pastelink.net Open in urlscan Pro
2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pastelink.net/g7brepjk
Submission Tags: falconsandbox
Submission: On January 17 via api (January 17th 2022, 4:08:07 am UTC) from US — Scanned from GB

Summary HTTP 145 Redirects Links 38 Behaviour Indicators

Summary

This website contacted 32 IPs in 5 countries across 20 domains to perform 145 HTTP transactions. The main IP is 2a01:7e00::f03c:91ff:fe39:1dbe, located in London, United Kingdom and belongs to LINODE-AP Linode, LLC, US. The main domain is pastelink.net. The Cisco Umbrella rank of the primary domain is 182755.
TLS certificate: Issued by R3 on November 24th 2021. Valid for: 3 months.

This is the only time pastelink.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	2a01:7e00::f0... 2a01:7e00::f03c:91ff:fe39:1dbe	63949 (LINODE-AP...) (LINODE-AP Linode)
2	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3031::ac43:cab1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 6	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	51.77.64.70 51.77.64.70	16276 (OVH) (OVH)
5	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
4	52.222.210.175 52.222.210.175	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1 2	54.239.37.23 54.239.37.23	16509 (AMAZON-02) (AMAZON-02)
22	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
8	2a02:26f0:6c0... 2a02:26f0:6c00:2b2::4469	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
6 8	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
6 10	2.21.141.232 2.21.141.232	16625 (AKAMAI-AS) (AKAMAI-AS)
6 8	37.252.172.249 37.252.172.249	29990 (ASN-APPNEX) (ASN-APPNEX)
2	213.254.244.11 213.254.244.11	36062 (DOUBLE-VE...) (DOUBLE-VERIFY)
2	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
2	63.251.109.130 63.251.109.130	36062 (DOUBLE-VE...) (DOUBLE-VERIFY)
2	2a00:1450:400... 2a00:1450:4001:801::2006	15169 (GOOGLE) (GOOGLE)
4	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2	213.254.244.18 213.254.244.18	() ()
145	32

11 2a01:7e00::f03c:91ff:fe39:1dbe (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)

pastelink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3031::ac43:cab1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.adligature.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.77.64.70 (Germany)

ASN16276 (OVH, FR)
PTR: de-fra-1.pro.ip-api.com

pro.ip-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.222.210.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-210-175.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.239.37.23 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:26f0:6c00:2b2::4469 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.184.194 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.21.141.232 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-141-232.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.252.172.249 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.254.244.11 (United States)

ASN36062 (DOUBLE-VERIFY, US)

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.251.109.130 (United States)

ASN36062 (DOUBLE-VERIFY, US)

tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.254.244.18 (None, )

ASN- ()

tps20514.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20515.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 94 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 127	261 KB
24	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 175 googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 cm.g.doubleclick.net — Cisco Umbrella Rank: 169 ad.doubleclick.net — Cisco Umbrella Rank: 187 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	242 KB
14	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 474 rtb0.doubleverify.com — Cisco Umbrella Rank: 627 tps.doubleverify.com — Cisco Umbrella Rank: 452 tps20514.doubleverify.com tps20515.doubleverify.com	237 KB
11	pastelink.net pastelink.net — Cisco Umbrella Rank: 182755	368 KB
10	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	9 KB
8	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	7 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 151	191 KB
7	gstatic.com www.gstatic.com fonts.gstatic.com	217 KB
7	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 8 adservice.google.com — Cisco Umbrella Rank: 69	2 KB
6	amazon-adsystem.com 1 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 272 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1384	42 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 347	103 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 33	20 KB
3	adligature.com cdn.adligature.com — Cisco Umbrella Rank: 71426	162 KB
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 245	155 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	128 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	2 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8579	792 B
1	ip-api.com pro.ip-api.com — Cisco Umbrella Rank: 6234	155 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 202	1 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 541	30 KB
145	20

	Domain	Requested by
26	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net pagead2.googlesyndication.com www.googletagservices.com
17	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com pastelink.net 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net pagead2.googlesyndication.com
11	pastelink.net	pastelink.net
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
8	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
8	www.googletagservices.com	84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com cdn.doubleverify.com www.googletagservices.com ad.doubleclick.net
8	cdn.doubleverify.com	84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com cdn.doubleverify.com pastelink.net
6	fonts.gstatic.com	fonts.googleapis.com
6	www.google.com	1 redirects pastelink.net tpc.googlesyndication.com 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
5	googleads.g.doubleclick.net	84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com pastelink.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	securepubads.g.doubleclick.net	cdn.adligature.com securepubads.g.doubleclick.net pastelink.net
4	googleads4.g.doubleclick.net	ad.doubleclick.net
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	c.amazon-adsystem.com	cdn.adligature.com c.amazon-adsystem.com
3	84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	cdn.adligature.com	pastelink.net cdn.adligature.com
2	s0.2mdn.net	ad.doubleclick.net 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
2	tps.doubleverify.com	cdn.doubleverify.com
2	ad.doubleclick.net	www.googletagservices.com
2	rtb0.doubleverify.com	cdn.doubleverify.com
2	aax-eu.amazon-adsystem.com	1 redirects c.amazon-adsystem.com
2	www.googletagmanager.com	pastelink.net www.googletagmanager.com
2	fonts.googleapis.com	pastelink.net securepubads.g.doubleclick.net
1	tps20515.doubleverify.com	cdn.doubleverify.com
1	tps20514.doubleverify.com	cdn.doubleverify.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	pro.ip-api.com	cdn.adligature.com
1	www.gstatic.com	www.google.com
1	cdnjs.cloudflare.com	pastelink.net
1	code.jquery.com	pastelink.net
145	33

This site contains links to these domains. Also see Links.

Domain
www.pinterest.com
www.facebook.com
twitter.com
t.me
api.whatsapp.com
www.reddit.com
www.tumblr.com
www.blogger.com
profitquery.com
www.linkedin.com
share.flipboard.com
social-plugins.line.me
www.meneame.net
diasp.org
vk.com
connect.ok.ru

Subject Issuer	Validity	Valid
pastelink.net R3	`2021-11-24` - `2022-02-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-28` - `2022-11-27`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2021-04-09` - `2022-03-20`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.doubleverify.com DigiCert SHA2 Secure Server CA	`2021-12-23` - `2022-12-23`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh

This page contains 18 frames:

Primary Page: https://pastelink.net/g7brepjk
Frame ID: 0BCC971C317A428460A6654E7B9E9881
Requests: 45 HTTP requests in this frame

Frame: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E5AE49A7443F875B6DE5DDB0724193EB
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-sharethrough_n-LoopMe_cnv_n-Outbrain&dcc=t
Frame ID: 173017337EAAE73CA16654FCC4037049
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B49D092E36DBA42C83CC827F3C43095F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D32FD113CC5C8050D236823D3E02FF6A
Requests: 2 HTTP requests in this frame

Frame: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 119C16DE692793F7084254C353630A5C
Requests: 26 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111152338000/amp4ads-v0.mjs
Frame ID: BD6914B967CE7C9A81BDD2650928FECE
Requests: 16 HTTP requests in this frame

Frame: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8A23BE774971570DF272545EE5C5CDA4
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARjmnu2ZATAB&v=APEucNX0eZyJBydOjn_tJuOjT2Z3QykXTIYXKiO9WIaWe4STIxDg4Lfnaiicb1fESRNGsKWsvlQoJkLtjmTvp_GOJtvOIBIGyQ
Frame ID: 2B79B3246C59E4645D08438AF3E08639
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARjC0eyZATAB&v=APEucNXy7kA790PNv_6mgjDS6YItd53r81nxOufIPjA7IHlEPsd9Q-gI1dfVEn2saRQNLH0F279lYWxKRKRwUCN2Q-FNkWY6VQ
Frame ID: EE74817D52425639DE308407B762B1CB
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AEB7281C67F1F572C0E042EAD16D1D75
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 05903D63B2E37D8A06C7A9CDC4FFCEDE
Requests: 3 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B9689862.280626343;dc_ver=82.239;sz=160x600;u_sd=1;dc_adk=2228999106;ord=tnqwwj;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=vHlVJgdxeo;sttr=117;prcl=s
Frame ID: F81DF608642956135400E6740A928159
Requests: 11 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1999.js
Frame ID: F65ECFB5B1CD5FEE4CF473C7C613A8C9
Requests: 2 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1999.js
Frame ID: 1EF046D4A7277DAD4F24095DD63BA57F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B621F8169F959FB37B799D2CA1D99239
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8F0228FB24123513ECA860687C8809C7
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js
Frame ID: D53A813A7CFAE34F60F088568F5F49FC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Pastelink.net - Publish Hyperlinks

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

145
Requests

92 %
HTTPS

61 %
IPv6

20
Domains

33
Subdomains

32
IPs

5
Countries

2166 kB
Transfer

5562 kB
Size

19
Cookies

38 Outgoing links

These are links going to different origins than the main page.

URL: https://www.pinterest.com/pin/888475832706981040/
Title: https://www.pinterest.com/pin/888475832706981040/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/953144708606291648/
Title: https://www.pinterest.com/pin/953144708606291648/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/953144708606291641/
Title: https://www.pinterest.com/pin/953144708606291641/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/953144708606291633/
Title: https://www.pinterest.com/pin/953144708606291633/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/953144708606291631/
Title: https://www.pinterest.com/pin/953144708606291631/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/953144708606291627/
Title: https://www.pinterest.com/pin/953144708606291627/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/953144708606291616/
Title: https://www.pinterest.com/pin/953144708606291616/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/953144708606291609/
Title: https://www.pinterest.com/pin/953144708606291609/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1149966086071155236/
Title: https://www.pinterest.com/pin/1149966086071155236/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1149966086071155232/
Title: https://www.pinterest.com/pin/1149966086071155232/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1149966086071155223/
Title: https://www.pinterest.com/pin/1149966086071155223/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1149966086071155206/
Title: https://www.pinterest.com/pin/1149966086071155206/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1149966086071155176/
Title: https://www.pinterest.com/pin/1149966086071155176/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1149966086071155156/
Title: https://www.pinterest.com/pin/1149966086071155156/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1149966086071155143/
Title: https://www.pinterest.com/pin/1149966086071155143/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1073827104870934054/
Title: https://www.pinterest.com/pin/1073827104870934054/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1073827104870934048/
Title: https://www.pinterest.com/pin/1073827104870934048/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1073827104870934038/
Title: https://www.pinterest.com/pin/1073827104870934038/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1073827104870934029/
Title: https://www.pinterest.com/pin/1073827104870934029/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1073827104870934020/
Title: https://www.pinterest.com/pin/1073827104870934020/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1073827104870933997/
Title: https://www.pinterest.com/pin/1073827104870933997/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/1073827104870933981/
Title: https://www.pinterest.com/pin/1073827104870933981/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://pastelink.net/g7brepjk

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=%20https://pastelink.net/g7brepjk

Search URL Search Domain Scan URL

URL: https://t.me/share/url?url=%20%0Ahttps://pastelink.net/g7brepjk

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=%20https://pastelink.net/g7brepjk

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://https://pastelink.net/g7brepjk&title=%20

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/button/?url=https://pastelink.net/g7brepjk&description=%20&media=https://pastelink.net/assets/images/pastelink-logo-square.png

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share?v=3&u=https://pastelink.net/g7brepjk&t=%20&posttype=link

Search URL Search Domain Scan URL

URL: https://www.blogger.com/blog-this.g?u=https://pastelink.net/g7brepjk&n=%20

Search URL Search Domain Scan URL

URL: https://profitquery.com/add-to/livejournal/?url=https://pastelink.net/g7brepjk&title=%20

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://pastelink.net/g7brepjk

Search URL Search Domain Scan URL

URL: https://share.flipboard.com/bookmarklet/popout?v=2&title=%20&url=https://pastelink.net/g7brepjk

Search URL Search Domain Scan URL

URL: https://social-plugins.line.me/lineit/share?url=https://pastelink.net/g7brepjk&text=%20

Search URL Search Domain Scan URL

URL: https://www.meneame.net/submit?url=https://pastelink.net/g7brepjk

Search URL Search Domain Scan URL

URL: https://diasp.org/bookmarklet?url=https://pastelink.net/g7brepjk&title=%20&jump=doclose

Search URL Search Domain Scan URL

URL: http://vk.com/share.php?url=https://pastelink.net/g7brepjk&title=%20

Search URL Search Domain Scan URL

URL: https://connect.ok.ru/dk?st.cmd=WidgetSharePreview&st.shareUrl=https://pastelink.net/g7brepjk

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-sharethrough_n-LoopMe_cnv_n-Outbrain HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-sharethrough_n-LoopMe_cnv_n-Outbrain&dcc=t

Request Chain 85

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 88

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&C=1

Request Chain 89

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeTro0NgJjlZdQ0b.DdBSAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&google_hm=2

Request Chain 90

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENRTBHPuufauEHxb_ID4ZYE&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENRTBHPuufauEHxb_ID4ZYE%26google_cver%3D1

Request Chain 91

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg4ODY3NTI3MTkzNTg4NzY0MQ%3D%3D

Request Chain 92

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&C=1

Request Chain 93

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeTro0NgJjlZdQ0b.DdBSAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&google_hm=2

Request Chain 94

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENRTBHPuufauEHxb_ID4ZYE&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENRTBHPuufauEHxb_ID4ZYE%26google_cver%3D1

Request Chain 95

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg4ODY3NTI3MTkzNTg4NzY0MQ%3D%3D

145 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request g7brepjk Show response
pastelink.net/ 22 KB
6 KB 183ms
85ms Document
text/html 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/g7brepjk

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

d93263a08700109f423d8230f55a769bed412db5be49fd06e2b2b5bbda4f637b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

server: nginx
date: Mon, 17 Jan 2022 04:08:01 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 183ms
66ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e1b9614ae3a52e8a5ee68cf54947020ea96f937d7aa54bce5af97353649247ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 02:33:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 17 Jan 2022 04:08:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 Jan 2022 04:08:01 GMT

GET
H2 200 styles.css
pastelink.net/assets/css/ 282 KB
282 KB 46ms
45ms Stylesheet
text/css 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/css/styles.css?q=19

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

b0939d55dff27ea2ca24040d47216c107ba59e2e2414c19ab1ae9fd54acf98bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/g7brepjk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
last-modified: Mon, 29 Nov 2021 11:28:52 GMT
server: nginx
etag: "61a4b974-46713"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
accept-ranges: bytes
content-length: 288531

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 156ms
53ms Script
application/javascript 2001:4de0:ac18::1:a:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/g7brepjk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
content-encoding: gzip
last-modified: Tue, 02 Mar 2021 17:27:20 GMT
server: nginx
etag: W/"603e7578-15d9d"
vary: Accept-Encoding
x-hw: 1642392481.dop146.am5.t,1642392481.cds282.am5.hn,1642392481.cds007.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 script.min.js Show response
pastelink.net/assets/js/ 32 KB
32 KB 45ms
45ms Script
application/javascript 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/js/script.min.js?q=19

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

bcf6c79635689a63a0bab926671698fdeb8718d1f8095c403f8ce572bc3fdc6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/g7brepjk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
last-modified: Thu, 09 Dec 2021 14:44:14 GMT
server: nginx
etag: "61b2163e-7f62"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
accept-ranges: bytes
content-length: 32610

GET
H2 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/ 2 KB
1 KB 144ms
51ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/js.cookie.min.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5294748
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 772
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec5-6d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JkLU9ajYpBPuolR4mNcmiAPPaFzi4G99mEjPCrO4OQldjTYiMfkJAfTUT4aMHluBwcjX93ULJUxKtbq8P%2BxfAylxdnotlRrpyDxHhgyCeGaNzhTre7PIVMD0xMnJ9EiPnPqY61tX2CX3YQvKeQikt03f"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6cecb84feb6c889d-LHR
expires: Sat, 07 Jan 2023 04:08:01 GMT

