URL: https://pastelink.net/l3in7dnp
Submission: On December 12 via manual from DE — Scanned from CH

Summary

This website contacted 59 IPs in 12 countries across 61 domains to perform 312 HTTP transactions. The main IP is 88.208.215.108, located in United Kingdom and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is pastelink.net. The Cisco Umbrella rank of the primary domain is 263737.
TLS certificate: Issued by R3 on December 7th 2023. Valid for: 3 months.
This is the only time pastelink.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 88.208.215.108 8560 (IONOS-AS ...)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 4 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 64.227.38.224 14061 (DIGITALOC...)
7 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
3 130.211.23.194 396982 (GOOGLE-CL...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
4 13 172.217.23.102 15169 (GOOGLE)
1 167.172.55.208 14061 (DIGITALOC...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a02:2638:3::7 44788 (ASN-CRITE...)
2 51.89.9.253 16276 (OVH)
1 52.51.96.110 16509 (AMAZON-02)
1 178.128.135.204 14061 (DIGITALOC...)
1 63.32.188.239 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 185.64.189.112 62713 (AS-PUBMATIC)
6 185.86.139.116 201081 (SMARTADSE...)
1 2 37.252.171.21 29990 (ASN-APPNEX)
5 2602:803:c003... 26667 (RUBICONPR...)
1 34.120.63.153 396982 (GOOGLE-CL...)
1 67.202.105.23 32748 (STEADFAST)
45 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
29 2a00:1450:400... 15169 (GOOGLE)
2 184.30.16.195 16625 (AKAMAI-AS)
1 198.47.127.19 62713 (AS-PUBMATIC)
1 1 185.29.134.244 30419 (MEDIAMATH...)
19 198.47.127.205 3257 (GTT-BACKB...)
1 178.250.1.9 44788 (ASN-CRITE...)
1 2 52.94.223.37 16509 (AMAZON-02)
1 1 2620:116:800d... 16509 (AMAZON-02)
1 1 85.114.159.118 24961 (MYLOC-AS ...)
1 1 54.209.153.200 14618 (AMAZON-AES)
2 2 35.156.28.132 16509 (AMAZON-02)
5 5 52.31.247.171 16509 (AMAZON-02)
16 20 216.58.212.162 15169 (GOOGLE)
1 1 185.86.138.152 201081 (SMARTADSE...)
1 1 208.93.169.131 46244 (WEBMD-IDC...)
1 2 151.101.194.49 54113 (FASTLY)
1 1 82.145.213.8 39832 (NO-OPERA)
1 63.251.232.165 32475 (SINGLEHOP...)
1 1 35.214.224.182 15169 (GOOGLE)
2 2 213.155.156.167 1299 (TWELVE99 ...)
1 1 193.0.160.131 54312 (ROCKETFUEL)
1 195.5.165.20 44968 (IPROM-AS)
1 35.186.193.173 15169 (GOOGLE)
1 1 141.94.240.143 16276 (OVH)
2 2 146.59.148.16 16276 (OVH)
2 3 52.19.8.73 16509 (AMAZON-02)
2 34.149.40.38 396982 (GOOGLE-CL...)
1 2 34.111.129.221 396982 (GOOGLE-CL...)
3 4 52.48.177.163 16509 (AMAZON-02)
3 3 37.157.6.243 198622 (ADFORM)
1 35.204.74.118 396982 (GOOGLE-CL...)
1 35.71.131.137 16509 (AMAZON-02)
1 2a05:d018:d29... 16509 (AMAZON-02)
2 2 3.75.62.37 16509 (AMAZON-02)
2 185.64.190.81 62713 (AS-PUBMATIC)
2 2 98.98.134.243 21859 (ZEN-ECN)
2 2 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 1 2001:678:cb4:... 56396 (AMOBEE)
1 1 188.166.17.21 14061 (DIGITALOC...)
12 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
12 20 172.64.151.101 13335 (CLOUDFLAR...)
8 65.109.98.108 24940 (HETZNER-AS)
63 192.229.233.6 15133 (EDGECAST)
8 46.4.76.120 24940 (HETZNER-AS)
2 2a02:2638:3::3 ()
1 3 2a02:2638:3::c ()
2 2 54.220.71.122 ()
312 59
Apex Domain
Subdomains
Transfer
79 revjet.com
ads.revjet.com — Cisco Umbrella Rank: 6785
cdn.revjet.com — Cisco Umbrella Rank: 6853
pix.revjet.com — Cisco Umbrella Rank: 5801
10 MB
75 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 102
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 148
519 KB
49 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196
ad.doubleclick.net — Cisco Umbrella Rank: 139
cm.g.doubleclick.net — Cisco Umbrella Rank: 219
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
371 KB
25 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 504
ads.pubmatic.com — Cisco Umbrella Rank: 544
image6.pubmatic.com — Cisco Umbrella Rank: 793
simage2.pubmatic.com — Cisco Umbrella Rank: 723
image2.pubmatic.com — Cisco Umbrella Rank: 859
image4.pubmatic.com — Cisco Umbrella Rank: 1224
simage4.pubmatic.com
32 KB
20 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578
12 KB
13 pastelink.net
pastelink.net — Cisco Umbrella Rank: 263737
346 KB
11 gstatic.com
www.gstatic.com
fonts.gstatic.com
271 KB
7 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1657
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 622
16 KB
6 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 206
385 KB
5 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 563
3 KB
5 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 537
4 KB
5 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 776
dis.criteo.com — Cisco Umbrella Rank: 550
gum.criteo.com
mug.criteo.com
12 KB
5 4dex.io
script.4dex.io — Cisco Umbrella Rank: 1628
mp.4dex.io — Cisco Umbrella Rank: 2346
u.4dex.io — Cisco Umbrella Rank: 3500
28 KB
4 audrte.com
a.audrte.com — Cisco Umbrella Rank: 2112
3 KB
4 btloader.com
btloader.com — Cisco Umbrella Rank: 931
api.btloader.com — Cisco Umbrella Rank: 1000
21 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
region1.google-analytics.com — Cisco Umbrella Rank: 2189
21 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 2
2 KB
4 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
4 KB
3 yahoo.com
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474
ups.analytics.yahoo.com — Cisco Umbrella Rank: 307
1 KB
3 adform.net
dmp.adform.net — Cisco Umbrella Rank: 2870
c1.adform.net — Cisco Umbrella Rank: 560
2 KB
3 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 799
1 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36
257 KB
2 360yield.com
ice.360yield.com
656 B
2 criteo.net
static.criteo.net
60 KB
2 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 300
412 KB
2 dotomi.com
pubmatic-match.dotomi.com — Cisco Umbrella Rank: 2850
744 B
2 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 681
938 B
2 weborama.fr
cr.frontend.weborama.fr — Cisco Umbrella Rank: 24651
499 B
2 onaudience.com
pixel-eu.onaudience.com — Cisco Umbrella Rank: 18123
1 KB
2 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 4497
562 B
2 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 685
766 B
2 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 336
938 B
2 amazon-adsystem.com
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 807
2 KB
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 229
7 KB
2 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 714
1 KB
2 ad-delivery.net
ad-delivery.net — Cisco Umbrella Rank: 1018
1 KB
1 bidtheatre.com
match.adsby.bidtheatre.com — Cisco Umbrella Rank: 1901
555 B
1 turn.com
ad.turn.com — Cisco Umbrella Rank: 773
518 B
1 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 331
149 B
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 780
612 B
1 erne.co
green.erne.co — Cisco Umbrella Rank: 32406
412 B
1 ctnsnet.com
ipac.ctnsnet.com — Cisco Umbrella Rank: 4999
360 B
1 iprom.net
core.iprom.net — Cisco Umbrella Rank: 5215
281 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 825
793 B
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 870
226 B
1 adgrx.com
cm.adgrx.com — Cisco Umbrella Rank: 1388
283 B
1 opera.com
t.adx.opera.com — Cisco Umbrella Rank: 1072
552 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 501
1002 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 702
1 KB
1 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1428
524 B
1 quantserve.com
cms.quantserve.com — Cisco Umbrella Rank: 749
593 B
1 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 1031
734 B
1 33across.com
ssc-cms.33across.com — Cisco Umbrella Rank: 904
1 media.net
prebid.media.net — Cisco Umbrella Rank: 1498
1 KB
1 omnitagjs.com
hb-api.omnitagjs.com — Cisco Umbrella Rank: 3655
925 B
1 marphezis.com
rt.marphezis.com — Cisco Umbrella Rank: 9704
9 KB
1 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 2371
778 B
1 buysellads.com
srv.buysellads.com — Cisco Umbrella Rank: 21550
716 B
1 buysellads.net
cdn4.buysellads.net — Cisco Umbrella Rank: 28340
158 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 204
1 KB
0 gammaplatform.com Failed
cm-supply-web.gammaplatform.com Failed
312 61
Domain Requested by
63 cdn.revjet.com ads.revjet.com
srcdoc
cdn.revjet.com
39 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
pagead2.googlesyndication.com
www.gstatic.com
googleads.g.doubleclick.net
www.googletagservices.com
29 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
pastelink.net
googleads.g.doubleclick.net
20 dsum-sec.casalemedia.com 12 redirects googleads.g.doubleclick.net
20 cm.g.doubleclick.net 16 redirects googleads.g.doubleclick.net
13 ad.doubleclick.net 4 redirects pastelink.net
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
srcdoc
13 pastelink.net pastelink.net
12 googleads.g.doubleclick.net 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
pagead2.googlesyndication.com
10 simage2.pubmatic.com ads.pubmatic.com
9 image2.pubmatic.com ads.pubmatic.com
8 pix.revjet.com srcdoc
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
8 ads.revjet.com 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
ads.revjet.com
7 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com securepubads.g.doubleclick.net
7 www.gstatic.com www.google.com
pastelink.net
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
6 www.googletagservices.com 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
pastelink.net
6 prg.smartadserver.com cdn4.buysellads.net
5 match.prod.bidr.io 5 redirects
5 fastlane.rubiconproject.com cdn4.buysellads.net
4 a.audrte.com 3 redirects ads.pubmatic.com
4 securepubads.g.doubleclick.net cdn4.buysellads.net
securepubads.g.doubleclick.net
4 fonts.gstatic.com fonts.googleapis.com
4 www.google.com 2 redirects pastelink.net
tpc.googlesyndication.com
4 fonts.googleapis.com pastelink.net
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
3 sync.crwdcntrl.net 2 redirects ads.pubmatic.com
3 api.btloader.com btloader.com
3 www.googletagmanager.com pastelink.net
www.googletagmanager.com
www.google-analytics.com
2 ice.360yield.com 2 redirects
2 gum.criteo.com 1 redirects static.criteo.net
2 static.criteo.net cdn4.buysellads.net
static.criteo.net
2 s0.2mdn.net 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
2 pubmatic-match.dotomi.com 2 redirects
2 pixel-sync.sitescout.com 2 redirects
2 ups.analytics.yahoo.com 2 redirects
2 c1.adform.net 2 redirects
2 cr.frontend.weborama.fr 1 redirects ads.pubmatic.com
2 u.4dex.io ads.pubmatic.com
2 pixel-eu.onaudience.com 2 redirects
2 d5p.de17a.com 2 redirects
2 sync-tm.everesttech.net 1 redirects ads.pubmatic.com
2 x.bidswitch.net 2 redirects
2 aax-eu.amazon-adsystem.com 1 redirects ads.pubmatic.com
2 ads.pubmatic.com pastelink.net
ads.pubmatic.com
2 ib.adnxs.com 1 redirects cdn4.buysellads.net
2 onetag-sys.com cdn4.buysellads.net
pastelink.net
2 script.4dex.io cdn4.buysellads.net
script.4dex.io
2 ad-delivery.net pastelink.net
2 region1.google-analytics.com www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 simage4.pubmatic.com ads.pubmatic.com
1 mug.criteo.com
1 match.adsby.bidtheatre.com 1 redirects
1 ad.turn.com 1 redirects
1 image4.pubmatic.com ads.pubmatic.com
1 pr-bh.ybp.yahoo.com ads.pubmatic.com
1 match.adsrvr.org ads.pubmatic.com
1 um.simpli.fi ads.pubmatic.com
1 dmp.adform.net 1 redirects
1 green.erne.co 1 redirects
1 ipac.ctnsnet.com ads.pubmatic.com
1 core.iprom.net ads.pubmatic.com
1 p.rfihub.com 1 redirects
1 csync.loopme.me 1 redirects
1 cm.adgrx.com ads.pubmatic.com
1 t.adx.opera.com 1 redirects
1 bh.contextweb.com 1 redirects
1 rtb-csync.smartadserver.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 dsp.adfarm1.adition.com 1 redirects
1 cms.quantserve.com 1 redirects
1 dis.criteo.com ads.pubmatic.com
1 sync.mathtag.com 1 redirects
1 image6.pubmatic.com ads.pubmatic.com
1 ssc-cms.33across.com pastelink.net
1 prebid.media.net cdn4.buysellads.net
1 hbopenbid.pubmatic.com cdn4.buysellads.net
1 mp.4dex.io cdn4.buysellads.net
1 hb-api.omnitagjs.com cdn4.buysellads.net
1 rt.marphezis.com cdn4.buysellads.net
1 ads.servenobid.com cdn4.buysellads.net
1 bidder.criteo.com cdn4.buysellads.net
1 srv.buysellads.com cdn4.buysellads.net
1 btloader.com cdn4.buysellads.net
1 cdn4.buysellads.net pastelink.net
1 cdnjs.cloudflare.com pastelink.net
0 cm-supply-web.gammaplatform.com Failed ads.pubmatic.com
312 85
Subject Issuer Validity Valid
pastelink.net
R3
2023-12-07 -
2024-03-06
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
www.google.com
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
cdn4.buysellads.net
Sectigo RSA Domain Validation Secure Server CA
2023-11-14 -
2024-11-14
a year crt.sh
*.gstatic.com
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
btloader.com
GTS CA 1P5
2023-10-19 -
2024-01-17
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
api.btloader.com
GTS CA 1D4
2023-12-08 -
2024-03-07
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
*.buysellads.com
Sectigo RSA Domain Validation Secure Server CA
2023-05-25 -
2024-06-24
a year crt.sh
script.4dex.io
Cloudflare Inc ECC CA-3
2023-10-23 -
2024-10-22
a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-12-01 -
2024-03-01
3 months crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-12-28 -
2024-01-28
a year crt.sh
ads.servenobid.com
Amazon RSA 2048 M01
2023-04-29 -
2024-05-27
a year crt.sh
*.marphezis.com
Sectigo RSA Domain Validation Secure Server CA
2023-01-03 -
2024-01-03
a year crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA
2023-06-23 -
2024-07-22
a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2023-04-20 -
2024-05-20
a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-01-21 -
2024-01-23
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2023-02-13 -
2024-03-15
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2023-03-05 -
2024-04-03
a year crt.sh
prebid.media.net
GTS CA 1D4
2023-10-28 -
2024-01-26
3 months crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA
2023-09-06 -
2024-09-30
a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
aax-eu.amazon-adsystem.com
Amazon RSA 2048 M01
2023-06-21 -
2024-03-02
8 months crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3
2023-08-11 -
2024-09-11
a year crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA
2023-03-03 -
2024-03-31
a year crt.sh
*.iprom.net
R3
2023-11-13 -
2024-02-11
3 months crt.sh
*.ctnsnet.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-10-13 -
2024-11-10
a year crt.sh
u.4dex.io
GTS CA 1D4
2023-10-22 -
2024-01-20
3 months crt.sh
*.simpli.fi
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-11-07 -
2024-12-07
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2023-04-12 -
2024-05-13
a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2023-08-29 -
2024-02-21
6 months crt.sh
*.revjet.com
Sectigo RSA Domain Validation Secure Server CA
2023-03-20 -
2024-04-11
a year crt.sh
cdn.revjet.com
DigiCert TLS RSA SHA256 2020 CA1
2023-02-09 -
2024-03-11
a year crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-10-09 -
2024-01-06
3 months crt.sh

This page contains 54 frames:

Primary Page: https://pastelink.net/l3in7dnp
Frame ID: D7DFDEB7A53B9C98467B440CF8784AA0
Requests: 71 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Frame ID: 162218C3F728B4FCFD2BDC4105E9CE1C
Requests: 1 HTTP requests in this frame

Frame: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C6C20A3AAD3F9761D4FC63A2695B452E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 808F13729830D10F035957F8ED5C9516
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3F6CD877A4AE9ED29FCC28AB7773E32E
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Frame ID: CE708677294938846B5A890904BC70E7
Requests: 18 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0a846577-dc60-4500-9024-20a9a02905d3&gdpr=0&gdpr_consent=
Frame ID: A5403553BFFFD1005A172E6B425DDF7B
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 8212B241B7E998D39207FE6A08B71245
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&redir=true&gdpr=0&gdpr_consent=&dcc=t
Frame ID: CF8BE9267942FAD4E5ED88222A77F5B8
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=JBNp3XZFaNo_FmjSdxRzjCZFat8_EDrbcUBwtRqS
Frame ID: A3F719F604A01D2A116282A79BADC5ED
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7726304148053272367&gdpr=0&gdpr_consent=
Frame ID: 4820D7F9D348D9AE3275F4BE16A94B54
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7311554824934914191&gdpr=0&gdpr_consent=
Frame ID: E64D477E0EBC4F8526F4B0181CE3ECAC
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=_NwKiH2zU2xYNcunbFZn_7AKagM&gdpr=0&gdpr_consent=
Frame ID: 0661F1E627221A9DBE3E8F8006FE6C8D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=e98ca359-d536-4904-b973-11bb58fa7c1b&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
Frame ID: 636AED56258F0FBAFDF63A1DBD37193C
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABBn07K77kAABU03teMng&gdpr=0&gdpr_consent=
Frame ID: A502DFE11F825C1C280875794F00D5D9
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZXfcYAAGTf-8MwBH
Frame ID: 31D4102755C45362EF0DCC1189F92D19
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU86d7538f3ea747988cecb0036de59bee
Frame ID: 7446F416F7612C2C24732518860A4895
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: C5B153F4AFB1ECB4496EF8AA1A5035C8
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: 9B005EE27B513EFD2C954F412AE7A990
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1644826649221451976
Frame ID: 1C54D4225B7E57C8461C8A82DB285102
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5144588527999685960
Frame ID: 7A1DBA4918207227A84F17B4088501CC
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Frame ID: 6D47D075A964EB55EA310884A7CF4CCC
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Frame ID: 398F3DEAF983E0C38DE4DB0BA6B317B4
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=39puKE4JaWTQTXnXRRhTUVaQ&gdpr=0&gdpr_consent=
Frame ID: 682AC2A5D9903CAB932A6F82EB444756
Requests: 1 HTTP requests in this frame

Frame: https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel
Frame ID: A659DF1CA32A7C2CAE6D1704EFDCF548
Requests: 1 HTTP requests in this frame

Frame: https://u.4dex.io/setuid?bidder=pubmatic&uid=(PM_UID)B5B0DC23-EF24-44B6-96D4-87CDBBEF7136
Frame ID: 5201159D3B7844F5DFE8FFF426082A79
Requests: 1 HTTP requests in this frame

Frame: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 5E5C0E9FD53CE047868A33F533737CCD
Requests: 17 HTTP requests in this frame

Frame: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 0271ABC1B1A7A32DBB59AE724AFA706E
Requests: 17 HTTP requests in this frame

Frame: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 3989798FDFB357FAC9645C5B22E76BE7
Requests: 17 HTTP requests in this frame

Frame: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 3128C733D0789FCC872E27E2B25D9690
Requests: 17 HTTP requests in this frame

Frame: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 5678E72D5F295C36656A64B9B7F926E8
Requests: 5 HTTP requests in this frame

Frame: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E009EB95828E7B2B76BCABFB5AA2170D
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGNu11OABMAE&v=APEucNX3LSfDqifYJI6ej3ayxpyJt4hW8l5IlXe3NPe0baL5JD6MJilZmCiaegUJqE3RGFb-Ud2-WR33fCk2a8MVfS8aTI672A
Frame ID: 6FD5E02B2F21AD38806407D00A0349E6
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNX0aIu0gyq56H1f24gNIMGn_L9274M9RA2jXoBhe3heXNiyO-7aoBNw8wR5KKLNkovr-t32RCyZ7dzQcyHze18oyiqDFw
Frame ID: E3C74AD5BB06A8DDE48535906E84E906
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNW0IeY135lrc5_RUdbxap2t-RWQFolZziMxAO8gT29UfO0wKonPZ4sj-tZWYm_BJ5nHJxY2QDpyyt9VUpN6D1WObLVskQ
Frame ID: A5083BD6FED18F544BC08B079FD59EEA
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNUJrNVzrsW584nIJgTo7wJpzeS2baVJIaUq9Jax4zXw3z4ObL5Hc158yG5rqf0cYdLlhzTrFVkcKJgjlOGKTgCsiOHOyA
Frame ID: EB73E4E1D0F451BB27B52CA9B0FE29DF
Requests: 4 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019
Frame ID: 73034D21EA3A133627FACD6AC2546AB1
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 6F81050D0E02F04629236A3CEE4741C4
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 32E30E4E69D5CB144432E45C50E119F8
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js
Frame ID: 53E1B15DD69949CD5535A29E93EE6194
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 2F3C27F6A2E481D7CFEFECE7103F9536
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 741D07B58302ED9CD32A9E9A3941F795
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 8E0B5DC4E6A8C86CC58683690A02618C
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 13804AB584FDBAE87FD7A646AA792CDD
Requests: 3 HTTP requests in this frame

Frame: https://cdn.revjet.com/~cdn/JS/03/sync.html?origin=https%3A%2F%2F339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
Frame ID: 4C485152BE07997D1F94218E68E6B9B0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.revjet.com/~cdn/JS/03/sync.html?origin=https%3A%2F%2F339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
Frame ID: D74DB7331F262F3998C531F1C6568ADE
Requests: 1 HTTP requests in this frame

Frame: https://cdn.revjet.com/~cdn/JS/03/sync.html?origin=https%3A%2F%2F339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
Frame ID: DBB00EB76752ADE6D128511CAD11AF89
Requests: 1 HTTP requests in this frame

Frame: https://cdn.revjet.com/~cdn/JS/03/sync.html?origin=https%3A%2F%2F339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
Frame ID: 138AC1672D65988517CC12D8A2DA5639
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: A6DCE7A2108BD6ED7570E71E9C78EA83
Requests: 1 HTTP requests in this frame

Frame: https://cdn.revjet.com/~cdn/JS/03/elements-2.10.0.js
Frame ID: D95D21420861B6BE75767CD78EE8F46A
Requests: 17 HTTP requests in this frame

Frame: https://cdn.revjet.com/~cdn/JS/03/elements-2.10.0.js
Frame ID: 806E029DDBB7DF6D84F9D19FC9BBB190
Requests: 17 HTTP requests in this frame

Frame: https://cdn.revjet.com/~cdn/JS/03/elements-2.10.0.js
Frame ID: 51BBC14DCDBCA266D2259F08A9F8C14A
Requests: 17 HTTP requests in this frame

Frame: https://cdn.revjet.com/~cdn/JS/03/elements-2.10.0.js
Frame ID: 1676012924BEE63ABAF3EE1542CDC0BD
Requests: 16 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=pastelink.net
Frame ID: E901F4F11DF2F0BBD8BF18D021F23BE8
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

The Biggest Problem With Marc Jacobs Handbag Sale And How You Can Resolve It - Pastelink.net

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

312
Requests

91 %
HTTPS

33 %
IPv6

61
Domains

85
Subdomains

59
IPs

12
Countries

12820 kB
Transfer

18486 kB
Size

102
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0a846577-dc60-4500-9024-20a9a02905d3&gdpr=0&gdpr_consent=
Request Chain 77
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&redir=true&gdpr=0&gdpr_consent=&dcc=t
Request Chain 78
  • https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=JBNp3XZFaNo_FmjSdxRzjCZFat8_EDrbcUBwtRqS
Request Chain 79
  • https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7726304148053272367&gdpr=0&gdpr_consent=
Request Chain 80
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7311554824934914191&gdpr=0&gdpr_consent=
Request Chain 81
  • https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=_NwKiH2zU2xYNcunbFZn_7AKagM&gdpr=0&gdpr_consent=
Request Chain 82
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=e98ca359-d536-4904-b973-11bb58fa7c1b&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
Request Chain 83
  • https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFCQm4wN0s3N2tBQUJVMDN0ZU1uZw&gdpr=0&gdpr_consent=&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partneruserid=AABBn07K77kAABU03teMng&partnerid=127&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID&gdpr=0 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=pp%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=2&userid=9038138657779389971&gdpr=0&gdpr_consent= HTTP 303
  • https://bh.contextweb.com/bh/rtset?ev=AABBn07K77kAABU03teMng&do=add&pid=558502&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26userid%3D9038138657779389971%26gdpr%3D0%26gdpr_consent%3D%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3&gdpr=0 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&userid=9038138657779389971&gdpr=0&gdpr_consent=&bee_sync_partners=pm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AABBn07K77kAABU03teMng&pid=558502&do=add&gdpr=0 HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABBn07K77kAABU03teMng&gdpr=0&gdpr_consent=
Request Chain 84
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZXfcYAAGTf-8MwBH
Request Chain 85
  • https://t.adx.opera.com/pub/sync?pubid=pub8730968190912 HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU86d7538f3ea747988cecb0036de59bee
Request Chain 87
  • https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Request Chain 88
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1644826649221451976
Request Chain 89
  • https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5144588527999685960
Request Chain 92
  • https://green.erne.co/pubmatic/cm?gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=0&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25_rid%26gdpr%3D0%26gdpr_consent%3D%25_gdpr_consent HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=047d72e299b7650d/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253D39puKE4JaWTQTXnXRRhTUVaQ%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
  • https://pixel-eu.onaudience.com/?partner=104&icm&cver&mapped=734d58b0cea31816cce07e19f571548b&gdpr=0&redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D39puKE4JaWTQTXnXRRhTUVaQ%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=39puKE4JaWTQTXnXRRhTUVaQ&gdpr=0&gdpr_consent=
Request Chain 95
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=tbDcI-8kRLaW1IfNu-9xNg%3D%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=tbDcI-8kRLaW1IfNu-9xNg%3D%3D&gdpr=0&gdpr_consent=&google_tc= HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Request Chain 96
  • https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&gdpr=0&gdpr_consent=&ct=y
Request Chain 97
  • https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent= HTTP 307
  • https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=1437143964
Request Chain 98
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=MzdiQzFWWkRhU0dUSGF5U0J5aFVhajN5dw==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%253D%253D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/a?adform_uid=8281154537407726195&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D HTTP 302
  • https://a.audrte.com/p
Request Chain 99
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjVCMERDMjMtRUYyNC00NEI2LTk2RDQtODdDREJCRUY3MTM2&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjVCMERDMjMtRUYyNC00NEI2LTk2RDQtODdDREJCRUY3MTM2&gdpr=0&gdpr_consent=&google_tc= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 100
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEH44qrJ1iBVszqXwxLHDFBU&google_cver=1
Request Chain 102
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8281154537407726195
Request Chain 105
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-PTP1VvRE2uXmA_xoStDf2bGzA9xLVdo-~A&gdpr=0
Request Chain 106
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=2fd9e568-28fe-4950-b2e4-d206f46d1484-6577dc60-4348&gdpr=0&gdpr_consent=
Request Chain 107
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&gdpr=0&gdpr_consent= HTTP 302
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=9509fdada2817d9&is_secure=true&networkId=17100&version=1&nuid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAISbTrPy59UgNfE09YAAAAAAA&expiration=1702440416&nuid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&is_secure=true&gdpr_consent=&gdpr=0
Request Chain 108
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2875652969077825227&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 109
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:3d0487c1-d251-46f1-bdaf-fa4aa5f24389&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 167
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
Request Chain 168
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXfcYHnHbcyBJZDkuy2u5wAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1
Request Chain 170
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
Request Chain 171
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXfcYES15ji4-P.hWuP8KAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&google_hm=2
Request Chain 173
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
Request Chain 174
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXfcYHnHbcyBJZDkuy2u5wAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1
Request Chain 176
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
Request Chain 177
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXfcYES15ji4-P.hWuP8KAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&google_hm=2
Request Chain 185
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 210
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 246
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016882 HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_pre=CICm2fOCiYMDFWyi_QcdHowDHA;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016882
Request Chain 255
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016886 HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_pre=CO7u2_OCiYMDFeSX_Qcd6SwDlA;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016886
Request Chain 263
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016893 HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_pre=CLHV3fOCiYMDFbzkEQgdfOILNw;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016893
Request Chain 272
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134039;dc_trk_aid=550145342;dc_trk_cid=186929037;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016887 HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134039;dc_pre=CMru3_OCiYMDFYf0EQgdH3AGwQ;dc_trk_aid=550145342;dc_trk_cid=186929037;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016887
Request Chain 304
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=pastelink.net&sn=ChromeSyncframe&so=0&topUrl=pastelink.net&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=3On-yXwwdzk1SnVoYXRzSE1nWGFUK2VybllVdkNoQXMvVUdMK2NpWFNmUU5WM1hvcUlwNVBVa3RmRkYyRlNjODJoeGo2b2tZMEVvanJob1l1MnFmU0pYVXlKekdxRzJ0OEdmazNYSlhsb1VJODMvMGFBQVBwWTJ0WFRJVGovV3VGWlRUUWJRdjVmaE5UWlZvVGJ3WGo1Zlp4TmhIZmFKWnpMcERySlhZU2drYVBzY1V1dmE1MHFtY0ZheGFiNSttZzh0dFdZaTFpRFNjdTVlLzlNcitDSm1xcnowcm4wcE1iTll4TWk4eGJTbWV1OWhFTVB5QU1ySkJGaklxdHFCNk02cmZ6RDJXeUtBVGVCaW1KQWpsWlU2K1lFczFIZXVYSElHSktmMmMwQnNONjBmMD18&cppv=2
Request Chain 308
  • https://ice.360yield.com/server_match?partner_id=1790&r=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dimprovedigital%26uid%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ice.360yield.com/ul_cb/server_match?partner_id=1790&r=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dimprovedigital%26uid%3D%7BPUB_USER_ID%7D HTTP 302
  • https://u.4dex.io/setuid?bidder=improvedigital&uid=64858801-c33c-46cb-9689-7c4b8f4380f5

