74cbd494547c4de4b56caff68d2974b1fb6ef4477c269c
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa438ed643d0f285efbfadc7141af8a164830fd00d32492dd8fd58cbbb98eea
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc
517b4e0dfad476698b947f9f05afdf0bd61e053590a6ac4145214e777a64910f
51ee2b58163223b10c0184fc2e8f33c156dc0afb58d613d69a3b367e795848d1
53b58020ab13c091badbe70a0106d146675a1e34aa897fbc4d151f938bd519d1
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc
59b0485c1fec4f53ce71bbf2805f19215f6651cc406e6ff66548444594eebc7b
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62b1cff44a5e34b9587ad49f7ca951160f1559c5c545bcf99e13574ccaa5425a
6366bfede901f183b516c7361e3dd409ec31355afc6b0f48d152fd5a1cae5a4d
684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d84cfa0edcabf43848c4af7e1e16f0e254d6787481e3126584f79c4eb6d7ccf
6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358
6ffebafbe127b2fae69ae7cf3bbf3941e7a9c20d7cd4db0e5ec83588f31f412d
7095ea0f67218d088539f194bc8630ad4fb3f802acb624eedddc70902eddae50
70e9b79a3e04b8822cfa269d4051a6510bb6aaebaa666324caf19fa6e7e3d1c9
71d2dc37259f80bcc0c49d3bff57ede25c7faafd6bd9afbd83d727e29cc54751
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
727e6a1f4a634d6298af8636fd331912b036b6f7783c771d2e06baeb82e2341e
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
730ae96ad02feab707b335d3091217e7a13fd261626c1f681ba79e25af424f12
74017d97a0876e72ef09a14ea0b3ad49a744811c726e7b05e305d4a6e3e07612
7504603235f4efc995f1ca30ca274acfa983879adf05814df69e64be37ccb899
79e8fb1228cec14f8ec640bfe4a41d30f1ef0f5ed919ae81b8018e54e0296a63
7a853a299cc35f118b7f35a212de71be45f2321cba7642c8d2f68d26de80f6e6
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7e59de22c6072d54a3ef78dc879a5d0f08233ba9c4f913eb010cc89b61e3ac33
80c03a3e8832d3508d9c9720cb3d39afee4ab76c56110268e65c6df636ffe417
82101b6ea2b770f8eba9fd2d791a86d93b7b0be0839f1ca73c6ab0160e182c1d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
852b1efb7e420c2ac3d2b080f2e33a4880f4ce0dcf707089c0cf78708e62c1ea
856954362bd0bea0e8310993ae441bda1fbf2e1a1a26c48ca61f53eb0067f98d
85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1
8648414c773d07c2dc681d458991cde2fe6162c53cd8c164a65b954909be78b9
87863146a10bce78c0d5c0acca57de5bb147c4dcb008d2cd49f3a849dfd9ad4c
8acf96115cb55ad61bfdc24b7918a946d1b983ac14062a584dbbe8744021430a
8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7
8b54c4743838c668f636b725048a8c49e938e39e5dba0010736a4c61d2d2b1f6
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178
92291b9d0f4735cea077796c484d712302bc10a6b1f2e5d14bcf28da19bdf794
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
95b79ad7efde1e0051f941e69fa5dfbc0e6fbb86fc6dc40f9dc534a56f394371
97bb755740484ce41edec546d022848acb4f1a542d226c893196d2bda18599c3
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a29a65e75a48d9c432611eb70d0377c8610f1874474b65df01aa72fed0235e3
9ad6c6f50ba2bdbf5463b162a3b0ab664c2553af8bc661cb71a7ccccdc7f282b
9cf15e528571be00f84f9b280a799b073a03215453e5e3d93b1c44b2f9a89f66
9d92a5d3b8b4d6cf4b48c0460bbdcffd2a9ce2ac28fb1d86e4d61e5d70c73af0
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a369759ad1c042c0bcf780737b30408247d856598e5cbdccae335364d290fbcb
a3a4dcb7e052c652bfbba3512fe46b7d11b56e673eb9faaca6d8b747c1e07006
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