GET
H2 200 rules.js Show response
cdn.adligature.com/pl/prod/ 14 KB
4 KB 162ms
60ms Script
application/javascript 2606:4700:3031::ac43:cab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/rules.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/g7brepjk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:cab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4b9d348566ddec7a877cd66f83889a88ed7a3786ad47a550556150ccb5ca905

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=ZS1Jsw==, md5=KWvakB+h69V8nO+6fikDgA==
date: Mon, 17 Jan 2022 04:08:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 242
cf-polished: origSize=23700
x-guploader-uploadid: ADPycdsn7ftyY5JECEq1PXbQdl4A1am-9ujB6Atw38figIzW34QdKYDheUE5GuiDuZ7ocH1Z14yNlmKi16PrVfNj1Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 13 Dec 2021 22:18:15 GMT
server: cloudflare
etag: W/"296bda901fa1ebd57c9cefba7e290380"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dRhpuZY2rHKZzWnJcilup4Ub8NttgJokY1VzffEPcXIN%2BxBuhmPhBriEaj70yAIvikgru8m3i0JCXh67y9tHk5bHyofHz8%2BjzQHhK9TWnR9Vcxv4ivZYDOAWuOjRZaElo%2BlFNw7YoHr9YonG7Jtl8ic%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1639433895429824
content-type: application/javascript
expires: Mon, 17 Jan 2022 04:06:10 GMT
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
x-goog-stored-content-length: 23700
cf-ray: 6cecb8500dc8770d-LHR
cf-bgj: minify

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 906 B
986 B 181ms
66ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=captchaLoaded

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

46f32680b1546643896e48c1cb473a08c1824ef43f399954b369346e1682eafb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 573
x-xss-protection: 1; mode=block
expires: Mon, 17 Jan 2022 04:08:01 GMT

GET
H2 200 pastelink-logo.svg
pastelink.net/assets/images/logo/ 3 KB
3 KB 44ms
44ms Image
image/svg+xml 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/g7brepjk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
last-modified: Wed, 06 Oct 2021 13:37:31 GMT
server: nginx
etag: "615da69b-d3d"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3389

GET
H2 200 public.png
pastelink.net/assets/images/ 609 B
775 B 46ms
44ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/public.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

04bcd86676a40009fe53606bce88edf13537b712f218f9c6057e97c612513092

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/g7brepjk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
last-modified: Thu, 27 May 2021 10:51:10 GMT
server: nginx
etag: "60af799e-261"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
accept-ranges: bytes
content-length: 609

GET
H2 200 pastelink-logo-white.svg
pastelink.net/assets/images/logo/ 3 KB
4 KB 46ms
45ms Image
image/svg+xml 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo-white.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

83a94ad8a46a35ec117a480b3d9108764d211f2cf9620f895dd990ac8a7c631e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/g7brepjk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
last-modified: Thu, 25 Nov 2021 11:28:22 GMT
server: nginx
etag: "619f7356-deb"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3563

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 194 KB
67 KB 180ms
63ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

daf0d4ebf761cb8fcecc5219634cf5fbfe1e8b186d1952421ffbbab5ce756eb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67914
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 Jan 2022 04:08:01 GMT

GET
H2 200 advally-4.16.3.js Show response
cdn.adligature.com/rules.js/ 99 KB
28 KB 53ms
51ms Script
application/javascript 2606:4700:3031::ac43:cab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/rules.js/advally-4.16.3.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:cab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7044b50c715a875243e35337fb602b9fbe83c30cbb84bd1c6e34dcc4d7ca0a46

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=+eVeGw==, md5=6uoJIGPhME5EBcAXYPG/hQ==
date: Mon, 17 Jan 2022 04:08:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1450
cf-polished: origSize=166223
x-guploader-uploadid: ADPycduSbuJDnYeJanPhEbknVhmZUKIlf6JQOiAEqtQ23k-gSMtnIT65RPUwMhD22pRh3VP41FVdC1x07CormNQViUI
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 13 Dec 2021 20:02:51 GMT
server: cloudflare
etag: W/"eaea092063e1304e4405c01760f1bf85"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jj6xHTNgvljuWi5obL5PXVF0mZfJ62hHY3TlZtIPaliDxO0uE22smM4631R7cixK8S%2B%2FQHKYLR7sBN4BTrAvw4WsMNDu8icJfS77DugHHZn3WpN3MbRoENg0NRya0yT3PclbQzPZrWv1o4mxSz05f%2F4%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1639425771592757
content-type: application/javascript
expires: Mon, 17 Jan 2022 05:43:51 GMT
cache-control: public, max-age=7200, s-maxage=7200, must-revalidate
x-goog-stored-content-length: 166223
cf-ray: 6cecb850ce6a770d-LHR
cf-bgj: minify

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ 351 KB
139 KB 176ms
56ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=captchaLoaded

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 16 Jan 2022 18:35:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34372
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141749
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 16 Jan 2023 18:35:09 GMT

GET
H2 200 debut_light.png
pastelink.net/assets/images/ 4 KB
4 KB 45ms
45ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/debut_light.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=19

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
last-modified: Thu, 27 May 2021 10:51:09 GMT
server: nginx
etag: "60af799d-10c8"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
accept-ranges: bytes
content-length: 4296

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a9777d3d83dbfe0ab03d15242cea1d535861cb690f755a92b342c8bd2788315

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 arrow-down-blue.svg
pastelink.net/assets/images/ 239 B
409 B 45ms
45ms Image
image/svg+xml 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/arrow-down-blue.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=19

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
last-modified: Wed, 29 Sep 2021 15:26:32 GMT
server: nginx
etag: "615485a8-ef"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
accept-ranges: bytes
content-length: 239

GET
H2 200 social-spritesheet.png
pastelink.net/assets/images/ 28 KB
28 KB 46ms
46ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/social-spritesheet.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=19

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
last-modified: Fri, 05 Nov 2021 18:20:14 GMT
server: nginx
etag: "618575de-70de"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
accept-ranges: bytes
content-length: 28894

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 182ms
63ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 14:28:31 GMT
x-content-type-options: nosniff
age: 135570
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 15 Jan 2023 14:28:31 GMT

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2
fonts.gstatic.com/s/montserrat/v21/ 12 KB
12 KB 190ms
71ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v21/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae308e0f954dd9a45304361e81dffc8a3893584af53b9779722bbb51a7c71e08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 19:38:32 GMT
x-content-type-options: nosniff
age: 462569
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12636
x-xss-protection: 0
last-modified: Tue, 11 Jan 2022 19:19:51 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 11 Jan 2023 19:38:32 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 234ms
115ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 21:35:21 GMT
x-content-type-options: nosniff
age: 541960
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 10 Jan 2023 21:35:21 GMT

GET
H2 200 logo-bg-90-tl.svg
pastelink.net/assets/images/ 2 KB
2 KB 47ms
47ms Image
image/svg+xml 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-bg-90-tl.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=19

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
last-modified: Thu, 25 Nov 2021 11:28:22 GMT
server: nginx
etag: "619f7356-933"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2355

GET
H2 200 logo-symbol-non-white-bg.svg
pastelink.net/assets/images/ 4 KB
5 KB 48ms
48ms Image
image/svg+xml 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-symbol-non-white-bg.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=19

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
last-modified: Thu, 25 Nov 2021 11:28:22 GMT
server: nginx
etag: "619f7356-11c0"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
accept-ranges: bytes
content-length: 4544

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 145ms
55ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 04:20:35 GMT
x-content-type-options: nosniff
age: 258446
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7832
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:48 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 14 Jan 2023 04:20:35 GMT

GET
H/1.1 200
OK / Show response
pro.ip-api.com/csv/ 7 B
155 B 199ms
63ms XHR
text/plain 51.77.64.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/csv/?key=ZxSSLwZtxrKxQbv&fields=countryCode,region
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.16.3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.77.64.70 , Germany, ASN16276 (OVH, FR),
Reverse DNS: de-fra-1.pro.ip-api.com
Software: /
Resource Hash: eeace1f2c555820c1fd80519625f29571b8a009b32dbbb29ed288ad89abb3ef0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 17 Jan 2022 04:08:01 GMT
Content-Length: 7
Content-Type: text/plain; charset=utf-8

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 190ms
65ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.16.3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1104 / 913 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 17 Jan 2022 04:08:01 GMT

GET
H3 200 prebid-5.16.0.js Show response
cdn.adligature.com/prebid/ 447 KB
129 KB 76ms
75ms Script
application/javascript 2606:4700:3031::ac43:cab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/prebid/prebid-5.16.0.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.16.3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:cab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29d9e84a57a16dfa31898ca631469fc31f813264c7256aa59a3d0b522e649adb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=ZIyDug==, md5=U9pQJoWwhMQQ81YUFJsf0w==
date: Mon, 17 Jan 2022 04:08:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 389
cf-polished: origSize=458305
x-guploader-uploadid: ADPycdvrHshyBp6uOZN5zH9nZbrbFRR-UdSDQUaMYZco_dZe5VJA8h8YsdMZhvvgk0Qqiiljz4qhlfrw9PADHfHa9A0
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 04 Jan 2022 16:36:45 GMT
server: cloudflare
etag: W/"53da502685b084c410f35614149b1fd3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBOwPYcyw7nMMFdb1YfsgoTS3rxWuYuIy3H8azAok9a9VrooPbBXFecSdkB17TtM6PGTbtNpoCv2PF1cq1pjRjdT9i61JXhKN8dWDNfieZctlpDG5V%2BabLXMW3DgQWqDASK3FFGfC2Y6ML7dOHPkLGY%3D"}],"group":"cf-nel","max_age":604800}
content-language: en
x-goog-generation: 1633007245842835
content-type: application/javascript
expires: Mon, 17 Jan 2022 04:05:59 GMT
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
x-goog-stored-content-length: 458305
cf-ray: 6cecb8512f108879-LHR
cf-bgj: minify

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 188ms
70ms Script
application/javascript 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.16.3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.210.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-210-175.fra56.r.cloudfront.net
Software: Server /
Resource Hash: c59ecf34c8e169eb2c385296530f952be5ced6af24abbe7f2d47b89e520be544

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: SKwQUYZY6s9wJPymt5_yhNbSVWOe2iBW
content-encoding: gzip
etag: 8d3665a9b316600491247ca6d78c204c
age: 649
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 160XWG5JJ7W00548JVXE
date: Mon, 17 Jan 2022 03:57:15 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P3
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: AfqokCiCSnL3fi3otHgE5PGdJNyQ0tU3NllWgJaZm3L1nnzQaNzjWA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 174ms
57ms XHR
application/javascript 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.210.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-210-175.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: L2_MRp8KwiUR7xIWXZFooLHRBfnaqY96
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 8119
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 22 Dec 2021 01:41:37 GMT
server: AmazonS3
date: Mon, 17 Jan 2022 03:30:24 GMT
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 33febf2d58aeb0618cba096d54cae018.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: EW6WzYN8obULzcqs4f5BmLunfx8NQQbalrb7o6nChnU6i0F_WhSQCA==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 165 KB
61 KB 127ms
64ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

97e5328bcf20c844528dc8a318aff3e66a547bd47b7f8aafa69c08adb96d581e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:01 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62533
x-xss-protection: 0
expires: Mon, 17 Jan 2022 04:08:01 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 172ms
54ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4015
date: Mon, 17 Jan 2022 03:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 17 Jan 2022 05:01:06 GMT

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ 352 KB
118 KB 116ms
54ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 00:15:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13925
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 17 Jan 2023 00:15:56 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 70 B
97 B 125ms
62ms XHR
application/json 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

39c0b8be3e2bd4ecc61b4a789ac1e94d6a6812a15499181634db22e64fe7221c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 04:08:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72
x-xss-protection: 0
expires: Mon, 17 Jan 2022 04:08:01 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 124ms
61ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2077144728&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fg7brepjk&ul=en-us&de=UTF-8&dt=Pastelink.net%20-%20Publish%20Hyperlinks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=383132845&gjid=1810652685&cid=103938039.1642392482&tid=UA-55088947-2&_gid=832529683.1642392482&_r=1&gtm=2wg1c055WHPWQ&z=2089760345

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 108ms
61ms Ping
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oe1c0&_p=2077144728&sr=1600x1200&ul=en-us&cid=103938039.1642392482&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fg7brepjk&dt=Pastelink.net%20-%20Publish%20Hyperlinks&sid=1642392481&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastelink.net/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 68ms
62ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=2077144728&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fg7brepjk&ul=en-us&de=UTF-8&dt=Pastelink.net%20-%20Publish%20Hyperlinks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=1150243294&gjid=2115924132&cid=103938039.1642392482&tid=UA-197326395-9&_gid=832529683.1642392482&_r=1&_slc=1&z=1627879281

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
308 B 57ms
57ms XHR
text/plain 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fpastelink.net&pubid=7e29cf92-dbd2-479a-865a-9cb3658a40f8
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.210.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-210-175.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 02:30:49 GMT
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
server: Server
age: 5833
x-cache: Hit from cloudfront
access-control-allow-origin: https://pastelink.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: GP_17HlTlY6ZfOG7tD3HXV8Cib4EFxKd0xJu6Q_Lsrfp5kbXPsrBnA==

GET
DATA 200
OK truncated
/ 346 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ebd635d843d43673dd737988e3383b01614cfca991785e481a47e7bd6b8aea17

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 149 B
618 B 97ms
97ms XHR
text/javascript 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpastelink.net%2Fg7brepjk&pid=m7Ch4Sf6zk4JF&cb=0&ws=1600x1200&v=7.72.0&t=700&slots=%5B%7B%22sd%22%3A%22advally-adhesion-slot%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FBottom_adhesion_banner%22%7D%2C%7B%22sd%22%3A%22Top_leaderboard%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FTop_leaderboard%22%7D%2C%7B%22sd%22%3A%22Sidebar_MPU%22%2C%22s%22%3A%5B%22160x600%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FSidebar_MPU%22%7D%5D&schain=1.0%2C1!cdn.adligature.com%2CP58S175%2C1%2C%2C%2C&pubid=7e29cf92-dbd2-479a-865a-9cb3658a40f8&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.210.175 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-210-175.fra56.r.cloudfront.net

Software

Server /

Resource Hash

a0574668475ab72241ba04945aa6e1961160580fbb74032f0b473740225ec226

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:02 GMT
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
x-amz-rid: YQ0RQKHJJ5ZDVYBD51GN
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://pastelink.net
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 149
x-amz-cf-id: sgkl5rrwRf5fULsNlWvk8X5IbOZUReOyZbA--2-8UgmCViPVB8ASTQ==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 191ms
68ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 04:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 190ms
69ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 04:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 98 KB
25 KB 916ms
916ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2390651230437189&correlator=4015480781028955&output=ldjh&impl=fifs&eid=31061815%2C31064028%2C44757100&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220117&iu_parts=22405481091%2Cpastelink.net%2CBottom_adhesion_banner%2CTop_leaderboard%2CSidebar_MPU&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4&prev_iu_szs=728x90%2C320x50%7C300x250%2C160x600&fluid=0%2Cheight%2C0&eri=1&cust_params=amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1642392482&dt=1642392482020&dlt=1642392481137&idt=828&frm=20&biw=1600&bih=1200&oid=2&adxs=436%2C310%2C1071&adys=1105%2C315%2C575&adks=3402602959%2C1666686559%2C2108190548&ucis=1%7C2%7C3&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fpastelink.net%2Fg7brepjk&vis=1&scr_x=0&scr_y=0&psz=728x-1%7C705x147%7C168x606&msz=728x-1%7C705x0%7C160x-1&ga_vid=103938039.1642392482&ga_sid=1642392482&ga_hid=2077144728&ga_fc=true&ga_cid=832529683.1642392482&fws=516%2C4%2C4&ohw=1600%2C1600%2C1600&btvi=0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