312 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request l3in7dnp
pastelink.net/
30 KB
9 KB
Document
General
Full URL
https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
8525333b249ceeb45d8503b5512b520efe613a29dcf11eb67b490a3048a3a5c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 12 Dec 2023 04:06:53 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
x-frame-options
SAMEORIGIN
css2
fonts.googleapis.com/
5 KB
802 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
af9edf3e86a80586d0770850908bf3929a2112adc59211e9cb715c0218f14b9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 12 Dec 2023 04:06:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 12 Dec 2023 04:06:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 12 Dec 2023 04:06:53 GMT
styles.css
pastelink.net/assets/css/
130 KB
130 KB
Stylesheet
General
Full URL
https://pastelink.net/assets/css/styles.css?q=37
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
12b2573815dac6ac5646fab27841f398fa908cc13d510f2e14bffb595b726bbf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/l3in7dnp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Wed, 26 Jul 2023 15:36:49 GMT
server
nginx
etag
"64c13d91-2071e"
content-type
text/css
accept-ranges
bytes
content-length
132894
jquery-3.6.0.min.js
pastelink.net/assets/js/
87 KB
88 KB
Script
General
Full URL
https://pastelink.net/assets/js/jquery-3.6.0.min.js
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/l3in7dnp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 15 May 2023 18:42:14 GMT
server
nginx
etag
"64627d06-15d9d"
content-type
application/javascript
accept-ranges
bytes
content-length
89501
script.min.js
pastelink.net/assets/js/
46 KB
46 KB
Script
General
Full URL
https://pastelink.net/assets/js/script.min.js?q=37
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
89f0335d649cdccf5bc16b4fad138e1fa6da670d851c82b48ccdd31273371110
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/l3in7dnp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Wed, 26 Jul 2023 15:36:49 GMT
server
nginx
etag
"64c13d91-b8f8"
content-type
application/javascript
accept-ranges
bytes
content-length
47352
js.cookie.min.js
cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/
2 KB
1 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/js.cookie.min.js
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1211795
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
772
last-modified
Mon, 04 May 2020 16:11:49 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec5-6d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=raSTlbOpZqjCBiad5QPySDX0bw38JeihUGAnCrwF3%2BzF8fH8ZcfiMC8DurA%2BDnMhnIlJ0cfQmaQIePCJNi4glV4ibc%2BOSXqbSuoyV6kp3EQS9RGtIsOZpBrROuz4RTY9GXRLGQ7MHTNN5v2msIJ1HDIc"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
834318e72f7a0204-ZRH
expires
Sun, 01 Dec 2024 04:06:53 GMT
css2
fonts.googleapis.com/
1 KB
836 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Noto+Sans+Ogham:wght@400&display=swap
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f9dddccc9d75f6059b2c6cddbbe2902fed7063b8e897b00213d3606c6dbe9e8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 12 Dec 2023 04:06:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 12 Dec 2023 04:06:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 12 Dec 2023 04:06:53 GMT
api.js
www.google.com/recaptcha/
1 KB
1 KB
Script
General
Full URL
https://www.google.com/recaptcha/api.js?onload=captchaLoaded
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5f0430ccdf48ea353c809786e1d59aecd0896b0dbda31edaf5ab295a936ff0dd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Tue, 12 Dec 2023 04:06:53 GMT
gtm.js
www.googletagmanager.com/
262 KB
90 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1320f933d44a7f2a8ca6cfc2405141a144d328377f60856581387c17b4ca8f40
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
91947
x-xss-protection
0
last-modified
Tue, 12 Dec 2023 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 12 Dec 2023 04:06:53 GMT
pastelink.js
cdn4.buysellads.net/pub/
552 KB
158 KB
Script
General
Full URL
https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.227.38.224 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
srv-eu-ldn-17.buysellads.com
Software
//srv.buysellads.com /
Resource Hash
7f6c8a370b9e8462352f13c86940e8530440dbfe8743d7fc52a9e345a7c65c66

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:54 GMT
cache-control
public, max-age=3600, stale-while-revalidate
content-encoding
gzip
server
//srv.buysellads.com
etag
ba3b1749368cf49422c7e35d2bb828bcf5efc67f
vary
Accept-Encoding
content-type
application/javascript
recaptcha__de_ch.js
www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/
504 KB
202 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/recaptcha__de_ch.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=captchaLoaded
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2a25a841bdb9b41efdbba9815fd37be806319572f41bf88b4b41384c8444456c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pastelink.net/
Origin
https://pastelink.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 08:53:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
69208
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
206656
x-xss-protection
0
last-modified
Mon, 04 Dec 2023 17:08:31 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 10 Dec 2024 08:53:25 GMT
debut_light.png
pastelink.net/assets/images/
4 KB
4 KB
Image
General
Full URL
https://pastelink.net/assets/images/debut_light.png
Requested by
Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/assets/css/styles.css?q=37
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 15 May 2023 18:42:14 GMT
server
nginx
etag
"64627d06-10c8"
content-type
image/png
accept-ranges
bytes
content-length
4296
pastelink-logo-german.svg
pastelink.net/assets/images/logo/
14 KB
14 KB
Image
General
Full URL
https://pastelink.net/assets/images/logo/pastelink-logo-german.svg
Requested by
Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
48c997dad566c02a0a4f8416efa520f838a711d067a08f33b3ccffd541333e92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/assets/css/styles.css?q=37
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 15 May 2023 18:42:14 GMT
server
nginx
etag
"64627d06-38e0"
content-type
image/svg+xml
accept-ranges
bytes
content-length
14560
truncated
/
16 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
arrow-down-blue.svg
pastelink.net/assets/images/
239 B
409 B
Image
General
Full URL
https://pastelink.net/assets/images/arrow-down-blue.svg
Requested by
Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/assets/css/styles.css?q=37
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 15 May 2023 18:42:14 GMT
server
nginx
etag
"64627d06-ef"
content-type
image/svg+xml
accept-ranges
bytes
content-length
239
moon.svg
pastelink.net/assets/images/
2 KB
2 KB
Image
General
Full URL
https://pastelink.net/assets/images/moon.svg
Requested by
Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/assets/css/styles.css?q=37
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 15 May 2023 18:42:14 GMT
server
nginx
etag
"64627d06-62e"
content-type
image/svg+xml
accept-ranges
bytes
content-length
1582
public-black.svg
pastelink.net/assets/images/
578 B
748 B
Image
General
Full URL
https://pastelink.net/assets/images/public-black.svg
Requested by
Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/assets/css/styles.css?q=37
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 15 May 2023 18:42:14 GMT
server
nginx
etag
"64627d06-242"
content-type
image/svg+xml
accept-ranges
bytes
content-length
578
social-spritesheet.png
pastelink.net/assets/images/
28 KB
28 KB
Image
General
Full URL
https://pastelink.net/assets/images/social-spritesheet.png
Requested by
Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/assets/css/styles.css?q=37
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 15 May 2023 18:42:14 GMT
server
nginx
etag
"64627d06-70de"
content-type
image/png
accept-ranges
bytes
content-length
28894
logo-bg-90-tl.svg
pastelink.net/assets/images/
2 KB
2 KB
Image
General
Full URL
https://pastelink.net/assets/images/logo-bg-90-tl.svg
Requested by
Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/assets/css/styles.css?q=37
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 15 May 2023 18:42:14 GMT
server
nginx
etag
"64627d06-933"
content-type
image/svg+xml
accept-ranges
bytes
content-length
2355
pastelink-logo-german-contrast.svg
pastelink.net/assets/images/logo/
15 KB
15 KB
Image
General
Full URL
https://pastelink.net/assets/images/logo/pastelink-logo-german-contrast.svg
Requested by
Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
02614d11cbdc1f220b7be546d59ef5e14489c86a5fdce3f22ce7b6bf9990bc71
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/assets/css/styles.css?q=37
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 15 May 2023 18:42:14 GMT
server
nginx
etag
"64627d06-3d2f"
content-type
image/svg+xml
accept-ranges
bytes
content-length
15663
logo-symbol-non-white-bg.svg
pastelink.net/assets/images/
4 KB
5 KB
Image
General
Full URL
https://pastelink.net/assets/images/logo-symbol-non-white-bg.svg
Requested by
Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.208.215.108 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx /
Resource Hash
15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/assets/css/styles.css?q=37
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 15 May 2023 18:42:14 GMT
server
nginx
etag
"64627d06-11c0"
content-type
image/svg+xml
accept-ranges
bytes
content-length
4544
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://pastelink.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 07 Dec 2023 19:07:20 GMT
x-content-type-options
nosniff
age
377973
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7884
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:03:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 06 Dec 2024 19:07:20 GMT
kmKlZqk1GBDGN0mY6k5lmEmww4hbsJNb.woff2
fonts.gstatic.com/s/notosansogham/v17/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/notosansogham/v17/kmKlZqk1GBDGN0mY6k5lmEmww4hbsJNb.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+Ogham:wght@400&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
59f54385b5965269222e149e9366f1ef140d4260be268c9b1ff843158f8e8f04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://pastelink.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 14:50:47 GMT
x-content-type-options
nosniff
age
47766
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15168
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 20:47:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 10 Dec 2024 14:50:47 GMT
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://pastelink.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 15:15:19 GMT
x-content-type-options
nosniff
age
46294
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7748
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:21:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 10 Dec 2024 15:15:19 GMT
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://pastelink.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 03:33:07 GMT
x-content-type-options
nosniff
age
2026
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7816
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:11:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 11 Dec 2024 03:33:07 GMT
js
www.googletagmanager.com/gtag/
248 KB
85 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f828558e893602825f659aea1996d30f5c1a9f45bc5cde83f72b77c137be000f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
87148
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 12 Dec 2023 04:06:53 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 12 Dec 2023 03:48:15 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
1118
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Tue, 12 Dec 2023 05:48:15 GMT
collect
region1.google-analytics.com/g/
0
252 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=45je3bt0v873532799z8831407672&_p=1702354013442&gcd=11l1l1l1l1&dma=0&cid=1827017792.1702354014&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1702354013&sct=1&seg=0&dl=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&dt=The%20Biggest%20Problem%20With%20Marc%20Jacobs%20Handbag%20Sale%20And%20How%20You%20Can%20Resolve%20It%20-%20Pastelink.net&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=688
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://pastelink.net
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
15 B
219 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=821718443&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&ul=en-us&de=UTF-8&dt=The%20Biggest%20Problem%20With%20Marc%20Jacobs%20Handbag%20Sale%20And%20How%20You%20Can%20Resolve%20It%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=695057440&gjid=446266886&cid=1827017792.1702354014&tid=UA-55088947-2&_gid=153472093.1702354014&_r=1&_slc=1&gtm=45He3bt0n8155WHPWQv831407672&gcd=11l1l1l1l1&dma=0&z=383211235
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
bcdaedbfd60b8d0a8a9eb4b16285345a749068b601c93f494362990f2a3e61f4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://pastelink.net
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
230 KB
82 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-4KDXYD7HFC&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
abcb9d8cec0a582f956a6fe2da413d6e8be4e93ccec63677d3a2585474a7422f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
83545
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 12 Dec 2023 04:06:53 GMT
collect
region1.google-analytics.com/g/
0
54 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-4KDXYD7HFC&gtm=45je3bt0v9136110041&_p=1702354013442&gcd=11l1l1l1l2&dma=0&ul=en-us&sr=1600x1200&cid=1827017792.1702354014&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&dt=The%20Biggest%20Problem%20With%20Marc%20Jacobs%20Handbag%20Sale%20And%20How%20You%20Can%20Resolve%20It%20-%20Pastelink.net&sid=1702354013&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=824
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4KDXYD7HFC&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://pastelink.net
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tag
btloader.com/
61 KB
20 KB
Script
General
Full URL
https://btloader.com/tag?o=5102648370397184&upapi=true
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4bd8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2bd5b9251c4107f00e4031b3b6262a41576ea4b5daf5c1475a37ea6afea2aa49

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
gzip
via
1.1 google
cf-cache-status
HIT
last-modified
Tue, 12 Dec 2023 03:23:54 GMT
server
cloudflare
age
2438
etag
"a44388854c105e70fd8d8051550c4091"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
accept-ranges
bytes
cf-ray
834318ee3923bab5-MXP
content-length
20547
gpt.js
securepubads.g.doubleclick.net/tag/js/
89 KB
29 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
90eeae92543ff947736a7e1a24ca2f3b072d9c9707b60c592bcdcd4bfb46352e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29096
x-xss-protection
0
server
cafe
etag
405 / 19703 / 31080020 / config-hash: 11999804698944333348
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 12 Dec 2023 04:06:54 GMT
state
api.btloader.com/mw/
0
101 B
Fetch
General
Full URL
https://api.btloader.com/mw/state?bt_env=prod
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 12 Dec 2023 04:06:54 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Origin
px.gif
ad-delivery.net/
43 B
923 B
Image
General
Full URL
https://ad-delivery.net/px.gif?ch=2
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:54 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1026251
x-guploader-uploadid
ABPtcPra_lXYliE83JlofH-FOVQhOVOvvpztjoFzaJT3T_yEtI2RzjK6zKSrOsKTMYzS8bdeUEzqYDXmwg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7uIgb3Bx3b7htQgDJgS7kObuONWn6f0lTIxLh5TGjmcJMJgwygOUWQuQq81Cjr6Fv%2F0BcsqPi%2FIXq2At0nYwLqACxBr4Z5%2Fnu%2BJUYtMQcmKA8EiwwHIQvuHbrzEA16hJhpjbTdqY3wHBSh1HA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
834318eea8ee0e29-MXP
expires
Thu, 30 Nov 2023 07:41:19 GMT
favicon.ico
ad.doubleclick.net/
1 KB
570 B
Image
General
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:01:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
345
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
104
x-xss-protection
0
last-modified
Tue, 08 May 2012 13:08:06 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/x-icon
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 13 Dec 2023 04:01:09 GMT
px.gif
ad-delivery.net/
43 B
336 B
Image
General
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.48833315694377477
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:54 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1026251
x-guploader-uploadid
ABPtcPra_lXYliE83JlofH-FOVQhOVOvvpztjoFzaJT3T_yEtI2RzjK6zKSrOsKTMYzS8bdeUEzqYDXmwg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=73%2BStqPHJ0ahYHU%2B0uglPhFb7fdcO15AhKg2nsj9uPn5y0b3agI1gBCexvN1xESCE2F6dEGtviMU5uSBeUjdRXo9DlTBT5M8S0qhRHToaXoDLI83Cb5rRVFvJuF1Lohq19EB%2Fp79FaJv6n6FNw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
834318eea8ef0e29-MXP
expires
Thu, 30 Nov 2023 07:41:19 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/
431 KB
135 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js?cb=31080020
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ba014b41e87e2deda011cf92146d1b1842133b416d5ce0be02719670c0d46e10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 13:14:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
53518
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138171
x-xss-protection
0
server
cafe
etag
7807444821274263820
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Tue, 10 Dec 2024 13:14:56 GMT
CWYD627N.json
srv.buysellads.com/ads/
1 KB
716 B
Fetch
General
Full URL
https://srv.buysellads.com/ads/CWYD627N.json?forcebanner=520174&ignoretargeting=yes
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.172.55.208 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
srv-eu-ldn-18.buysellads.com
Software
//srv.buysellads.com /
Resource Hash
094e36b185127f5637a78d1dd4ca9ac27c1cdda22aeddbc1f6ecd4d6e3ac5638

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
gzip
server
//srv.buysellads.com
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
*
content-length
579
localstore.js
script.4dex.io/
483 B
1017 B
Script
General
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 04:06:54 GMT
Content-Encoding
br
CF-Cache-Status
HIT
Last-Modified
Mon, 27 Nov 2023 07:14:08 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Age
1044353
ETag
W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rtyeo6iMetzblS8nYVWiYQdSvJd3%2FIrsNpM1vWjHsbGQcMO9pFjpxPJRoMfuTe%2BVj7bPRL2n3AdSArojPfH4BoI3EzBQcG7zv0D8n4q3PqffO50QCfqCjd5UhChjdSbrj6Xy0bbo6oKst2hl"}],"group":"cf-nel","max_age":604800}
Cache-Control
public, max-age=1800
Connection
keep-alive
CF-RAY
834318efddd0badf-MXP
cdb
bidder.criteo.com/
8 KB
5 KB
XHR
General
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=36&wv=7.54.0&cb=13639873252&lsavail=1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
ece77ab2a51ab02e81b52eb4418f84fef38f76b9cb334a95b6dffb11e5b24959
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 12 Dec 2023 04:06:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; preload;
server
Kestrel
vary
Accept-Encoding, Origin
content-type
application/json
access-control-allow-origin
https://pastelink.net
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
prebid-request
onetag-sys.com/
15 B
410 B
XHR
General
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://pastelink.net
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
adreq
ads.servenobid.com/
845 B
778 B
XHR
General
Full URL
https://ads.servenobid.com/adreq?cb=10359
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.96.110 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-96-110.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b9a612d2d6c2eec3b9853c21eb8dbc4f3a35daac565b95b4b554f3f9bff13266

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://pastelink.net
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
hb
rt.marphezis.com/
9 KB
9 KB
XHR
General
Full URL
https://rt.marphezis.com/hb
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
2336803724aa89aeb7ad70b03f9193081c713c4f2816e9acc0527643d33a9ff6

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
vary
Origin
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://pastelink.net
cache-control
no-store
access-control-allow-credentials
true
content-length
8927
expires
0
v1
hb-api.omnitagjs.com/hb-api/prebid/
1 KB
925 B
XHR
General
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&PageUrl=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&PageReferrer=https%3A%2F%2Fpastelink.net%2Fl3in7dnp
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.188.239 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-188-239.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e90da0d424bb520c967b650ca6d844ef24b943ac1de9eaff9f0c8d916f509568
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
kong/2.8.4
x-kong-proxy-latency
0
p3p
CP="CAO PSA OUR"
x-kong-upstream-latency
43
content-length
391
pragma
no-cache
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://pastelink.net
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
prebid
mp.4dex.io/
1 KB
1 KB
XHR
General
Full URL
https://mp.4dex.io/prebid
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cf06c0eb781e2308d77807f4da2f408af76143e2310275ffbf65b15215656bf

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

x-version
3.0.0-ref-gcp-ams
date
Tue, 12 Dec 2023 04:06:54 GMT
x-err
Shapings: no adunits with size and seat and mapping
via
1.1 google
cf-cache-status
DYNAMIC
content-encoding
gzip
x-warn
Process Floors. 3 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1675868039084-1_123456, Process Floors. 13 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1675868173958-4_123456
pragma
no-cache
server
cloudflare
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://pastelink.net
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
834318efefaf01f4-ZRH
expires
0
translator
hbopenbid.pubmatic.com/
0
111 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://pastelink.net
date
Tue, 12 Dec 2023 04:06:53 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/
1 KB
2 KB
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.116 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
11c944a9b642b5b1e3886a4e734cd3619ea5732612c7c62d7a8c12703e0c4adb

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://pastelink.net
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/
795 B
2 KB
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.116 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
2c662e7374b753a959ff10db29a1a580efc8e5040ab2bc4e7fb4d8be2981d7c6

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://pastelink.net
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/
1018 B
2 KB
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.116 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
17ec4b81d602840bf1445adc4998a189f3bdb2b853eeb7d6053f455b7ee224a7

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://pastelink.net
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/
1009 B
2 KB
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.116 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
fddf9d072851b250ca3ae1188d617dae62fe94c950895df10e2726d17ffd13a2

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://pastelink.net
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/
12 KB
6 KB
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.116 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
ee24b726cf8c06c1dca9dbf0c08b85653e5fe36057c9a03f8d387ebbf7abbfc1

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://pastelink.net
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/
1 KB
2 KB
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.116 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
49045fb86b248062da5355e1ab949a7c1cb630245a55fcca0f5c1190712cebc2

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://pastelink.net
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/
13 KB
6 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
77ce3a0d4565509d35b759ea7916a971ce1caa63d8e0b9fed15b018908915b23
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
gzip
an-x-request-uuid
29c4fd18-b397-48de-8f06-e62c00180799
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary
Accept-Encoding
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://pastelink.net
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
176.10.106.3; 176.10.106.3; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
466 B
807 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=2&alt_size_ids=1%2C55&rp_schain=1.0,1!buysellads.com,16898,1,,,!google.com,pub-9961814823930967,1,,,&rf=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_FixedFooter_ROS%23bsa-zone_1675868039084-1_123456&tk_flint=pbjs_lite_v7.54.0&x_source.tid=7d9aed71-2972-4177-b59f-e81da5d45c08&l_pb_bid_id=57d102f56c3ec37&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=7d9aed71-2972-4177-b59f-e81da5d45c08&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_FixedFooter_ROS%23bsa-zone_1675868039084-1_123456&slots=1&rand=0.772548220839844
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
fe63f3a2a8dd997fc96e24fe8371b888be225016cfd0695296d525ba89600f6a

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://pastelink.net
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
466
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
476 B
816 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=15&alt_size_ids=2%2C1%2C16%2C232&rp_schain=1.0,1!buysellads.com,16898,1,,,!google.com,pub-9961814823930967,1,,,&rf=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_TopLeaderboard_ROS%23bsa-zone_1675868173958-4_123456&tk_flint=pbjs_lite_v7.54.0&x_source.tid=b4f305a8-57d1-4195-a451-99612dd6b1a1&l_pb_bid_id=58d45d5f73c2681&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=b4f305a8-57d1-4195-a451-99612dd6b1a1&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_TopLeaderboard_ROS%23bsa-zone_1675868173958-4_123456&slots=1&rand=0.09940085184593683
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
bbc0501cf54d3ce33f1a074c348625f091cfb6979b00f8ca44e4aba56af1f6a2

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://pastelink.net
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
476
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
450 B
791 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=15&rp_schain=1.0,1!buysellads.com,16898,1,,,!google.com,pub-9961814823930967,1,,,&rf=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_Sidebar_ROS%23bsa-zone-sf_1675868324828-7_123456_2-0-0&tk_flint=pbjs_lite_v7.54.0&x_source.tid=5897e521-5423-46cb-a7da-5f56c25ee908&l_pb_bid_id=59cfbd3795c53e2&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=5897e521-5423-46cb-a7da-5f56c25ee908&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_Sidebar_ROS%23bsa-zone-sf_1675868324828-7_123456_2-0-0&slots=1&rand=0.0056626637316994355
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
25219d3218cf61c9214a6b6ab78ad54f0d1ea87fa5ff9b5ce3a2f7e3586c3765

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://pastelink.net
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
450
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
450 B
791 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=15&rp_schain=1.0,1!buysellads.com,16898,1,,,!google.com,pub-9961814823930967,1,,,&rf=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_Sidebar_ROS%23bsa-zone-sf_1675868324828-7_123456_2-0-1&tk_flint=pbjs_lite_v7.54.0&x_source.tid=4635bbfb-ed7e-4843-8126-a9e768ef3433&l_pb_bid_id=60c768e1b911093&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=4635bbfb-ed7e-4843-8126-a9e768ef3433&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_Sidebar_ROS%23bsa-zone-sf_1675868324828-7_123456_2-0-1&slots=1&rand=0.6599624980918812
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
49f3aee237b8df140e4084f880b2bfd59892686ac6a58490f9bf4a5cd1527551

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://pastelink.net
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
450
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
487 B
1002 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=15&alt_size_ids=10%2C16%2C53%2C67%2C101%2C102%2C221&rp_schain=1.0,1!buysellads.com,16898,1,,,!google.com,pub-9961814823930967,1,,,&rf=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_Interstitial_ROS%23bsa-zone_1675868453109-5_123456&tk_flint=pbjs_lite_v7.54.0&x_source.tid=6d37a818-a438-45b4-9e2d-a4143a73df5e&l_pb_bid_id=611249483539348&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=6d37a818-a438-45b4-9e2d-a4143a73df5e&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_Interstitial_ROS%23bsa-zone_1675868453109-5_123456&slots=1&rand=0.8608923507334996
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
810a07eb186774757a7d33843bf4b335fe683ddd951c85cded55a78ce57664e5

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://pastelink.net
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
487
expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
prebid.media.net/rtb/
2 KB
1 KB
XHR
General
Full URL
https://prebid.media.net/rtb/prebid?cid=8CU18831I
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
7c9cf14d9d3f454a3c0a6826faf35aac15c8480eb5282fb5be53475fee556117

Request headers

Referer
https://pastelink.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:54 GMT
content-encoding
gzip
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://pastelink.net
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
85
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 12 Dec 2023 04:06:54 GMT
country
api.btloader.com/
16 B
132 B
Fetch
General
Full URL
https://api.btloader.com/country
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
39c0495e4b24a50cf3183d811eb53e90364b9ef103a90d0ae4a14823dcb379bf

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:54 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
*
cache-control
private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
pv
api.btloader.com/
0
66 B
XHR
General
Full URL
https://api.btloader.com/pv?tid=9GENd6sjMX&w=5093624318001152&o=5102648370397184&cv=2.1.26&widget=false&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&sid=l2i0uwMUL&pm=false&upapi=true
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 12 Dec 2023 04:06:54 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Origin
adagio.js
script.4dex.io/
75 KB
24 KB
Fetch
General
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26305a08644b4f51b55812cf0ecf879c22da303a365b3d2769baa1b54c028c4d

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 04:06:54 GMT
Content-Encoding
br
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
1129791
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Mon, 27 Nov 2023 07:14:07 GMT
Server
cloudflare
ETag
W/"6faf3acfde3bb82adada71be4fc1deb0"
Vary
Origin, Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JFNhG%2FpZzP%2BNeUSTsdGDXTQZYgrBRnVlQue%2Fs%2FRfqiamxQ4ZLRUU%2Bo1xYejBVdJcBonAqduULYmOfrAtiNy6bsfxUU6kGqMyfUhywKRNMDFCsN3yn7V38LBoObB8x38crxnLw2ovrIXNV%2Flq"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Cache-Control
public, max-age=1800
CF-RAY
834318f04f260e63-MXP
/
ssc-cms.33across.com/ps/ Frame 1622
0
0
Document
General
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.23 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip23.67-202-105.static.steadfastdns.net
Software
33XP016 /
Resource Hash