aa68e17fb13028f96c0d5b38fcf7006182894eb694625f9dedf5824d5066a5f0
ab6656930d9ac061d19b3b05d337430bc122257bf1024f785435f058ba33f9fc
ac5c38d4203f642a1bb83eef1dfaf555ff589797336565c735fc63aa5e0ff178
b0df5dba97bf00a14dbd822074d8155a71388505ca60d0168c9b778cd44c294c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b14e828cf0e3d31af68db645e32ec8c04a113529f475d9d04bc9d1bafc67c626
b24ea49ee3bc230ce2e230ac52b6ee943de256b47f3a5b02c93836b9b2e82551
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b698182e7078746469f9a6b20f9c939148ba261117efb0df7733e464bea2b77b
b7be6eebfa3a8c5630cb98044910615dc16af310a572cf9bdcdcac55a6f999aa
b8754628fa1706263ba78669f8bbce607951ae9169732bb063d5e2ab50f02247
bbda6c308938984ee98147ad8dc2ecdb5ad7efc3739afb595d4f44000e6b7462
bf293c6ec64062426d963624d5727bf3ef92eb7c478399918c502635c0c69726
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f
c64cda3c1c7c935b57b27894caec3b370b98d70011c8e5ea2f31691be13c8fe7
c9406a92f81fad251295cd64386a8bb62ee7503f589ae1b96893faae2f4fcb18
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cd8e217991e65be206db184ca55d6673115a4579c6673739203181999150547b
ceefbcad694825db30df15f5e1cd21e39bfd328332fca2bf916c133a85be1774
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d657f58376a49a151dadb695e4305a5faaffccef0e5ae4a34e57b2b56b1f0ecd
d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd
d8a0c5eb038eb78e1f2a4867349b08c00c5a6f2060ad68add444998910385564
d8b1280df015b12fd4ea4138faad855238e57f1819a6d2b854d0fd9879532805
db2363029b4f54378ff6662b39bc15138122f515494fc54048fd89a70485fe55
dcc5f41d1dc04a19dccb2061dc9572cb46c1c19dd89cb5d910752020fa87e791
df63da6a2d031ae79b7b06251911a727719d5b4f973dd9af5897347640060a4b
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e514012457f89297e80626b68ba2e3c8bee1944bd58d3ef5abc80b15a9ddce44
e798c161757429a6043d2293bba94f80a4cfac0768ae2003a16fe8e02843f1e2
e7be7ad8c4dd3fab74dbe061500f8f6135106c48b2e4ff470d5f151a9ebdfe3a
e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec
ea16b20e324d70a5e33a0fde0fd691c92549eb978c3a42b766ea2add9c9b2701
eaccab0d7807d8dd694e0b782725db5c754ccf17c0fcfe4a0e14e8f7c9576e88
ebfd96030683611d9ed054682f1ddf8b9098bc7d10105602b338605b0ae82a9a
ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef72a18579969dab38b1a879a31d5f3884a79809b6a15ffe9811e80a2614cf10
f36d73fe2fd65ee67027d06cb735f5509d2d32dd74a8b153e3570db0b9d0b96c
f4cd8266dad1068d1561a698d2d82141de54b92c57a0342c8e0e8bc40e12a228
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f76dab3fcd27e8f4df9aa0f8cbceef3f1901eb2d809068e3bb1d2c37828ed45f
f82499ad8aed7bf29d03132b260b3bfaacb59994449373c97ed02113d6affba2
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

pastelink.net Open in urlscan Pro 89.35.29.15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

278 Requests

86 %HTTPS

0 %IPv6

45 Domains

77 Subdomains

58 IPs

11 Countries

3175 kBTransfer

8060 kBSize

65 Cookies

15 Outgoing links

Redirected requests

278 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pastelink.net Open in urlscan Pro
89.35.29.15 Public Scan

Screenshot
Live screenshot

Full Image

278
Requests

86 %
HTTPS

0 %
IPv6

45
Domains

77
Subdomains

58
IPs

11
Countries

3175 kB
Transfer

8060 kB
Size

65
Cookies

278 HTTP transactions
11 data transactions