15492ac61c709dcb6d27840ecfeb99254a9d6944a8253e0b31287225bd1b0b56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25864
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 185ms
68ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abbd99b5447bea3137820cb6934814656800252a152bae23556775b01cc521c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 04:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8708
x-xss-protection: 0

GET
H2 200 container.html Show response
84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E5AE 6 KB
4 KB 207ms
62ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 17 Jan 2022 04:08:02 GMT
expires: Tue, 17 Jan 2023 04:08:02 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

iu3 Show response
aax-eu.amazon-adsystem.com/s/ Frame 1730
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-sharethrough_n-LoopMe_cnv_n-Outbrain
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-sharethrough_n-LoopMe_cnv_n-Outbrain&dcc=t

65 B
686 B

56ms
55ms

Document
text/html

54.239.37.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-sharethrough_n-LoopMe_cnv_n-Outbrain&dcc=t

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.239.37.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

115d83ece49fd1c5769409aab9d78572eed86cd38a0556b4cdeeac82c83091d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/

Response headers

Server: Server
Date: Mon, 17 Jan 2022 04:08:02 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 65
Connection: keep-alive
x-amz-rid: D022815CNQ1MVX4GN0CR
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

Redirect headers

Server: Server
Date: Mon, 17 Jan 2022 04:08:02 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: VA7H9PXF3ZBP0QPM6W1P
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-sharethrough_n-LoopMe_cnv_n-Outbrain&dcc=t
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 205ms
74ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 04:08:02 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B49D 13 KB
5 KB 119ms
55ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 17 Jan 2022 01:33:03 GMT
expires: Tue, 17 Jan 2023 01:33:03 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 9299
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D32F 783 B
533 B 132ms
66ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a67956b22ba19ed87f3801e26bb9c8f4a19c910f4366bb2abe3b30192ca6f33e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-schEpZ8e/bxTGyiD7o5uhQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 17 Jan 2022 04:08:02 GMT
date: Mon, 17 Jan 2022 04:08:02 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-schEpZ8e/bxTGyiD7o5uhQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame B49D 35 KB
13 KB 117ms
54ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 01:31:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9417
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 01:31:05 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D32F 0
0 130ms
79ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=2390651230437189&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET generate_204
tpc.googlesyndication.com/ Frame B49D 0
0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 64ms
63ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=2390651230437189&bg=!iYqlis7NAAaocxMpqHM7ACkAdvg8WgwKNQD-HrEhsO5ieMcwmsfot9fkU-oks1dS33NC5VYdiVhKewIAAABGUgAAAAJoAQcKALG9w-opObEzTGOh_dNlsNat-CvzX4SMQhFB-W34sH9GvbFIWnJrlrXBSWXu6LIbPPcmdBa1uV5SVWdy6s3xzBnb7o0MOO_ZPt99VIbj7gtA6w-942VORCCHe4LjBhg4ToaKhzGHFcWU6ch8_BVAevOn8LbXVDNdFYRKmReG3zxRBrh3T78guW0ifYy294H6nVx7Y1yPeoM7tGDVaSyaH1rfF9tpSIKMAY7O13cXEcAWLTCZAsJ2c5VrMEBM_Pd3AljnBKeQVCZIdnptQQih01ojR-y5N85qofCbCLQHVOtOtqYYIMW3OyrcpAMc9EprxB4FL6Avrbak7QAGXJB5SOu2VRFiCkmO0ldPsoAh-Uo42k2HmMIdaGfcxLuQLg-PWn2NPWVHKDJOEVmizTTZ6vs6pseCRTo2cfZhF4qq4tEpyZRqK1H3RoQrA-QC7QVupoeu20S2Ffj0sMbAWBX4u1qDVBTtMH9JMuaoEgGDZePmVcPKqdN6HqKdT8M-szkwGtQG73GjTclDp7xYf1RcDCf9IOBaDawppXJpvE8T6GhT_qbmnLhgHjWPE0JxaLAXwMV8V-mdWMEtaD9QWNLdZpZi3l-3uD6cHWFJoknVStmPrVIDiwXo36n2zt3cSOU__veq9BLGkROwb_pvhEk338ud6Jlo3UYQUtNTkyqhnUNKUTjSfxyYyZB-TgM8ZMlsZC9wKzJ74GZ9TwF3NzfsV0Lr8Ogl3HAkRB2c2NoRjOcRrDMWVAm-QCYWZdWWIpdtBZG0GTYtGW54gEt7hL7pZAGw6EnjKGufyg2T8ShZGfoyysLDKvlgSIdVhuqBuVRN78c3bQFvpr_ncq9rnlxquE7LjNYcgqCcHjY2cLF5XZqXLBB1O3Wct7DPmA1iLg7OGoKq9fCrEvttVyz0A5WzhItLwQBpP_9c-xthK8bZQobvJtNuJMIz-Cat0J_tIbrYM74RcLm18tlUO2j2y1HMUHgi7iPzy04IIjn7AYhtwY9XpWRHKuxf-xnVbsk8kVnxSyqxf4gv7hyi1AIphGgPgCmQQTi12UJAHszfAOR-6J_6j9NN8fFebNYzBKSszNrQNPK7FUMJ-FFiYjwJFlKSv5KmmO9maXopm1K6y-v8p1dVD4YE5O0ky7SDL6arMpQIhTb7LaVVNnvfG8Cw5HdR0KyRqr7tb6P9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 119C 6 KB
3 KB 124ms
62ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 17 Jan 2022 04:08:02 GMT
expires: Tue, 17 Jan 2023 04:08:02 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111152338000/ Frame BD69 190 KB
55 KB 209ms
54ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14b52d5e44212b22f6de0be5caeeb5bba561a29fd91bf6076bf1ad6d45ecae6f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 61830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55581
x-xss-protection: 0
server: sffe
date: Sun, 16 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8559bae154d80579"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 16 Jan 2023 10:57:33 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame BD69 13 KB
5 KB 302ms
147ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e46e56dce46d21c527e164d6749fb5ff0101f400aede06a8711196da9e5c619

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 61830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4994
x-xss-protection: 0
server: sffe
date: Sun, 16 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b314c3eb801664ba"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 16 Jan 2023 10:57:33 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame BD69 89 KB
28 KB 310ms
156ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

279249ed963fcd87e6321b024c0194248dd1b44af5353e134071cdfff953967b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 61830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28443
x-xss-protection: 0
server: sffe
date: Sun, 16 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "976e6f5df80f4e35"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 16 Jan 2023 10:57:33 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame BD69 5 KB
2 KB 335ms
181ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63697d88ab7b6e34e76e5990b867c706cb4346c27ec1c5a034c4d91dfb136778

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 61830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1727
x-xss-protection: 0
server: sffe
date: Sun, 16 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "423ab13fb6ff63c9"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 16 Jan 2023 10:57:33 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame BD69 40 KB
13 KB 336ms
182ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ffd015b1bb0125d07c39cbfcdee6a8e2b604b55ea1936cf550fe1f9fbdbf2ae4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 61830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12843
x-xss-protection: 0
server: sffe
date: Sun, 16 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08cf721d9e54e414"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 16 Jan 2023 10:57:33 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame BD69 3 KB
580 B 135ms
69ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

76ca98643b0229d7a50626e2ed31a2ba5663b0697c880420fc3e4c6ca82684ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 02:46:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 17 Jan 2022 04:08:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 Jan 2022 04:08:03 GMT

GET
H3 200 container.html Show response
84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8A23 6 KB
3 KB 105ms
59ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 17 Jan 2022 04:08:02 GMT
expires: Tue, 17 Jan 2023 04:08:02 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/abg/ Frame BD69 3 KB
3 KB 56ms
56ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/en.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 16 Jan 2022 23:24:32 GMT
x-content-type-options: nosniff
server: cafe
age: 17011
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 15880770647744369592
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2982
x-xss-protection: 0
expires: Mon, 17 Jan 2022 23:24:32 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame BD69 344 B
368 B 56ms
55ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 16 Jan 2022 06:46:14 GMT
x-content-type-options: nosniff
server: cafe
age: 76909
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6766994032117382215
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Mon, 17 Jan 2022 06:46:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BD69 0
0 64ms
63ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRyhazDyhhWrqZbtL73HsxDCECQr9dLJ6E-VdMitGSZ09XMHIDFeNQH7RI5ifS9oU1ScBDkeKrg_Kp4_HoHwkCSzJrEHg
Requested by: Host: pastelink.net
URL: https://pastelink.net/g7brepjk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BD69 0
0 72ms
72ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C6gTfouvkYc2FBaOF9u8PpN290AH53KHtZqnqi8ugD8-3vs-IChABIImLxFBgmQagAa3J-6UoyAEBqQI08LTnNSezPuACAKgDAaoE_QFP0HnRcm9JS6-N6hMJnGJNHfjJ2Lkw7CfjUiQjURJQZyBxfpyH4p8ZZAxD8o1jn8lmRHMeacXOwJ0Exn3oD2q0izkKHKfv7JpylA7IoMnf4E7kCCVdunK8EF9Gr0lkLQIp5aph9D08e4dqXMdK3IkEOd9Ja83D6DaX26quIG891rIG07gb_LU3gAxjaxAKnDjNOFVr2MwqT4BJG3W2rnZIQAZBBpbRNFv3j_8MFYhSEi73IRjxL6_D6GA7XL1HfTLmqrhXFwGr8o0knu85zTCD--DOygxWNHNfB2gmOhjxg8L4_fgz-OfSsZJp2o_v6fTeKc_ldt3Sltn3ZcFzwASy5s_24wPgBAGSBQQIBBgBkgUECAUYBIAHrYHMhQOoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCgvQvSCAcIiGEQARgdgAoByAsB2BMK0BUBgBcBshceChwIABIUcHViLTE3NTA4NTYyMzkyMDQ0MTQY-t58&sigh=bLjqzUokPQ0&uach_m=[UACH]&template_id=5020&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: pastelink.net
URL: https://pastelink.net/g7brepjk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s07-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2B79 624 B
340 B 186ms
67ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARjmnu2ZATAB&v=APEucNX0eZyJBydOjn_tJuOjT2Z3QykXTIYXKiO9WIaWe4STIxDg4Lfnaiicb1fESRNGsKWsvlQoJkLtjmTvp_GOJtvOIBIGyQ

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 17 Jan 2022 04:08:03 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8A23 24 KB
14 KB 236ms
117ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AJx1DTrAELMHtY0GcDlNrMfyxLYmgiBafsOArNfXQE2znVBcP0RdwsmPXFYXyQ0oBoZgxgJMtjCMVdPXCYX80tDJDBaNQw02H9MTtJ_aLs8vgxm1pWYHzyxrVMQ2TZYhi11LlEINViLDV22Z60U45lotuN6g&cry=1&dbm_d=AKAmf-AVOQ_mCgKlizILwz8trFjr3CZx0b0dyxdNwIlZh4D0FlgS7lCD3NqfRkGnkSS653HZ-QKQdfhVHy_SvH8IJ1rLa4qtvGKgBEIEY7JTedGaCmy3OyJJuRL_y6uj0iKuAqvIxGtNgIR7VKtk_5LeSBz-EbY51hImKyR7_Y_WSZRwOB3PaaI9pIfnZF7EJVW--rqOuVCMcVR0vtE8c50uppm7bGwuQ993eWnnL4KEz1AAiEbEdUrahC4p1gH2Ll0W-KcKEqQlb-wLB0VE_29tksNihh0ksOsPIukPkATN9p-m_TW2U8oARvYLoRyeOtf1ZnJ1b1MBAaJYpM3-J7PLuef8AjomHduAZAB4KNBjIL281pDHDtqnGvxxTdD1-DiRRgCWwRZatIwslEyLqkDzlFlU4rpRScidY78KgkvfdCKQu5Oo7xSlCyPwaFHMB0FGx8rMXH-tTeSJ-lnMnvtOYtO1M1cODNzQOlymsZYO8xLjghphk998mYGH3NZoBo-yHYbmCqRh5BbJJYi1LZCHTMKLSAscvbvsFWGJ64J_XOsVMmM1NA7fgZONYf9Cr3U6tr5aUb4tmZnFpvV1j8uHJijCXkeRMuYxHnpc357d-p6OlG8euYVdT9UcjyG2xtSC9YNUiJX6AMCiyS9fxxjbQG6QYh1XDZr-qizHaK6Oa6wCKsAe6mo55nAzMLunnxsCJ0tH8LSUGbbzcpNkzWEF_59noON8vc5ctIFWRmTnPjbWdDj0fkfwENkADUa55bibia1-vlWggsXENRWmljn_Yedux-0EjWaQ3IP38KJCvt5sikIkipjW515owRrP_LlyxxhBTN_90hAPc21GXCkeYoazR9XTSzaXwhsHYbQMfJN-0E4UppTNqIDCOUs6RJzIm26aqEOcxugWKTp0MiUghvGqPDoDRYq3AJmAySLUj8VVYJ9dW0c0M9arMppIA8hq8qgui5R_6Q4OPQIH1d0Q-C0YW9b8ukdiwXcZe1BODL-EvUinuEPd_z6O44LmY2lrucTuVleGeEpkV0McFnqTEQXsPxTDxgCTHjZ4O8zVOvT8L_JBjiKRbW01-bX8GcJFMbrQo3i5S4aY1Yu3dplxfF6_ZaXzfmLAouNd-CCH5Ek1DB4qiJsiIgTYfF_dSTNVIuWF6uynC2I9cGh-xrkAgnAvIopeUNkWgT0IFUTQ7JYyYBOdOqd3YHCgJLlFSeTMlVcry7G5SIDo8oqvd4IRLBUTypRPCyh3DcFc2UUy7usLlA9vXIEZSaT4t6aIVOQLglZbHf0E4pZ9xBCW85Wblbk4dn0BhE8uWxaamEqqPVyOs9BzNDwvfvx9lnMM-tIJhN87nQiS8fguUrvpkP_P8JTeu0f_CrCNTEPXVDgdcVc3RCGWnvwRk6bjmkPykG_Co535QS_YB8yQ7D3Z9-xro-2ZV1KQ9pEL_3vU-OrHeDRpoBseKCcMk3o-KoHk6K_dj3FsahPHgxEqKME91A5D-xWjnNie41DAXvzUtf6EsRMx5nLvFffOaO6J1SYdLsO8iA-MMU9JE2-CPbVTSbugvNDCUI3RgdNk2mNzjTXD0q43iLXTFQv50pNPYfGhcNmUrrY7YDsc-sli6YJjSHSea2tWfqYZAJLYXvFPfrB8Gk4hWSXNlziYNICNR4qRdDkNphmN-sgUDtxeFqgyfiH_d1QsG0uuJsxHTVu9pVFsb325R1qUS1I6WygG1aQZduksHgyfGdPr8jKAMb8dTZ9cl0NR04PUW_JTcGv3gpbvpYo0sYLz2ap_rxOX4kxL2mV2F7P6GqPofzL5NnpoqPj27W-Qsez-z_dbWWPU3xNSMFewt2b2tLfTSqyFpt-99HGtpC7G-jlgVI96-EFJZRkry1Eq3eNFOk9C_KMfRTLtSpU4jFKMPldk5YKDE6umXCPQ7QK7Q40iuahFUqIOywoVdNNCYUDN7lEsEqbbxWRJGBBOU5GBU2eYyMl39Js0zPtWvhKA59vUoC0isG6jX53idPl0BPAagMExgi3kKwC2n-72BD0SzOnEHWyz7AEV-_hYQW3ckucQMY18O1-gcCmtyZjxozGogouw_cqKvbxaxJqbfMA4MuQ_Y1YPZVlKV0V1bQTY_SQvRaP3_oqvS2rwgI0ja4zf1aJyd4AOkiT_jj98sequ9aKAfWL-X7ns8Xjm73PVc5Dch_SsVsxnFXETX0o4xx3Qkjf20K-oqKHUX1L5MDp_s3Ytqu0tex3Y7c52mjt1nvXRKL1qnfyIcKYeD81nZvRm2cMM7-5MV9_8odlluC6Y-KdbJZLHhvJOxvFyroe8ZFpGGKwVaIvSHheJO1TSRAmmjqcAtLDjfue3QZgkZ7aeS1bwCFGnF6kAvCyZwPYKR1AYxKvh6mq2YiCsGFMIOqNMs5HG7yvopwKYgQVzJYjh4BW4O4mBniwCG-_xY_I1Y4TL1AFl598KK7zn4zUuX4LEpIVJbAZHS7TwRReY0YuuqmrBVDnCJY2srJHGEz7qBmdfhX7PAmM2NDr1zPO2aXbR7OGg4ZWY74HnaCVUObWJcDQUEy9DNwSu7ue8CiV6y-z7-NVB2Xs0xQMI4B2qM2abJp2F-3qszS1Frib8wr2-Gn8btspPlZVbPSerOADM4r2Kw_Jh272n9Ac55unZTPH1wzFc6yQ1vpoUItswWrDdOLpbxbllwxLHHE5a4c-9dKTkdhwXUXzi4qRPHPsMVJPpf70DoXHDZEYZ-12uAI-ekroKOD3ycdS74nPvwZGBVIs9dAQeLX8Zm8UhYo2oAfYQ1O1E1Sxv54sFRs_hP__1V1Q3g8aNUEVAbQJRy2GoZ5aERvoUozDgixK9HcqJsR5gRFummFPV1mv0ddGEz_MqJu-kBpyW0rFzEBPZPGk-q-Vw1D3xliNv4b2i6cAQRuxMfCMSCd_p2QOIBMUyPDLi7DkGF2AAZ3oqOCOSPaAwLax4WPy3ROBbAl0lexY7payO28G5yGZEXLkkTGfnWXPnm187Nq1a4JnNycYNAn7FgyS16w5IzV8H9VGMQsYju7pf7poyv3NgWEZBQRuhWaVK4RAemG6UIBAqW3OqAO6gbpJ2mEAMKrBXtUK2oC8748cJ6Yzhah-PspbkJUIRSP0D5hFxCvZjKVejirpVuTT_PchjRky-in1RdQhuE7oPGui8DE_oMDK4TpxcafHnuNfvPu5CTttYb9ykQKQWzzBb4BTCE_93veM9RikBqxs64L6S5Q&cid=CAASFeRo-lYus0AQMv7L4kWMdjliZrMb-w&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a8cddbcafd53251a5341c6780d66dced4d1f5291dd09f1206738e8d1fd9e11a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14078
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8A23 42 B
63 B 62ms
61ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-COxM_0NsfP8xfTEkJDNBiFwoM54fKgUUk5jP3tE8gtlg3PcLhAWopUMQk306uCnyz2bdW0sBi8fSNWFhogzF5r1iEHRX2iu9nSFUHzHMBfEHfThpY