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

date
Tue, 12 Dec 2023 04:06:54 GMT
server
33XP016
x-33x-status
2020008
ads
securepubads.g.doubleclick.net/gampad/
429 KB
109 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1261026073585281&correlator=809574799942331&eid=31080020&output=ldjh&gdfp_req=1&vrg=202312050101&ptt=17&impl=fifs&iu_parts=22405481091%2CPastelink_S2S_FixedFooter_ROS%2CPastelink_S2S_TopLeaderboard_ROS%2CPastelink_S2S_Sidebar_ROS%2CPastelink_S2S_Interstitial_ROS%2CPastelink_S2S_TopAnchors_ROS&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=728x90%7C970x90%7C980x90%7C990x90%7C468x60%2C728x90%7C468x60%7C728x200%7C580x400%7C750x280%7C760x280%7C690x90%7C675x90%7C670x90%7C650x90%7C630x90%7C600x90%7C580x90%7C570x90%7C300x250%7C336x280%2C300x250%2C300x250%2C1x1%2C1x1&ifi=1&sfv=1-0-40&ists=3&fas=0%2C0%2C0%2C0%2C8%2C2&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1702354015477&lmt=1702354015&adxs=-12245933%2C310%2C1078%2C1078%2C-9%2C-9&adys=-12245933%2C355%2C498%2C798%2C-9%2C-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C0%7C0%7C0%7C-1%7C-1&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fpastelink.net%2Fl3in7dnp&vis=1&psz=1600x-1%7C705x434%7C300x600%7C300x600%7C0x-1%7C0x-1&msz=0x-1%7C705x250%7C300x-1%7C300x-1%7C0x-1%7C0x-1&fws=644%2C4%2C4%2C4%2C2%2C2&ohw=1600%2C1600%2C1600%2C1600%2C0%2C0&ga_vid=1827017792.1702354014&ga_sid=1702354015&ga_hid=821718443&ga_fc=true&dlt=1702354013272&idt=1351&prev_scp=optimize_ad_unit_id%3Dbsa-zone_1675868039084-1_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%7Coptimize_ad_unit_id%3Dbsa-zone_1675868173958-4_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%7Coptimize_ad_unit_id%3Dbsa-zone-sf_1675868324828-7_123456_2-0-0%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%7Coptimize_ad_unit_id%3Dbsa-zone-sf_1675868324828-7_123456_2-0-1%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D300x250%26hb_pb%3D0.01%26hb_creative%3D635_436_4682%26hb_adid%3D735be008cec91ee%26hb_bidder%3Dcriteo%26_bd%3Dbid%26_pl%3D0.01%26hb_size_criteo%3D300x250%26hb_pb_criteo%3D0.01%26hb_adid_criteo%3D735be008cec91ee%26hb_bidder_criteo%3Dcriteo%7Coptimize_ad_unit_id%3Dbsa-zone_1675868453109-5_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D300x600%26hb_pb%3D1.21%26hb_creative%3D483714902%26hb_adid%3D749a8b6855d23b6%26hb_bidder%3Dbcmssp%26_bd%3Dbid%26_pl%3D1.21%26hb_size_bcmssp%3D300x600%26hb_pb_bcmssp%3D1.21%26hb_adid_bcmssp%3D749a8b6855d23b6%26hb_bidder_bcmssp%3Dbcmssp%26hb_size_smartadserve%3D300x600%26hb_pb_smartadserver%3D1.09%26hb_adid_smartadserve%3D75fdc376d8f0774%26hb_bidder_smartadser%3Dsmartadserver%7Coptimize_ad_unit_id%3Dbsa-zone_1701884418426-9_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0&cust_params=optimize_refreshed%3Dfalse%26optimize_acceptable%3Dfalse%26optimize_adl_debug%3Dfalse%26optimize_ctv_debug%3Dfalse%26optimize_debug%3Dfalse%26optimize%3Dtrue%26optimize_adl_id%3D%26optimize_amp%3Dfalse%26optimize_audience%3Dtech%26optimize_env%3Dprod%26optimize_pub%3Dpastelink%26optimize_xp%3Da&adks=840525636%2C1703297318%2C997962782%2C997962783%2C1897443797%2C1808800939&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js?cb=31080020
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a5593142805bbb80aaabe1e0ea25a2d0120d9f0347cb0ece29891316da4455b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
111456
x-xss-protection
0
google-lineitem-id
-1,-1,-1,-1,-1,-1
pragma
no-cache
server
cafe
google-creative-id
-1,-1,-1,-1,-1,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pastelink.net
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/
16 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202312050101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js?cb=31080020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2f72b5c4440b7fdd0096df73fd298010d900ea2fb0783375d0ae02cdd47f5274
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:55 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12216
x-xss-protection
0
container.html
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C6C2
6 KB
3 KB
Document
General
Full URL
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js?cb=31080020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:55 GMT
expires
Wed, 11 Dec 2024 04:06:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pubads_impl_page_level_ads.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/
39 KB
14 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl_page_level_ads.js?cb=31080020
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js?cb=31080020
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
395a036b18c09f33407f1a29a3fe592e7e43a41b14234980dfbf05c7fdd55ade
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 11:36:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
59422
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13835
x-xss-protection
0
server
cafe
etag
11693141498105903443
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Tue, 10 Dec 2024 11:36:33 GMT
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js?cb=31080020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 12 Dec 2023 04:06:55 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 808F
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
41417
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 11 Dec 2023 16:36:38 GMT
expires
Tue, 10 Dec 2024 16:36:38 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 3F6C
829 B
945 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
416401a9e29112f4d03e0ab734039b6c3c0e9404117d5cee975fa4c9860a69e5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-rJuIuvDbZIu6yJEd30qmSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-rJuIuvDbZIu6yJEd30qmSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:55 GMT
expires
Tue, 12 Dec 2023 04:06:55 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 808F
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 11:45:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
58869
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 10 Dec 2024 11:45:46 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 3F6C
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202312050101&jk=1261026073585281&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame CE70
16 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.16.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-16-195.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=54775
content-encoding
gzip
content-length
5622
content-type
text/html
date
Tue, 12 Dec 2023 04:06:55 GMT
expires
Tue, 12 Dec 2023 19:19:50 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
generate_204
tpc.googlesyndication.com/ Frame 808F
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?mcguGw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:55 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
PugMaster
image6.pubmatic.com/AdServer/ Frame CE70
5 KB
6 KB
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=3575514&p=159110&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
739e323a66663bcddcb9a5c3032978b0a6cfafff794550097f4aea359d3c1d24

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Tue, 12 Dec 2023 04:06:54 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Pug
simage2.pubmatic.com/AdServer/ Frame A540
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0a846577-dc60-4500-9024-20a9a02905d3&gdpr=0&gdpr_consent=
42 B
288 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0a846577-dc60-4500-9024-20a9a02905d3&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Tue, 12 Dec 2023 04:06:56 GMT
Expires
Tue, 12 Dec 2023 04:06:55 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 851 9bd98ae master cdg-pixel-x13 config_version:"3168"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0a846577-dc60-4500-9024-20a9a02905d3&gdpr=0&gdpr_consent=
usersync.aspx
dis.criteo.com/dis/ Frame 8212
43 B
363 B
Document
General
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-cache
content-type
image/gif
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:55 GMT
expires
Tue, 12 Dec 2023 00:00:00 GMT
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
266628
strict-transport-security
max-age=31536000; preload;
x-errorlevel
0
dcm
aax-eu.amazon-adsystem.com/s/ Frame CF8B
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&redir=true&gdpr=0&gdpr_consent=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&redir=true&gdpr=0&gdpr_consent=&dcc=t
43 B
855 B
Document
General
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&redir=true&gdpr=0&gdpr_consent=&dcc=t
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.94.223.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Tue, 12 Dec 2023 04:06:56 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
CREKX9APXAFGME3CA7BS

Redirect headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Date
Tue, 12 Dec 2023 04:06:56 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&redir=true&gdpr=0&gdpr_consent=&dcc=t
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
YHMCYQ02MA13BRS5NV89
Pug
image2.pubmatic.com/AdServer/ Frame A3F7
Redirect Chain
  • https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=JBNp3XZFaNo_FmjSdxRzjCZFat8_EDrbcUBwtRqS
42 B
342 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=JBNp3XZFaNo_FmjSdxRzjCZFat8_EDrbcUBwtRqS
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
date
Tue, 12 Dec 2023 04:06:56 GMT
expires
Fri, 04 Aug 1978 12:00:00 GMT
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=JBNp3XZFaNo_FmjSdxRzjCZFat8_EDrbcUBwtRqS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma
no-cache
strict-transport-security
max-age=86400
Pug
simage2.pubmatic.com/AdServer/ Frame 4820
Redirect Chain
  • https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7726304148053272367&gdpr=0&gdpr_consent=
42 B
447 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7726304148053272367&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:54 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
access-control-allow-origin
*
an-x-request-uuid
3f84906a-cf5a-46dd-b600-b30780e3194f
cache-control
no-store, no-cache, private
content-length
0
content-type
text/html; charset=utf-8
date
Tue, 12 Dec 2023 04:06:55 GMT
expires
Sat, 15 Nov 2008 16:00:00 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7726304148053272367&gdpr=0&gdpr_consent=
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma
no-cache
server
nginx/1.23.4
x-proxy-origin
176.10.106.3; 176.10.106.3; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
x-xss-protection
0
Pug
simage2.pubmatic.com/AdServer/ Frame E64D
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7311554824934914191&gdpr=0&gdpr_consent=
42 B
298 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7311554824934914191&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:56 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Connection
keep-alive
Date
Tue, 12 Dec 2023 04:06:56 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7311554824934914191&gdpr=0&gdpr_consent=
Server
nginx
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Pug
simage2.pubmatic.com/AdServer/ Frame 0661
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=_NwKiH2zU2xYNcunbFZn_7AKagM&gdpr=0&gdpr_consent=
42 B
377 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=_NwKiH2zU2xYNcunbFZn_7AKagM&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 02:32:53 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Connection
keep-alive
Content-Length
188
Content-Type
text/html; charset=utf-8
Date
Tue, 12 Dec 2023 04:06:56 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=_NwKiH2zU2xYNcunbFZn_7AKagM&gdpr=0&gdpr_consent=
Pug
simage2.pubmatic.com/AdServer/ Frame 636A
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy=
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=e98ca359-d536-4904-b973-11bb58fa7c1b&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
1 B
185 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=e98ca359-d536-4904-b973-11bb58fa7c1b&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Tue, 12 Dec 2023 04:06:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Tue, 12 Dec 2023 04:06:56 GMT
location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=e98ca359-d536-4904-b973-11bb58fa7c1b&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
Pug
image2.pubmatic.com/AdServer/ Frame A502
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFCQm4wN0s3N2tBQUJVMDN0ZU1uZw&gdpr=0&gdpr_consent=&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_syn...
  • https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://rtb-csync.smartadserver.com/redir?partneruserid=AABBn07K77kAABU03teMng&partnerid=127&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Cpm%26bee...
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=pp%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=2&userid=9038138657779389971&gdpr=0&gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?ev=AABBn07K77kAABU03teMng&do=add&pid=558502&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26userid%3D9038138657779389971%26gdpr%3D0%26gdpr_consen...
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&userid=9038138657779389971&gdpr=0&gdpr_consent=&bee_sync_partners=pm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AABBn07...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABBn07K77kAABU03teMng&gdpr=0&gdpr_consent=
42 B
278 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABBn07K77kAABU03teMng&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:56 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Tue, 12 Dec 2023 04:06:56 GMT
Server
gunicorn
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABBn07K77kAABU03teMng&gdpr=0&gdpr_consent=
strict-transport-security
max-age=2592000; includeSubDomains
b9pj45k4
sync-tm.everesttech.net/ct/upi/pid/ Frame 31D4
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_con...
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_...
85 B
236 B
Document
General
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZXfcYAAGTf-8MwBH
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
no-cache
content-length
85
content-type
image/png
date
Tue, 12 Dec 2023 04:06:56 GMT
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma
no-cache
server
Jetty(9.4.35.v20201120)
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-mxp6971-MXP
x-timer
S1702354016.153394,VS0,VE98

Redirect headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
no-cache
content-length
0
date
Tue, 12 Dec 2023 04:06:56 GMT
location
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZXfcYAAGTf-8MwBH
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma
no-cache
server
Jetty(9.4.35.v20201120)
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-mxp6971-MXP
x-timer
S1702354016.037882,VS0,VE97
Pug
image2.pubmatic.com/AdServer/ Frame 7446
Redirect Chain
  • https://t.adx.opera.com/pub/sync?pubid=pub8730968190912
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU86d7538f3ea747988cecb0036de59bee
42 B
279 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU86d7538f3ea747988cecb0036de59bee
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
access-control-allow-methods
POST, GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-length
166
content-type
text/html; charset=utf-8
date
Tue, 12 Dec 2023 04:06:56 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU86d7538f3ea747988cecb0036de59bee
pragma
no-cache
server
nginx
bridge
cm.adgrx.com/ Frame C5B1
43 B
283 B
Document
General
Full URL
https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.251.232.165 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, proxy-revalidate
content-length
43
content-type
image/gif
date
Tue, 12 Dec 2023 04:06:56 GMT
expires
Thu, 23 Sep 2004 17:42:04 GMT
p3p
CP="NOI OTC OTP OUR NOR"
pragma
no-cache
server
Cowboy
x-realserver-nx
ams-delivery-9
Pug
simage2.pubmatic.com/AdServer/ Frame 9B00
Redirect Chain
  • https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
0
74 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 12 Dec 2023 04:06:56 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

content-length
0
date
Tue, 12 Dec 2023 04:06:56 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server
_
Pug
image2.pubmatic.com/AdServer/ Frame 1C54
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1644826649221451976
42 B
195 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1644826649221451976
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

content-length
0
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1644826649221451976
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
Pug
image2.pubmatic.com/AdServer/ Frame 7A1D
Redirect Chain
  • https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5144588527999685960
42 B
195 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5144588527999685960
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:54 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Content-Length
0
Date
Tue, 12 Dec 2023 04:06:56 GMT
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5144588527999685960
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server
Jetty(9.4.51.v20230217)
cookiesync
core.iprom.net/ Frame 6D47
43 B
281 B
Document
General
Full URL
https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

Connection
close
Content-Length
43
Content-Type
image/gif
Date
Tue, 12 Dec 2023 04:06:56 GMT
Vary
Accept-Encoding
X-adserver-worker
ragnarok-6a57c4b9107f@version_1.578v2
X-core-time
1ms
X-server-arch
v2
cm
ipac.ctnsnet.com/int/ Frame 398F
43 B
360 B
Document
General
Full URL
https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.193.173 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
173.193.186.35.bc.googleusercontent.com
Software
Apache-Coyote/1.1 /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Tue, 12 Dec 2023 04:06:56 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
CP="NOI DSP COR NID CUR OUR NOR"
pragma
no-cache
server
Apache-Coyote/1.1
via
1.1 google
Pug
image2.pubmatic.com/AdServer/ Frame 682A
Redirect Chain
  • https://green.erne.co/pubmatic/cm?gdpr=0&gdpr_consent=
  • https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=0&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25...
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=047d72e299b7650d/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%...
  • https://pixel-eu.onaudience.com/?partner=104&icm&cver&mapped=734d58b0cea31816cce07e19f571548b&gdpr=0&redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4OD...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=39puKE4JaWTQTXnXRRhTUVaQ&gdpr=0&gdpr_consent=
42 B
202 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=39puKE4JaWTQTXnXRRhTUVaQ&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

content-length
0
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=39puKE4JaWTQTXnXRRhTUVaQ&gdpr=0&gdpr_consent=
usersyncsupply
cm-supply-web.gammaplatform.com/adx/ Frame A659
0
0

setuid
u.4dex.io/ Frame 5201
0
707 B
Document
General
Full URL
https://u.4dex.io/setuid?bidder=pubmatic&uid=(PM_UID)B5B0DC23-EF24-44B6-96D4-87CDBBEF7136
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.40.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
38.40.149.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Tue, 12 Dec 2023 04:06:56 GMT
expires
0
pragma
no-cache
vary
Origin Accept-Encoding
via
1.1 google
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame CE70
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=tbDcI-8kRLaW1IfNu-9xNg%3D%3D&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=tbDcI-8kRLaW1IfNu-9xNg%3D%3D&gdpr=0&gdpr_consent=&google_tc=
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
16 KB
16 KB
Image
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Server
184.30.16.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-16-195.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
server
Apache
vary
Accept-Encoding
content-type
text/html
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=54774
accept-ranges
bytes
content-length
5622
expires
Tue, 12 Dec 2023 19:19:50 GMT

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
qmap
sync.crwdcntrl.net/ Frame CE70
Redirect Chain
  • https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&gdpr=0&gdpr_consent=
  • https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&gdpr=0&gdpr_consent=&ct=y
49 B
544 B
Image
General
Full URL
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&gdpr=0&gdpr_consent=&ct=y
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Server
52.19.8.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-8-73.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
Jetty(9.4.38.v20210224)
content-type
image/gif
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.24.196
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&gdpr=0&gdpr_consent=&ct=y
cache-control
no-cache
x-server
10.45.6.236
content-length
0
expires
0
cr
cr.frontend.weborama.fr/ Frame CE70
Redirect Chain
  • https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=
  • https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=1437143964
0
45 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=1437143964
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Server
34.111.129.221 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
221.129.111.34.bc.googleusercontent.com
Software
Weborama Collect Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:55 GMT
via
1.1 google
last-modified
Tue, 12 Dec 2023 04:06:56 GMT
server
Weborama Collect Frontend
vary
Origin
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:55 GMT
via
1.1 google
last-modified
Tue, 12 Dec 2023 04:06:56 GMT
server
Weborama Collect Frontend
vary
Origin
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
location
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=1437143964
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
p
a.audrte.com/ Frame CE70
Redirect Chain
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=MzdiQzFWWkRhU0dUSGF5U0J5aFVhajN5dw==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL...
  • https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent=
  • https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
  • https://a.audrte.com/a?adform_uid=8281154537407726195&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D
  • https://a.audrte.com/p
68 B
424 B
Image
General
Full URL
https://a.audrte.com/p
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
HTTP/1.1
Server
52.48.177.163 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-177-163.eu-west-1.compute.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 04:06:56 GMT
Server
nginx/1.22.1
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Tue, 12 Dec 2023 04:06:56 GMT
Server
nginx/1.22.1
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Access-Control-Allow-Origin
*
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Pug
image2.pubmatic.com/AdServer/ Frame CE70
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjVCMERDMjMtRUYyNC00NEI2LTk2RDQtODdDREJCRUY3MTM2&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjVCMERDMjMtRUYyNC00NEI2LTk2RDQtODdDREJCRUY3MTM2&gdpr=0&gdpr_consent=&google_tc=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
95 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:55 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame CE70
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEH44qrJ1iBVszqXwxLHDFBU&google_cver=1
42 B
269 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEH44qrJ1iBVszqXwxLHDFBU&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:55 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEH44qrJ1iBVszqXwxLHDFBU&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame CE70
43 B
612 B
Image
General
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
118.74.204.35.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Mon, 11 Dec 2023 04:06:56 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame CE70
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8281154537407726195
42 B
243 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8281154537407726195
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:55 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8281154537407726195
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
generic
match.adsrvr.org/track/cmf/ Frame CE70
70 B
149 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
server
Kestrel
content-length
70
content-type
image/gif
B5B0DC23-EF24-44B6-96D4-87CDBBEF7136
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame CE70
43 B
603 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/B5B0DC23-EF24-44B6-96D4-87CDBBEF7136?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:b72b:cd0:cea1:c93f Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
SPug
image4.pubmatic.com/AdServer/ Frame CE70
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&redir=true&gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&redir=true&gdpr=0&gdpr_consent=&verify=true
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-PTP1VvRE2uXmA_xoStDf2bGzA9xLVdo-~A&gdpr=0
0
260 B
Image
General
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-PTP1VvRE2uXmA_xoStDf2bGzA9xLVdo-~A&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:55 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-PTP1VvRE2uXmA_xoStDf2bGzA9xLVdo-~A&gdpr=0
date
Tue, 12 Dec 2023 04:06:56 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.94
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Pug
image2.pubmatic.com/AdServer/ Frame CE70
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=2fd9e568-28fe-4950-b2e4-d206f46d1484-6577dc60-4348&gdpr=0&gdpr_consent=
42 B
264 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=2fd9e568-28fe-4950-b2e4-d206f46d1484-6577dc60-4348&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:56 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
A
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=2fd9e568-28fe-4950-b2e4-d206f46d1484-6577dc60-4348&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame CE70
Redirect Chain
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&gdpr=0&gdpr_consent=
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=9509fdada2817d9&is_secure=true&networkId=17100&version=1&nuid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAISbTrPy59UgNfE09YAAAAAAA&expiration=1702440416&nuid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&...
42 B
443 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAISbTrPy59UgNfE09YAAAAAAA&expiration=1702440416&nuid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&is_secure=true&gdpr_consent=&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:55 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAISbTrPy59UgNfE09YAAAAAAA&expiration=1702440416&nuid=B5B0DC23-EF24-44B6-96D4-87CDBBEF7136&is_secure=true&gdpr_consent=&gdpr=0
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
Pug
simage2.pubmatic.com/AdServer/ Frame CE70
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2875652969077825227&gdpr=0&gdpr_consent=&us_privacy=
1 B
200 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2875652969077825227&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
text/html; charset=utf-8
date
Tue, 12 Dec 2023 04:06:56 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2875652969077825227&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Tue, 12 Dec 2023 04:06:55 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pug
simage2.pubmatic.com/AdServer/ Frame CE70
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:3d0487c1-d251-46f1-bdaf-fa4aa5f24389&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
95 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:3d0487c1-d251-46f1-bdaf-fa4aa5f24389&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Server
198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Tue, 12 Dec 2023 04:06:55 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:3d0487c1-d251-46f1-bdaf-fa4aa5f24389&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date
Tue, 12 Dec 2023 04:06:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
container.html
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5E5C
6 KB
3 KB
Document
General
Full URL
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js?cb=31080020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:55 GMT
expires
Wed, 11 Dec 2024 04:06:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0271
6 KB
3 KB
Document
General
Full URL
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js?cb=31080020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:55 GMT
expires
Wed, 11 Dec 2024 04:06:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3989
6 KB
3 KB
Document
General
Full URL
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js?cb=31080020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:55 GMT
expires
Wed, 11 Dec 2024 04:06:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3128
6 KB
3 KB
Document
General
Full URL
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js?cb=31080020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:55 GMT
expires
Wed, 11 Dec 2024 04:06:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5678
6 KB
3 KB
Document
General
Full URL
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js?cb=31080020
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:55 GMT
expires
Wed, 11 Dec 2024 04:06:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E009
6 KB
3 KB
Document
General
Full URL
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312050101/pubads_impl.js?cb=31080020
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:55 GMT
expires
Wed, 11 Dec 2024 04:06:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame 6FD5
478 B
238 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGNu11OABMAE&v=APEucNX3LSfDqifYJI6ej3ayxpyJt4hW8l5IlXe3NPe0baL5JD6MJilZmCiaegUJqE3RGFb-Ud2-WR33fCk2a8MVfS8aTI672A
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
175
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 5E5C
89 KB
31 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Tue, 12 Dec 2023 04:06:56 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5E5C
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DyaHABR-Qmzzc4CXaZ2YMDs-mBIJ9lMoOWCJTKq7gWBhxCO8kEJfWSgDstItzOjmEv4IkUYZNo5e-XaXTzttjmmoCNC0YViPpbPBFD4W97pgd55ig
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 5E5C
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:48:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
15488
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 23:48:48 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 5E5C
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 20:42:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
26668
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 20:42:28 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 5E5C
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65486
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702315402350014"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Dec 2023 04:06:56 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame E3C7
478 B
238 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNX0aIu0gyq56H1f24gNIMGn_L9274M9RA2jXoBhe3heXNiyO-7aoBNw8wR5KKLNkovr-t32RCyZ7dzQcyHze18oyiqDFw
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
175
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 0271
89 KB
31 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Tue, 12 Dec 2023 04:06:56 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 0271
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A-SEYpyXwye4utLz6GGBIXIELWhZm3Xotdope-z7rsO1ESuZveENYWqKLv8rnIWmjNu4njPGT8wHOhMijANcD7Uv9vVUjyLQOs1heWRZv5dqPK2eQ
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 0271
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:48:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
15488
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 23:48:48 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 0271
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 20:42:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
26668
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 20:42:28 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 0271
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65486
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702315402350014"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Dec 2023 04:06:56 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame A508
478 B
531 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNW0IeY135lrc5_RUdbxap2t-RWQFolZziMxAO8gT29UfO0wKonPZ4sj-tZWYm_BJ5nHJxY2QDpyyt9VUpN6D1WObLVskQ
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
175
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 3989
89 KB
31 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Tue, 12 Dec 2023 04:06:56 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3989
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Az6IN9_e_f4DHHbGZC1Lxpf-1BCfYGeqB_Vl31pjEkcjrWqYyucamApmcTPnDZE_haGQydGdrWWCTYAJM7kFAX-yRfgj1_sZiobcnB3fbkADgn_pg
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 3989
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:48:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
15488
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 23:48:48 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 3989
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 20:42:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
26668
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 20:42:28 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 3989
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65486
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702315402350014"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Dec 2023 04:06:56 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame EB73
478 B
238 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNUJrNVzrsW584nIJgTo7wJpzeS2baVJIaUq9Jax4zXw3z4ObL5Hc158yG5rqf0cYdLlhzTrFVkcKJgjlOGKTgCsiOHOyA
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
175
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 3128
89 KB
31 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Tue, 12 Dec 2023 04:06:56 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3128
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DbyEcy6HOyfLyu2ybc_3g-5ghJtp30YQZj2708BbQm9OEwTDIHI7tE45Fs3Q3UGgV9wNkF1TJPNQ8mc_-CorTgqxGneiVCaZ0oqEVgwC9oDrortUo
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 3128
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:48:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
15488
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 23:48:48 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 3128
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 20:42:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
26668
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 20:42:28 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 3128
203 KB
65 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65486
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702315402350014"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Dec 2023 04:06:56 GMT
css2
fonts.googleapis.com/ Frame 5678
4 KB
876 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 12 Dec 2023 03:44:29 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 12 Dec 2023 04:06:56 GMT
e21910fd923a6283b5d44b2382eabc86.js
www.gstatic.com/mysidia/ Frame 7303
9 KB
4 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 02:12:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6870
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4064
x-xss-protection
0
last-modified
Thu, 07 Dec 2023 22:13:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 11 Mar 2024 02:12:26 GMT
d500f8b303efba9f5ab695bab8da4c89.js
www.gstatic.com/mysidia/ Frame 7303
20 KB
8 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/d500f8b303efba9f5ab695bab8da4c89.js?tag=pingback
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
658763708a45d3b028477e7bde12bf3da7292317c8f82c01131600f89052ef53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 09:26:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
67212
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8365
x-xss-protection
0
last-modified
Thu, 07 Dec 2023 22:13:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sun, 10 Mar 2024 09:26:44 GMT
css
fonts.googleapis.com/ Frame 7303
14 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 12 Dec 2023 03:34:19 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 12 Dec 2023 04:06:56 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7303
2 KB
822 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 01:54:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
7933
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 26 Dec 2023 01:54:43 GMT
92da1c8e4790a69c4d76e84ba2e3001c.js
www.gstatic.com/mysidia/ Frame 7303
6 KB
2 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/92da1c8e4790a69c4d76e84ba2e3001c.js?tag=analytics_pingback_2019
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2b80247038739299b71545084dc4ebff2edd21e6f1ffafe013376bb2e92c4be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:43:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15791
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2259
x-xss-protection
0
last-modified
Thu, 07 Dec 2023 22:13:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sun, 10 Mar 2024 23:43:45 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 7303
24 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 17:13:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
39214
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9318
x-xss-protection
0
server
cafe
etag
3562968281324141506
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 17:13:22 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7303
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:48:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
15488
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 23:48:48 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7303
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 20:42:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
26668
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 20:42:28 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 7303
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65486
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702315402350014"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Dec 2023 04:06:56 GMT
f9d9b65dbd646119ce96bad0f484d579.js
www.gstatic.com/mysidia/ Frame 7303
37 KB
15 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 09:15:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
67892
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15460
x-xss-protection
0
last-modified
Thu, 07 Dec 2023 22:13:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sun, 10 Mar 2024 09:15:24 GMT
interstitial_ad_frame_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 5678
22 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 02:25:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
6080
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9210
x-xss-protection
0
server
cafe
etag
13914886398874665762
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 26 Dec 2023 02:25:36 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 5678
205 B
229 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 19:41:52 GMT
x-content-type-options
nosniff
age
30304
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
205
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 10 Dec 2024 19:41:52 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 5678
604 B
628 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 18:04:04 GMT
x-content-type-options
nosniff
age
36172
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
604
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 10 Dec 2024 18:04:04 GMT
m_js_controller_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame E009
36 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/m_js_controller_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ce44d9d3620877fb90e5a0dc690fb51323242adfd601d2d327e623488f94c67d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 20:27:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
27541
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14395
x-xss-protection
0
server
cafe
etag
62258312933698035
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 20:27:55 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame E009
24 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 10 Dec 2023 23:43:34 GMT
content-encoding
br
x-content-type-options
nosniff
age
102202
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Mon, 09 Dec 2024 23:43:34 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame E009
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65486
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702315402350014"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Dec 2023 04:06:56 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame E009
24 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 17:13:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
39214
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9318
x-xss-protection
0
server
cafe
etag
3562968281324141506
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 17:13:22 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame E009
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:48:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
15488
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 23:48:48 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame E009
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 20:42:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
26668
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 20:42:28 GMT
4425707340373593884
s0.2mdn.net/simgad/ Frame E009
347 KB
348 KB
Image
General
Full URL
https://s0.2mdn.net/simgad/4425707340373593884
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9c824709d38547ce93ceb231e2679d37c83526fbe4728c561e14d49d6712282a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 02:47:55 GMT
x-content-type-options
nosniff
age
4741
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
355394
x-xss-protection
0
last-modified
Wed, 06 Dec 2023 14:07:41 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 11 Dec 2024 02:47:55 GMT
17324849752732614737
s0.2mdn.net/simgad/ Frame E009
64 KB
64 KB
Image
General
Full URL
https://s0.2mdn.net/simgad/17324849752732614737
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d9ab2a033eae53a2af485cc9c7fcdf627d0287b46e6a3b45aa0a5bfc36f278d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 02:53:38 GMT
x-content-type-options
nosniff
age
4398
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65150
x-xss-protection
0
last-modified
Wed, 06 Dec 2023 14:07:44 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 11 Dec 2024 02:53:38 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 6F81
143 B
228 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
1712
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 03:38:24 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5E5C
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3892815975689&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5E5C