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 8A23 2 KB
1 KB 202ms
57ms Script
application/javascript 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115845&plc=4232707&sid=18330&dvregion=0&unit=160x600&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hZczwWRWE_79zYxUinKFxx&DVP_DBM_1=3060631&DVP_DBM_2=12004965&DVP_DBM_3=32655949&DVP_DBM_4=322654054&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/g7brepjk&DVP_PP_BUNDLE_ID=
Requested by: Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: c1e12130de1af0a08256debddf188cd3a6d0de24ae929bcaa2bb6be433fa6c99

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 04:08:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Dec 2021 09:35:31 GMT
Server: Microsoft-IIS/10.0
ETag: "8f6388f116ecd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1163

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 8A23 8 KB
4 KB 203ms
58ms Script
application/javascript 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hZczwWRWE_79zYxUinKFxx&DVP_DBM_1=3060631&DVP_DBM_2=12004965&DVP_DBM_3=32655949&DVP_DBM_4=322654054&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/g7brepjk&DVP_PP_BUNDLE_ID=
Requested by: Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: a32c8f6551bd285a4c98a6811accef253d364885faa95e9a0237234d99eec187

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 04:08:03 GMT
Content-Encoding: gzip
Last-Modified: Sun, 16 Jan 2022 15:03:47 GMT
Server: Microsoft-IIS/10.0
ETag: "80bfe42eaad81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3291

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 8A23 2 KB
1 KB 59ms
57ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:03:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 258
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 04:03:45 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8A23 121 KB
38 KB 209ms
70ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 04:08:03 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 8A23 15 KB
6 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 03:50:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1025
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 03:50:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8A23 0
0 62ms
61ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSiSi4ljb6LlpiVhzreopvgLMiN_IJJpGiJbLECZHRw73gA7aoo3J4SinUE0AX2QPopaRRp3_AbPMkrfmqyrVtrb9zh0Q
Requested by: Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EE74 624 B
733 B 181ms
65ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARjC0eyZATAB&v=APEucNXy7kA790PNv_6mgjDS6YItd53r81nxOufIPjA7IHlEPsd9Q-gI1dfVEn2saRQNLH0F279lYWxKRKRwUCN2Q-FNkWY6VQ

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 17 Jan 2022 04:08:03 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 119C 24 KB
14 KB 198ms
83ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CXQW9-X3JrKFnQOOYHy8LLBtZjKa-nBR000JwLvU-RcR-vEmv5TbeYRdYxct4CRRD8GKK_wVUFBzADCuobq4bXU-atvEdM07piJyZl5-pjBmkJp0Zg222YxhXISKpdOOI_qZYWNouE71xemFe3avk76511fg&cry=1&dbm_d=AKAmf-Ck7I9_hEHiaXwplGLjqV89KnhRlEayGgtNLEPH3wM2Pd3ztJ-OEEdMPrDiC7SBKhVAqfbAIRzcX1-eYehK1LZa2BVTolyA9p2gije9Xc9VokEzr37ClaWFDXwpiXztp32s160FAaAmZrwyAye8GurgCyTXQ-4h_-p0uCZTCDv01MyLpu0ihfVAc7-sfSqN08TnWuaQ0qXwWnCYsOI0iJ-5pPUMbqpdAjXT4OfokQg3d2v1SR-VHxO4GhK7bvQObxrzPhFiN2t28auqEivRNISC75dQgkv2cr33D0IWd-_vlfVuqITPURlk3moa8zjStZPqklB1w85Qyiand7puszufabjAlUkVPqMLux2odY0BaXZtFaSh98ThpJypfiLWcOnCEtS0IqWxKpD5ZFHirhbJQr8mxdeUGR70Ch_yME-ghB-7Qsi4miX8nNzhk2XUPKXlRfzHuPf_N-pktSgpA_d5B8vwiN-fSxZYkGRP1Ncc-lW7jTiY6vjVUN9xIpAc3jZJxYP8DO57G3hQotK6LXYD0otz2NtIxZO1w_jpdynD86Ef0Br9kcspM8MDe62MH_1VQF_5QljSVISiogL2cIbdQNEm0AFwQ99Ik9EL_jwRfPVO4_GAMWPAEG3tgGtV-rxDP-Phj71AwoubQ1AZcB-jyZz3gbN9i8d2sS9ttH0lAXyk17lqjaIG0OpB7wtWzRYq-fIsiKmp4Rt11oPgBQzi3hYVMWF22PWrtuamG0jKV_yhxEaWFKPqWumyA0R0yIUowhydusMgkyPfeXsmP2YO3JnSf-NrU0a8hSr20Tsljn-bDRxAXyKQd3xqOgpxo4edMjYNucqMYrrC_iTCX7YgoNn9vd5vDkC7j2n74vMBdO8hb9gfOEogxIDaYoX3REmBeIVjINd6nXv76orD7dKFL0u4Dd3YBorhb2qpzCOlReC2wgevrnt04OByKRTCAVPj5Zs3E9UG7GGWxXLJRB2nygeGAgdQoXH01iQ3dhUy5l3IsrZdEEFD0rZUd3W5hBiP6A5H-olEGZblHlwiRtiF3CvpeF4xrgjiCOVeHfnm291o0UPdxxACIeSMhW9KYwolkV2r-7ZZp0qf4Pu4Qsk3ioc-c3PDR8pnrHZUE_8eEu4yjOfMA-8BD9ov_HiYmsFSYpqW8qyvHzZT7NqosuvI7B_civ24TCfyCXsisqe5XO0vtFfNLS2HuiBxFZAbkygA94V8Z5UqLwJdG3v_kBkqQrH7XsbAI-d1yqi3eXApJJwFtBrBEGFi5101pB2uaQK4q8bqPWiZ4EFM3dwDoDKG7JI4LpR6D946yeWt3X0CDX-IRuBgZnZdiGHt87Qb7IlvKNXCZGlVjyRc5YZU-5hnGs6_xbhz9cwTFiNXBUXmmqhYIDlOwCWYZPoKejB6fuZPznORVLqNXl6nqpbpt54aioUgzR-B3pcbJgKtDOqVyqjy03xKbJWro8WW1B81VhkcoygjDWfwOxwRHSAaV8iL86yaTdFvQIP_rDfQMxE4RCkoBXzXqFLZ-dYHAySR1UJZZyoKGsmdxmP2lNO5CVWivBB8OXhY0DVZbt6C65wY2LSzMd2MxftWFmXH60ujYJAkO5WSbHZE3Mi0tcS3mslrUsWK16aMGcW56E2K4_wQTjqOlsCKazapG5Vl77PPWHBVa7Khy9zujAdijl-G7b4PKbb1-7RxAALZLTIFsGZMVWfr2pNFhF7oZHDgxXnF8RTgJbsf0_WaBc4gDChGopNvN9qc0XfGqT_KDCC8F7gTSDwjq3dMPD07WLvAipNybdzg2ELBzTErBD0n5zRHA62VILdHxyhbmKv8ilzH98f9yHxKk-sE1ojmxwZ1p6a3ixCRWskxAONEx8i0bBlOxHC7niaaLcNl0P6MY5ycYL2k2jh7LcVPH19n9sKm4wku2g6tJzEVwyP1Eq3WRXfS2g_bMGXu0In2UYFzmmVZIfrIMbC87rtzHFRk5NFlG8cyfVNgKTFftx5j1se1EE0p-mAYrK9GlOvUK-p6_8cCwllQD_yiu77fzMsvKvCPSO3limPXaRoxDpALa_X-AN_tCvuFujc8PgtSSSY1ItYmT8hzwLFBRC9whtoN1_5T0bmLxBuacHjp9UGlqrhPuOyPcwhOAQk-CZ9s82V-5Mx0bbh_PymbYF4WRZetJJ8nki3CCG1EG_5NL-yrVcfAQvMrlxaibN9OuLsAUNFg4-WIiJqAz2C9Hi6hU_74U-m-Fg6mqJbbhBgXrTrKKfnAVYpXwsOdUxfpgwcQQc0N4vc0TST_qvLcULUC0uac-sSc7ytyh3R8VTq11rGmq8CHh1muxm0G6XhUvvNnxwCy529uaS4jw_kNMm3ZtudvcjzfrPSyYaf8q7tDd5I1SdiiVqqGsC3sSzpySBi4Hqw96Y9YFveaQ9KWSDx6KHGJnQW-SDjwMWwCSFxChY-arnPPzr7Eg4JEqHnCPUsBmv0iJ3vJr6OeVpB-yniXEC-O-C4M8GQ0-yfrHZ4rw9SxspFgZpyUoCfuXDACjau4o1kgGApkqTQoYCeS86bK_wU3SZwRspVxEesAjwJ87i-nS4h7LcMnGpEgLBUALUHmSsGRK60ss8iwQFor23CPDzGkgu-3Pb-xlKpcDJxLfkl_RUxhxKg5OTTl8JsNmSXR0MTKePPu_RUKy-P6YDJ8xURHKkBNZmWVPI1sg9ulypfJthDp_Y3CXsujLPDaX5Q7HMy3WveEWzlgSUQxR90_Ejz1RJxUkJT-zVtjSEnxoMrq0gkK2l9bqVpe6gTXNM2TF1FmFwsz89FTaxsWkZOVm-1W8S1VwikyteSgoTFXvkeIDydoZvaw46z8oIg4-3PbJ-h_PshcAqPXPyzcUc0D44w_aYDf6HOTwfhWoyxF0VBPT-uRmlMcXhXMYQuHMI9oGq4pvQPyb-XMd3z-sDjpMGtc5bU2TmEtnPKWZ8GhWBQasxNUgm2822xDVXZKDkDrZ4ggtxDq4mQMn_HZefWJQ6XnFZtc8fe81YjAl12jLB_kQADc6aSACY3kYoVlV6BGM6WcsdlfSQYkj-dQNCpU37KSA4P_UURvua4SON9qSxig6iibVw5UwFSdOP3AsmK0VQGh5MwQkPmzD9ZcFfEybGPEea9Bfo5KvkQn3Bb2fK4FdT7SXla-jUrWWE8MzMSB6HW2BXsSmxeDe-703eM-_ezGLY3qiwPQu9xeIZO-&cid=CAASFeRoDTdRR4k4_WKnHM299TMx_QwA1g&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Requested by

Host: pastelink.net
URL: https://pastelink.net/g7brepjk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9fc89d9fe1fba9c159a2c0cad84c448dbfc66d8c00b3a3eba635ccde792ff59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14097
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 119C 42 B
63 B 64ms
63ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BkyG17jYSft1m5vMcS_-CRWZPGvZq66USKdoZyVYu9RYHCjb42NqH9w3XSTqrT4Jw3Qkb3Cg_VNrtmm8p07e-u7IR8JlSk1u8JQsnpu8QbXh0OzaQ

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 119C 2 KB
1 KB 199ms
58ms Script
application/javascript 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115845&plc=4232710&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0jXbbpFJJKn2dmvTdbbt5We&DVP_DBM_1=3060631&DVP_DBM_2=12004965&DVP_DBM_3=32655949&DVP_DBM_4=322644162&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/g7brepjk&DVP_PP_BUNDLE_ID=
Requested by: Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: c1e12130de1af0a08256debddf188cd3a6d0de24ae929bcaa2bb6be433fa6c99

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 04:08:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Dec 2021 09:35:31 GMT
Server: Microsoft-IIS/10.0
ETag: "8f6388f116ecd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1163

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 119C 8 KB
4 KB 200ms
59ms Script
application/javascript 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0jXbbpFJJKn2dmvTdbbt5We&DVP_DBM_1=3060631&DVP_DBM_2=12004965&DVP_DBM_3=32655949&DVP_DBM_4=322644162&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/g7brepjk&DVP_PP_BUNDLE_ID=
Requested by: Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: a32c8f6551bd285a4c98a6811accef253d364885faa95e9a0237234d99eec187

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 04:08:03 GMT
Content-Encoding: gzip
Last-Modified: Sun, 16 Jan 2022 15:03:47 GMT
Server: Microsoft-IIS/10.0
ETag: "80bfe42eaad81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3291

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 119C 2 KB
1 KB 57ms
55ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:03:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 258
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 04:03:45 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 119C 121 KB
37 KB 274ms
138ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 04:08:03 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 119C 15 KB
6 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 03:50:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1025
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 03:50:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 119C 0
0 63ms
62ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRsTUHzKIyEDwxVZuCEsjwFfWmCXMrbFT589CzxWsL6VyYK0_mbNC2TfMrm3s-n4UQkO7c4J5cm6wKXtvhiSz8ypHK4xQ
Requested by: Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame BD69 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BD69 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 801460d151dbd27ccff505c1516049c1113b7a66d592d17a2e28934b92eb03c6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame BD69 21 KB
21 KB 123ms
60ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bbbc44e5ebb0694e2faa4b84737dc33d6b8fa9d0eaa8b5f63ac3537130cb07bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 07:43:47 GMT
x-content-type-options: nosniff
age: 505456
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21444
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 11 Jan 2023 07:43:47 GMT