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3892815975689&version=m202309260101&ct=77&x=1&cor=1091875568932140300
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 5E5C
34 KB
19 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJ_-fhZVV7Cf_9or6Am9g7xegRuZpaJFmKbGfL1K0S0czk2G0Z-pgCtIjqJSWK4iSEbgZJmweWvfHnQuLK79dmXILhTCR5_ztVxWoX_9Rf0vVvN0GRPBk0QPqJMOQeogaThnmHr_ZIfh_lFpBgfPgBb1VSRFs_keM-cI5c7VyH_zSBoOg&cry=1&dbm_d=AKAmf-BuV1u_DFmdwByYRwZfQISESZOucSK6cuYhY_LYez7ZmEmfUCTgDsFMlvz4Zwwstht9BtUHVnJzJItLD7-AjzvIRV8cilCWNBxBZZyQQZKjZXXHrNzZJLHqXixEuA-PR-NsOMRTUEOtVYPAVE2n2UDw0i_725xRZKaRzRV7X5_zn0gP5hq_0_zh6Cfc0xWcHlnG3bHkhSM0Vpc7LRnNIU1kAlw4fHt2jfEwSp3hWYQq9RIEoPcGSexJdo73fhcDPnQgEDzmJLo450hZTSH8Ezg2sSDUd-eaYBDWrVkb0W3jFwXbp9iy2cDAfZ4r6iwaHmLAeMzlqt-15r-fxNHZDt6YLhTU3rsnz3Hkr9bwiAIBOoQWozu2mHEM4vgwaEy9tFfPFF-gTBK8bVfJgC5UM9Z_9o2E8mJhz8SKi1M8I5oEAt15D6aHU6Q3_zW1pYAeh95bhRIniKOdAGWEN72gMHGMVCrPUWdeNbi1kbEsJoACniD9Wesxw0BD2trwYoR0-XD2ZyWsT1RPBuFXoXRHdJo8hgsspoYQ1ylSOklUhcmQWB7YtWuh6xCeTnGvcK1S8-DYbKunHevH_is0xX8iNMj3ZAjlzIPIEa1gwH9uD2EBXGkimKRQAcnNeO-lcbkhzOXJH68NC9Mi5FKqrk4siAQEE46zVg7Y9eaPFwO3UC1-nPmSyc8HTSBkjNkjWgosPnG_lLH1iCGOOuGtdt1DCvZLMtmuMSqRLAWDkq-188RtHLhbt2B6KksE1oA6ozJQhrA8pa8PfDj4BuHMhZ1ggktGLBlYQeJTb8xOkZ1ycvk4IElZpuAzYh-3hmS9CK4lYS6p69sIfW0lxczZHBxYko7lzOvUT2twoMUhu-zLQRg2KloJnru2C8hA5F6w7nxsru8ss3ZCkCTgX_lyTZVwGDGDprforO9s-Xi0itOckNZZ9Co4cQM7mPxQ4ClC5PzJuOAfEOpsqtOkWlgvFPB_-J3hDAcAVgTDHmAYs9j8UGMb9aN-FYVGeCansgdx02c50dO8ABXMottPNIAhK7_n_qYsGOhemcU6J4TvwFDYp80jF3A7ytRRMsKKIQ_ync48UK3o6SugQg78EkIHvmSZKjGDfIOLAUxrv6n5yOfV1bx_KsWr9f6Pdb2Ucwgxfd5VJBy7lMO_S-sxpMt67Wwldy6mmGdVkBfTduuI9ma5VIrKer2R6tzWSVWhcC1uRovzHUyVKfRrPUfO2uaug47JKFZLmeH9SGOgr381vAIslIiXVXUBK_8TJIwPpRDG6kCTRUkehO-eo3R7yPrMIg6dL10LU31igNKUigNREqifokqu7Q2wMcV1xqVTgsOmgWh2R2DRDwVQsukeHYCHkfUcbuqOkthzYQAAST0fzFAtOK-juJajXXmjjPgGVjpEKHdAV7Q-vxtYOy97FTwKEZTHVQs-H4G-YIZykL6fdSz7-bNL9jQklW_UN6AJly7LXCzi38BZcFwpLbHtXTyU-7xhT2FzaSdnGecaI8i8xxYfAv64k8VDZSHTtJMpWqzw14n6EPQrk_o-Y97EDqouMVyD6AQZp-Pf29O8N00iuGfptfzmEquLs0tEVySvpXDF0OH7hXOepm-tRmFqymZyzqAiXAZDBmZbZU5wUXMPUofFGiDkVZcGUwf3DTMvVL-tya3AGp3eKJ1PfGLRUZgk75THMEgF35AutA2BpI6Ee5Dth-jWkQFc6KgZgH2HbvoyQNxjtZQFI9oJCB8mcBMto_HPHS8PWWeg1c8iDjwNSWipeoiCbgvzLGOWIsmzLxXLXstIkvVh_RRfQSBwYFlejgbar4IkIGz9fz3YKhLAG-KukLUL9Z65EPAVpnDM6ulQ43xVv9ny4NlYt1unKNbrQVACUe2Z9IJ-ZLbj75s1pHndxyNeNVI4zfkc9vyThBGFJXvCdaUykVQ_qb5g8LMqR99BLL3_Jml-qZR2fl7lbaNmRW4ehUtYrzTKQK_ex3QViRFQLPqa_Psz9j8dyZNcQiyu9CflIdFtFYfnOWqXw7FTSRthiY0Uc3FbmTNG5wSXwzWb5jbefCXUBg9ggd69ZxDJFyp2bEUxCZXk5nzZFxV2w3HChi_7fNCG7F-0fAYTTH2UVc2YBQWC9bRCNI-JqNAKZEsic-hD6GaGeSgVhDIX7NP3HK5WlkmYUfbxZbfy5zj3bqRLVOxfPAhsxUDdx6wLdKPEmRTXHKYn07Jmj_Fn5gvJN-buqRUotT154KL3AW0MEHoMGqP8xvyfYoFHimhi5rSuzzQVrR7TYR5eyooAMzm4xSLFoV-0ZLxQCshcRQmSTC7iljguoyaJPXlqCDgax0JsCCuTG6Lf-nVc7QPzGKKea4D_3V_civrDfMDS06ZoU7FrMxeu8q5nCPJXhSMvs9OMiqnACfzuh2avx4R_LwE_CjXIjcxSX3A2urqsrIp8KD6y5iaJ8htzz9sq-qNscCGH7XRe8Zw3tPQPEqhIlJ_al3S5oKHdjmOHJm30HFlzVEynjydRYbbp-0L_IfFmUnfxM0sPLxuJuyrk45AbEc6kjBmKCpLVY6u_XQYQn7UXc5UoMb42eaSVx210IW33_Uw9Wd7gJh4b9mX6fw9vQSVbvnCUruf1WiptZXG8pWnETWo3k88pEBDOAI6UgvqcLlVleXpuR8X62Kvt8vfjbWuMg9r5I5V_4OW-MiIrVypYgjdDyLZVmC0PKgdORz9cZ39aG6rSFQOZyC5X-DvXY0_N89jaIS1qkQ7eBdE9CRsbWshCnvNnB9V3yVRQbGUsVgN9tDWMqpYUGS7FvU7anreR4aKciPOMYpXbBZzDb91BfxlcRfLK66FAor0ni9wJ5M9CtD0JrpTLceQ2lc0My2dxvNvbCd0VuBkQfRjRbDE-XGNir9Gc5Zo_0htQjnoIVMWWFdMN7KogdzEsutB_KTC_vOWBgAkpPGoLb4oz3SN_KR5Uv-IleN8rgkFf8mwQ5rKrdU9faXHASUlNtX2stRQy5dhXpQUaIGS0XhHCu-Bd5xxAB2cj_zXaSiVaudIz8FqBZNHOZHtXO9nXDBc33vB2JDLp4JGXx-dA-d-aGFIpUZfrK_TlESmblEZIoKaN3CJEdKvvYHjzbvGzYuYecl9CctuO7q9VFI70meUdPBY7dDqqiK452UIAfXIL7h0yiN3wegjzPTHiYwihpLRbnQOocMg4VGaG2dvDkRScX2MLD7S8dI5pTkKoEgTMenYoplOs_8a37M5HUttZB0WCJuNmEJe3dDURI0H6M3oO-qtTlyy9za3DDXlm0p_xwCeHiW7xtIsuFqQFNve4bIS_mHY4yyzAoLl9ga6b0draef9OnSlO8W0Cf_I6MNpCzWSmJMzsF284t4UzV-1PI9GSRkVApOC4Jc9t6EfKIgEXfJX7u_KRqlwibt_9xeiGXs29hCGCfn8vD0EC2zXwlk5ZExUpvsZUXEfj1m2a9q13YbzagPYq0JZwGd4x-N36Nfc_hnfi0OXUtAPnz1M-1H_Yxqt_R22LefgSTE92cW6uUTB5-cNm1HzuE_VQYJUm_WJA_e8cKSH9u8MSTpVP4clRICdWhshAM7cvsK1dSQge5xUqU4oTdiimQmFs3sWa1kFsdWb3b3oZLN_ogluSyKVYhxqBBU_erNhtEn408e8G-wu5e6NDitzKTkmsUsy0v-1rfcWfFV_lAsm-h98K4yHm8O7SinAduGC7v0A2PKHyk3X0i6m6e8yk15LgcPYeFZBic93fML2jWQIk8PFVw1ybw58Fr4ACVWuIybWi5qwQ-8sK8utkiaP18rTebUc_EGohccFbjY-Ciz_Ish-Iw6WqVjO0pBQJFJM&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=1091875568932140300&adk=2228999114&idt=104&cac=0&dtd=63
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6a4f84a245dc09a554be48f4c018505e284d92258b95c57c0201111716767293
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19727
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame A508
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNW0IeY135lrc5_RUdbxap2t-RWQFolZziMxAO8gT29UfO0wKonPZ4sj-tZWYm_BJ5nHJxY2QDpyyt9VUpN6D1WObLVskQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s01-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame A508
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
43 B
631 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNW0IeY135lrc5_RUdbxap2t-RWQFolZziMxAO8gT29UfO0wKonPZ4sj-tZWYm_BJ5nHJxY2QDpyyt9VUpN6D1WObLVskQ
Protocol
H2
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OT5kG4hzdkiOUPdQ3ao2iOOnS4qpMj%2BVf5bEz%2B%2BwqbtRWm%2BikU2U%2FbPu%2BAvX2slbo7bt1kBXLmBtAXManY6KlsaQixc%2Fzt6XD1JXzyvsIVQUUjxFyOeqKSTQwCw2dO0ix0dDWX2Db1LW%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
834318fb096c0204-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7AuGS2eupCfqANZ0cA2A1nNbi7EcbtF4%2BXJmhY%2BEz7vWLv%2Bt62dsGtWVYChG1CevYl%2FxXkwKp9Oc90tfsypdA4FrhFwkDDE7zJ6RQxqVxPJz01WTW6INLUT1aq90OjJrej%2B4G8EwpI4Cqg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
cache-control
no-cache
cf-ray
834318fab9080204-ZRH
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
rum
dsum-sec.casalemedia.com/ Frame A508
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXfcYHnHbcyBJZDkuy2u5wAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1
43 B
733 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNW0IeY135lrc5_RUdbxap2t-RWQFolZziMxAO8gT29UfO0wKonPZ4sj-tZWYm_BJ5nHJxY2QDpyyt9VUpN6D1WObLVskQ
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qXKb4vP0dqp3lDU9VDIWvZ7xyMkalJWb5I2i8nYPhqOdtefYgvv4SS5Gd9TNpKARKx8EJafjL3FD%2Bssmj91kf6wYn7MvGGvfkJMILSAV21SI8IoQjyfw74lCHs9ZC7ZpnKsLbuv1GF%2Fd0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
834318fb7e68233d-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame EB73
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNUJrNVzrsW584nIJgTo7wJpzeS2baVJIaUq9Jax4zXw3z4ObL5Hc158yG5rqf0cYdLlhzTrFVkcKJgjlOGKTgCsiOHOyA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s01-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame EB73
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
43 B
539 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNUJrNVzrsW584nIJgTo7wJpzeS2baVJIaUq9Jax4zXw3z4ObL5Hc158yG5rqf0cYdLlhzTrFVkcKJgjlOGKTgCsiOHOyA
Protocol
H2
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6lTZUHiPzVTd1Vm1QuzyxmsWX77SdP0NZEDYP4YUQ77zm5T2MAT%2BBqs23PPhoHOGuSumX5M2HH5FzgBo9F9deyhtu9gMSFvqM%2BGGw9EkZ9aMrCphxDEkl73Nv%2BeGS%2BCUuGy5KUptBHpfbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
834318faf95a0204-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ASyUvyj5WebulknwUw2OFCihxj48Tr1SIfVYl8E2Pks8xaQdH3IEspwIBDiVqi9PY4mrcYToGUSJqg6VnXCroN%2BDUykTC7y4fVq%2Fq9F%2FKEo707DuQFvZesaZWS849LooSvsFqN58N4XowQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
cache-control
no-cache
cf-ray
834318fab9090204-ZRH
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
rum
dsum-sec.casalemedia.com/ Frame EB73
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXfcYES15ji4-P.hWuP8KAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&google_hm=2
43 B
734 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNUJrNVzrsW584nIJgTo7wJpzeS2baVJIaUq9Jax4zXw3z4ObL5Hc158yG5rqf0cYdLlhzTrFVkcKJgjlOGKTgCsiOHOyA
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9nAomtW0eKhFeh11Opyp41pa8aXFJ3b5uzYBRZLA35qWyCxBHpwf1jMRFYPpyVt21gW2%2FrXmwziskWyhHLVeYG8%2BkZwoqCofHS4ZBcqZsBHp%2FEwbsWYpSrkTwIKHW9sdFvTc6zju%2B20a8A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
834318fb7e65233d-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 6FD5
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGNu11OABMAE&v=APEucNX3LSfDqifYJI6ej3ayxpyJt4hW8l5IlXe3NPe0baL5JD6MJilZmCiaegUJqE3RGFb-Ud2-WR33fCk2a8MVfS8aTI672A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s01-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 6FD5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
43 B
449 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGNu11OABMAE&v=APEucNX3LSfDqifYJI6ej3ayxpyJt4hW8l5IlXe3NPe0baL5JD6MJilZmCiaegUJqE3RGFb-Ud2-WR33fCk2a8MVfS8aTI672A
Protocol
H2
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2FPt0hyH0EuamA8VKRqg5KZTWg1FrYbjuYgundw9TuRqKBlrh7jCtYT4R5B5RQ2%2BIWUD6vDHjBNZ96pBWLyUB23d0ne02VzksSTnmvVieR%2Bdc%2BSb%2Fe3hcwWm7AktNditU2U54wKM4xg73w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
834318fb09680204-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cdJpwsl%2B%2FySuDy6dQiDsdZZAOp3K7QHsCRQbyLj%2FRFH7s1AJi5NsS77ERHMkD9ZCGmW3tO6zlE%2B3%2B9AdPngtsoFJp0olMh%2Bws9tRRm0jloDlZagY8IfHEnrZyDOLefC3LuDKH7zy4Te8zw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
cache-control
no-cache
cf-ray
834318fac90c0204-ZRH
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
rum
dsum-sec.casalemedia.com/ Frame 6FD5
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXfcYHnHbcyBJZDkuy2u5wAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1
43 B
773 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGNu11OABMAE&v=APEucNX3LSfDqifYJI6ej3ayxpyJt4hW8l5IlXe3NPe0baL5JD6MJilZmCiaegUJqE3RGFb-Ud2-WR33fCk2a8MVfS8aTI672A
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V4mfPF8aLPB2QKSeRnv9c%2BAWzpgJMnE2X94mtI9AucpwxuIISmJSzG%2Bi65I1fgm5X0GU6gV74sLLwBjWfdrylQpM7fTnNYtrO%2BRIilHCjPN5cEqDiVgK%2FYsWyBChy5JqCkT%2FiKnh5iBFcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
834318fb7e66233d-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame E3C7
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNX0aIu0gyq56H1f24gNIMGn_L9274M9RA2jXoBhe3heXNiyO-7aoBNw8wR5KKLNkovr-t32RCyZ7dzQcyHze18oyiqDFw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s01-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame E3C7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
43 B
529 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNX0aIu0gyq56H1f24gNIMGn_L9274M9RA2jXoBhe3heXNiyO-7aoBNw8wR5KKLNkovr-t32RCyZ7dzQcyHze18oyiqDFw
Protocol
H2
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=41ujZKvj80vx7GozKkEPhRXZx6zibQqVl1g%2BI%2BP94jTcOwaWlLdRgukl%2FsCTZvXK7acbfQGTFoLAW647Ulsfujhe8Pp%2FbKZc7Nio8TYrRm0gfLp%2BZ%2BNJJdgHf5UXOIIJi3ASAKJdmhrxcw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
834318fb09670204-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IxmjFXdN9muOCNaY3sGqcOnJs4%2Fw4MDylijzYsbiI1ZBrKClQjvy4bWAjq0ZGyFRfS1jhwG7L2Aohp%2FJTwoQV%2FbfW%2FseOzSKZvvnUzir9wiCVu5x5BBjlrQTTRo2XZ5wnupZkvS1cZpBPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&C=1
cache-control
no-cache
cf-ray
834318fac90e0204-ZRH
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
rum
dsum-sec.casalemedia.com/ Frame E3C7
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXfcYES15ji4-P.hWuP8KAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&google_hm=2
43 B
734 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKQCELzvkpIEGO2W1uABMAE&v=APEucNX0aIu0gyq56H1f24gNIMGn_L9274M9RA2jXoBhe3heXNiyO-7aoBNw8wR5KKLNkovr-t32RCyZ7dzQcyHze18oyiqDFw
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=56fHnS0qRe05ZmWtMDZMMNpRGwLwM6NYFMCoRLmdxgymXSb4IDl53YZopvqsYdf%2BAwEBvQWcFjKsvp%2Fr27pl4E2GFt3dZi0EDqrJIgLxuoIVM%2BkIFy9pN1rFzrNezR9QHsAIhTcvd8Klgw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
834318fb7e62233d-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbxgh9YVORYFgBDQBU1MPc&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 0271
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3364771129663&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 0271
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3364771129663&version=m202309260101&ct=77&x=1&cor=18294551533896890000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 0271
34 KB
19 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BSMo1xBNrpuLD4qsaGJGuxlJgasZvuR_3COCwB1fvRPwSG-EczR4fH2cAMYl4x9cJcwAGbPZSMQ4zESvtcqFI8wv8VVp0mpzg_keW9-uL5MABSItQAgGXaK_m-AtBLTDRHEJqvFhz0k8Yz1r5xg6czcJNtwalytP4clH2JccB5y0D8kQs&cry=1&dbm_d=AKAmf-Di8mnEYofR805KPQVtbIvRnYjfAhDHXskHwLupMd1SnT-SO_21TLiDTB4iIq_U31LxyoJ0aOkOunneQxvW5wZ1DYLNscY02-SC8qMSsBoJCH-XWF_u0obcLgFHJC7w8yOPZnbUp1rGoIYzxmRCW6NBUjxO6fIkATSkbjVSZVwG8k4o0e4Uh5IEoq20gclWg4udE0HYAVO7VaYfIOCfrJHrOPPgyhYhRq0_FDCLQOaDFVGGqUawf-Abr6z3qUbO1Y7oma8gJhUpJi77Am5eJt7xDyzos4z4zDQN-UYH-hHuUzgIzdsgVXvIgKPRM2YX6Bbj-nJs8RGQ3-6ILeYVzYmuxY5VAxuP5c8bEltNf4-oT1J0ZwgS6YS8VM3gT9LWw43LVuYmUHcxxYrF0lAKuXNgNm4Ml8mnGHIVsAPwR9HKny8zcm8FZ2O3bQIzd1mmg4VW4XzxxUa3_4lQR8KiSwsmQL4JkqZvzYTtlxovKmKrpFARxKgPdDoybAsTQh_oZhxqFV2TpBXznu5O_Iiiz-jQiI4zLowWQvIjG2aSJ1gPlfEcpSPs0OouR-9V6DVsecI903H946gpT7K2O3hMpmAZ8bnvDk4xsWWNSpz8a_EEmTWr85MV-dSVjE1NwTMDb_6fXc54DqxrhBbeddFVaOkQa4J2uNThhR0r0-qZ1-LFDSXyz7xFFv_HfFbswuxPLmjWptbI-VxWIaOfoLr9jiYDHdCEVO6zFKdZMHg4AFSOreEQMcZ1YxTi5hel8cf9dVld48MxNYzup-p5kL2Ke_Rf-5WnSv8EEJUoXWjNW-8kB_T7tI9CceH0iaS0FvJpQ1taCePS2g-V343bmQ7PeFBQZQtg2Mgt9TmPGR1ic_vDNuVFZouyJaKVrdwcEu8TCBy_VCWs3EQoPm-j_TH-Cd82Xm_U6VdVUSohhr9fQ7_BUYZqOjtXuSk0kgG3dKovQIXqiTmyXvhbPg8vmephL6TIeCoKXRAfdH20dL_rL_M8Z-VCVgeh8hwHGV9dHrSIg91eVnEOTqr5wAQ_LpaBBTSVfdwcb_WcbN9oR2gdD56FSK2vJyeiGRH_qX6v-_Wr4n2snTJtJqIMiYlIFhzjSdk4j94PXl72BUxEwW5aJh5aFVmvPXZHeuK6exyyc6YbwTGHQqs5XVXfKmSpokGc04wxFnOIlwMNUyDe16Wy4hkzqd0XhQNp4PZd3SsJjjYfIF_MxRkjlq3aMEUG9ZjcSG_GMfAtK8uqYRUDhHoszJ9kxnFXeKAepYUCJMbSk3BaG0IfL9jikowJItiGyEzlfyj8yd-JfZ2rEfYRXSrehOtVdh1Y3tIrSHsdhBCOgqtuEqk-Xsq-0OxYeO5NlJRDvF9cpnCTjoJOoZ4FiEYHgAdtB04_FL3bAswGQuUDKeNK3xVq3MYyyowwLWd4UoSJ58UFMfG_NO9Q-iXrZqfoNL8ZAjQQ9u82FofI81706jUP2CXQBSTDv2ZUFiM-0kZ8PeFkW6tgfHLUVrZBB41atLokI2o7mb6m8HiYqC0HMAZNcyXbs7c4BKrTPuFh65PTR-wSKYi2UHVru_qS6rWApg6xQDjVGc-r5KdLGbtSZFPArihFNZ38QeTO6UtvXPaEBzGRMvci9a3YcUAiEafSmm4AhF1_4fmUZ9NZ0QUhsD2xPQJ7skYgnaABW7L1qUAYm7jk-hJWSI9PWF-lqTOpykbJ1imxCOnax_b05LnhLNKlhzVnnvPB1VDkI3hSDsJwrZC8AhwK2XiJtcS772KX9N5rOD6HKQ-rKdvUXcpWu4j-svKEjRsHnMzAQZptDLGCXmkQYFpTSScx0igmCCCUOfzaQnfmNxjVQWaVPWbDruc_ooIygRpF858Zkze066tqZkcq7CQhmfw7T_SHM6Ku_fRGT2Rb9tgeLHXaIIXwmcghq2okxvMMrFCKBhkWNy1BjmJ3riOJH9Ja3egjSXs0qGWnRQi_yRgvCjD7jxP46XPl2NAcJq_NeEMcj2uzoQv4_Oscno6tKkHgk0HQi3CeTXg1LQ2Cj_xwpcJDEha3rASiRNL1jPNNQHYxRV_rVU4t0Q-gkM7PsDrZjivQtzlqMJQ1Y5X12oyRkqa6HakkGr2TLzlKVqS0rjtE02OJX42GHP4NmxgLIAm_3THuXxhgoT_cGmCEU19kYGTB35FB2Pj6VuOeUoOJjG54GoRrRhPmdMwEq8aN_a1VvZX4MT8RhNf8BZ-DuqIFHB3UvBjBFq3DMZLwIk4vqpnS6NJWykBcjkfG288oCv_Z66c8JIHFA_DatxHZIuVKJtGMoE9qIEzwehsbrKoPy7Kz3dJh4hcXHbZOmCaIJ64OsSOutQXEOdI0NTXypjYCidhH2wNO2soiqOywbLJaqdx0Pi9UiEuCff2Oofr9oQgVswmAUhUUJMPkuqf0B_a4u1DTxCS1aHVSXuJ0QGAToQesp_lDTfJjTnZKKmMNoj9W8OaD_ScxJQYX-yi3Ppz5t1lTeVvsGQg5bVL6x5kW3wGPmIV-ulKVOUVOp2SQxyO1otOlLHlJ8Faz58y2tQmJJ412sGeIpe8Dr1wkGtotMvvh7aSSvMXIA59bL10IgfZNVu6q-JCbQdcdK966WzfJlPSSOvB3A8N9yJlvgiY3VTVguDO0eEHE4q-x1jp5glKDmiqvklb9h2vnsuRzLY8akj4ndqKZPL5va3JmT45kFvbdgsiUTfDEcfDQ2LSc6oN6rLwPo3wJOaj6AHx_XyiSIUtlhduHGWHjF2N6b4Qih5I0si8aejpewsIETMnA6oeoWcVLr1_5jmvf7aVVcDHDv0aFnwp9n4BntXyDKWn7lqsUpu_8uxzp9Q8QB_linaso-XySx7HQOR3GLMGqCrHhONAFupbnIBPbsOhdYY0UzUPLthuUhZFcUjaFVL2p4z0hZ-5l9dGlhuqx2_UFBbNb6X6r1OhNkM8QDir-NvjoECVmZYK9aaf8C22asStpE445X3YBjkaT50RUHnWuuk0tUoltUCRJor8uT2j5mltv0YkUiyUXtedCT6kilrhH2_626RrbraT_o-jjlRPTDgYgtqDussVLOvnUc_flVIRDeKObXds8L8GNPElGD9B2Jp-UMteTKVaEmEv_YdAQvhIZHSfzNQA4G9Io_aOeE9YNAHifhBrBl2C2gfW7I-ZWxjECNxd5qXIbM-adCv8cobBxkmpw-svcVd4vND6VssYkZFKeiYBY2n8jsFVnUtcsyuj6eHnsKRTuFtox6z9FSYv9wozZ8bU5Ly4G2rWm0V9ugBtoGSb7hA59EAFBpb-75f21kBayQ9CS-GulBS1TXXHtLgLAj_7FH3FJ4ZDw9gBRXAyHo4jSALjpsv8EOK6_JRwU-jnbJByn6rm_usU5EaJt0ez5Mjvw6lo3HWJaFvz7P50YVcCoriRi7ta-Ai6mX2wiXHrcVLoGG4Q4URlwG4adtfCaUuaSsvOL0XrJmdvZXdCCHxSkDL82swqbcZEhi8soW3oxVcBWM9oZs5ihtFw6sZpCJjuF0aarVxOy8pO4UiVcl9krQJlTvrqrGXGXYSSKhXaWhp8c1qXOxq-hKIyWjLPQDeipvPKmmHNdXLITiNVRT9FnBFOfVfq_WYycAmEevTKv5Gt4FMGDrWDJBec3te47oZ8zT0YJxrfkl7e7lrYOZvEPfK0IMw3jht8D5PLNAgBEHXyGVACucoe2p-eaTM2k6nJc9YxS4UYt6Iqki8QVaVEOI_RBjUU02DwEPxXPggGEWyIVKhJ3BBN9WWq7BTNHeBgIeUCirOqZrozIrZYLs02Ta73BZ46vY37ASx3J0uJs-G42qIQ6eZjF92j2QjEpC_7M1v4SgCmc-EWH&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=18294551533896890000&adk=3047537734&idt=149&cac=0&dtd=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b57f87a2da863877c7b85f199d4a25ea39e83d845cd1105ce4b570202283f0c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19609
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7303
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=ChQIByoQd2ViX2ludGVyc3RpdGlhbAoHCAgqA2x0cgohCAEqHWxhcmdlLWJhbm5lci1yZGEtbG9nby12YW5pbGxhCgoIAioGc2VydmVyCg0QKyEAAAAAAAAUQDAECg0QAyEAAADNzOxVQDAECg0QDSEAAAAAAAAAADAECgkQHioDMHgwMAQKCRAZKgMweDAwBAoNECshAAAAAAAAGEAwBBIaQ052dmd2T0NpWU1ERmRXVWd3Y2RsWThGWkEiGnRleHQvdmFuaWxsYV90ZXh0X2Nsb3NlX3YyKAM=
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/d500f8b303efba9f5ab695bab8da4c89.js?tag=pingback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3989
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=789517766806&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3989
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=789517766806&version=m202309260101&ct=77&x=1&cor=2452115689842996700
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 3989
34 KB
19 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CstKbUZhm6dEMlgPGpfviQEb5sDPV8hg2vJjIsO9Fpw5N7_QF00-UJHBtdWb0mp06hJYjAJWHbgy1XnlghzuSQNLi_BQO-E6wx4kRPPWAD7_-y-mt2TfA-LkQLiP-RbiRAbl9u_SrJJ2pGnLUkO4c195sKwHwBweoocqyajlvY130naeY&cry=1&dbm_d=AKAmf-BxSRtfuHTxYH8YOYs1qWJoBSmi_EZzTwCkGNYPEEOZOngzQz3RN2RvmYch46G1Ekn03tMdY7V4aRk95bgLHsaIn14g0TnDwZC3ySC2zs6X0f8voR2lq5hwOD0y-fYJ117iyCnYukcU1pLKIS0hsQSORnpb1drZIxNcS8593OykXu1xrUUM7iQiesAKz7MH6zxZW3a6zASSGIw22UWTJ6hTSGSytzZCjMSRqb6NI--urLXK5quPKI9NayRCrQfMkPqynrsMLJY-8IJNZqbvo4fgauxrFTOci2PC5ZnATuJbLS6d9awhObEdJlY7oMKvszB21RkaITAivEreH6hlOKwvADSd4Opj7Y5xCBGq4GI1UqVBvJX5HyuyBz75idoFkYIk6PCZXZfzzK9Gm27P2MCEXekUWfNGG8K0s4GcchFIYS_MINf44JEQD13uNCcTAZeP9TCDJQ3JzNpeod5N8Cy5JeRJDivaYtR1XXl1jdSKlcKgbGosZt-u7PCWROHUxzSZx6AECoJAzXha4PGq2t6GZ4FoyE4kPb6WPX8zlYC5Lu33zj1ZV2SpjRj9MqAFgSK8qLwbjyIgvXO9PGuZcLWxiT_eg93PYbiG5cK-Lke_6vSUB0Pm2HtGgL1hDYrXHtKARAUoxQ2nfDtlunkmx5hUkY8G-stw_5rO76QlU1rJDgPIkm_wvJ_UN3paQguEaFvA1EfOyQCoZQuPyGzudBGP_v1XLjiChsQrSDgnqKQGmIyqpFafzE7np1lQphWfP7OOOPxO6CZZ_X9F4wTPRdHEOvpcwltaJWlOURswIbzLAU-xYtG0-EHZmnCdDjlxLr6qdlj5mZb8wCsRW8a1ETcrnjH2NjQYsTIMW_w01gip-zuUIzhhUyc3xNun7Lwc2-gpDyvcwJFl6KlruKYFl7uqTbZwfqxM8haSuvWnxj556l7m7aq6zSgyGERmLHNvrfW8Sy24qDQRehshAMszcacgFe1ntMO27g7t0B6K70YzF0jvy3jm8wgITxODNoVLXkdnWwdeTGkmQwQwA527qqvy5KJudXhWJDs01AVEw3TZBahu39gpkIhiqf_GtcMJrqFdi-F8_mr5yfFXzkoZ9lv-qF6bTMvppGeZ_j2SLPULgZm47oHdgwwt48f4QlbCSMwASdo32E3jwYCk3yj0zksPGZLyGruG1eqfhcYZSEtM6esjrvTez58V2ZAR25QEMzJ7I5AtK5h7vdbXPwDMYwwBXWX10iFLrQElaKiIvCMGltVPQ8Z7kBg2edvq4qpbsgAz66SJJ5oa8Wsaa-W4kPzJKoXGwa9i_FIxT7pf6djonkhdDF16FQrYQ3ykQg6QIXI2efBhf_AWJdGfxy0t8SxSRt4JHbRjVX1lb6eSFHJuUZhdwQWwfcMHUHVd-O-zhB1e7vDyfYlAtr13NDEVkRiBcTukSG72SnviVLRtf2HNiceilh657fa9pFmaqqFgbzhQix5b4bC8ToYz78RU6n3L9dVcAOVdLyDat6zH4Cp4TlA-Xs0m01CeQg81UZbcSVtWdhK2zfo3xFIHdY_g-DScy9xOWPlITXqZjx7d1ymVK6Bpz6TZtjB9tSXn_11wpb7vxNL2XAIzC3cyFtWGDbd88x9fGCvzb8NxoTTziTUnI2aNCzfwPo92dbPZ3inDvV-L5usVDv9rwae4MQtzNttDcMI9ZsugV-4cjzT-fX6qUyq7HosrCqkD9oeM-VN3MlJXOtLL84EwBX4zDY8VieDhMEwfCVHBcdpolhrL0oq4QZKQEX9DCJH3-pSQ2baYbaM4a59V-O3oCRqIMpZY095dnPbdxQnghzVbitVkW-knv03kUTHAkj44Mhu3wc4XPivOrpaABnmi6d9pEhyrUvG18KBljGVZwlLH1R1DWFFY9Mse4qkcf_hHnSp4ZB-xcuH3koCD6vaxt9KKTuC-Tm3DCP1SOmc-9GAtOUV3WmOoM9Xox5En6pvIhoPgvEE10SXey90i4X7CsvbTYf0FowkHiUm3YFSx6HGlDL98Ig6QMeipWRL3EuJC2OlhII-yauKSVpeeBIZpGxpbGk-BeMHUW0REdDml1LkSe_eXIPAb2f2XN7wAWITm1leREAm9-98EtFvTOzHgN2B67xex7sNbVAnvUu07BYrfYaKr8faLZg6kvMXpLTSCQYZ-3lXIq9lD4OmC7Hdz2MDxMjT5mUcP9iTLfqYqRugQuBvnvDlCZBQL0qOFOJa4s8IjhpfM6daU3w_CUDGzQmszRY_DIQ6Acur8hrlyRXUtwhIssFJwxwHSOKUDRLTYgFaCtDcbvw1p0hPnumJgt4WhAgsANJ-KmMLCxTDvv4OZusihWrpIjcut3dBhKWmeDLJYtZy0eF4JBrgBeHGYGAcXwSQ2WKspG24_WhzhMvzZbU4zUVp7k23ul5K9Lhd3wErWagpwG_-XPu1uBzOcFXp_mfo6nJ5saGvdxI3L819TOAit1pWHNfFkvlpMpFEYyl1sQ0igFtWc7RglXxDSuqfTw62yiv2siJggzvDgIA7_utm9m0Up-hmnwZSRSvdkP4GbA8QbLK4DALCOxUxhkrJXXil-Jk8IzTKEIh54vQDoyg9-AtToHhlODDCsqtGvdL61KPyUDopdsJOU4tKwjYqcD-XTPragrpmHbZik8X9Hhl436PWfw1I6cB9Z_S1zquC63gujUNwzF3Bu38r6u_EFqlr9XMaVapwoN-M2L7CwDA5ki3Oh7QR1ZpVyd2oL0orAkfaV_jGtUh8ryXYQT2tbUk_jOdVpuRo8szyFsjZP83F-ud7QvFwGJtaYWSu1mAZvr_PFJxfs0elDnfPZYQxBn3A8qVZsZ4voDQyZtTimBRACTLKGH9WOEkVa3WiWZKjGN4GyEuGjDAe9ZF2DpXdYdcH6sJ8RIoQlVhVXtAuz29XZWjUkuFdRkRRjWm6jUN3BX3X3faplLLSuSXrc4UEhf0_ecAGYA-TlbwkXSYX1lFqNpVoCXO8R1VWKMZuZ-WvP7EzwDWq9I-lYsZmkzCPig0O0cZZ8nGM_pH1P5swmLZFdS9o2nlQG1CidfsVZElaTVB29WwTTX7gcVEadTFYxVQYxnSe4xP2gXfb-5fN1e2uBn-GIW8ablZdlz6-r1H7fLfkKYFRvP60AH3pe10a905mOlfCTR4x13_wQJ0PQ7LzxcFabSF23_MWq8iwKj33RPULB_qLDRl2TixV87uxgjiUxyGQ9-zp65f_yPiheHgX8wu15hScb7UYbRLdRAU0IQgHQo94jSdY9yWRcYC8gPmsM4A1csw_IDq-R06cqwBNU_Bgj2O7EZDkzTqYDeLgo3hRtgPkw8hnJL8KTjNoAZtN1VECpKY7U07prnK_7Nb5RYoMGRa1-sJ_EbGhFq5_4jfmGBqk8yC_70WNfNl_AiBEoHEXSOttXi4eEO3m9YUPWKypUR0dWMdG_qf33TC_ue5vanJi8vCYKpco8Sa24cN-tmWBeGd8-FET66ciZzEZel04iNVUP2PhRSd5cI_Ac1EdAyU8bDfTLkEj-tV55-0U4esuwL6TxY-5qM5b8Tp_rgQmaV0mPsKnei60MbsW4A7yQdyJE1twkdoFYMyB_ZkXfys-2QVGjhnngefVUd8R73ouFrD-IlBDLQmrFBZQJOr1s_Yn4VmgHOK6jdehLTxg_1nNr0HrZJFH5dR8w66TyCBY895N_4Z5lxWh2pfxpUtPYSEFh14iPMq1Zz92TK4y5Ue_-h1qwJuHycBE3RuYS3mAw2mhdFdJFfv_6q5Cr91_UErdXao25XjAaVbhpBfu-nn8HRXodp_WVNRxlYLqJSgmNM6o4JHH5i3QtUTvkjzsr3sEUnU6X&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=2452115689842996700&adk=2857193499&idt=189&cac=0&dtd=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
21583f4b15a0f65d561ad634303be9436c7fc3c34041b11e008a11729ebe1d2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19699
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 6F81
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:56 GMT
expires
Tue, 12 Dec 2023 04:06:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:56 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202312050101&jk=1261026073585281&bg=!-Pul-7TNAAY3kmNgF5I7ADQBe5WfODZJ78yaJwtXRxh0clA1kWiRpSzAmgtupHVyPtMMFJnk2Ou6GsvDc0wt1Rbzs66kAgAAADtSAAAAAmgBB5kCwAMGut1XgHCUK0zRa2HjnU4OYJGkWytZLCy1yLHXOWi_2z9KVFXwFQf6ZM8Oefjzddkjbsm9D-Ko4ScjaCW2t-xk1aO2iP2uULPcnC_efV1jkJPlwww1HzQL3lKEbZpIO_bzF004KfnCLAq5w0qtkUYCgs1H3vQ3DIn0idihHZ2mn26gafV79ZqWD_vH90bfH7vlHPF5Ge_40NfEnMQTycAPzppvRgf8zHGQJsJ6oLPKId-HNSRrJbLO2M6Za_J2aQCP1oCgwjrcwqhtD_DPoFbl7TU9UZUayigJcITYB1KQa-d_bZOFszUbUGiWd0pPGmDXczS5gFu-L2NhPKkRJ3YsS1XYIzJg35zfKUjjcbYiarVfVTB8aHNtYYRt3bwsf_RzShRBnTC-xWoGDFpI5MWQ7MTlbeY6yiekKrlPAsljY6e33obr3msOaU2VrF3Uo02Qn1JC0kjyzM3rqVbEkOFVCsSdjMaHvFqByGJJ-HiC8dod0nIy-13qJNRB8sdXbsR0zy6Iva5ocziD4DvZEuhNJ0uyBMnMEKtH_ArAcYmEhRdEVd8tgEd22jfmn-k2W5SSGWNg7q-ZKrrUbKRYbJO2d079evLw9nuu5Sw5u3pEd8hUClgQ4A6YVfRPfgkNQtz7vyILEeldB0j5-LXVFSfy0XRPm2-xR-0ZzCIPgp-BF7Pkm_AKChYyGCTXgwaLtnNlj5DcNngRWhSbgysNQmf9t49xTYjR4HMLVZc4-qg-5CrUXueH-5lmPEyg2HGUah7ytUxqr2gJoeN_oR1dfEQL-z4Ekmnkc_4PIz6tbgEk_kP9j01yE7ckN1ehLLxzkfNvIBckBv_7AeUPxB7DEdPZkKilGzt9Txy8P_64_sozS6YOxiLCOiJAuyGO6ff1nW7JPaM-y1_jl38pLFnWzfOW7OHu-QxMGxCH-mKB6xJo
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