GET
H3 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame BD69 21 KB
21 KB 121ms
59ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 18:21:26 GMT
x-content-type-options: nosniff
age: 553597
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 10 Jan 2023 18:21:26 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame BD69
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

143ms
78ms

Image
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: pastelink.net
URL: https://pastelink.net/g7brepjk
Protocol: H3
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Redirect headers

date: Mon, 17 Jan 2022 04:08:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame 119C 24 KB
9 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CXQW9-X3JrKFnQOOYHy8LLBtZjKa-nBR000JwLvU-RcR-vEmv5TbeYRdYxct4CRRD8GKK_wVUFBzADCuobq4bXU-atvEdM07piJyZl5-pjBmkJp0Zg222YxhXISKpdOOI_qZYWNouE71xemFe3avk76511fg&cry=1&dbm_d=AKAmf-Ck7I9_hEHiaXwplGLjqV89KnhRlEayGgtNLEPH3wM2Pd3ztJ-OEEdMPrDiC7SBKhVAqfbAIRzcX1-eYehK1LZa2BVTolyA9p2gije9Xc9VokEzr37ClaWFDXwpiXztp32s160FAaAmZrwyAye8GurgCyTXQ-4h_-p0uCZTCDv01MyLpu0ihfVAc7-sfSqN08TnWuaQ0qXwWnCYsOI0iJ-5pPUMbqpdAjXT4OfokQg3d2v1SR-VHxO4GhK7bvQObxrzPhFiN2t28auqEivRNISC75dQgkv2cr33D0IWd-_vlfVuqITPURlk3moa8zjStZPqklB1w85Qyiand7puszufabjAlUkVPqMLux2odY0BaXZtFaSh98ThpJypfiLWcOnCEtS0IqWxKpD5ZFHirhbJQr8mxdeUGR70Ch_yME-ghB-7Qsi4miX8nNzhk2XUPKXlRfzHuPf_N-pktSgpA_d5B8vwiN-fSxZYkGRP1Ncc-lW7jTiY6vjVUN9xIpAc3jZJxYP8DO57G3hQotK6LXYD0otz2NtIxZO1w_jpdynD86Ef0Br9kcspM8MDe62MH_1VQF_5QljSVISiogL2cIbdQNEm0AFwQ99Ik9EL_jwRfPVO4_GAMWPAEG3tgGtV-rxDP-Phj71AwoubQ1AZcB-jyZz3gbN9i8d2sS9ttH0lAXyk17lqjaIG0OpB7wtWzRYq-fIsiKmp4Rt11oPgBQzi3hYVMWF22PWrtuamG0jKV_yhxEaWFKPqWumyA0R0yIUowhydusMgkyPfeXsmP2YO3JnSf-NrU0a8hSr20Tsljn-bDRxAXyKQd3xqOgpxo4edMjYNucqMYrrC_iTCX7YgoNn9vd5vDkC7j2n74vMBdO8hb9gfOEogxIDaYoX3REmBeIVjINd6nXv76orD7dKFL0u4Dd3YBorhb2qpzCOlReC2wgevrnt04OByKRTCAVPj5Zs3E9UG7GGWxXLJRB2nygeGAgdQoXH01iQ3dhUy5l3IsrZdEEFD0rZUd3W5hBiP6A5H-olEGZblHlwiRtiF3CvpeF4xrgjiCOVeHfnm291o0UPdxxACIeSMhW9KYwolkV2r-7ZZp0qf4Pu4Qsk3ioc-c3PDR8pnrHZUE_8eEu4yjOfMA-8BD9ov_HiYmsFSYpqW8qyvHzZT7NqosuvI7B_civ24TCfyCXsisqe5XO0vtFfNLS2HuiBxFZAbkygA94V8Z5UqLwJdG3v_kBkqQrH7XsbAI-d1yqi3eXApJJwFtBrBEGFi5101pB2uaQK4q8bqPWiZ4EFM3dwDoDKG7JI4LpR6D946yeWt3X0CDX-IRuBgZnZdiGHt87Qb7IlvKNXCZGlVjyRc5YZU-5hnGs6_xbhz9cwTFiNXBUXmmqhYIDlOwCWYZPoKejB6fuZPznORVLqNXl6nqpbpt54aioUgzR-B3pcbJgKtDOqVyqjy03xKbJWro8WW1B81VhkcoygjDWfwOxwRHSAaV8iL86yaTdFvQIP_rDfQMxE4RCkoBXzXqFLZ-dYHAySR1UJZZyoKGsmdxmP2lNO5CVWivBB8OXhY0DVZbt6C65wY2LSzMd2MxftWFmXH60ujYJAkO5WSbHZE3Mi0tcS3mslrUsWK16aMGcW56E2K4_wQTjqOlsCKazapG5Vl77PPWHBVa7Khy9zujAdijl-G7b4PKbb1-7RxAALZLTIFsGZMVWfr2pNFhF7oZHDgxXnF8RTgJbsf0_WaBc4gDChGopNvN9qc0XfGqT_KDCC8F7gTSDwjq3dMPD07WLvAipNybdzg2ELBzTErBD0n5zRHA62VILdHxyhbmKv8ilzH98f9yHxKk-sE1ojmxwZ1p6a3ixCRWskxAONEx8i0bBlOxHC7niaaLcNl0P6MY5ycYL2k2jh7LcVPH19n9sKm4wku2g6tJzEVwyP1Eq3WRXfS2g_bMGXu0In2UYFzmmVZIfrIMbC87rtzHFRk5NFlG8cyfVNgKTFftx5j1se1EE0p-mAYrK9GlOvUK-p6_8cCwllQD_yiu77fzMsvKvCPSO3limPXaRoxDpALa_X-AN_tCvuFujc8PgtSSSY1ItYmT8hzwLFBRC9whtoN1_5T0bmLxBuacHjp9UGlqrhPuOyPcwhOAQk-CZ9s82V-5Mx0bbh_PymbYF4WRZetJJ8nki3CCG1EG_5NL-yrVcfAQvMrlxaibN9OuLsAUNFg4-WIiJqAz2C9Hi6hU_74U-m-Fg6mqJbbhBgXrTrKKfnAVYpXwsOdUxfpgwcQQc0N4vc0TST_qvLcULUC0uac-sSc7ytyh3R8VTq11rGmq8CHh1muxm0G6XhUvvNnxwCy529uaS4jw_kNMm3ZtudvcjzfrPSyYaf8q7tDd5I1SdiiVqqGsC3sSzpySBi4Hqw96Y9YFveaQ9KWSDx6KHGJnQW-SDjwMWwCSFxChY-arnPPzr7Eg4JEqHnCPUsBmv0iJ3vJr6OeVpB-yniXEC-O-C4M8GQ0-yfrHZ4rw9SxspFgZpyUoCfuXDACjau4o1kgGApkqTQoYCeS86bK_wU3SZwRspVxEesAjwJ87i-nS4h7LcMnGpEgLBUALUHmSsGRK60ss8iwQFor23CPDzGkgu-3Pb-xlKpcDJxLfkl_RUxhxKg5OTTl8JsNmSXR0MTKePPu_RUKy-P6YDJ8xURHKkBNZmWVPI1sg9ulypfJthDp_Y3CXsujLPDaX5Q7HMy3WveEWzlgSUQxR90_Ejz1RJxUkJT-zVtjSEnxoMrq0gkK2l9bqVpe6gTXNM2TF1FmFwsz89FTaxsWkZOVm-1W8S1VwikyteSgoTFXvkeIDydoZvaw46z8oIg4-3PbJ-h_PshcAqPXPyzcUc0D44w_aYDf6HOTwfhWoyxF0VBPT-uRmlMcXhXMYQuHMI9oGq4pvQPyb-XMd3z-sDjpMGtc5bU2TmEtnPKWZ8GhWBQasxNUgm2822xDVXZKDkDrZ4ggtxDq4mQMn_HZefWJQ6XnFZtc8fe81YjAl12jLB_kQADc6aSACY3kYoVlV6BGM6WcsdlfSQYkj-dQNCpU37KSA4P_UURvua4SON9qSxig6iibVw5UwFSdOP3AsmK0VQGh5MwQkPmzD9ZcFfEybGPEea9Bfo5KvkQn3Bb2fK4FdT7SXla-jUrWWE8MzMSB6HW2BXsSmxeDe-703eM-_ezGLY3qiwPQu9xeIZO-&cid=CAASFeRoDTdRR4k4_WKnHM299TMx_QwA1g&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:00:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 464
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 04:00:19 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 119C 41 KB
15 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 15:19:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 218930
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Jan 2023 15:19:13 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame EE74
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&C=1

43 B
1013 B

74ms
74ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARjC0eyZATAB&v=APEucNXy7kA790PNv_6mgjDS6YItd53r81nxOufIPjA7IHlEPsd9Q-gI1dfVEn2saRQNLH0F279lYWxKRKRwUCN2Q-FNkWY6VQ
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 17 Jan 2022 04:08:03 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:03 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 17 Jan 2022 04:08:03 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame EE74
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeTro0NgJjlZdQ0b.DdBSAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&google_hm=2

43 B
893 B

117ms
117ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARjC0eyZATAB&v=APEucNXy7kA790PNv_6mgjDS6YItd53r81nxOufIPjA7IHlEPsd9Q-gI1dfVEn2saRQNLH0F279lYWxKRKRwUCN2Q-FNkWY6VQ
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 17 Jan 2022 04:08:03 GMT

Redirect headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame EE74
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENRTBHPuufauEHxb_ID4ZYE&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENRTBHPuufauEHxb_ID4ZYE%26google_cver%3D1

43 B
1 KB

101ms
62ms

Image
image/gif

37.252.172.249
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENRTBHPuufauEHxb_ID4ZYE%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARjC0eyZATAB&v=APEucNXy7kA790PNv_6mgjDS6YItd53r81nxOufIPjA7IHlEPsd9Q-gI1dfVEn2saRQNLH0F279lYWxKRKRwUCN2Q-FNkWY6VQ

Protocol

HTTP/1.1

Server

37.252.172.249 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:03 GMT
X-Proxy-Origin: 82.199.130.37; 82.199.130.37; 534.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 4e1c2a9b-c946-4a7e-9139-07298aeb395b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:03 GMT
X-Proxy-Origin: 82.199.130.37; 82.199.130.37; 534.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 98fbaa6c-c987-4d6b-917f-206f31a52927
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENRTBHPuufauEHxb_ID4ZYE%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EE74
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg4ODY3NTI3MTkzNTg4NzY0MQ%3D%3D

170 B
188 B

148ms
86ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg4ODY3NTI3MTkzNTg4NzY0MQ%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:03 GMT
X-Proxy-Origin: 82.199.130.37; 82.199.130.37; 534.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: db65b916-2081-4ff5-8bff-d4d199e5fd6c
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg4ODY3NTI3MTkzNTg4NzY0MQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2B79
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&C=1

43 B
1013 B

82ms
82ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARjmnu2ZATAB&v=APEucNX0eZyJBydOjn_tJuOjT2Z3QykXTIYXKiO9WIaWe4STIxDg4Lfnaiicb1fESRNGsKWsvlQoJkLtjmTvp_GOJtvOIBIGyQ
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 17 Jan 2022 04:08:03 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:03 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 17 Jan 2022 04:08:03 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2B79
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeTro0NgJjlZdQ0b.DdBSAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&google_hm=2

43 B
893 B

117ms
117ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARjmnu2ZATAB&v=APEucNX0eZyJBydOjn_tJuOjT2Z3QykXTIYXKiO9WIaWe4STIxDg4Lfnaiicb1fESRNGsKWsvlQoJkLtjmTvp_GOJtvOIBIGyQ
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 17 Jan 2022 04:08:03 GMT

Redirect headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGtdooCWptTTq4okLEKiANY&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 2B79
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENRTBHPuufauEHxb_ID4ZYE&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENRTBHPuufauEHxb_ID4ZYE%26google_cver%3D1

43 B
1 KB

98ms
59ms

Image
image/gif

37.252.172.249
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENRTBHPuufauEHxb_ID4ZYE%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARjmnu2ZATAB&v=APEucNX0eZyJBydOjn_tJuOjT2Z3QykXTIYXKiO9WIaWe4STIxDg4Lfnaiicb1fESRNGsKWsvlQoJkLtjmTvp_GOJtvOIBIGyQ

Protocol

HTTP/1.1

Server

37.252.172.249 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:03 GMT
X-Proxy-Origin: 82.199.130.37; 82.199.130.37; 534.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 05ab88fb-da06-490a-bd3e-e55ba9983342
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:03 GMT
X-Proxy-Origin: 82.199.130.37; 82.199.130.37; 534.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: b5a4cac9-1ff4-425a-8a5b-9c48b6df76b5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENRTBHPuufauEHxb_ID4ZYE%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2B79
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg4ODY3NTI3MTkzNTg4NzY0MQ%3D%3D