s
googleads.g.doubleclick.net/pagead/drt/ Frame 32E3
143 B
166 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
1712
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 03:38:24 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js
pagead2.googlesyndication.com/bg/ Frame 53E1
50 KB
19 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6bf1da233645c84549609f619670d4d3e946ac61d516fd53e597c10ad100608a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 13:18:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
53292
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19601
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 10 Dec 2024 13:18:44 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 5E5C
31 KB
12 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJ_-fhZVV7Cf_9or6Am9g7xegRuZpaJFmKbGfL1K0S0czk2G0Z-pgCtIjqJSWK4iSEbgZJmweWvfHnQuLK79dmXILhTCR5_ztVxWoX_9Rf0vVvN0GRPBk0QPqJMOQeogaThnmHr_ZIfh_lFpBgfPgBb1VSRFs_keM-cI5c7VyH_zSBoOg&cry=1&dbm_d=AKAmf-BuV1u_DFmdwByYRwZfQISESZOucSK6cuYhY_LYez7ZmEmfUCTgDsFMlvz4Zwwstht9BtUHVnJzJItLD7-AjzvIRV8cilCWNBxBZZyQQZKjZXXHrNzZJLHqXixEuA-PR-NsOMRTUEOtVYPAVE2n2UDw0i_725xRZKaRzRV7X5_zn0gP5hq_0_zh6Cfc0xWcHlnG3bHkhSM0Vpc7LRnNIU1kAlw4fHt2jfEwSp3hWYQq9RIEoPcGSexJdo73fhcDPnQgEDzmJLo450hZTSH8Ezg2sSDUd-eaYBDWrVkb0W3jFwXbp9iy2cDAfZ4r6iwaHmLAeMzlqt-15r-fxNHZDt6YLhTU3rsnz3Hkr9bwiAIBOoQWozu2mHEM4vgwaEy9tFfPFF-gTBK8bVfJgC5UM9Z_9o2E8mJhz8SKi1M8I5oEAt15D6aHU6Q3_zW1pYAeh95bhRIniKOdAGWEN72gMHGMVCrPUWdeNbi1kbEsJoACniD9Wesxw0BD2trwYoR0-XD2ZyWsT1RPBuFXoXRHdJo8hgsspoYQ1ylSOklUhcmQWB7YtWuh6xCeTnGvcK1S8-DYbKunHevH_is0xX8iNMj3ZAjlzIPIEa1gwH9uD2EBXGkimKRQAcnNeO-lcbkhzOXJH68NC9Mi5FKqrk4siAQEE46zVg7Y9eaPFwO3UC1-nPmSyc8HTSBkjNkjWgosPnG_lLH1iCGOOuGtdt1DCvZLMtmuMSqRLAWDkq-188RtHLhbt2B6KksE1oA6ozJQhrA8pa8PfDj4BuHMhZ1ggktGLBlYQeJTb8xOkZ1ycvk4IElZpuAzYh-3hmS9CK4lYS6p69sIfW0lxczZHBxYko7lzOvUT2twoMUhu-zLQRg2KloJnru2C8hA5F6w7nxsru8ss3ZCkCTgX_lyTZVwGDGDprforO9s-Xi0itOckNZZ9Co4cQM7mPxQ4ClC5PzJuOAfEOpsqtOkWlgvFPB_-J3hDAcAVgTDHmAYs9j8UGMb9aN-FYVGeCansgdx02c50dO8ABXMottPNIAhK7_n_qYsGOhemcU6J4TvwFDYp80jF3A7ytRRMsKKIQ_ync48UK3o6SugQg78EkIHvmSZKjGDfIOLAUxrv6n5yOfV1bx_KsWr9f6Pdb2Ucwgxfd5VJBy7lMO_S-sxpMt67Wwldy6mmGdVkBfTduuI9ma5VIrKer2R6tzWSVWhcC1uRovzHUyVKfRrPUfO2uaug47JKFZLmeH9SGOgr381vAIslIiXVXUBK_8TJIwPpRDG6kCTRUkehO-eo3R7yPrMIg6dL10LU31igNKUigNREqifokqu7Q2wMcV1xqVTgsOmgWh2R2DRDwVQsukeHYCHkfUcbuqOkthzYQAAST0fzFAtOK-juJajXXmjjPgGVjpEKHdAV7Q-vxtYOy97FTwKEZTHVQs-H4G-YIZykL6fdSz7-bNL9jQklW_UN6AJly7LXCzi38BZcFwpLbHtXTyU-7xhT2FzaSdnGecaI8i8xxYfAv64k8VDZSHTtJMpWqzw14n6EPQrk_o-Y97EDqouMVyD6AQZp-Pf29O8N00iuGfptfzmEquLs0tEVySvpXDF0OH7hXOepm-tRmFqymZyzqAiXAZDBmZbZU5wUXMPUofFGiDkVZcGUwf3DTMvVL-tya3AGp3eKJ1PfGLRUZgk75THMEgF35AutA2BpI6Ee5Dth-jWkQFc6KgZgH2HbvoyQNxjtZQFI9oJCB8mcBMto_HPHS8PWWeg1c8iDjwNSWipeoiCbgvzLGOWIsmzLxXLXstIkvVh_RRfQSBwYFlejgbar4IkIGz9fz3YKhLAG-KukLUL9Z65EPAVpnDM6ulQ43xVv9ny4NlYt1unKNbrQVACUe2Z9IJ-ZLbj75s1pHndxyNeNVI4zfkc9vyThBGFJXvCdaUykVQ_qb5g8LMqR99BLL3_Jml-qZR2fl7lbaNmRW4ehUtYrzTKQK_ex3QViRFQLPqa_Psz9j8dyZNcQiyu9CflIdFtFYfnOWqXw7FTSRthiY0Uc3FbmTNG5wSXwzWb5jbefCXUBg9ggd69ZxDJFyp2bEUxCZXk5nzZFxV2w3HChi_7fNCG7F-0fAYTTH2UVc2YBQWC9bRCNI-JqNAKZEsic-hD6GaGeSgVhDIX7NP3HK5WlkmYUfbxZbfy5zj3bqRLVOxfPAhsxUDdx6wLdKPEmRTXHKYn07Jmj_Fn5gvJN-buqRUotT154KL3AW0MEHoMGqP8xvyfYoFHimhi5rSuzzQVrR7TYR5eyooAMzm4xSLFoV-0ZLxQCshcRQmSTC7iljguoyaJPXlqCDgax0JsCCuTG6Lf-nVc7QPzGKKea4D_3V_civrDfMDS06ZoU7FrMxeu8q5nCPJXhSMvs9OMiqnACfzuh2avx4R_LwE_CjXIjcxSX3A2urqsrIp8KD6y5iaJ8htzz9sq-qNscCGH7XRe8Zw3tPQPEqhIlJ_al3S5oKHdjmOHJm30HFlzVEynjydRYbbp-0L_IfFmUnfxM0sPLxuJuyrk45AbEc6kjBmKCpLVY6u_XQYQn7UXc5UoMb42eaSVx210IW33_Uw9Wd7gJh4b9mX6fw9vQSVbvnCUruf1WiptZXG8pWnETWo3k88pEBDOAI6UgvqcLlVleXpuR8X62Kvt8vfjbWuMg9r5I5V_4OW-MiIrVypYgjdDyLZVmC0PKgdORz9cZ39aG6rSFQOZyC5X-DvXY0_N89jaIS1qkQ7eBdE9CRsbWshCnvNnB9V3yVRQbGUsVgN9tDWMqpYUGS7FvU7anreR4aKciPOMYpXbBZzDb91BfxlcRfLK66FAor0ni9wJ5M9CtD0JrpTLceQ2lc0My2dxvNvbCd0VuBkQfRjRbDE-XGNir9Gc5Zo_0htQjnoIVMWWFdMN7KogdzEsutB_KTC_vOWBgAkpPGoLb4oz3SN_KR5Uv-IleN8rgkFf8mwQ5rKrdU9faXHASUlNtX2stRQy5dhXpQUaIGS0XhHCu-Bd5xxAB2cj_zXaSiVaudIz8FqBZNHOZHtXO9nXDBc33vB2JDLp4JGXx-dA-d-aGFIpUZfrK_TlESmblEZIoKaN3CJEdKvvYHjzbvGzYuYecl9CctuO7q9VFI70meUdPBY7dDqqiK452UIAfXIL7h0yiN3wegjzPTHiYwihpLRbnQOocMg4VGaG2dvDkRScX2MLD7S8dI5pTkKoEgTMenYoplOs_8a37M5HUttZB0WCJuNmEJe3dDURI0H6M3oO-qtTlyy9za3DDXlm0p_xwCeHiW7xtIsuFqQFNve4bIS_mHY4yyzAoLl9ga6b0draef9OnSlO8W0Cf_I6MNpCzWSmJMzsF284t4UzV-1PI9GSRkVApOC4Jc9t6EfKIgEXfJX7u_KRqlwibt_9xeiGXs29hCGCfn8vD0EC2zXwlk5ZExUpvsZUXEfj1m2a9q13YbzagPYq0JZwGd4x-N36Nfc_hnfi0OXUtAPnz1M-1H_Yxqt_R22LefgSTE92cW6uUTB5-cNm1HzuE_VQYJUm_WJA_e8cKSH9u8MSTpVP4clRICdWhshAM7cvsK1dSQge5xUqU4oTdiimQmFs3sWa1kFsdWb3b3oZLN_ogluSyKVYhxqBBU_erNhtEn408e8G-wu5e6NDitzKTkmsUsy0v-1rfcWfFV_lAsm-h98K4yHm8O7SinAduGC7v0A2PKHyk3X0i6m6e8yk15LgcPYeFZBic93fML2jWQIk8PFVw1ybw58Fr4ACVWuIybWi5qwQ-8sK8utkiaP18rTebUc_EGohccFbjY-Ciz_Ish-Iw6WqVjO0pBQJFJM&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=1091875568932140300&adk=2228999114&idt=104&cac=0&dtd=63
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 20:42:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
26669
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11943
x-xss-protection
0
server
cafe
etag
4141415479739543000
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 20:42:27 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 5E5C
41 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJ_-fhZVV7Cf_9or6Am9g7xegRuZpaJFmKbGfL1K0S0czk2G0Z-pgCtIjqJSWK4iSEbgZJmweWvfHnQuLK79dmXILhTCR5_ztVxWoX_9Rf0vVvN0GRPBk0QPqJMOQeogaThnmHr_ZIfh_lFpBgfPgBb1VSRFs_keM-cI5c7VyH_zSBoOg&cry=1&dbm_d=AKAmf-BuV1u_DFmdwByYRwZfQISESZOucSK6cuYhY_LYez7ZmEmfUCTgDsFMlvz4Zwwstht9BtUHVnJzJItLD7-AjzvIRV8cilCWNBxBZZyQQZKjZXXHrNzZJLHqXixEuA-PR-NsOMRTUEOtVYPAVE2n2UDw0i_725xRZKaRzRV7X5_zn0gP5hq_0_zh6Cfc0xWcHlnG3bHkhSM0Vpc7LRnNIU1kAlw4fHt2jfEwSp3hWYQq9RIEoPcGSexJdo73fhcDPnQgEDzmJLo450hZTSH8Ezg2sSDUd-eaYBDWrVkb0W3jFwXbp9iy2cDAfZ4r6iwaHmLAeMzlqt-15r-fxNHZDt6YLhTU3rsnz3Hkr9bwiAIBOoQWozu2mHEM4vgwaEy9tFfPFF-gTBK8bVfJgC5UM9Z_9o2E8mJhz8SKi1M8I5oEAt15D6aHU6Q3_zW1pYAeh95bhRIniKOdAGWEN72gMHGMVCrPUWdeNbi1kbEsJoACniD9Wesxw0BD2trwYoR0-XD2ZyWsT1RPBuFXoXRHdJo8hgsspoYQ1ylSOklUhcmQWB7YtWuh6xCeTnGvcK1S8-DYbKunHevH_is0xX8iNMj3ZAjlzIPIEa1gwH9uD2EBXGkimKRQAcnNeO-lcbkhzOXJH68NC9Mi5FKqrk4siAQEE46zVg7Y9eaPFwO3UC1-nPmSyc8HTSBkjNkjWgosPnG_lLH1iCGOOuGtdt1DCvZLMtmuMSqRLAWDkq-188RtHLhbt2B6KksE1oA6ozJQhrA8pa8PfDj4BuHMhZ1ggktGLBlYQeJTb8xOkZ1ycvk4IElZpuAzYh-3hmS9CK4lYS6p69sIfW0lxczZHBxYko7lzOvUT2twoMUhu-zLQRg2KloJnru2C8hA5F6w7nxsru8ss3ZCkCTgX_lyTZVwGDGDprforO9s-Xi0itOckNZZ9Co4cQM7mPxQ4ClC5PzJuOAfEOpsqtOkWlgvFPB_-J3hDAcAVgTDHmAYs9j8UGMb9aN-FYVGeCansgdx02c50dO8ABXMottPNIAhK7_n_qYsGOhemcU6J4TvwFDYp80jF3A7ytRRMsKKIQ_ync48UK3o6SugQg78EkIHvmSZKjGDfIOLAUxrv6n5yOfV1bx_KsWr9f6Pdb2Ucwgxfd5VJBy7lMO_S-sxpMt67Wwldy6mmGdVkBfTduuI9ma5VIrKer2R6tzWSVWhcC1uRovzHUyVKfRrPUfO2uaug47JKFZLmeH9SGOgr381vAIslIiXVXUBK_8TJIwPpRDG6kCTRUkehO-eo3R7yPrMIg6dL10LU31igNKUigNREqifokqu7Q2wMcV1xqVTgsOmgWh2R2DRDwVQsukeHYCHkfUcbuqOkthzYQAAST0fzFAtOK-juJajXXmjjPgGVjpEKHdAV7Q-vxtYOy97FTwKEZTHVQs-H4G-YIZykL6fdSz7-bNL9jQklW_UN6AJly7LXCzi38BZcFwpLbHtXTyU-7xhT2FzaSdnGecaI8i8xxYfAv64k8VDZSHTtJMpWqzw14n6EPQrk_o-Y97EDqouMVyD6AQZp-Pf29O8N00iuGfptfzmEquLs0tEVySvpXDF0OH7hXOepm-tRmFqymZyzqAiXAZDBmZbZU5wUXMPUofFGiDkVZcGUwf3DTMvVL-tya3AGp3eKJ1PfGLRUZgk75THMEgF35AutA2BpI6Ee5Dth-jWkQFc6KgZgH2HbvoyQNxjtZQFI9oJCB8mcBMto_HPHS8PWWeg1c8iDjwNSWipeoiCbgvzLGOWIsmzLxXLXstIkvVh_RRfQSBwYFlejgbar4IkIGz9fz3YKhLAG-KukLUL9Z65EPAVpnDM6ulQ43xVv9ny4NlYt1unKNbrQVACUe2Z9IJ-ZLbj75s1pHndxyNeNVI4zfkc9vyThBGFJXvCdaUykVQ_qb5g8LMqR99BLL3_Jml-qZR2fl7lbaNmRW4ehUtYrzTKQK_ex3QViRFQLPqa_Psz9j8dyZNcQiyu9CflIdFtFYfnOWqXw7FTSRthiY0Uc3FbmTNG5wSXwzWb5jbefCXUBg9ggd69ZxDJFyp2bEUxCZXk5nzZFxV2w3HChi_7fNCG7F-0fAYTTH2UVc2YBQWC9bRCNI-JqNAKZEsic-hD6GaGeSgVhDIX7NP3HK5WlkmYUfbxZbfy5zj3bqRLVOxfPAhsxUDdx6wLdKPEmRTXHKYn07Jmj_Fn5gvJN-buqRUotT154KL3AW0MEHoMGqP8xvyfYoFHimhi5rSuzzQVrR7TYR5eyooAMzm4xSLFoV-0ZLxQCshcRQmSTC7iljguoyaJPXlqCDgax0JsCCuTG6Lf-nVc7QPzGKKea4D_3V_civrDfMDS06ZoU7FrMxeu8q5nCPJXhSMvs9OMiqnACfzuh2avx4R_LwE_CjXIjcxSX3A2urqsrIp8KD6y5iaJ8htzz9sq-qNscCGH7XRe8Zw3tPQPEqhIlJ_al3S5oKHdjmOHJm30HFlzVEynjydRYbbp-0L_IfFmUnfxM0sPLxuJuyrk45AbEc6kjBmKCpLVY6u_XQYQn7UXc5UoMb42eaSVx210IW33_Uw9Wd7gJh4b9mX6fw9vQSVbvnCUruf1WiptZXG8pWnETWo3k88pEBDOAI6UgvqcLlVleXpuR8X62Kvt8vfjbWuMg9r5I5V_4OW-MiIrVypYgjdDyLZVmC0PKgdORz9cZ39aG6rSFQOZyC5X-DvXY0_N89jaIS1qkQ7eBdE9CRsbWshCnvNnB9V3yVRQbGUsVgN9tDWMqpYUGS7FvU7anreR4aKciPOMYpXbBZzDb91BfxlcRfLK66FAor0ni9wJ5M9CtD0JrpTLceQ2lc0My2dxvNvbCd0VuBkQfRjRbDE-XGNir9Gc5Zo_0htQjnoIVMWWFdMN7KogdzEsutB_KTC_vOWBgAkpPGoLb4oz3SN_KR5Uv-IleN8rgkFf8mwQ5rKrdU9faXHASUlNtX2stRQy5dhXpQUaIGS0XhHCu-Bd5xxAB2cj_zXaSiVaudIz8FqBZNHOZHtXO9nXDBc33vB2JDLp4JGXx-dA-d-aGFIpUZfrK_TlESmblEZIoKaN3CJEdKvvYHjzbvGzYuYecl9CctuO7q9VFI70meUdPBY7dDqqiK452UIAfXIL7h0yiN3wegjzPTHiYwihpLRbnQOocMg4VGaG2dvDkRScX2MLD7S8dI5pTkKoEgTMenYoplOs_8a37M5HUttZB0WCJuNmEJe3dDURI0H6M3oO-qtTlyy9za3DDXlm0p_xwCeHiW7xtIsuFqQFNve4bIS_mHY4yyzAoLl9ga6b0draef9OnSlO8W0Cf_I6MNpCzWSmJMzsF284t4UzV-1PI9GSRkVApOC4Jc9t6EfKIgEXfJX7u_KRqlwibt_9xeiGXs29hCGCfn8vD0EC2zXwlk5ZExUpvsZUXEfj1m2a9q13YbzagPYq0JZwGd4x-N36Nfc_hnfi0OXUtAPnz1M-1H_Yxqt_R22LefgSTE92cW6uUTB5-cNm1HzuE_VQYJUm_WJA_e8cKSH9u8MSTpVP4clRICdWhshAM7cvsK1dSQge5xUqU4oTdiimQmFs3sWa1kFsdWb3b3oZLN_ogluSyKVYhxqBBU_erNhtEn408e8G-wu5e6NDitzKTkmsUsy0v-1rfcWfFV_lAsm-h98K4yHm8O7SinAduGC7v0A2PKHyk3X0i6m6e8yk15LgcPYeFZBic93fML2jWQIk8PFVw1ybw58Fr4ACVWuIybWi5qwQ-8sK8utkiaP18rTebUc_EGohccFbjY-Ciz_Ish-Iw6WqVjO0pBQJFJM&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=1091875568932140300&adk=2228999114&idt=104&cac=0&dtd=63
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 16:25:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
42101
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 10 Dec 2024 16:25:15 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjM1NDAxNjQwNTA4MQogIHNlcnZlcl9pcDogMTI2MDYxMzA3CiAgcHJvY2Vzc19pZDogNjIwOTQ1Mzk0Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDMyNzY4MTcK...
ad.doubleclick.net/ddm/activity/ Frame 5E5C
0
717 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjM1NDAxNjQwNTA4MQogIHNlcnZlcl9pcDogMTI2MDYxMzA3CiAgcHJvY2Vzc19pZDogNjIwOTQ1Mzk0Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDMyNzY4MTcKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3phbGFuZG8uZGUiCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMgpldmVudF9pbXByZXNzaW9uX2lkOiAzOTgwNTMwMDA2MTU4ODAzMjcwCmRlYnVnX2tleTogMzIyNzM5NDUwNDcyNjUzOTMzOQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjMtMTItMTIiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMjc2ODE3CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzU5Mjg4MjQ4CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTExNzk5NzQwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIwMzExNTg5MDE2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDcxMTQ1MTc5CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3phbGFuZG8uZGUiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly96YWxhbmRvLmZyIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vemFsYW5kby5wbCIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDc1NDk3NDcyMAo
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0xbb666fd88b2c46760000000000000000","13":"0x6ba8ce31ddfc13060000000000000000","14":"0x1019c528510d7a20000000000000000","15":"0xb6afd448fa7227150000000000000000"},"debug_key":"3227394504726539339","debug_reporting":true,"destination":"https://zalando.de","expiry":"172800","filter_data":{"14":[],"21":[],"8":["3276817"]},"priority":"0","source_event_id":"3980530006158803270"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 0271
31 KB
12 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BSMo1xBNrpuLD4qsaGJGuxlJgasZvuR_3COCwB1fvRPwSG-EczR4fH2cAMYl4x9cJcwAGbPZSMQ4zESvtcqFI8wv8VVp0mpzg_keW9-uL5MABSItQAgGXaK_m-AtBLTDRHEJqvFhz0k8Yz1r5xg6czcJNtwalytP4clH2JccB5y0D8kQs&cry=1&dbm_d=AKAmf-Di8mnEYofR805KPQVtbIvRnYjfAhDHXskHwLupMd1SnT-SO_21TLiDTB4iIq_U31LxyoJ0aOkOunneQxvW5wZ1DYLNscY02-SC8qMSsBoJCH-XWF_u0obcLgFHJC7w8yOPZnbUp1rGoIYzxmRCW6NBUjxO6fIkATSkbjVSZVwG8k4o0e4Uh5IEoq20gclWg4udE0HYAVO7VaYfIOCfrJHrOPPgyhYhRq0_FDCLQOaDFVGGqUawf-Abr6z3qUbO1Y7oma8gJhUpJi77Am5eJt7xDyzos4z4zDQN-UYH-hHuUzgIzdsgVXvIgKPRM2YX6Bbj-nJs8RGQ3-6ILeYVzYmuxY5VAxuP5c8bEltNf4-oT1J0ZwgS6YS8VM3gT9LWw43LVuYmUHcxxYrF0lAKuXNgNm4Ml8mnGHIVsAPwR9HKny8zcm8FZ2O3bQIzd1mmg4VW4XzxxUa3_4lQR8KiSwsmQL4JkqZvzYTtlxovKmKrpFARxKgPdDoybAsTQh_oZhxqFV2TpBXznu5O_Iiiz-jQiI4zLowWQvIjG2aSJ1gPlfEcpSPs0OouR-9V6DVsecI903H946gpT7K2O3hMpmAZ8bnvDk4xsWWNSpz8a_EEmTWr85MV-dSVjE1NwTMDb_6fXc54DqxrhBbeddFVaOkQa4J2uNThhR0r0-qZ1-LFDSXyz7xFFv_HfFbswuxPLmjWptbI-VxWIaOfoLr9jiYDHdCEVO6zFKdZMHg4AFSOreEQMcZ1YxTi5hel8cf9dVld48MxNYzup-p5kL2Ke_Rf-5WnSv8EEJUoXWjNW-8kB_T7tI9CceH0iaS0FvJpQ1taCePS2g-V343bmQ7PeFBQZQtg2Mgt9TmPGR1ic_vDNuVFZouyJaKVrdwcEu8TCBy_VCWs3EQoPm-j_TH-Cd82Xm_U6VdVUSohhr9fQ7_BUYZqOjtXuSk0kgG3dKovQIXqiTmyXvhbPg8vmephL6TIeCoKXRAfdH20dL_rL_M8Z-VCVgeh8hwHGV9dHrSIg91eVnEOTqr5wAQ_LpaBBTSVfdwcb_WcbN9oR2gdD56FSK2vJyeiGRH_qX6v-_Wr4n2snTJtJqIMiYlIFhzjSdk4j94PXl72BUxEwW5aJh5aFVmvPXZHeuK6exyyc6YbwTGHQqs5XVXfKmSpokGc04wxFnOIlwMNUyDe16Wy4hkzqd0XhQNp4PZd3SsJjjYfIF_MxRkjlq3aMEUG9ZjcSG_GMfAtK8uqYRUDhHoszJ9kxnFXeKAepYUCJMbSk3BaG0IfL9jikowJItiGyEzlfyj8yd-JfZ2rEfYRXSrehOtVdh1Y3tIrSHsdhBCOgqtuEqk-Xsq-0OxYeO5NlJRDvF9cpnCTjoJOoZ4FiEYHgAdtB04_FL3bAswGQuUDKeNK3xVq3MYyyowwLWd4UoSJ58UFMfG_NO9Q-iXrZqfoNL8ZAjQQ9u82FofI81706jUP2CXQBSTDv2ZUFiM-0kZ8PeFkW6tgfHLUVrZBB41atLokI2o7mb6m8HiYqC0HMAZNcyXbs7c4BKrTPuFh65PTR-wSKYi2UHVru_qS6rWApg6xQDjVGc-r5KdLGbtSZFPArihFNZ38QeTO6UtvXPaEBzGRMvci9a3YcUAiEafSmm4AhF1_4fmUZ9NZ0QUhsD2xPQJ7skYgnaABW7L1qUAYm7jk-hJWSI9PWF-lqTOpykbJ1imxCOnax_b05LnhLNKlhzVnnvPB1VDkI3hSDsJwrZC8AhwK2XiJtcS772KX9N5rOD6HKQ-rKdvUXcpWu4j-svKEjRsHnMzAQZptDLGCXmkQYFpTSScx0igmCCCUOfzaQnfmNxjVQWaVPWbDruc_ooIygRpF858Zkze066tqZkcq7CQhmfw7T_SHM6Ku_fRGT2Rb9tgeLHXaIIXwmcghq2okxvMMrFCKBhkWNy1BjmJ3riOJH9Ja3egjSXs0qGWnRQi_yRgvCjD7jxP46XPl2NAcJq_NeEMcj2uzoQv4_Oscno6tKkHgk0HQi3CeTXg1LQ2Cj_xwpcJDEha3rASiRNL1jPNNQHYxRV_rVU4t0Q-gkM7PsDrZjivQtzlqMJQ1Y5X12oyRkqa6HakkGr2TLzlKVqS0rjtE02OJX42GHP4NmxgLIAm_3THuXxhgoT_cGmCEU19kYGTB35FB2Pj6VuOeUoOJjG54GoRrRhPmdMwEq8aN_a1VvZX4MT8RhNf8BZ-DuqIFHB3UvBjBFq3DMZLwIk4vqpnS6NJWykBcjkfG288oCv_Z66c8JIHFA_DatxHZIuVKJtGMoE9qIEzwehsbrKoPy7Kz3dJh4hcXHbZOmCaIJ64OsSOutQXEOdI0NTXypjYCidhH2wNO2soiqOywbLJaqdx0Pi9UiEuCff2Oofr9oQgVswmAUhUUJMPkuqf0B_a4u1DTxCS1aHVSXuJ0QGAToQesp_lDTfJjTnZKKmMNoj9W8OaD_ScxJQYX-yi3Ppz5t1lTeVvsGQg5bVL6x5kW3wGPmIV-ulKVOUVOp2SQxyO1otOlLHlJ8Faz58y2tQmJJ412sGeIpe8Dr1wkGtotMvvh7aSSvMXIA59bL10IgfZNVu6q-JCbQdcdK966WzfJlPSSOvB3A8N9yJlvgiY3VTVguDO0eEHE4q-x1jp5glKDmiqvklb9h2vnsuRzLY8akj4ndqKZPL5va3JmT45kFvbdgsiUTfDEcfDQ2LSc6oN6rLwPo3wJOaj6AHx_XyiSIUtlhduHGWHjF2N6b4Qih5I0si8aejpewsIETMnA6oeoWcVLr1_5jmvf7aVVcDHDv0aFnwp9n4BntXyDKWn7lqsUpu_8uxzp9Q8QB_linaso-XySx7HQOR3GLMGqCrHhONAFupbnIBPbsOhdYY0UzUPLthuUhZFcUjaFVL2p4z0hZ-5l9dGlhuqx2_UFBbNb6X6r1OhNkM8QDir-NvjoECVmZYK9aaf8C22asStpE445X3YBjkaT50RUHnWuuk0tUoltUCRJor8uT2j5mltv0YkUiyUXtedCT6kilrhH2_626RrbraT_o-jjlRPTDgYgtqDussVLOvnUc_flVIRDeKObXds8L8GNPElGD9B2Jp-UMteTKVaEmEv_YdAQvhIZHSfzNQA4G9Io_aOeE9YNAHifhBrBl2C2gfW7I-ZWxjECNxd5qXIbM-adCv8cobBxkmpw-svcVd4vND6VssYkZFKeiYBY2n8jsFVnUtcsyuj6eHnsKRTuFtox6z9FSYv9wozZ8bU5Ly4G2rWm0V9ugBtoGSb7hA59EAFBpb-75f21kBayQ9CS-GulBS1TXXHtLgLAj_7FH3FJ4ZDw9gBRXAyHo4jSALjpsv8EOK6_JRwU-jnbJByn6rm_usU5EaJt0ez5Mjvw6lo3HWJaFvz7P50YVcCoriRi7ta-Ai6mX2wiXHrcVLoGG4Q4URlwG4adtfCaUuaSsvOL0XrJmdvZXdCCHxSkDL82swqbcZEhi8soW3oxVcBWM9oZs5ihtFw6sZpCJjuF0aarVxOy8pO4UiVcl9krQJlTvrqrGXGXYSSKhXaWhp8c1qXOxq-hKIyWjLPQDeipvPKmmHNdXLITiNVRT9FnBFOfVfq_WYycAmEevTKv5Gt4FMGDrWDJBec3te47oZ8zT0YJxrfkl7e7lrYOZvEPfK0IMw3jht8D5PLNAgBEHXyGVACucoe2p-eaTM2k6nJc9YxS4UYt6Iqki8QVaVEOI_RBjUU02DwEPxXPggGEWyIVKhJ3BBN9WWq7BTNHeBgIeUCirOqZrozIrZYLs02Ta73BZ46vY37ASx3J0uJs-G42qIQ6eZjF92j2QjEpC_7M1v4SgCmc-EWH&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=18294551533896890000&adk=3047537734&idt=149&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 20:42:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
26669
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11943
x-xss-protection
0
server
cafe
etag
4141415479739543000
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 20:42:27 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 0271
41 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BSMo1xBNrpuLD4qsaGJGuxlJgasZvuR_3COCwB1fvRPwSG-EczR4fH2cAMYl4x9cJcwAGbPZSMQ4zESvtcqFI8wv8VVp0mpzg_keW9-uL5MABSItQAgGXaK_m-AtBLTDRHEJqvFhz0k8Yz1r5xg6czcJNtwalytP4clH2JccB5y0D8kQs&cry=1&dbm_d=AKAmf-Di8mnEYofR805KPQVtbIvRnYjfAhDHXskHwLupMd1SnT-SO_21TLiDTB4iIq_U31LxyoJ0aOkOunneQxvW5wZ1DYLNscY02-SC8qMSsBoJCH-XWF_u0obcLgFHJC7w8yOPZnbUp1rGoIYzxmRCW6NBUjxO6fIkATSkbjVSZVwG8k4o0e4Uh5IEoq20gclWg4udE0HYAVO7VaYfIOCfrJHrOPPgyhYhRq0_FDCLQOaDFVGGqUawf-Abr6z3qUbO1Y7oma8gJhUpJi77Am5eJt7xDyzos4z4zDQN-UYH-hHuUzgIzdsgVXvIgKPRM2YX6Bbj-nJs8RGQ3-6ILeYVzYmuxY5VAxuP5c8bEltNf4-oT1J0ZwgS6YS8VM3gT9LWw43LVuYmUHcxxYrF0lAKuXNgNm4Ml8mnGHIVsAPwR9HKny8zcm8FZ2O3bQIzd1mmg4VW4XzxxUa3_4lQR8KiSwsmQL4JkqZvzYTtlxovKmKrpFARxKgPdDoybAsTQh_oZhxqFV2TpBXznu5O_Iiiz-jQiI4zLowWQvIjG2aSJ1gPlfEcpSPs0OouR-9V6DVsecI903H946gpT7K2O3hMpmAZ8bnvDk4xsWWNSpz8a_EEmTWr85MV-dSVjE1NwTMDb_6fXc54DqxrhBbeddFVaOkQa4J2uNThhR0r0-qZ1-LFDSXyz7xFFv_HfFbswuxPLmjWptbI-VxWIaOfoLr9jiYDHdCEVO6zFKdZMHg4AFSOreEQMcZ1YxTi5hel8cf9dVld48MxNYzup-p5kL2Ke_Rf-5WnSv8EEJUoXWjNW-8kB_T7tI9CceH0iaS0FvJpQ1taCePS2g-V343bmQ7PeFBQZQtg2Mgt9TmPGR1ic_vDNuVFZouyJaKVrdwcEu8TCBy_VCWs3EQoPm-j_TH-Cd82Xm_U6VdVUSohhr9fQ7_BUYZqOjtXuSk0kgG3dKovQIXqiTmyXvhbPg8vmephL6TIeCoKXRAfdH20dL_rL_M8Z-VCVgeh8hwHGV9dHrSIg91eVnEOTqr5wAQ_LpaBBTSVfdwcb_WcbN9oR2gdD56FSK2vJyeiGRH_qX6v-_Wr4n2snTJtJqIMiYlIFhzjSdk4j94PXl72BUxEwW5aJh5aFVmvPXZHeuK6exyyc6YbwTGHQqs5XVXfKmSpokGc04wxFnOIlwMNUyDe16Wy4hkzqd0XhQNp4PZd3SsJjjYfIF_MxRkjlq3aMEUG9ZjcSG_GMfAtK8uqYRUDhHoszJ9kxnFXeKAepYUCJMbSk3BaG0IfL9jikowJItiGyEzlfyj8yd-JfZ2rEfYRXSrehOtVdh1Y3tIrSHsdhBCOgqtuEqk-Xsq-0OxYeO5NlJRDvF9cpnCTjoJOoZ4FiEYHgAdtB04_FL3bAswGQuUDKeNK3xVq3MYyyowwLWd4UoSJ58UFMfG_NO9Q-iXrZqfoNL8ZAjQQ9u82FofI81706jUP2CXQBSTDv2ZUFiM-0kZ8PeFkW6tgfHLUVrZBB41atLokI2o7mb6m8HiYqC0HMAZNcyXbs7c4BKrTPuFh65PTR-wSKYi2UHVru_qS6rWApg6xQDjVGc-r5KdLGbtSZFPArihFNZ38QeTO6UtvXPaEBzGRMvci9a3YcUAiEafSmm4AhF1_4fmUZ9NZ0QUhsD2xPQJ7skYgnaABW7L1qUAYm7jk-hJWSI9PWF-lqTOpykbJ1imxCOnax_b05LnhLNKlhzVnnvPB1VDkI3hSDsJwrZC8AhwK2XiJtcS772KX9N5rOD6HKQ-rKdvUXcpWu4j-svKEjRsHnMzAQZptDLGCXmkQYFpTSScx0igmCCCUOfzaQnfmNxjVQWaVPWbDruc_ooIygRpF858Zkze066tqZkcq7CQhmfw7T_SHM6Ku_fRGT2Rb9tgeLHXaIIXwmcghq2okxvMMrFCKBhkWNy1BjmJ3riOJH9Ja3egjSXs0qGWnRQi_yRgvCjD7jxP46XPl2NAcJq_NeEMcj2uzoQv4_Oscno6tKkHgk0HQi3CeTXg1LQ2Cj_xwpcJDEha3rASiRNL1jPNNQHYxRV_rVU4t0Q-gkM7PsDrZjivQtzlqMJQ1Y5X12oyRkqa6HakkGr2TLzlKVqS0rjtE02OJX42GHP4NmxgLIAm_3THuXxhgoT_cGmCEU19kYGTB35FB2Pj6VuOeUoOJjG54GoRrRhPmdMwEq8aN_a1VvZX4MT8RhNf8BZ-DuqIFHB3UvBjBFq3DMZLwIk4vqpnS6NJWykBcjkfG288oCv_Z66c8JIHFA_DatxHZIuVKJtGMoE9qIEzwehsbrKoPy7Kz3dJh4hcXHbZOmCaIJ64OsSOutQXEOdI0NTXypjYCidhH2wNO2soiqOywbLJaqdx0Pi9UiEuCff2Oofr9oQgVswmAUhUUJMPkuqf0B_a4u1DTxCS1aHVSXuJ0QGAToQesp_lDTfJjTnZKKmMNoj9W8OaD_ScxJQYX-yi3Ppz5t1lTeVvsGQg5bVL6x5kW3wGPmIV-ulKVOUVOp2SQxyO1otOlLHlJ8Faz58y2tQmJJ412sGeIpe8Dr1wkGtotMvvh7aSSvMXIA59bL10IgfZNVu6q-JCbQdcdK966WzfJlPSSOvB3A8N9yJlvgiY3VTVguDO0eEHE4q-x1jp5glKDmiqvklb9h2vnsuRzLY8akj4ndqKZPL5va3JmT45kFvbdgsiUTfDEcfDQ2LSc6oN6rLwPo3wJOaj6AHx_XyiSIUtlhduHGWHjF2N6b4Qih5I0si8aejpewsIETMnA6oeoWcVLr1_5jmvf7aVVcDHDv0aFnwp9n4BntXyDKWn7lqsUpu_8uxzp9Q8QB_linaso-XySx7HQOR3GLMGqCrHhONAFupbnIBPbsOhdYY0UzUPLthuUhZFcUjaFVL2p4z0hZ-5l9dGlhuqx2_UFBbNb6X6r1OhNkM8QDir-NvjoECVmZYK9aaf8C22asStpE445X3YBjkaT50RUHnWuuk0tUoltUCRJor8uT2j5mltv0YkUiyUXtedCT6kilrhH2_626RrbraT_o-jjlRPTDgYgtqDussVLOvnUc_flVIRDeKObXds8L8GNPElGD9B2Jp-UMteTKVaEmEv_YdAQvhIZHSfzNQA4G9Io_aOeE9YNAHifhBrBl2C2gfW7I-ZWxjECNxd5qXIbM-adCv8cobBxkmpw-svcVd4vND6VssYkZFKeiYBY2n8jsFVnUtcsyuj6eHnsKRTuFtox6z9FSYv9wozZ8bU5Ly4G2rWm0V9ugBtoGSb7hA59EAFBpb-75f21kBayQ9CS-GulBS1TXXHtLgLAj_7FH3FJ4ZDw9gBRXAyHo4jSALjpsv8EOK6_JRwU-jnbJByn6rm_usU5EaJt0ez5Mjvw6lo3HWJaFvz7P50YVcCoriRi7ta-Ai6mX2wiXHrcVLoGG4Q4URlwG4adtfCaUuaSsvOL0XrJmdvZXdCCHxSkDL82swqbcZEhi8soW3oxVcBWM9oZs5ihtFw6sZpCJjuF0aarVxOy8pO4UiVcl9krQJlTvrqrGXGXYSSKhXaWhp8c1qXOxq-hKIyWjLPQDeipvPKmmHNdXLITiNVRT9FnBFOfVfq_WYycAmEevTKv5Gt4FMGDrWDJBec3te47oZ8zT0YJxrfkl7e7lrYOZvEPfK0IMw3jht8D5PLNAgBEHXyGVACucoe2p-eaTM2k6nJc9YxS4UYt6Iqki8QVaVEOI_RBjUU02DwEPxXPggGEWyIVKhJ3BBN9WWq7BTNHeBgIeUCirOqZrozIrZYLs02Ta73BZ46vY37ASx3J0uJs-G42qIQ6eZjF92j2QjEpC_7M1v4SgCmc-EWH&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=18294551533896890000&adk=3047537734&idt=149&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 16:25:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
42101
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 10 Dec 2024 16:25:15 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjM1NDAxNjQyNDk2MAogIHNlcnZlcl9pcDogMTI2MDY1MzE2CiAgcHJvY2Vzc19pZDogMTY3ODcyMTE2Mwp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAzMjc2ODE3...
ad.doubleclick.net/ddm/activity/ Frame 0271
0
473 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjM1NDAxNjQyNDk2MAogIHNlcnZlcl9pcDogMTI2MDY1MzE2CiAgcHJvY2Vzc19pZDogMTY3ODcyMTE2Mwp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAzMjc2ODE3CmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly96YWxhbmRvLmRlIgp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDIKZXZlbnRfaW1wcmVzc2lvbl9pZDogNTY5OTkyNTEzNDQwNjkzODQ0MgpkZWJ1Z19rZXk6IDc4NjkzNTA0MDA1NjI4MDE3MwppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjMtMTItMTIiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMjc2ODE3CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzU5NDA5ODI1CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTExNzk5NzQwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIwMzExNTg5MDE2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDcxMTczOTk3CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3phbGFuZG8uZGUiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly96YWxhbmRvLmZyIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vemFsYW5kby5wbCIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDc1NDk3NDcyMAo
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0xbb666fd88b2c46760000000000000000","13":"0x6ba8ce31ddfc13060000000000000000","14":"0x1019c528510d7a20000000000000000","15":"0x38ef89ac527d8e80000000000000000"},"debug_key":"786935040056280173","debug_reporting":true,"destination":"https://zalando.de","expiry":"172800","filter_data":{"14":[],"21":[],"8":["3276817"]},"priority":"0","source_event_id":"5699925134406938442"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bg
ads.revjet.com/ Frame 5E5C
43 KB
18 KB
Script
General
Full URL
https://ads.revjet.com/bg
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
65.109.98.108 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.108.98.109.65.clients.your-server.de
Software
nginx /
Resource Hash
1b16a5af84666feb9f8f195d3a8b74042f80439ca327b61f1c598f58072911ea

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p
CP="CAO PSA OUR"
date
Tue, 12 Dec 2023 04:06:56 GMT
cache-control
max-age=10800
content-encoding
gzip
content-type
application/javascript
server
nginx
expires
Tue, 12 Dec 2023 07:06:56 GMT
truncated
/ Frame 5E5C
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
968e895b43cfcc541db9acc9864beebff5df657d994d2ca8a2dffcaee878e54f

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
bg
ads.revjet.com/ Frame 0271
43 KB
18 KB
Script
General
Full URL
https://ads.revjet.com/bg
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
65.109.98.108 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.108.98.109.65.clients.your-server.de
Software
nginx /
Resource Hash
1b16a5af84666feb9f8f195d3a8b74042f80439ca327b61f1c598f58072911ea

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p
CP="CAO PSA OUR"
date
Tue, 12 Dec 2023 04:06:56 GMT
cache-control
max-age=10800
content-encoding
gzip
content-type
application/javascript
server
nginx
expires
Tue, 12 Dec 2023 07:06:56 GMT
truncated
/ Frame 0271
212 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6b40641f40b50a3e453a45339ac5638a8d37ffba450d0f0e2967bce633be9b03

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3128
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5087712586298&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3128
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5087712586298&version=m202309260101&ct=77&x=1&cor=18180865502556393000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 3128
34 KB
19 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ABbZNxA4uJQn4lkR4S7GLXKgednxG2Q5yvRcnNywjmTImLul_ExcfQsKE8CiXPOQ6u4N43i34v9SKTiwGDorXJLedzNReRgTADjRw-HT4T7P0qMt3L7o2SeHqsm0E-LvzYGxk9qhnOQJ0KK11SfDC3IiepFJQMi2LAyew8yOUBmhUj1jY&cry=1&dbm_d=AKAmf-AOlbVwhyPr8pI0rgjn1Kmcs2U92iKGKJjhs329dOSFdVhG8-C95EJRdYNwrsCWogXIr0vXzAISEr0Ho8d_pcvajqI6CY78ow-YU7JCR3PyxT2RCiUAKkP6kEJTYbJBqMp4PNYvPgkc689Jgo93n_qA1BOquHPnFYIHW_OqnI5j4Hn58aZrpWPIwljhQIPNs3StXskGTG8j7HYNRvk4AxqGqyRxufkh8ufOMVspYu_QZbE6AnqnuWpDOJ6Fgp42q5F38IqSVLml1Ye1TcDzonlwR3NUOy2y9DWJpzN03hSFKqBJ16JZl2kVq84-dh3LlsHm_6X0PFJ07MmN5xv3-rJuJwFgXDc7MHa0USmeNdfn7D5S5BawdAUZ8NLjnh0CkJWhxCFsfLb8MQRfuHZYzHAVWKRqWFeS0mbCzmrLeLFHDUyJC-G5oBIBOL2laQiVkn2G6g9btJeH7Kwif0RpZa7Z0d0OuyhxK6dYMOzr6NcUyeQF6aw8DvUNi5dPrXk6rLwP4m1S0EBNZwREIqg-Pe0Qy3oO6AGID2VmMN5rRZTNCM-18UaEwMGByjpj6xG1C--BGjpgoFmOiUG_QdETRnejVlnIOnQJlvwH-oBnkuB1Kh9HGx0i6KDvU9pWTcKN965iOfIEqKlh3cynkO-D2ffStw7fTO52AYKFGoO12yFbZPfai9watYo2fq7MG5yIch88Tvc22ZdEY2MzX3vpjbG7JW1F9Y50gDlcbBgJj6n4x_PJAx4Ri6ILh9ash2oRGIy2FouO6vSFOe4IYAOClvzJkOQ0Nn2-TB-Pk1Cg6gzFZbOwIuXaMjn3seVoh6v4BfNxpjpeVpbhjqUC5_8txyLrvQbctGB8KvZxsq0eUU59JZYMhDSptlgYiTo8NUqaea0U8tJhXZ7xhl2MP05A47owaGaGpDg1bM1x2TXsMnGIhptcamTFHhr8Iti5Xfh6t1pzGqU2HxG_CdbDOnSl7_s6pEalLuytL-Ke6XMIiu2ykuAj0hZ3ndq5hebg_gjH_ss0aKWurqER7AEydnJFbqDLQ1CnSaml0TLGITq4RP1C_y96pvL-oIcyB36bOYmoYmuL10XAXGYpM8i50mU-XjwWUZy94ZNT8JUXy-kOMFO3M772oq5iXSxrJrf8OLwyDLC243FSvu1es8gw74a_SUX7Qr81q7KaTdbLndmQtqMRr50OViOmXLT-7oZO-3hPG7q_fG-xBOFuxv4yd7xVduXKMgkxBMwaEwU6i65zvDdl7MAkahAkHZ2XRET3CneEbKJBqg48E_yYN-Y6_5dZ__UVGVLAt2DrwEGOZvzB8O0AHm5iNAgpCVQKGYkJoRRMpHUkWFjxXN3W-ksuTXI9DW9lyLPhqdfnu1v9nm301GbSTSw__2IhwCBaAqvtmpMPJcCsk8iby7nl7C5oZqj3s2Iklz2Af5i_oSKNx8WBrQiZIVcuwDj-3UakY2vvV8Xo1cvmTwIupL2bi3abxiYUMZN0ySmuyf3-GbPHP-OtXcHqR-whakZTSVQxD_IuegF2z-DsdbGSKrwiRPOYDUCUioOTMIbSUvkzw4kT_wD5Zn-Apfdz7a88hNMm7osgQb_6sc12H9vUfDj129vOE6-R0p2WaSRI_3NjKxfpJippMCDhV_0LRnb9eOjnnA68JVvg7eGRuQaaX_GDx8CJG9s28oEoP5z4RYXNoowUnTZm9_jZqRCuZ6bebpsBDymLEI5ctkYgQtVw-CBm3Ik8L9xVGj-0wBe266RwoYhx6a-tVrEen1WKU5y-LcNvSSwgMMOLxRTWbo2gnqa5zwRTxWx1fYQiteY_HsIL_SvLI7pyL4cR-lSPwO34vVieo68dowP_UB4mqKr_1dv_68wMZv2U345nKsUmOVTJwadHgdnncwTy60gZZdzAXLJhrSkdf8bAz3vuZXfbef2MuVmutyyMlAD97HNRYFcS4DC2LeE22NSE7ALZ3puZaBZhRfQvyIwKbbl3JUS00fiJ4yFe741bFaeronu6zFMo2xXc1XxU2Iw4FFDuz8gl831ge28r8kFtkBSs961VyvVLDaVCvID1z8uGTyAxZ8Pep7LNesrfF3qWs-zvkICCnZxql2q8-TcUpQw04UChpLKF8LvNpLdz5LL5kRCCxnoDtJd6NDQBHjQtj8XM6Ms_vYVe-hgsUZMyhFMmBcW-X4zMHX4HE08S9eGwP7Jycbd2cMVcLoBF3eQxAwBpWVnV-cSahw-wq9OsIUA2W-LKYB69h1FCpWg8NABknGLx0v8E8IfaLd4llc3VvN9I3LOPmZghaMCrWqQY0Qoj2uoNYvw5Nz3jwwjvul_j6QcrlyKjRpGiNiY5DtXsWKNbsJi8IckPeJJeV6DEaVLO0UXuA5-1IZGwQfRgsffqLE_BHlfZ_xqTFac0ZL-mZjZ2v4ingDUz8QrXzLl2E7nrpQZ1Se9t2ElqbtOs8Hl44i-OGNWrwsy6Cn0iDPf7LulD4xvb9M0_9ky_u007zkRC1QV8w9h0gDxA6LjETPzZV-agd2IjQdrlFlQhwl1slNF7M65okuA-DcHASlRuTg7-bCOJlJ8Y5Gxh_WP4Y5nysVx36bx99ohr9bJix2KGDyhLfLO6mUp59jOSo_fM3lRFVPN96NOy9ZryIyGsjsNtkzz335fA1_N6WBi6cOMZnVcWzGEsr3v0P4F-uhJx3UY5QQjRUfvIFNWVeMhUABDS-L4-w5wA0GvEBGf7hXBjRKj62zyYKUdZ6UJgHqLIPJmmflhoCWpAXnJHHWfsUM-2CY1Yos55XzPAkX1--1rBkdG0EDXENGlyFICHdgqiXPvP_WBmZlRQKG8AOrYBZ9gy-jMNvN6zJS4iQV1xlT6T6MXA4AnOmw1uJ-xitJdC7nS_gbqkj_mjN-OpRHcP02x9nCz2fEX5DVZDXXV0i7CQynlGFWjnohUzmklk4_3EaZHTZvghZ8nsypsVH7fzaDUaDJE7EB5gRvd7XWc40X5Ek4uJ2DT9z096q9iOgH_tkYq2D4HqDTV3e6agVUmayDtQQ4GKlQ-OJUta9DEzWpDsBtowVxYfrO85pqmNn4LzUZT0EFix-q0quX8Or9i7HQVAK9Ha2OIl3ZZAzMdvR3UeKP7e5OrGaZtmzLk0G2edvbKHmYQSj1rRT2OxWp5Ju_e2Jz672eIeuRxHf1Kv0M3UkIa58dTwJkv4UrzOyha0s0Y2xrAYSxY66N7r7eA-Lg8E-CTWuXwuJCJYd3bpL3urQxxprkqBU3A3YEBq3ueSILUbmh2yYntC1Ue5GX__vGTAOIp0armLQw3Ho9s-IYe4EJCYL7SaaOfG3occc8g1Pnm0POKrwqgHYPPQ_m56JFCTRCjBQ_l6aCuCxbejTp1VIrjkwrQhmzAZPq4tsNSZnFm2giM3zcBZf9eyn6NGanTq1WazH8ud8H8-9u12ddDRMgvwqXgtqwwvde5CKMgzCj_-hQwszV4P9qcJi7tztWbGpRTqoP5v-7gdhKSMke7MXUPJeddCmPix-jiMH0AbbnedI1yd6h5eHOu_Tibo4zHCWrSNBlUxIzUni1zCIJv3XJ_2T6wTv2XDiM2pusigOyNJcsj-ske6P7UlmWOfB5Vq0r1ZjzW1AiBAUnEeZjCNVCNowgqtThclgg_e-7wyfg0HNWOOilp6N44zyXW3T3oMQw958rtSfS45YLXwNDctPGFGJ52nfoc5bnugGo6UXL1_n_7tHYEj0x54duUo4-IIMPoAOSusobuFPOK6nmuerk7c0soX5jSInbSC6HLU52mjjJ8cIK4-P_oiJcfDgzCG4-ou7dxDYo9TP611qWXQX9lt-oAyKk3lcYooEetN2cQH0m6h&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=18180865502556393000&adk=2857193499&rc=1&idt=290&cac=0&dtd=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5abdc72b6809cd53c64b8aa0e250a14b744bfb9240f815d65e992dbab406c0f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19924
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 3989
31 KB
12 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CstKbUZhm6dEMlgPGpfviQEb5sDPV8hg2vJjIsO9Fpw5N7_QF00-UJHBtdWb0mp06hJYjAJWHbgy1XnlghzuSQNLi_BQO-E6wx4kRPPWAD7_-y-mt2TfA-LkQLiP-RbiRAbl9u_SrJJ2pGnLUkO4c195sKwHwBweoocqyajlvY130naeY&cry=1&dbm_d=AKAmf-BxSRtfuHTxYH8YOYs1qWJoBSmi_EZzTwCkGNYPEEOZOngzQz3RN2RvmYch46G1Ekn03tMdY7V4aRk95bgLHsaIn14g0TnDwZC3ySC2zs6X0f8voR2lq5hwOD0y-fYJ117iyCnYukcU1pLKIS0hsQSORnpb1drZIxNcS8593OykXu1xrUUM7iQiesAKz7MH6zxZW3a6zASSGIw22UWTJ6hTSGSytzZCjMSRqb6NI--urLXK5quPKI9NayRCrQfMkPqynrsMLJY-8IJNZqbvo4fgauxrFTOci2PC5ZnATuJbLS6d9awhObEdJlY7oMKvszB21RkaITAivEreH6hlOKwvADSd4Opj7Y5xCBGq4GI1UqVBvJX5HyuyBz75idoFkYIk6PCZXZfzzK9Gm27P2MCEXekUWfNGG8K0s4GcchFIYS_MINf44JEQD13uNCcTAZeP9TCDJQ3JzNpeod5N8Cy5JeRJDivaYtR1XXl1jdSKlcKgbGosZt-u7PCWROHUxzSZx6AECoJAzXha4PGq2t6GZ4FoyE4kPb6WPX8zlYC5Lu33zj1ZV2SpjRj9MqAFgSK8qLwbjyIgvXO9PGuZcLWxiT_eg93PYbiG5cK-Lke_6vSUB0Pm2HtGgL1hDYrXHtKARAUoxQ2nfDtlunkmx5hUkY8G-stw_5rO76QlU1rJDgPIkm_wvJ_UN3paQguEaFvA1EfOyQCoZQuPyGzudBGP_v1XLjiChsQrSDgnqKQGmIyqpFafzE7np1lQphWfP7OOOPxO6CZZ_X9F4wTPRdHEOvpcwltaJWlOURswIbzLAU-xYtG0-EHZmnCdDjlxLr6qdlj5mZb8wCsRW8a1ETcrnjH2NjQYsTIMW_w01gip-zuUIzhhUyc3xNun7Lwc2-gpDyvcwJFl6KlruKYFl7uqTbZwfqxM8haSuvWnxj556l7m7aq6zSgyGERmLHNvrfW8Sy24qDQRehshAMszcacgFe1ntMO27g7t0B6K70YzF0jvy3jm8wgITxODNoVLXkdnWwdeTGkmQwQwA527qqvy5KJudXhWJDs01AVEw3TZBahu39gpkIhiqf_GtcMJrqFdi-F8_mr5yfFXzkoZ9lv-qF6bTMvppGeZ_j2SLPULgZm47oHdgwwt48f4QlbCSMwASdo32E3jwYCk3yj0zksPGZLyGruG1eqfhcYZSEtM6esjrvTez58V2ZAR25QEMzJ7I5AtK5h7vdbXPwDMYwwBXWX10iFLrQElaKiIvCMGltVPQ8Z7kBg2edvq4qpbsgAz66SJJ5oa8Wsaa-W4kPzJKoXGwa9i_FIxT7pf6djonkhdDF16FQrYQ3ykQg6QIXI2efBhf_AWJdGfxy0t8SxSRt4JHbRjVX1lb6eSFHJuUZhdwQWwfcMHUHVd-O-zhB1e7vDyfYlAtr13NDEVkRiBcTukSG72SnviVLRtf2HNiceilh657fa9pFmaqqFgbzhQix5b4bC8ToYz78RU6n3L9dVcAOVdLyDat6zH4Cp4TlA-Xs0m01CeQg81UZbcSVtWdhK2zfo3xFIHdY_g-DScy9xOWPlITXqZjx7d1ymVK6Bpz6TZtjB9tSXn_11wpb7vxNL2XAIzC3cyFtWGDbd88x9fGCvzb8NxoTTziTUnI2aNCzfwPo92dbPZ3inDvV-L5usVDv9rwae4MQtzNttDcMI9ZsugV-4cjzT-fX6qUyq7HosrCqkD9oeM-VN3MlJXOtLL84EwBX4zDY8VieDhMEwfCVHBcdpolhrL0oq4QZKQEX9DCJH3-pSQ2baYbaM4a59V-O3oCRqIMpZY095dnPbdxQnghzVbitVkW-knv03kUTHAkj44Mhu3wc4XPivOrpaABnmi6d9pEhyrUvG18KBljGVZwlLH1R1DWFFY9Mse4qkcf_hHnSp4ZB-xcuH3koCD6vaxt9KKTuC-Tm3DCP1SOmc-9GAtOUV3WmOoM9Xox5En6pvIhoPgvEE10SXey90i4X7CsvbTYf0FowkHiUm3YFSx6HGlDL98Ig6QMeipWRL3EuJC2OlhII-yauKSVpeeBIZpGxpbGk-BeMHUW0REdDml1LkSe_eXIPAb2f2XN7wAWITm1leREAm9-98EtFvTOzHgN2B67xex7sNbVAnvUu07BYrfYaKr8faLZg6kvMXpLTSCQYZ-3lXIq9lD4OmC7Hdz2MDxMjT5mUcP9iTLfqYqRugQuBvnvDlCZBQL0qOFOJa4s8IjhpfM6daU3w_CUDGzQmszRY_DIQ6Acur8hrlyRXUtwhIssFJwxwHSOKUDRLTYgFaCtDcbvw1p0hPnumJgt4WhAgsANJ-KmMLCxTDvv4OZusihWrpIjcut3dBhKWmeDLJYtZy0eF4JBrgBeHGYGAcXwSQ2WKspG24_WhzhMvzZbU4zUVp7k23ul5K9Lhd3wErWagpwG_-XPu1uBzOcFXp_mfo6nJ5saGvdxI3L819TOAit1pWHNfFkvlpMpFEYyl1sQ0igFtWc7RglXxDSuqfTw62yiv2siJggzvDgIA7_utm9m0Up-hmnwZSRSvdkP4GbA8QbLK4DALCOxUxhkrJXXil-Jk8IzTKEIh54vQDoyg9-AtToHhlODDCsqtGvdL61KPyUDopdsJOU4tKwjYqcD-XTPragrpmHbZik8X9Hhl436PWfw1I6cB9Z_S1zquC63gujUNwzF3Bu38r6u_EFqlr9XMaVapwoN-M2L7CwDA5ki3Oh7QR1ZpVyd2oL0orAkfaV_jGtUh8ryXYQT2tbUk_jOdVpuRo8szyFsjZP83F-ud7QvFwGJtaYWSu1mAZvr_PFJxfs0elDnfPZYQxBn3A8qVZsZ4voDQyZtTimBRACTLKGH9WOEkVa3WiWZKjGN4GyEuGjDAe9ZF2DpXdYdcH6sJ8RIoQlVhVXtAuz29XZWjUkuFdRkRRjWm6jUN3BX3X3faplLLSuSXrc4UEhf0_ecAGYA-TlbwkXSYX1lFqNpVoCXO8R1VWKMZuZ-WvP7EzwDWq9I-lYsZmkzCPig0O0cZZ8nGM_pH1P5swmLZFdS9o2nlQG1CidfsVZElaTVB29WwTTX7gcVEadTFYxVQYxnSe4xP2gXfb-5fN1e2uBn-GIW8ablZdlz6-r1H7fLfkKYFRvP60AH3pe10a905mOlfCTR4x13_wQJ0PQ7LzxcFabSF23_MWq8iwKj33RPULB_qLDRl2TixV87uxgjiUxyGQ9-zp65f_yPiheHgX8wu15hScb7UYbRLdRAU0IQgHQo94jSdY9yWRcYC8gPmsM4A1csw_IDq-R06cqwBNU_Bgj2O7EZDkzTqYDeLgo3hRtgPkw8hnJL8KTjNoAZtN1VECpKY7U07prnK_7Nb5RYoMGRa1-sJ_EbGhFq5_4jfmGBqk8yC_70WNfNl_AiBEoHEXSOttXi4eEO3m9YUPWKypUR0dWMdG_qf33TC_ue5vanJi8vCYKpco8Sa24cN-tmWBeGd8-FET66ciZzEZel04iNVUP2PhRSd5cI_Ac1EdAyU8bDfTLkEj-tV55-0U4esuwL6TxY-5qM5b8Tp_rgQmaV0mPsKnei60MbsW4A7yQdyJE1twkdoFYMyB_ZkXfys-2QVGjhnngefVUd8R73ouFrD-IlBDLQmrFBZQJOr1s_Yn4VmgHOK6jdehLTxg_1nNr0HrZJFH5dR8w66TyCBY895N_4Z5lxWh2pfxpUtPYSEFh14iPMq1Zz92TK4y5Ue_-h1qwJuHycBE3RuYS3mAw2mhdFdJFfv_6q5Cr91_UErdXao25XjAaVbhpBfu-nn8HRXodp_WVNRxlYLqJSgmNM6o4JHH5i3QtUTvkjzsr3sEUnU6X&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=2452115689842996700&adk=2857193499&idt=189&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 20:42:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
26669
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11943
x-xss-protection
0
server
cafe
etag
4141415479739543000
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 20:42:27 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 3989
41 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CstKbUZhm6dEMlgPGpfviQEb5sDPV8hg2vJjIsO9Fpw5N7_QF00-UJHBtdWb0mp06hJYjAJWHbgy1XnlghzuSQNLi_BQO-E6wx4kRPPWAD7_-y-mt2TfA-LkQLiP-RbiRAbl9u_SrJJ2pGnLUkO4c195sKwHwBweoocqyajlvY130naeY&cry=1&dbm_d=AKAmf-BxSRtfuHTxYH8YOYs1qWJoBSmi_EZzTwCkGNYPEEOZOngzQz3RN2RvmYch46G1Ekn03tMdY7V4aRk95bgLHsaIn14g0TnDwZC3ySC2zs6X0f8voR2lq5hwOD0y-fYJ117iyCnYukcU1pLKIS0hsQSORnpb1drZIxNcS8593OykXu1xrUUM7iQiesAKz7MH6zxZW3a6zASSGIw22UWTJ6hTSGSytzZCjMSRqb6NI--urLXK5quPKI9NayRCrQfMkPqynrsMLJY-8IJNZqbvo4fgauxrFTOci2PC5ZnATuJbLS6d9awhObEdJlY7oMKvszB21RkaITAivEreH6hlOKwvADSd4Opj7Y5xCBGq4GI1UqVBvJX5HyuyBz75idoFkYIk6PCZXZfzzK9Gm27P2MCEXekUWfNGG8K0s4GcchFIYS_MINf44JEQD13uNCcTAZeP9TCDJQ3JzNpeod5N8Cy5JeRJDivaYtR1XXl1jdSKlcKgbGosZt-u7PCWROHUxzSZx6AECoJAzXha4PGq2t6GZ4FoyE4kPb6WPX8zlYC5Lu33zj1ZV2SpjRj9MqAFgSK8qLwbjyIgvXO9PGuZcLWxiT_eg93PYbiG5cK-Lke_6vSUB0Pm2HtGgL1hDYrXHtKARAUoxQ2nfDtlunkmx5hUkY8G-stw_5rO76QlU1rJDgPIkm_wvJ_UN3paQguEaFvA1EfOyQCoZQuPyGzudBGP_v1XLjiChsQrSDgnqKQGmIyqpFafzE7np1lQphWfP7OOOPxO6CZZ_X9F4wTPRdHEOvpcwltaJWlOURswIbzLAU-xYtG0-EHZmnCdDjlxLr6qdlj5mZb8wCsRW8a1ETcrnjH2NjQYsTIMW_w01gip-zuUIzhhUyc3xNun7Lwc2-gpDyvcwJFl6KlruKYFl7uqTbZwfqxM8haSuvWnxj556l7m7aq6zSgyGERmLHNvrfW8Sy24qDQRehshAMszcacgFe1ntMO27g7t0B6K70YzF0jvy3jm8wgITxODNoVLXkdnWwdeTGkmQwQwA527qqvy5KJudXhWJDs01AVEw3TZBahu39gpkIhiqf_GtcMJrqFdi-F8_mr5yfFXzkoZ9lv-qF6bTMvppGeZ_j2SLPULgZm47oHdgwwt48f4QlbCSMwASdo32E3jwYCk3yj0zksPGZLyGruG1eqfhcYZSEtM6esjrvTez58V2ZAR25QEMzJ7I5AtK5h7vdbXPwDMYwwBXWX10iFLrQElaKiIvCMGltVPQ8Z7kBg2edvq4qpbsgAz66SJJ5oa8Wsaa-W4kPzJKoXGwa9i_FIxT7pf6djonkhdDF16FQrYQ3ykQg6QIXI2efBhf_AWJdGfxy0t8SxSRt4JHbRjVX1lb6eSFHJuUZhdwQWwfcMHUHVd-O-zhB1e7vDyfYlAtr13NDEVkRiBcTukSG72SnviVLRtf2HNiceilh657fa9pFmaqqFgbzhQix5b4bC8ToYz78RU6n3L9dVcAOVdLyDat6zH4Cp4TlA-Xs0m01CeQg81UZbcSVtWdhK2zfo3xFIHdY_g-DScy9xOWPlITXqZjx7d1ymVK6Bpz6TZtjB9tSXn_11wpb7vxNL2XAIzC3cyFtWGDbd88x9fGCvzb8NxoTTziTUnI2aNCzfwPo92dbPZ3inDvV-L5usVDv9rwae4MQtzNttDcMI9ZsugV-4cjzT-fX6qUyq7HosrCqkD9oeM-VN3MlJXOtLL84EwBX4zDY8VieDhMEwfCVHBcdpolhrL0oq4QZKQEX9DCJH3-pSQ2baYbaM4a59V-O3oCRqIMpZY095dnPbdxQnghzVbitVkW-knv03kUTHAkj44Mhu3wc4XPivOrpaABnmi6d9pEhyrUvG18KBljGVZwlLH1R1DWFFY9Mse4qkcf_hHnSp4ZB-xcuH3koCD6vaxt9KKTuC-Tm3DCP1SOmc-9GAtOUV3WmOoM9Xox5En6pvIhoPgvEE10SXey90i4X7CsvbTYf0FowkHiUm3YFSx6HGlDL98Ig6QMeipWRL3EuJC2OlhII-yauKSVpeeBIZpGxpbGk-BeMHUW0REdDml1LkSe_eXIPAb2f2XN7wAWITm1leREAm9-98EtFvTOzHgN2B67xex7sNbVAnvUu07BYrfYaKr8faLZg6kvMXpLTSCQYZ-3lXIq9lD4OmC7Hdz2MDxMjT5mUcP9iTLfqYqRugQuBvnvDlCZBQL0qOFOJa4s8IjhpfM6daU3w_CUDGzQmszRY_DIQ6Acur8hrlyRXUtwhIssFJwxwHSOKUDRLTYgFaCtDcbvw1p0hPnumJgt4WhAgsANJ-KmMLCxTDvv4OZusihWrpIjcut3dBhKWmeDLJYtZy0eF4JBrgBeHGYGAcXwSQ2WKspG24_WhzhMvzZbU4zUVp7k23ul5K9Lhd3wErWagpwG_-XPu1uBzOcFXp_mfo6nJ5saGvdxI3L819TOAit1pWHNfFkvlpMpFEYyl1sQ0igFtWc7RglXxDSuqfTw62yiv2siJggzvDgIA7_utm9m0Up-hmnwZSRSvdkP4GbA8QbLK4DALCOxUxhkrJXXil-Jk8IzTKEIh54vQDoyg9-AtToHhlODDCsqtGvdL61KPyUDopdsJOU4tKwjYqcD-XTPragrpmHbZik8X9Hhl436PWfw1I6cB9Z_S1zquC63gujUNwzF3Bu38r6u_EFqlr9XMaVapwoN-M2L7CwDA5ki3Oh7QR1ZpVyd2oL0orAkfaV_jGtUh8ryXYQT2tbUk_jOdVpuRo8szyFsjZP83F-ud7QvFwGJtaYWSu1mAZvr_PFJxfs0elDnfPZYQxBn3A8qVZsZ4voDQyZtTimBRACTLKGH9WOEkVa3WiWZKjGN4GyEuGjDAe9ZF2DpXdYdcH6sJ8RIoQlVhVXtAuz29XZWjUkuFdRkRRjWm6jUN3BX3X3faplLLSuSXrc4UEhf0_ecAGYA-TlbwkXSYX1lFqNpVoCXO8R1VWKMZuZ-WvP7EzwDWq9I-lYsZmkzCPig0O0cZZ8nGM_pH1P5swmLZFdS9o2nlQG1CidfsVZElaTVB29WwTTX7gcVEadTFYxVQYxnSe4xP2gXfb-5fN1e2uBn-GIW8ablZdlz6-r1H7fLfkKYFRvP60AH3pe10a905mOlfCTR4x13_wQJ0PQ7LzxcFabSF23_MWq8iwKj33RPULB_qLDRl2TixV87uxgjiUxyGQ9-zp65f_yPiheHgX8wu15hScb7UYbRLdRAU0IQgHQo94jSdY9yWRcYC8gPmsM4A1csw_IDq-R06cqwBNU_Bgj2O7EZDkzTqYDeLgo3hRtgPkw8hnJL8KTjNoAZtN1VECpKY7U07prnK_7Nb5RYoMGRa1-sJ_EbGhFq5_4jfmGBqk8yC_70WNfNl_AiBEoHEXSOttXi4eEO3m9YUPWKypUR0dWMdG_qf33TC_ue5vanJi8vCYKpco8Sa24cN-tmWBeGd8-FET66ciZzEZel04iNVUP2PhRSd5cI_Ac1EdAyU8bDfTLkEj-tV55-0U4esuwL6TxY-5qM5b8Tp_rgQmaV0mPsKnei60MbsW4A7yQdyJE1twkdoFYMyB_ZkXfys-2QVGjhnngefVUd8R73ouFrD-IlBDLQmrFBZQJOr1s_Yn4VmgHOK6jdehLTxg_1nNr0HrZJFH5dR8w66TyCBY895N_4Z5lxWh2pfxpUtPYSEFh14iPMq1Zz92TK4y5Ue_-h1qwJuHycBE3RuYS3mAw2mhdFdJFfv_6q5Cr91_UErdXao25XjAaVbhpBfu-nn8HRXodp_WVNRxlYLqJSgmNM6o4JHH5i3QtUTvkjzsr3sEUnU6X&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=2452115689842996700&adk=2857193499&idt=189&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 16:25:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
42101
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 10 Dec 2024 16:25:15 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjM1NDAxNjQ2MTYyOQogIHNlcnZlcl9pcDogMTgyNDc2OTk1CiAgcHJvY2Vzc19pZDogMjQzMzczMjc3MAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAzMjc2ODE3...
ad.doubleclick.net/ddm/activity/ Frame 3989
0
473 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjM1NDAxNjQ2MTYyOQogIHNlcnZlcl9pcDogMTgyNDc2OTk1CiAgcHJvY2Vzc19pZDogMjQzMzczMjc3MAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAzMjc2ODE3CmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly96YWxhbmRvLmRlIgp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDIKZXZlbnRfaW1wcmVzc2lvbl9pZDogMzcyNTE4NjI5NDM5ODU5MzU5NgpkZWJ1Z19rZXk6IDI0MjY1NzY0Nzg2OTQwOTkyODMKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTEyLTEyIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzI3NjgxNwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDM1OTQwOTgyNQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTExMTc5OTc0MAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyMDMxMTU4OTAxNgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQ3MTE3Mzk5NwogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly96YWxhbmRvLmRlIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vemFsYW5kby5mciIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3phbGFuZG8ucGwiCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3NTQ5NzQ3MjAK
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0xbb666fd88b2c46760000000000000000","13":"0x6ba8ce31ddfc13060000000000000000","14":"0x1019c528510d7a20000000000000000","15":"0x38ef89ac527d8e80000000000000000"},"debug_key":"2426576478694099283","debug_reporting":true,"destination":"https://zalando.de","expiry":"172800","filter_data":{"14":[],"21":[],"8":["3276817"]},"priority":"0","source_event_id":"3725186294398593596"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bg
ads.revjet.com/ Frame 3989
43 KB
18 KB
Script
General
Full URL
https://ads.revjet.com/bg
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
65.109.98.108 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.108.98.109.65.clients.your-server.de
Software
nginx /
Resource Hash
1b16a5af84666feb9f8f195d3a8b74042f80439ca327b61f1c598f58072911ea