170 B
188 B

144ms
83ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg4ODY3NTI3MTkzNTg4NzY0MQ%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:03 GMT
X-Proxy-Origin: 82.199.130.37; 82.199.130.37; 534.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: cb783204-96a2-4529-a3f7-9bb81a2917e9
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg4ODY3NTI3MTkzNTg4NzY0MQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame 8A23 24 KB
9 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AJx1DTrAELMHtY0GcDlNrMfyxLYmgiBafsOArNfXQE2znVBcP0RdwsmPXFYXyQ0oBoZgxgJMtjCMVdPXCYX80tDJDBaNQw02H9MTtJ_aLs8vgxm1pWYHzyxrVMQ2TZYhi11LlEINViLDV22Z60U45lotuN6g&cry=1&dbm_d=AKAmf-AVOQ_mCgKlizILwz8trFjr3CZx0b0dyxdNwIlZh4D0FlgS7lCD3NqfRkGnkSS653HZ-QKQdfhVHy_SvH8IJ1rLa4qtvGKgBEIEY7JTedGaCmy3OyJJuRL_y6uj0iKuAqvIxGtNgIR7VKtk_5LeSBz-EbY51hImKyR7_Y_WSZRwOB3PaaI9pIfnZF7EJVW--rqOuVCMcVR0vtE8c50uppm7bGwuQ993eWnnL4KEz1AAiEbEdUrahC4p1gH2Ll0W-KcKEqQlb-wLB0VE_29tksNihh0ksOsPIukPkATN9p-m_TW2U8oARvYLoRyeOtf1ZnJ1b1MBAaJYpM3-J7PLuef8AjomHduAZAB4KNBjIL281pDHDtqnGvxxTdD1-DiRRgCWwRZatIwslEyLqkDzlFlU4rpRScidY78KgkvfdCKQu5Oo7xSlCyPwaFHMB0FGx8rMXH-tTeSJ-lnMnvtOYtO1M1cODNzQOlymsZYO8xLjghphk998mYGH3NZoBo-yHYbmCqRh5BbJJYi1LZCHTMKLSAscvbvsFWGJ64J_XOsVMmM1NA7fgZONYf9Cr3U6tr5aUb4tmZnFpvV1j8uHJijCXkeRMuYxHnpc357d-p6OlG8euYVdT9UcjyG2xtSC9YNUiJX6AMCiyS9fxxjbQG6QYh1XDZr-qizHaK6Oa6wCKsAe6mo55nAzMLunnxsCJ0tH8LSUGbbzcpNkzWEF_59noON8vc5ctIFWRmTnPjbWdDj0fkfwENkADUa55bibia1-vlWggsXENRWmljn_Yedux-0EjWaQ3IP38KJCvt5sikIkipjW515owRrP_LlyxxhBTN_90hAPc21GXCkeYoazR9XTSzaXwhsHYbQMfJN-0E4UppTNqIDCOUs6RJzIm26aqEOcxugWKTp0MiUghvGqPDoDRYq3AJmAySLUj8VVYJ9dW0c0M9arMppIA8hq8qgui5R_6Q4OPQIH1d0Q-C0YW9b8ukdiwXcZe1BODL-EvUinuEPd_z6O44LmY2lrucTuVleGeEpkV0McFnqTEQXsPxTDxgCTHjZ4O8zVOvT8L_JBjiKRbW01-bX8GcJFMbrQo3i5S4aY1Yu3dplxfF6_ZaXzfmLAouNd-CCH5Ek1DB4qiJsiIgTYfF_dSTNVIuWF6uynC2I9cGh-xrkAgnAvIopeUNkWgT0IFUTQ7JYyYBOdOqd3YHCgJLlFSeTMlVcry7G5SIDo8oqvd4IRLBUTypRPCyh3DcFc2UUy7usLlA9vXIEZSaT4t6aIVOQLglZbHf0E4pZ9xBCW85Wblbk4dn0BhE8uWxaamEqqPVyOs9BzNDwvfvx9lnMM-tIJhN87nQiS8fguUrvpkP_P8JTeu0f_CrCNTEPXVDgdcVc3RCGWnvwRk6bjmkPykG_Co535QS_YB8yQ7D3Z9-xro-2ZV1KQ9pEL_3vU-OrHeDRpoBseKCcMk3o-KoHk6K_dj3FsahPHgxEqKME91A5D-xWjnNie41DAXvzUtf6EsRMx5nLvFffOaO6J1SYdLsO8iA-MMU9JE2-CPbVTSbugvNDCUI3RgdNk2mNzjTXD0q43iLXTFQv50pNPYfGhcNmUrrY7YDsc-sli6YJjSHSea2tWfqYZAJLYXvFPfrB8Gk4hWSXNlziYNICNR4qRdDkNphmN-sgUDtxeFqgyfiH_d1QsG0uuJsxHTVu9pVFsb325R1qUS1I6WygG1aQZduksHgyfGdPr8jKAMb8dTZ9cl0NR04PUW_JTcGv3gpbvpYo0sYLz2ap_rxOX4kxL2mV2F7P6GqPofzL5NnpoqPj27W-Qsez-z_dbWWPU3xNSMFewt2b2tLfTSqyFpt-99HGtpC7G-jlgVI96-EFJZRkry1Eq3eNFOk9C_KMfRTLtSpU4jFKMPldk5YKDE6umXCPQ7QK7Q40iuahFUqIOywoVdNNCYUDN7lEsEqbbxWRJGBBOU5GBU2eYyMl39Js0zPtWvhKA59vUoC0isG6jX53idPl0BPAagMExgi3kKwC2n-72BD0SzOnEHWyz7AEV-_hYQW3ckucQMY18O1-gcCmtyZjxozGogouw_cqKvbxaxJqbfMA4MuQ_Y1YPZVlKV0V1bQTY_SQvRaP3_oqvS2rwgI0ja4zf1aJyd4AOkiT_jj98sequ9aKAfWL-X7ns8Xjm73PVc5Dch_SsVsxnFXETX0o4xx3Qkjf20K-oqKHUX1L5MDp_s3Ytqu0tex3Y7c52mjt1nvXRKL1qnfyIcKYeD81nZvRm2cMM7-5MV9_8odlluC6Y-KdbJZLHhvJOxvFyroe8ZFpGGKwVaIvSHheJO1TSRAmmjqcAtLDjfue3QZgkZ7aeS1bwCFGnF6kAvCyZwPYKR1AYxKvh6mq2YiCsGFMIOqNMs5HG7yvopwKYgQVzJYjh4BW4O4mBniwCG-_xY_I1Y4TL1AFl598KK7zn4zUuX4LEpIVJbAZHS7TwRReY0YuuqmrBVDnCJY2srJHGEz7qBmdfhX7PAmM2NDr1zPO2aXbR7OGg4ZWY74HnaCVUObWJcDQUEy9DNwSu7ue8CiV6y-z7-NVB2Xs0xQMI4B2qM2abJp2F-3qszS1Frib8wr2-Gn8btspPlZVbPSerOADM4r2Kw_Jh272n9Ac55unZTPH1wzFc6yQ1vpoUItswWrDdOLpbxbllwxLHHE5a4c-9dKTkdhwXUXzi4qRPHPsMVJPpf70DoXHDZEYZ-12uAI-ekroKOD3ycdS74nPvwZGBVIs9dAQeLX8Zm8UhYo2oAfYQ1O1E1Sxv54sFRs_hP__1V1Q3g8aNUEVAbQJRy2GoZ5aERvoUozDgixK9HcqJsR5gRFummFPV1mv0ddGEz_MqJu-kBpyW0rFzEBPZPGk-q-Vw1D3xliNv4b2i6cAQRuxMfCMSCd_p2QOIBMUyPDLi7DkGF2AAZ3oqOCOSPaAwLax4WPy3ROBbAl0lexY7payO28G5yGZEXLkkTGfnWXPnm187Nq1a4JnNycYNAn7FgyS16w5IzV8H9VGMQsYju7pf7poyv3NgWEZBQRuhWaVK4RAemG6UIBAqW3OqAO6gbpJ2mEAMKrBXtUK2oC8748cJ6Yzhah-PspbkJUIRSP0D5hFxCvZjKVejirpVuTT_PchjRky-in1RdQhuE7oPGui8DE_oMDK4TpxcafHnuNfvPu5CTttYb9ykQKQWzzBb4BTCE_93veM9RikBqxs64L6S5Q&cid=CAASFeRo-lYus0AQMv7L4kWMdjliZrMb-w&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:00:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 464
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 04:00:19 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8A23 41 KB
15 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 15:19:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 218930
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Jan 2023 15:19:13 GMT

GET
H/1.1 200
OK dvbs_src_internal101.js Show response
cdn.doubleverify.com/ Frame 119C 55 KB
18 KB 70ms
70ms Script
application/javascript 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal101.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115845&plc=4232710&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0jXbbpFJJKn2dmvTdbbt5We&DVP_DBM_1=3060631&DVP_DBM_2=12004965&DVP_DBM_3=32655949&DVP_DBM_4=322644162&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/g7brepjk&DVP_PP_BUNDLE_ID=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 319dc60c796946da643a880fec740453dfa1308266841c576d1c577a4c9bac44

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 04:08:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Dec 2021 09:35:46 GMT
Server: Microsoft-IIS/10.0
ETag: "08517fa16ecd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18088

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AEB7 22 KB
8 KB 54ms
54ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 14 Jan 2022 15:19:21 GMT
expires: Sat, 14 Jan 2023 15:19:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 218922
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK dvbs_src_internal101.js Show response
cdn.doubleverify.com/ Frame 8A23 55 KB
18 KB 70ms
70ms Script
application/javascript 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal101.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115845&plc=4232707&sid=18330&dvregion=0&unit=160x600&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hZczwWRWE_79zYxUinKFxx&DVP_DBM_1=3060631&DVP_DBM_2=12004965&DVP_DBM_3=32655949&DVP_DBM_4=322654054&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/g7brepjk&DVP_PP_BUNDLE_ID=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 319dc60c796946da643a880fec740453dfa1308266841c576d1c577a4c9bac44

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 04:08:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Dec 2021 09:35:46 GMT
Server: Microsoft-IIS/10.0
ETag: "08517fa16ecd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18088

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0590 22 KB
8 KB 54ms
53ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 14 Jan 2022 15:19:21 GMT
expires: Sat, 14 Jan 2023 15:19:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 218922
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame 119C 2 KB
1 KB 252ms
64ms Script
text/javascript 213.254.244.11
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_701605440120&jsTagObjCallback=__tagObject_callback_701605440120&num=6&ctx=1828362&cmp=115845&plc=4232710&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=701605440120&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&dvp_strhd=0.40&dvpx_strhd=0.40&brid=3&brver=97&bridua=3&dup=null&turl=https://pastelink.net/g7brepjk&srcurlD=0&ssl=1&refD=1&htmlmsging=1&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0jXbbpFJJKn2dmvTdbbt5We&DVP_DBM_1=3060631&DVP_DBM_2=12004965&DVP_DBM_3=32655949&DVP_DBM_4=322644162&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=4&fcifrms=6&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=149&eparams=DC4FC%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETar9EEADTbpTauTaugc3%60cfa3g_gde5c7h_g4hcgce5a7bfad%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETau8f3C6A%3B%3C&dvp_exetime=4.80&callbackName=__verify_callback_701605440120
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal101.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.11 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: c3214bfea2c345e0ea5fae5aef8cbb9fdbebf575e13b78362f96258638fa58a4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
X-DV-Response: 1
Content-Encoding: gzip
Date: Mon, 17 Jan 2022 04:08:02 GMT
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 1/16/2022 4:08:03 AM

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame AEB7 35 KB
13 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 01:31:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 01:31:05 GMT

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame 0590 35 KB
13 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 01:31:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 01:31:05 GMT

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame 8A23 2 KB
1 KB 234ms
65ms Script
text/javascript 213.254.244.11
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_344922943068&jsTagObjCallback=__tagObject_callback_344922943068&num=6&ctx=1828362&cmp=115845&plc=4232707&sid=18330&advid=&adsrv=&unit=160x600&isdvvid=&uid=344922943068&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&dvp_strhd=0.20&dvpx_strhd=0.20&brid=3&brver=97&bridua=3&dup=null&turl=https://pastelink.net/g7brepjk&srcurlD=0&ssl=1&refD=1&htmlmsging=1&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hZczwWRWE_79zYxUinKFxx&DVP_DBM_1=3060631&DVP_DBM_2=12004965&DVP_DBM_3=32655949&DVP_DBM_4=322654054&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=4&fcifrms=6&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=149&eparams=DC4FC%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETar9EEADTbpTauTaugc3%60cfa3g_gde5c7h_g4hcgce5a7bfad%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETau8f3C6A%3B%3C&dvp_exetime=2.40&callbackName=__verify_callback_344922943068
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal101.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.11 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: a4ebeaf4ba2f488f8bc38a03f4e99f2ffb59eec6b110ae7dc959d20fbf020f1e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
X-DV-Response: 1
Content-Encoding: gzip
Date: Mon, 17 Jan 2022 04:08:03 GMT
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 1/16/2022 4:08:03 AM

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AEB7 0
20 B 70ms
70ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BomHuo-vkYZrQD93-7_UPnMWd6AwAAAAAOAHgBAI&bg=!np2lndnNAAaocxMpqHM7ACkAdvg8WoWBbM5AkpH2VsWXOOWH0B1UIu87gGMXt_VA8WNHGYatAvN-MgIAAABnUgAAAAJoAQeZAw_NP4JQAVuejNW-raeFPoK-mLZ5jZ58UY0sHtuuq5_ZZjrWuvoBeNUpwZexexiGluIhQ3ixp0jeRs-QqYKJDUFxpwQWn50EJ-a9rjub5eGNrGVCvtsahGWx0n94nc0lsb4sw_FKgJ_w4-pVcG9GogrGRzQgs9mP8N-onkCGBLP7gNWb8alyvyuDTO14gDi555GmZTvF8SUMag5YfKF8fAW46RdbhGc2-UqhRhRTaKTTjIMfGsQwPHQePn8kTcW0sTlqhP3Nf4C2TBumgDpssr_Qi-Hy9LDLDj4L5ctIyZ3ggsu86ltSikMNxi28Qx0G0KgwyR4oxhXP-uxuEp8_oj_xN_2wX_k6_rIMDTfm44TatQGP_H7wgkCBijyi2NhRVZCaNFP-mJKks1KpotCy0oLAy4n2bLPy71tSG68MUwohGeoK3634FXw7Wm4SD-tcI5xS-IehF5XGwKqLcD9145AgdHDOtcC2W9GtRsBf4zvd1AqfEoQTs8PHfuhCTRzG5zN3pYTGWM2NG_I6xlCzh4SVYu6r73_MDWaDky0Klmi_wY6Va9l386H6J1bpmwmEL1QK5v5vQJYuiCpR3zbIzIRfho7jj7fbRBktxAnymxDKUuWMI-tISjV3uzhAboqEckJ4cM-G9riT3hS2sABHz6MQ6DhkdUTFJ_y1g4jJIev3JjEB43BJ6zv3PTpA6GOvUE3iV5jxilgj824Pz5W0FBvCU5RQxpDctPzmc45cm8U5-Pt2m1toeyVG-JEMAZKM8c_JVsOVKaA4Ik9hVrpl4zvoZYfXAnGbRpyVVoP6P__rd674ob2bFF7Y7rwK7ZHlCKKIbTZggrLOfxVkClQmF2_ugwzYVatCx0lNev4ioxXcte876XnfOdG9uJNrNGXxF3_76CoQQtSKvrVjxPSZnmLGJFrCSFyvC3qytl-EB9-5kBGKYs7bkGXUtpm1jZvSoPD5yHkcUYpVEXFKRPUwMrYzbXmtHKUsaYMd5J6ugMaGkx6zYPSURowig7U_s9tqbQ0_iXL9a_ZOLADCf0R6Jg0

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0590 0
20 B 69ms
68ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B4dTfo-vkYa7eEZHI7_UP89W-0AIAAAAAOAHgBAI&bg=!lpWlldHNAAaocxMpqHM7ACkAdvg8WiA70Js_hLJV6CpRCP-scd1My-YxlNx-V41vVdBatjVZ3ZsQFQIAAABjUgAAAANoAQeZAvg4uJkSUmIRBXUhYcmxWcZZJKWwBSYkIhjfHghbYZJ4RbMAF6wHZsuN4kKtWxTtlRWmm9-PisHtDlt2ufupcJ8ffELqZEqYGxvS0jsXlizy8FKzZlHxGBLTNP1qeatOh55oSReox62nkAiSDv2R158Ipu6re0gT52mndp0dXbOJxOB7kGnebrHFxnCVtK_PW42ZKuPOrFE-DhvaxZYngu-i7pLlHa9J8_LgWX1G8JRYb5xqVD9HrPYpgVJUKaL9tlhJZqKPMUuqbeYHYwqE-6IVBNzQ_ZMu0uMM5HUF4_U2kjs3NFIo3vflWoFHNxGsW-5azVwwWg3xBCHYk8AbwJncWtOLjcDuJ06Sv9Z2hmFx7LoBINI1UrjLQJnKqctcgEN36WHeEyX9RzU4ZZaY1yoLTTJShZAO7HCipTwffjan0snMRd-hN5R_qn9n1I-0GzAYeQq4lOJFxjyVxQPrBnHzWBCV8kY71X0nr4agK2Ee4nvtCTYXP7oTQuW8n8-Rm8yeBxInBRSU52cqNEXi4H007js_gXF02aXsIue1H9FylMglTuYJ8cbbmUxr76LjFj1JoPjeItszRDAypYTZR-Muk-XWG61gVPWxQKNJyEuD_lgyhgk1Qc3HVWwRsrUaWpS2JudlXgjgrxvF1_Rr2QWF3UMYmOLZbDT_9rRZNoDqyoLotlW5hPPSXMFZRK-sLrKzKIKUNzpiYf5EwOifA3YXixTzeIfsRxqYsIVUzV4iadRLgTYyh-Sws25bMWurSwCDSCxMn65QR2_-QuYH0TDVTtmlT_E2CkYYBCeK6tFfyYXHpKW12D5Mn7A_dz9JvNKWrB1PaEpQsBPo-98uqE2CRguo6YjGUxwv16ks6E3hngfr1et_y0yc30ZJetb48UqkB2E9W5tCXYxrtce5vnMU8vqbr3m5Pk_MfvrSEjZOooGMAAJx8wTjk8wZNx9hIEwz57fIRZsa3qugE6fc-0DtlUlgnuZ2Kbx6WlcA13upEAJ5sv-9o8ki

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 119C 9 KB
4 KB 199ms
102ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

162a6b3bdfbd0f251e65e340c383b01c333ab0c1e5c1688e93afc965abbeab5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 03:40:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1624
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4396
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:01:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 17 Jan 2022 04:40:59 GMT

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 8A23 9 KB
4 KB 201ms
106ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

162a6b3bdfbd0f251e65e340c383b01c333ab0c1e5c1688e93afc965abbeab5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 03:40:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1624
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4396
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:01:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 17 Jan 2022 04:40:59 GMT

GET
H3 200 impl_v82.js Show response
www.googletagservices.com/dcm/ Frame 8A23 41 KB
17 KB 95ms
95ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v82.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

922e306a6fe0ede719a7fc79f287dfabf6cd9234583d778ec544a88eed908db2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 15:56:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 562319
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17197
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 15:37:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Jan 2023 15:56:04 GMT

GET
H3 200 impl_v82.js Show response
www.googletagservices.com/dcm/ Frame 119C 41 KB
17 KB 108ms
108ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v82.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

922e306a6fe0ede719a7fc79f287dfabf6cd9234583d778ec544a88eed908db2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 15:56:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 562319
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17197
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 15:37:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Jan 2023 15:56:04 GMT

GET
H2 200 B9689862.280626343;dc_ver=82.239;sz=160x600;u_sd=1;dc_adk=2228999106;ord=tnqwwj;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fpastelin... Show response
ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/ Frame F81D 40 KB
20 KB 378ms
124ms Document
text/html 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B9689862.280626343;dc_ver=82.239;sz=160x600;u_sd=1;dc_adk=2228999106;ord=tnqwwj;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=vHlVJgdxeo;sttr=117;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v82.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

b41955ec4a54e46b66478ae9f915db18b8b893e9c1a5606b81edb502008880dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 17 Jan 2022 04:08:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 20420
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK dv-measurements1999.js Show response
cdn.doubleverify.com/ Frame F65E 501 KB
92 KB 115ms
115ms Script
application/javascript 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1999.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/g7brepjk
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf10aa4c0d36db030233d72358bdb6d6300d8bd25d3de1f9139d7e2633de099

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 04:08:04 GMT
Content-Encoding: gzip
Last-Modified: Sun, 16 Jan 2022 08:48:57 GMT
Server: Microsoft-IIS/10.0
ETag: "8062e8e5b5ad81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 93896

GET
DATA 200
OK truncated
/ Frame 8A23 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c766ef34ab62d3f6587fbe6e4c4a700805c88004c472c5026f1e8ccd4111ffce

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 B9689862.280630144;dc_ver=82.239;sz=728x90;u_sd=1;dc_adk=250412649;ord=mprxae;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fpastelink.... Show response
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/ Frame 119C 41 KB
20 KB 380ms
182ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280630144;dc_ver=82.239;sz=728x90;u_sd=1;dc_adk=250412649;ord=mprxae;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=vHlVJgdxeo;sttr=178;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v82.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

1d3e7c4d67ff744882a5d90112b8266c6bef537d50823e3e72a5151a2c0e152b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20541
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame BD69 42 B
64 B 106ms
106ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuUqZaWk1bAALyncybfygmRcJ_U-dgRuep0kwq_cwJ7q0HlNqoGFYM06MRUNT3GgzEwhUvR4qyzVMm9tKEBMENAeH7wnreOSR22p7hrqzwErPfde14&sai=AMfl-YSnc_BBh_el_knTeHkfURxk54-m7hNj_sws2rEtdsbQ_lwvHJDvDmGK3-MjgXM3g2UaX3Y5uxiQ0hEUDoLRyT1GAe7pXqdM2l0vpy1uT7rU-oJLL4O_fO1825kerycC&sig=Cg0ArKJSzCKoruD8MYwYEAE&id=ampim&o=310,315&d=600,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=417&tls=1417&g=100&h=100&tt=1417&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=1666686559

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame F65E 1 KB
1 KB 854ms
186ms Script
text/javascript 63.251.109.130
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&ttmms=348&ttfrms=27&brid=3&brver=97.0.4692.71&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETar9EEADTbpTauTaugc3%60cfa3g_gde5c7h_g4hcgce5a7bfad%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETau8f3C6A%3B%3C&srcurlD=0&aUrlD=-1&ssl=https:&uid=1642392484459376&jsCallback=dvCallback_1642392484459857&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F97.0.4692.71%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=600&winw=160&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1999&tgjsver=1999&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2F84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&fcifrms=6&brh=2&sdf=2&dvp_epl=281&noc=4&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://pastelink.net/g7brepjk&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hZczwWRWE_79zYxUinKFxx&DVP_DBM_1=3060631&DVP_DBM_2=12004965&DVP_DBM_3=32655949&DVP_DBM_4=322654054&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=25804315115.682655&dvp_tukv=179938999.2370127&dvp_uuid=753631732.216466&dvp_strhd=0.1999988555908203&dvpx_strhd=0.1999988555908203&dvp_tuid=383326064322
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1999.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.109.130 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: e7a85b5f5eca873844fb9e70c33b469dcb2ca9f329578ffff732d5324df707f0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:05 GMT
Content-Encoding: br
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 01/16/2022 04:08:05

GET
H2 200 697677707549585484
s0.2mdn.net/simgad/ Frame F81D 85 KB
85 KB 420ms
98ms Image
image/jpeg 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/697677707549585484

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B9689862.280626343;dc_ver=82.239;sz=160x600;u_sd=1;dc_adk=2228999106;ord=tnqwwj;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=vHlVJgdxeo;sttr=117;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425c6a2930c93e1ad8cb560e73a1e34e09c223c2146480a3fafdcb200a02b0e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 06:31:36 GMT
x-content-type-options: nosniff
age: 250588
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 86916
x-xss-protection: 0
last-modified: Tue, 07 Sep 2021 22:07:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 14 Jan 2023 06:31:36 GMT

GET
H3 200 sodar_loader.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/xfa/ Frame F81D 10 KB
4 KB 97ms
97ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/xfa/sodar_loader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

806b4ea1a35d9a0327df2f3423b2792713d96cf9b2cafd5b3e0bc0b624eaaffa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 00:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14543
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4150
x-xss-protection: 0
server: cafe
etag: 7197913981456707621
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 00:05:41 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/elements/html/ Frame F81D 8 KB
3 KB 96ms
96ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 03:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 906
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 03:52:58 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F81D 121 KB
37 KB 107ms
107ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 04:08:04 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F81D 0
60 B 360ms
106ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu2xJME1p0NXOaWXKjY1rLNzVH-u9c3Ba3y62Rxy-Lv7KRLOoDacuDSPN_FVG8Dxd6j54aW5KZKL3N-BCMIqV9dVSfycNYCsKBlQ5HRYuXC7XsovrRWLVPMs-lQZK7SLsbf23FARZ61t3xkKOs&sig=Cg0ArKJSzDiqjW5UiRPfEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20220112.78186&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 04:08:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F81D 41 KB
15 KB 100ms
99ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 15:19:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 218931
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Jan 2023 15:19:13 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F81D 6 KB
4 KB 223ms
117ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/xfa/sodar_loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fede097b52379323d89b459b2a94dce0b0779325afa5e50546c831fe82ab11e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 04:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4378
x-xss-protection: 0

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/elements/html/ Frame 119C 8 KB
3 KB 98ms
97ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280630144;dc_ver=82.239;sz=728x90;u_sd=1;dc_adk=250412649;ord=mprxae;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=vHlVJgdxeo;sttr=178;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 03:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 906
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 03:52:58 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 119C 0
524 B 258ms
106ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsulTt7CIhZ1-SLSUux9MPIlM1prgrz7phrsRh54uV9k4mQ8PLllwRePa2Huj9CWFwjZKZ-7KGq_XBRGQIuALbhJ-g18Rc3k5hisNC80IXmOM7Jmesmx2_OFVA68Z3vSsuGW70z60fei7fvrayo&sig=Cg0ArKJSzPq_540kxShkEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220112.59059&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 04:08:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 119C 41 KB
15 KB 98ms
98ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 15:19:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 218931
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Jan 2023 15:19:13 GMT

GET
H2 200 17721130591974731406
s0.2mdn.net/simgad/ Frame 119C 69 KB
70 KB 467ms
257ms Image
image/jpeg 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/17721130591974731406

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92af9e53d768cc3fb6c9675d0d2eafba403f527fc761b29679953c71d3c588e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 23:07:51 GMT
x-content-type-options: nosniff
age: 450013
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71148
x-xss-protection: 0
last-modified: Tue, 07 Sep 2021 22:07:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Jan 2023 23:07:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 119C 121 KB
37 KB 114ms
114ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 04:08:04 GMT

GET
H/1.1 200
OK dv-measurements1999.js Show response
cdn.doubleverify.com/ Frame 1EF0 501 KB
92 KB 211ms
211ms Script
application/javascript 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1999.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/g7brepjk
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf10aa4c0d36db030233d72358bdb6d6300d8bd25d3de1f9139d7e2633de099

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 04:08:04 GMT
Content-Encoding: gzip
Last-Modified: Sun, 16 Jan 2022 08:48:57 GMT
Server: Microsoft-IIS/10.0
ETag: "8062e8e5b5ad81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 93896

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B621 22 KB
8 KB 93ms
93ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://ad.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 14 Jan 2022 15:19:21 GMT
expires: Sat, 14 Jan 2023 15:19:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 218923
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8F02 22 KB
8 KB 105ms
105ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 14 Jan 2022 15:19:21 GMT
expires: Sat, 14 Jan 2023 15:19:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 218923
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame B621 35 KB
13 KB 92ms
92ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 16 Jan 2022 20:51:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 16 Jan 2023 20:51:32 GMT

GET
DATA 200
OK truncated
/ Frame 119C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2eef0ea40f823279899c722a08d1e6b28ec2f827803adf7e397c331832ad6e87

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame 8F02 35 KB
13 KB 96ms
96ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 16 Jan 2022 20:51:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 16 Jan 2023 20:51:32 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 1EF0 1 KB
1 KB 530ms
180ms Script
text/javascript 63.251.109.130
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&ttmms=256&ttfrms=6&brid=3&brver=97.0.4692.71&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETar9EEADTbpTauTaugc3%60cfa3g_gde5c7h_g4hcgce5a7bfad%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETau8f3C6A%3B%3C&srcurlD=0&aUrlD=-1&ssl=https:&uid=1642392484901432&jsCallback=dvCallback_1642392484901296&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F97.0.4692.71%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1999&tgjsver=1999&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2F84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&fcifrms=6&brh=2&sdf=2&dvp_epl=281&noc=4&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://pastelink.net/g7brepjk&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0jXbbpFJJKn2dmvTdbbt5We&DVP_DBM_1=3060631&DVP_DBM_2=12004965&DVP_DBM_3=32655949&DVP_DBM_4=322644162&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=910685838181.1542&dvp_tukv=13047056214.920734&dvp_uuid=191997305727.8696&dvp_strhd=0.09999847412109375&dvpx_strhd=0.09999847412109375&dvp_tuid=1446377038429
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1999.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.109.130 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: 788588893c543ac9235e8d31c1c1bb7cb70df2a616cc3b1e94fc2940fe6d727e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:05 GMT
Content-Encoding: br
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 01/16/2022 04:08:05

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B621 0
20 B 65ms
64ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BScGSpOvkYbnoFuKQ7_UP7f-r6AwAAAAAOAHgBAI&bg=!qqmlqe3NAAaocxMpqHM7ACkAdvg8Wp_Mw07io71ikkpGVAO0QX-xpqtywV3EqGRrLCjnLK5GFS5HUgIAAACSUgAAAAJoAQeZAyZQml49dswvIllYCzSawElQDVTHWeM89gqja02Im345hmbotDMzSgPaoWSLhs44PuTTeGvQ-nERk2mcmGZljIFow8UF7JgZWWOUkeo4t3_mqgocN2kfhHF_QQ19d-WMUqNvOyJv5rLXjGOpWJrSecrmmwsYVGX0z6Tq6y7BHAocvmq1Udj9ySPsKBVOPIITdMsRyP7qJRutobIkEoV2DUYJRs9lSm-_BsAx6-Q8DGmPJ1jsAns-vc2x2C9FbaHYpci3exTTHx7a7kIiELJXXeE9cld7-NTVwWucx2B1iFbpylJNOTIss5RR1CwNb1tN3lCS801aIyGuh8nGPns4WukUjl9-4tKmgiCwyNnULhufraUzHNb2QeVG0FPXvSdOn0pT9LDnknh9ypfJ2l7bkwQnq2gH30CD-3lrGU6Q_hsmnJ0Ei6mLpQuMpSR1qGCR28k6AY3KBkNkwbCix_6iIIbJL3oi06KqPXBB5pRDNYvThj_mhFnwyVe_OFrJ0v5uPqHAv2eryqgVcNsACwAI9uod7nO1z6S3uDo1gS_cEzVjfwwQzvgszkLhWLXMjr7mZ-YtoH7q6uTYU3TAQK6w2xr5OxuiXe5iP6LGQ2CEWQn4iKYiOqgoHsM-GeG4b7pBjMPN6uv2onGZ-nqWSpymL-SMpOhpg-_wg_XsFwa_vwIo-nwWqE-rxQSraN_Y36Gn0H1QMgMcjzssJx-u-TZhgo7-zgzgKv4MZQcMYWaXdpD5Jc7e_8blYgRzSPO8yR11ciTbyozk6YOioAYq-tzHi32-XGAujzJ4IqQCF3PkfYHNVzoXqRkrOi0h7m7WvrUxxnOWLqRsKbyaG5Q4CX44Z74cj9qI0bahE5BxEVEhV0E2jB8kKv_j2LpnfWBjZmqMLpJ-cbNSc7K-gQ0M9R--PRZ00BcbqdIJ4SCiGcmxW9kKQdeJATmWDBq2DXi09h3a1ZoUKZRnEU_NL1NbiBGHWN2Ea46kAdSfnHArgB5xgdO1y1mUXmGyV4w4i-G0WU7aVIH6l-TbsKSPcDGEw0xymWXw3NoQbfSoZelwZPiNm2eVOYhZffWbew

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F81D 0
23 B 130ms
65ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 04:08:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F81D 17 KB
6 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/xfa/sodar_loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 04:08:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 04:08:05 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F02 0
20 B 65ms
64ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BOzhlpOvkYeK1F7CQ7_UP1L6pqAsAAAAAOAHgBAI&bg=!jI-lj8vNAAaocxMpqHM7ACkAdvg8WmLNZ7nqResguSUMDRkQmzPpzCZOR3Or9BOcLKtXKMHnuSg00AIAAAByUgAAAAJoAQeZAwoBblTuiZo3jKITm34m5y1dPCAHqp7fPxzMoqNzN63qaJSbG50X0gyTbg8_6YkSEPVa6rm7ujGUI4_ZFmrsNGzvlE_h693qrDsuWQiNnHUiS79z_I5zNGb73AWlxn6LVDZ6Qx-0Tzo28gufibP3OJK6m3zFtvdwnM7SPUB4dGbDVjbOXeTzVCAeOltbZ8mUdxZN-i5fSFdLAreOh2ON0aL16pwAFxXs8vWQEemk1WYmLKXxCYg5Zz9K36_Dn6LYbBRouTJCNTWoqL4nIDgA6XYDMloc5aaCBSTaqHngUG_WLn0EaxeEAsPpDqiMWySu-sykw4XA0qVzWWDpCgREeIWtyutKJBQ4dZflDuWd4oIr7aFDvqI5QaVCudhMf5jUBFVklom0g3gPJhgOpj6m4etrYTCr1b9VDt_jefacFh1O4q6GsYxE2cAeu4aW3o1kk8acZ9TJwqn7k5-CLpXD8NpDjhBPYQ-0DrBxdIpW8HSZBNQenRDVpux1idSKio_1E8i-pxJGVC70BdiVmsGy12UFp8Wqd_nP2_XGh3_Fnm3cQKiq_ZpxfdBy8OxFbN8oNLuxbDc7H34sf0rjOp2NVKofzO_KXUgfJMeSt2hvnN3oaBUCLPJmRNiCtJNZbtS7wlhDgJcfBgngvaiLT4Q3zpe9FzfIcLO4I_6apegiCWT2R9DYo52t6WR1un8PqTkEtERgQZVqZF4H5pJm-b2avV7rMKibXcKrurj_udjqW6RHJT3z28DS6tEC1-rhyp42YPH7xsToT_ftPXq1W-cfdbYFMcv63OO5yVOeaikkrHfTyaUpHBppRzZmT3Ojl--D6Zt4DFHboGluqY1Y4XkjrQvxL4ydGVjMs45f9mIwZnJZe38XlaragMV0cyf4w1701x_faxFrEy1eO8G9YmC0nwXYYGWR6X3Bzh90kutNYUHFdB19tsFmyH5j319nfkPzXdroT27YJ-4LlXscxnVCr8YNLaC4951-28yyCA2F459fdxlFn-emrN4SxYy0U4hooN04XWV6obFr-Igo

Requested by

Host: 84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
URL: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 119C 0
23 B 77ms
66ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 04:08:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js Show response
pagead2.googlesyndication.com/bg/ Frame D53A 35 KB
13 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oCaBrhzCGlT5mvuc9Dz4nEKrkbyTgapk6W_7TPRun4A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 01:31:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9420
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13579
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 01:31:05 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8A23 42 B
64 B 67ms
67ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstMDOws6_Qf31rVV4QWqzk1eu40GeyICpHmidDaTHgstFwmBHK3C6edLTboE-MZblTpXaVyd3FuTlnI3hrOIMYVXBxj2AR6I5_8bXKLt2GX11RJZwM&sai=AMfl-YTI0A8n_9-2AlmE_gLo2iY3_mbJGUBcSZJuBoaI0mbM9_dax0tN6hZX7kmBKG3VFhqpALio7q7SUWCuTOrXoGKFjTweqt_QiKf-qVnnq1emH1XzA7A729un9bi1wCc0&sig=Cg0ArKJSzDiUV4-Mx0gUEAE&cid=CAASFeRo-lYus0AQMv7L4kWMdjliZrMb-w&id=lidar2&mcvt=1007&p=575,1071,1179,1231&mtos=0,1007,1007,1007,1007&tos=0,1007,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&app=0&itpl=20&adk=2108190548&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642392482973&rpt=1157&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK bsevent.gif
tps20514.doubleverify.com/ Frame 119C 807 B
1 KB 418ms
58ms Ping
image/gif 213.254.244.18

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20514.doubleverify.com/bsevent.gif?impid=7b98d2bdbce24f31ad42e590b8fa5f4f&nav_pltfrm=Linux%20x86_64&cbust=1642392485746509
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal101.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.18 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:05 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 860
Expires: 1/16/2022 4:08:06 AM

POST
H/1.1 200
OK bsevent.gif
tps20515.doubleverify.com/ Frame 8A23 807 B
1 KB 418ms
58ms Ping
image/gif 213.254.244.18

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20515.doubleverify.com/bsevent.gif?impid=4f7f43a0402a45c3b5d2297775d7e757&nav_pltfrm=Linux%20x86_64&cbust=1642392485747550
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal101.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.18 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 04:08:05 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 860
Expires: 1/16/2022 4:08:06 AM

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F81D 42 B
64 B 64ms
64ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuPIJkwvwVwwzSbwPlyD_QLhkjxP5rIpS2d0n6RzeTn-yZHQC-paAjHF-POaBGf0-luL8O9fSuNuq2CAVC_271wHz7PR5JA&sig=Cg0ArKJSzNW1beVotvwqEAE&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=33&adk=2228999106&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642392484083&rpt=982&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 119C 42 B
64 B 63ms
62ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvss82-hLYZ3u6CfhTnmIe2E6haWRuDkVOSFCpqyqRvbTSlE2GieZvDQqJVmV3rjIS7frlN645V-KtWJV2an_r7INfUfxqf&sig=Cg0ArKJSzLVVcWSM4gLXEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=32&adk=250412649&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642392482957&rpt=2164&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 119C 42 B
64 B 64ms
64ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstS7N_wu3fybVRaM11FoM8Mkvy2Ou85ZHDsmqP6o1tMorZ8icxy0MdkOMhMHq54UQ-cunJPIhShYfEGC6nOyLxJjpxO_LXXIU-8UlVVE9oC1rqZGYs&sai=AMfl-YQ2m8MeUWRhWWCtM0fzrUFOhYAsuYt60K87ociuncTjBIenC-Ag9zerssa2DDkcKyajEj6djKVUBP-PZmz0BG3cty_V8xFCFjXivgXaDWhCmDJ-yPaaz6CXhWBn36bs&sig=Cg0ArKJSzHHQRRL7PKbqEAE&cid=CAASFeRoDTdRR4k4_WKnHM299TMx_QwA1g&id=lidar2&mcvt=1002&p=1105,436,1199,1164&mtos=0,1002,1002,1002,1002&tos=0,1002,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=3402602959&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642392482957&rpt=2161&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 04:08:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/generate_204?mW5Inw

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
pastelink.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: dd76midkdvpohdrfk8v3dv1v32
pastelink.net/	1970-01-20 00:13:34	Name: AdvallyUserLocation Value: GB,ENG
.pastelink.net/	1970-01-20 02:22:48	Name: _gcl_au Value: 1.1.1155630747.1642392482
.pastelink.net/	1970-01-20 00:14:38	Name: _gid Value: GA1.2.832529683.1642392482
.pastelink.net/	1970-01-20 00:13:12	Name: _gat_UA-55088947-2 Value: 1
.pastelink.net/	1970-01-20 17:44:24	Name: _ga_S3DKHVPF03 Value: GS1.1.1642392481.1.0.1642392481.0
pastelink.net/	1970-01-20 00:14:38	Name: plTest Value: false
.pastelink.net/	1970-01-20 17:44:24	Name: _ga Value: GA1.2.103938039.1642392482
.pastelink.net/	1970-01-20 00:13:12	Name: _gat_advallyTrackerpl Value: 1
.pastelink.net/	1970-01-20 09:34:48	Name: __gads Value: ID=a5cc99ba05247b66-226196d320cd00cb:T=1642392482:S=ALNI_MbyzMaF3mFBi5RuBdqLlkin3uoUww
.doubleclick.net/	1970-01-20 17:44:24	Name: IDE Value: AHWqTUkPjX-d2S2n9GiJ7ABvL2AHTK7zwnIhMYPMiJWg0YKr_NNmUxVel5CtsdZgpRw
.doubleclick.net/	1970-01-20 00:13:16	Name: DSID Value: NO_DATA
.casalemedia.com/	1970-01-20 02:22:48	Name: CMPS Value: 1838
.adnxs.com/	1970-01-20 02:22:48	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>=mABmV!]tbPl1M>e)ZlrFUfJ+tGXxoL>q@-8a]v=DbCGz:<liwQg0rH]5-eaTTf$^bpRzqF1`b^qh)v^M.
.adnxs.com/	1970-01-20 02:22:48	Name: uuid2 Value: 8846336875495836229
.casalemedia.com/	1970-01-20 00:14:38	Name: CMST Value: YeTro2Hk66MA
.casalemedia.com/	1970-01-20 08:58:48	Name: CMRUM3 Value: 2d61e4eba32760CAESEGtdooCWptTTq4okLEKiANY
.casalemedia.com/	1970-01-20 08:58:48	Name: CMID Value: YeTro2xqd1Yj0Boq.aRPpAAA
.casalemedia.com/	1970-01-20 02:22:48	Name: CMPRO Value: 298

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
other	warning	URL: https://cdn.ampproject.org/rtv/012111152338000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

84b1472b80856d4f908c94846d2f3725.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
ad.doubleclick.net
adservice.google.com
adservice.google.de
c.amazon-adsystem.com
cdn.adligature.com
cdn.ampproject.org
cdn.doubleverify.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.jquery.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
pastelink.net
pro.ip-api.com
rtb0.doubleverify.com
s0.2mdn.net
securepubads.g.doubleclick.net
tpc.googlesyndication.com
tps.doubleverify.com
tps20514.doubleverify.com
tps20515.doubleverify.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
tpc.googlesyndication.com
142.250.184.194
142.250.185.194
142.250.186.130
142.250.186.70
2.21.141.232
2001:4de0:ac18::1:a:1a
213.254.244.11
213.254.244.18
2606:4700:3031::ac43:cab1
2606:4700::6810:125e
2a00:1450:4001:801::2006
2a00:1450:4001:808::2003
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:810::2002
2a00:1450:4001:811::200a
2a00:1450:4001:813::2004
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2002
2a00:1450:4001:831::2003
2a01:7e00::f03c:91ff:fe39:1dbe
2a02:26f0:6c00:2b2::4469
37.252.172.249
51.77.64.70
52.222.210.175
54.239.37.23
63.251.109.130
01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d
043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da
04bcd86676a40009fe53606bce88edf13537b712f218f9c6057e97c612513092
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
115d83ece49fd1c5769409aab9d78572eed86cd38a0556b4cdeeac82c83091d3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
14b52d5e44212b22f6de0be5caeeb5bba561a29fd91bf6076bf1ad6d45ecae6f
15492ac61c709dcb6d27840ecfeb99254a9d6944a8253e0b31287225bd1b0b56
15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc
162a6b3bdfbd0f251e65e340c383b01c333ab0c1e5c1688e93afc965abbeab5f
1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107
1d3e7c4d67ff744882a5d90112b8266c6bef537d50823e3e72a5151a2c0e152b
279249ed963fcd87e6321b024c0194248dd1b44af5353e134071cdfff953967b
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
29d9e84a57a16dfa31898ca631469fc31f813264c7256aa59a3d0b522e649adb
2eef0ea40f823279899c722a08d1e6b28ec2f827803adf7e397c331832ad6e87
319dc60c796946da643a880fec740453dfa1308266841c576d1c577a4c9bac44
37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c
39c0b8be3e2bd4ecc61b4a789ac1e94d6a6812a15499181634db22e64fe7221c
3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
425c6a2930c93e1ad8cb560e73a1e34e09c223c2146480a3fafdcb200a02b0e4
46f32680b1546643896e48c1cb473a08c1824ef43f399954b369346e1682eafb
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311
4e46e56dce46d21c527e164d6749fb5ff0101f400aede06a8711196da9e5c619
4fede097b52379323d89b459b2a94dce0b0779325afa5e50546c831fe82ab11e
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63697d88ab7b6e34e76e5990b867c706cb4346c27ec1c5a034c4d91dfb136778
6a9777d3d83dbfe0ab03d15242cea1d535861cb690f755a92b342c8bd2788315
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7044b50c715a875243e35337fb602b9fbe83c30cbb84bd1c6e34dcc4d7ca0a46
76ca98643b0229d7a50626e2ed31a2ba5663b0697c880420fc3e4c6ca82684ca
788588893c543ac9235e8d31c1c1bb7cb70df2a616cc3b1e94fc2940fe6d727e
78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416
7a8cddbcafd53251a5341c6780d66dced4d1f5291dd09f1206738e8d1fd9e11a
801460d151dbd27ccff505c1516049c1113b7a66d592d17a2e28934b92eb03c6
806b4ea1a35d9a0327df2f3423b2792713d96cf9b2cafd5b3e0bc0b624eaaffa
83a94ad8a46a35ec117a480b3d9108764d211f2cf9620f895dd990ac8a7c631e
83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79
85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1
8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7
922e306a6fe0ede719a7fc79f287dfabf6cd9234583d778ec544a88eed908db2
92af9e53d768cc3fb6c9675d0d2eafba403f527fc761b29679953c71d3c588e1
97e5328bcf20c844528dc8a318aff3e66a547bd47b7f8aafa69c08adb96d581e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a02681ae1cc21a54f99afb9cf43cf89c42ab91bc9381aa64e96ffb4cf46e9f80
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0574668475ab72241ba04945aa6e1961160580fbb74032f0b473740225ec226
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a32c8f6551bd285a4c98a6811accef253d364885faa95e9a0237234d99eec187
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4ebeaf4ba2f488f8bc38a03f4e99f2ffb59eec6b110ae7dc959d20fbf020f1e
a67956b22ba19ed87f3801e26bb9c8f4a19c910f4366bb2abe3b30192ca6f33e
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
abbd99b5447bea3137820cb6934814656800252a152bae23556775b01cc521c2
ae308e0f954dd9a45304361e81dffc8a3893584af53b9779722bbb51a7c71e08
b0939d55dff27ea2ca24040d47216c107ba59e2e2414c19ab1ae9fd54acf98bb
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b41955ec4a54e46b66478ae9f915db18b8b893e9c1a5606b81edb502008880dc
b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477
bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1
bbbc44e5ebb0694e2faa4b84737dc33d6b8fa9d0eaa8b5f63ac3537130cb07bf
bcf6c79635689a63a0bab926671698fdeb8718d1f8095c403f8ce572bc3fdc6d
c1e12130de1af0a08256debddf188cd3a6d0de24ae929bcaa2bb6be433fa6c99
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
c3214bfea2c345e0ea5fae5aef8cbb9fdbebf575e13b78362f96258638fa58a4
c4b9d348566ddec7a877cd66f83889a88ed7a3786ad47a550556150ccb5ca905
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c59ecf34c8e169eb2c385296530f952be5ced6af24abbe7f2d47b89e520be544
c766ef34ab62d3f6587fbe6e4c4a700805c88004c472c5026f1e8ccd4111ffce
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
d93263a08700109f423d8230f55a769bed412db5be49fd06e2b2b5bbda4f637b
d9fc89d9fe1fba9c159a2c0cad84c448dbfc66d8c00b3a3eba635ccde792ff59
daf0d4ebf761cb8fcecc5219634cf5fbfe1e8b186d1952421ffbbab5ce756eb2
e1b9614ae3a52e8a5ee68cf54947020ea96f937d7aa54bce5af97353649247ab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7a85b5f5eca873844fb9e70c33b469dcb2ca9f329578ffff732d5324df707f0
e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128
ebd635d843d43673dd737988e3383b01614cfca991785e481a47e7bd6b8aea17
ebf10aa4c0d36db030233d72358bdb6d6300d8bd25d3de1f9139d7e2633de099
eeace1f2c555820c1fd80519625f29571b8a009b32dbbb29ed288ad89abb3ef0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ffd015b1bb0125d07c39cbfcdee6a8e2b604b55ea1936cf550fe1f9fbdbf2ae4

pastelink.net Open in urlscan Pro 2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

145 Requests

92 %HTTPS

61 %IPv6

20 Domains

33 Subdomains

32 IPs

5 Countries

2166 kBTransfer

5562 kBSize

19 Cookies

38 Outgoing links

Redirected requests

145 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pastelink.net Open in urlscan Pro
2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

Screenshot
Live screenshot

Full Image

145
Requests

92 %
HTTPS

61 %
IPv6

20
Domains

33
Subdomains

32
IPs

5
Countries

2166 kB
Transfer

5562 kB
Size

19
Cookies

145 HTTP transactions
5 data transactions