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p
CP="CAO PSA OUR"
date
Tue, 12 Dec 2023 04:06:56 GMT
cache-control
max-age=10800
content-encoding
gzip
content-type
application/javascript
server
nginx
expires
Tue, 12 Dec 2023 07:06:56 GMT
truncated
/ Frame 3989
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4afbc3e06ec6edfe4458428a968f7b314a8f600d7de3fca7338d75fbe430f23

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7303
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=ChQIByoQd2ViX2ludGVyc3RpdGlhbAoHCAgqA2x0cgohCAEqHWxhcmdlLWJhbm5lci1yZGEtbG9nby12YW5pbGxhCgoIAioGc2VydmVyCg0QECEAAAAAAAAAADAECg0QESEAAAAAoDf1QDAECg0QEiEAAAAAAAAgQDAECg0QEyEAAAAAAAAIQDAECg0QFyEAAACamUlsQDAECg0QFCEAAAAAMLH1QDAECg0QFSEAAAAAAAAmQDAECg0QFiEAAAAAAAAQQDAECg0QGCEAAIBmZj5wQDAECg0QMiEAAAAAAAAAADAECg0QMyEAAAAAAAAAADAECg0QNCEAAAAAAAAAADAECg0QNSEAAAAAAAAAADAECg0QNiEAAAAAAAAAADAECg0QNyEAAAAAAAAAADAECg0QOCEAAAAAAAAAADAECg0QOSEAAAAAAAAAADAECg0QOiEAAAAANDPTPzAECg0QOyEAAAAANDPTPzAECg0QPCEAAAAANDPTPzAECg0QPSEAAAAANDPTPzAECg0QPiEAAAAANDPTPzAECg0QPyEAAAAANDPTPzAECg0QQCEAAAAANDPTPzAEEhpDTnZ2Z3ZPQ2lZTURGZFdVZ3djZGxZOEZaQSIadGV4dC92YW5pbGxhX3RleHRfY2xvc2VfdjIoAw==
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/d500f8b303efba9f5ab695bab8da4c89.js?tag=pingback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 2F3C
38 KB
13 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
56184
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 11 Dec 2023 12:30:32 GMT
expires
Tue, 10 Dec 2024 12:30:32 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 741D
38 KB
13 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
56184
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 11 Dec 2023 12:30:32 GMT
expires
Tue, 10 Dec 2024 12:30:32 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
si
googleads.g.doubleclick.net/pagead/drt/ Frame 32E3
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:56 GMT
expires
Tue, 12 Dec 2023 04:06:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:56 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 3128
31 KB
12 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ABbZNxA4uJQn4lkR4S7GLXKgednxG2Q5yvRcnNywjmTImLul_ExcfQsKE8CiXPOQ6u4N43i34v9SKTiwGDorXJLedzNReRgTADjRw-HT4T7P0qMt3L7o2SeHqsm0E-LvzYGxk9qhnOQJ0KK11SfDC3IiepFJQMi2LAyew8yOUBmhUj1jY&cry=1&dbm_d=AKAmf-AOlbVwhyPr8pI0rgjn1Kmcs2U92iKGKJjhs329dOSFdVhG8-C95EJRdYNwrsCWogXIr0vXzAISEr0Ho8d_pcvajqI6CY78ow-YU7JCR3PyxT2RCiUAKkP6kEJTYbJBqMp4PNYvPgkc689Jgo93n_qA1BOquHPnFYIHW_OqnI5j4Hn58aZrpWPIwljhQIPNs3StXskGTG8j7HYNRvk4AxqGqyRxufkh8ufOMVspYu_QZbE6AnqnuWpDOJ6Fgp42q5F38IqSVLml1Ye1TcDzonlwR3NUOy2y9DWJpzN03hSFKqBJ16JZl2kVq84-dh3LlsHm_6X0PFJ07MmN5xv3-rJuJwFgXDc7MHa0USmeNdfn7D5S5BawdAUZ8NLjnh0CkJWhxCFsfLb8MQRfuHZYzHAVWKRqWFeS0mbCzmrLeLFHDUyJC-G5oBIBOL2laQiVkn2G6g9btJeH7Kwif0RpZa7Z0d0OuyhxK6dYMOzr6NcUyeQF6aw8DvUNi5dPrXk6rLwP4m1S0EBNZwREIqg-Pe0Qy3oO6AGID2VmMN5rRZTNCM-18UaEwMGByjpj6xG1C--BGjpgoFmOiUG_QdETRnejVlnIOnQJlvwH-oBnkuB1Kh9HGx0i6KDvU9pWTcKN965iOfIEqKlh3cynkO-D2ffStw7fTO52AYKFGoO12yFbZPfai9watYo2fq7MG5yIch88Tvc22ZdEY2MzX3vpjbG7JW1F9Y50gDlcbBgJj6n4x_PJAx4Ri6ILh9ash2oRGIy2FouO6vSFOe4IYAOClvzJkOQ0Nn2-TB-Pk1Cg6gzFZbOwIuXaMjn3seVoh6v4BfNxpjpeVpbhjqUC5_8txyLrvQbctGB8KvZxsq0eUU59JZYMhDSptlgYiTo8NUqaea0U8tJhXZ7xhl2MP05A47owaGaGpDg1bM1x2TXsMnGIhptcamTFHhr8Iti5Xfh6t1pzGqU2HxG_CdbDOnSl7_s6pEalLuytL-Ke6XMIiu2ykuAj0hZ3ndq5hebg_gjH_ss0aKWurqER7AEydnJFbqDLQ1CnSaml0TLGITq4RP1C_y96pvL-oIcyB36bOYmoYmuL10XAXGYpM8i50mU-XjwWUZy94ZNT8JUXy-kOMFO3M772oq5iXSxrJrf8OLwyDLC243FSvu1es8gw74a_SUX7Qr81q7KaTdbLndmQtqMRr50OViOmXLT-7oZO-3hPG7q_fG-xBOFuxv4yd7xVduXKMgkxBMwaEwU6i65zvDdl7MAkahAkHZ2XRET3CneEbKJBqg48E_yYN-Y6_5dZ__UVGVLAt2DrwEGOZvzB8O0AHm5iNAgpCVQKGYkJoRRMpHUkWFjxXN3W-ksuTXI9DW9lyLPhqdfnu1v9nm301GbSTSw__2IhwCBaAqvtmpMPJcCsk8iby7nl7C5oZqj3s2Iklz2Af5i_oSKNx8WBrQiZIVcuwDj-3UakY2vvV8Xo1cvmTwIupL2bi3abxiYUMZN0ySmuyf3-GbPHP-OtXcHqR-whakZTSVQxD_IuegF2z-DsdbGSKrwiRPOYDUCUioOTMIbSUvkzw4kT_wD5Zn-Apfdz7a88hNMm7osgQb_6sc12H9vUfDj129vOE6-R0p2WaSRI_3NjKxfpJippMCDhV_0LRnb9eOjnnA68JVvg7eGRuQaaX_GDx8CJG9s28oEoP5z4RYXNoowUnTZm9_jZqRCuZ6bebpsBDymLEI5ctkYgQtVw-CBm3Ik8L9xVGj-0wBe266RwoYhx6a-tVrEen1WKU5y-LcNvSSwgMMOLxRTWbo2gnqa5zwRTxWx1fYQiteY_HsIL_SvLI7pyL4cR-lSPwO34vVieo68dowP_UB4mqKr_1dv_68wMZv2U345nKsUmOVTJwadHgdnncwTy60gZZdzAXLJhrSkdf8bAz3vuZXfbef2MuVmutyyMlAD97HNRYFcS4DC2LeE22NSE7ALZ3puZaBZhRfQvyIwKbbl3JUS00fiJ4yFe741bFaeronu6zFMo2xXc1XxU2Iw4FFDuz8gl831ge28r8kFtkBSs961VyvVLDaVCvID1z8uGTyAxZ8Pep7LNesrfF3qWs-zvkICCnZxql2q8-TcUpQw04UChpLKF8LvNpLdz5LL5kRCCxnoDtJd6NDQBHjQtj8XM6Ms_vYVe-hgsUZMyhFMmBcW-X4zMHX4HE08S9eGwP7Jycbd2cMVcLoBF3eQxAwBpWVnV-cSahw-wq9OsIUA2W-LKYB69h1FCpWg8NABknGLx0v8E8IfaLd4llc3VvN9I3LOPmZghaMCrWqQY0Qoj2uoNYvw5Nz3jwwjvul_j6QcrlyKjRpGiNiY5DtXsWKNbsJi8IckPeJJeV6DEaVLO0UXuA5-1IZGwQfRgsffqLE_BHlfZ_xqTFac0ZL-mZjZ2v4ingDUz8QrXzLl2E7nrpQZ1Se9t2ElqbtOs8Hl44i-OGNWrwsy6Cn0iDPf7LulD4xvb9M0_9ky_u007zkRC1QV8w9h0gDxA6LjETPzZV-agd2IjQdrlFlQhwl1slNF7M65okuA-DcHASlRuTg7-bCOJlJ8Y5Gxh_WP4Y5nysVx36bx99ohr9bJix2KGDyhLfLO6mUp59jOSo_fM3lRFVPN96NOy9ZryIyGsjsNtkzz335fA1_N6WBi6cOMZnVcWzGEsr3v0P4F-uhJx3UY5QQjRUfvIFNWVeMhUABDS-L4-w5wA0GvEBGf7hXBjRKj62zyYKUdZ6UJgHqLIPJmmflhoCWpAXnJHHWfsUM-2CY1Yos55XzPAkX1--1rBkdG0EDXENGlyFICHdgqiXPvP_WBmZlRQKG8AOrYBZ9gy-jMNvN6zJS4iQV1xlT6T6MXA4AnOmw1uJ-xitJdC7nS_gbqkj_mjN-OpRHcP02x9nCz2fEX5DVZDXXV0i7CQynlGFWjnohUzmklk4_3EaZHTZvghZ8nsypsVH7fzaDUaDJE7EB5gRvd7XWc40X5Ek4uJ2DT9z096q9iOgH_tkYq2D4HqDTV3e6agVUmayDtQQ4GKlQ-OJUta9DEzWpDsBtowVxYfrO85pqmNn4LzUZT0EFix-q0quX8Or9i7HQVAK9Ha2OIl3ZZAzMdvR3UeKP7e5OrGaZtmzLk0G2edvbKHmYQSj1rRT2OxWp5Ju_e2Jz672eIeuRxHf1Kv0M3UkIa58dTwJkv4UrzOyha0s0Y2xrAYSxY66N7r7eA-Lg8E-CTWuXwuJCJYd3bpL3urQxxprkqBU3A3YEBq3ueSILUbmh2yYntC1Ue5GX__vGTAOIp0armLQw3Ho9s-IYe4EJCYL7SaaOfG3occc8g1Pnm0POKrwqgHYPPQ_m56JFCTRCjBQ_l6aCuCxbejTp1VIrjkwrQhmzAZPq4tsNSZnFm2giM3zcBZf9eyn6NGanTq1WazH8ud8H8-9u12ddDRMgvwqXgtqwwvde5CKMgzCj_-hQwszV4P9qcJi7tztWbGpRTqoP5v-7gdhKSMke7MXUPJeddCmPix-jiMH0AbbnedI1yd6h5eHOu_Tibo4zHCWrSNBlUxIzUni1zCIJv3XJ_2T6wTv2XDiM2pusigOyNJcsj-ske6P7UlmWOfB5Vq0r1ZjzW1AiBAUnEeZjCNVCNowgqtThclgg_e-7wyfg0HNWOOilp6N44zyXW3T3oMQw958rtSfS45YLXwNDctPGFGJ52nfoc5bnugGo6UXL1_n_7tHYEj0x54duUo4-IIMPoAOSusobuFPOK6nmuerk7c0soX5jSInbSC6HLU52mjjJ8cIK4-P_oiJcfDgzCG4-ou7dxDYo9TP611qWXQX9lt-oAyKk3lcYooEetN2cQH0m6h&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=18180865502556393000&adk=2857193499&rc=1&idt=290&cac=0&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 20:42:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
26669
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11943
x-xss-protection
0
server
cafe
etag
4141415479739543000
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Dec 2023 20:42:27 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 3128
41 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ABbZNxA4uJQn4lkR4S7GLXKgednxG2Q5yvRcnNywjmTImLul_ExcfQsKE8CiXPOQ6u4N43i34v9SKTiwGDorXJLedzNReRgTADjRw-HT4T7P0qMt3L7o2SeHqsm0E-LvzYGxk9qhnOQJ0KK11SfDC3IiepFJQMi2LAyew8yOUBmhUj1jY&cry=1&dbm_d=AKAmf-AOlbVwhyPr8pI0rgjn1Kmcs2U92iKGKJjhs329dOSFdVhG8-C95EJRdYNwrsCWogXIr0vXzAISEr0Ho8d_pcvajqI6CY78ow-YU7JCR3PyxT2RCiUAKkP6kEJTYbJBqMp4PNYvPgkc689Jgo93n_qA1BOquHPnFYIHW_OqnI5j4Hn58aZrpWPIwljhQIPNs3StXskGTG8j7HYNRvk4AxqGqyRxufkh8ufOMVspYu_QZbE6AnqnuWpDOJ6Fgp42q5F38IqSVLml1Ye1TcDzonlwR3NUOy2y9DWJpzN03hSFKqBJ16JZl2kVq84-dh3LlsHm_6X0PFJ07MmN5xv3-rJuJwFgXDc7MHa0USmeNdfn7D5S5BawdAUZ8NLjnh0CkJWhxCFsfLb8MQRfuHZYzHAVWKRqWFeS0mbCzmrLeLFHDUyJC-G5oBIBOL2laQiVkn2G6g9btJeH7Kwif0RpZa7Z0d0OuyhxK6dYMOzr6NcUyeQF6aw8DvUNi5dPrXk6rLwP4m1S0EBNZwREIqg-Pe0Qy3oO6AGID2VmMN5rRZTNCM-18UaEwMGByjpj6xG1C--BGjpgoFmOiUG_QdETRnejVlnIOnQJlvwH-oBnkuB1Kh9HGx0i6KDvU9pWTcKN965iOfIEqKlh3cynkO-D2ffStw7fTO52AYKFGoO12yFbZPfai9watYo2fq7MG5yIch88Tvc22ZdEY2MzX3vpjbG7JW1F9Y50gDlcbBgJj6n4x_PJAx4Ri6ILh9ash2oRGIy2FouO6vSFOe4IYAOClvzJkOQ0Nn2-TB-Pk1Cg6gzFZbOwIuXaMjn3seVoh6v4BfNxpjpeVpbhjqUC5_8txyLrvQbctGB8KvZxsq0eUU59JZYMhDSptlgYiTo8NUqaea0U8tJhXZ7xhl2MP05A47owaGaGpDg1bM1x2TXsMnGIhptcamTFHhr8Iti5Xfh6t1pzGqU2HxG_CdbDOnSl7_s6pEalLuytL-Ke6XMIiu2ykuAj0hZ3ndq5hebg_gjH_ss0aKWurqER7AEydnJFbqDLQ1CnSaml0TLGITq4RP1C_y96pvL-oIcyB36bOYmoYmuL10XAXGYpM8i50mU-XjwWUZy94ZNT8JUXy-kOMFO3M772oq5iXSxrJrf8OLwyDLC243FSvu1es8gw74a_SUX7Qr81q7KaTdbLndmQtqMRr50OViOmXLT-7oZO-3hPG7q_fG-xBOFuxv4yd7xVduXKMgkxBMwaEwU6i65zvDdl7MAkahAkHZ2XRET3CneEbKJBqg48E_yYN-Y6_5dZ__UVGVLAt2DrwEGOZvzB8O0AHm5iNAgpCVQKGYkJoRRMpHUkWFjxXN3W-ksuTXI9DW9lyLPhqdfnu1v9nm301GbSTSw__2IhwCBaAqvtmpMPJcCsk8iby7nl7C5oZqj3s2Iklz2Af5i_oSKNx8WBrQiZIVcuwDj-3UakY2vvV8Xo1cvmTwIupL2bi3abxiYUMZN0ySmuyf3-GbPHP-OtXcHqR-whakZTSVQxD_IuegF2z-DsdbGSKrwiRPOYDUCUioOTMIbSUvkzw4kT_wD5Zn-Apfdz7a88hNMm7osgQb_6sc12H9vUfDj129vOE6-R0p2WaSRI_3NjKxfpJippMCDhV_0LRnb9eOjnnA68JVvg7eGRuQaaX_GDx8CJG9s28oEoP5z4RYXNoowUnTZm9_jZqRCuZ6bebpsBDymLEI5ctkYgQtVw-CBm3Ik8L9xVGj-0wBe266RwoYhx6a-tVrEen1WKU5y-LcNvSSwgMMOLxRTWbo2gnqa5zwRTxWx1fYQiteY_HsIL_SvLI7pyL4cR-lSPwO34vVieo68dowP_UB4mqKr_1dv_68wMZv2U345nKsUmOVTJwadHgdnncwTy60gZZdzAXLJhrSkdf8bAz3vuZXfbef2MuVmutyyMlAD97HNRYFcS4DC2LeE22NSE7ALZ3puZaBZhRfQvyIwKbbl3JUS00fiJ4yFe741bFaeronu6zFMo2xXc1XxU2Iw4FFDuz8gl831ge28r8kFtkBSs961VyvVLDaVCvID1z8uGTyAxZ8Pep7LNesrfF3qWs-zvkICCnZxql2q8-TcUpQw04UChpLKF8LvNpLdz5LL5kRCCxnoDtJd6NDQBHjQtj8XM6Ms_vYVe-hgsUZMyhFMmBcW-X4zMHX4HE08S9eGwP7Jycbd2cMVcLoBF3eQxAwBpWVnV-cSahw-wq9OsIUA2W-LKYB69h1FCpWg8NABknGLx0v8E8IfaLd4llc3VvN9I3LOPmZghaMCrWqQY0Qoj2uoNYvw5Nz3jwwjvul_j6QcrlyKjRpGiNiY5DtXsWKNbsJi8IckPeJJeV6DEaVLO0UXuA5-1IZGwQfRgsffqLE_BHlfZ_xqTFac0ZL-mZjZ2v4ingDUz8QrXzLl2E7nrpQZ1Se9t2ElqbtOs8Hl44i-OGNWrwsy6Cn0iDPf7LulD4xvb9M0_9ky_u007zkRC1QV8w9h0gDxA6LjETPzZV-agd2IjQdrlFlQhwl1slNF7M65okuA-DcHASlRuTg7-bCOJlJ8Y5Gxh_WP4Y5nysVx36bx99ohr9bJix2KGDyhLfLO6mUp59jOSo_fM3lRFVPN96NOy9ZryIyGsjsNtkzz335fA1_N6WBi6cOMZnVcWzGEsr3v0P4F-uhJx3UY5QQjRUfvIFNWVeMhUABDS-L4-w5wA0GvEBGf7hXBjRKj62zyYKUdZ6UJgHqLIPJmmflhoCWpAXnJHHWfsUM-2CY1Yos55XzPAkX1--1rBkdG0EDXENGlyFICHdgqiXPvP_WBmZlRQKG8AOrYBZ9gy-jMNvN6zJS4iQV1xlT6T6MXA4AnOmw1uJ-xitJdC7nS_gbqkj_mjN-OpRHcP02x9nCz2fEX5DVZDXXV0i7CQynlGFWjnohUzmklk4_3EaZHTZvghZ8nsypsVH7fzaDUaDJE7EB5gRvd7XWc40X5Ek4uJ2DT9z096q9iOgH_tkYq2D4HqDTV3e6agVUmayDtQQ4GKlQ-OJUta9DEzWpDsBtowVxYfrO85pqmNn4LzUZT0EFix-q0quX8Or9i7HQVAK9Ha2OIl3ZZAzMdvR3UeKP7e5OrGaZtmzLk0G2edvbKHmYQSj1rRT2OxWp5Ju_e2Jz672eIeuRxHf1Kv0M3UkIa58dTwJkv4UrzOyha0s0Y2xrAYSxY66N7r7eA-Lg8E-CTWuXwuJCJYd3bpL3urQxxprkqBU3A3YEBq3ueSILUbmh2yYntC1Ue5GX__vGTAOIp0armLQw3Ho9s-IYe4EJCYL7SaaOfG3occc8g1Pnm0POKrwqgHYPPQ_m56JFCTRCjBQ_l6aCuCxbejTp1VIrjkwrQhmzAZPq4tsNSZnFm2giM3zcBZf9eyn6NGanTq1WazH8ud8H8-9u12ddDRMgvwqXgtqwwvde5CKMgzCj_-hQwszV4P9qcJi7tztWbGpRTqoP5v-7gdhKSMke7MXUPJeddCmPix-jiMH0AbbnedI1yd6h5eHOu_Tibo4zHCWrSNBlUxIzUni1zCIJv3XJ_2T6wTv2XDiM2pusigOyNJcsj-ske6P7UlmWOfB5Vq0r1ZjzW1AiBAUnEeZjCNVCNowgqtThclgg_e-7wyfg0HNWOOilp6N44zyXW3T3oMQw958rtSfS45YLXwNDctPGFGJ52nfoc5bnugGo6UXL1_n_7tHYEj0x54duUo4-IIMPoAOSusobuFPOK6nmuerk7c0soX5jSInbSC6HLU52mjjJ8cIK4-P_oiJcfDgzCG4-ou7dxDYo9TP611qWXQX9lt-oAyKk3lcYooEetN2cQH0m6h&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=18180865502556393000&adk=2857193499&rc=1&idt=290&cac=0&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 16:25:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
42101
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 10 Dec 2024 16:25:15 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjM1NDAxNjU0NDgxNwogIHNlcnZlcl9pcDogMTM0MDU4MTA1CiAgcHJvY2Vzc19pZDogMzc1ODQ3MDA0NAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAzMjc2ODE3...
ad.doubleclick.net/ddm/activity/ Frame 3128
0
22 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjM1NDAxNjU0NDgxNwogIHNlcnZlcl9pcDogMTM0MDU4MTA1CiAgcHJvY2Vzc19pZDogMzc1ODQ3MDA0NAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAzMjc2ODE3CmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly96YWxhbmRvLmRlIgp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDIKZXZlbnRfaW1wcmVzc2lvbl9pZDogMTM5ODEwOTY4NzQ3NjYyMzUyNzcKZGVidWdfa2V5OiA0MzU0ODExMTk0NTkxNDQzNDQ0CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMi0xMiIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMyNzY4MTcKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzNTk0MDk4MjUKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExMTE3OTk3NDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMjAzMTE1ODkwMTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0NzExNzM5OTcKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vemFsYW5kby5kZSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3phbGFuZG8uZnIiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly96YWxhbmRvLnBsIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzU0OTc0NzIwCg
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0xbb666fd88b2c46760000000000000000","13":"0x6ba8ce31ddfc13060000000000000000","14":"0x1019c528510d7a20000000000000000","15":"0x38ef89ac527d8e80000000000000000"},"debug_key":"4354811194591443444","debug_reporting":true,"destination":"https://zalando.de","expiry":"172800","filter_data":{"14":[],"21":[],"8":["3276817"]},"priority":"0","source_event_id":"13981096874766235277"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bg
ads.revjet.com/ Frame 3128
43 KB
18 KB
Script
General
Full URL
https://ads.revjet.com/bg
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
65.109.98.108 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.108.98.109.65.clients.your-server.de
Software
nginx /
Resource Hash
1b16a5af84666feb9f8f195d3a8b74042f80439ca327b61f1c598f58072911ea

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p
CP="CAO PSA OUR"
date
Tue, 12 Dec 2023 04:06:56 GMT
cache-control
max-age=10800
content-encoding
gzip
content-type
application/javascript
server
nginx
expires
Tue, 12 Dec 2023 07:06:56 GMT
truncated
/ Frame 3128
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6dd83ec6e8f83ef96b778d3727dc92711c82841ccf940e982260ed4ad25721ab

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 8E0B
38 KB
13 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
56184
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 11 Dec 2023 12:30:32 GMT
expires
Tue, 10 Dec 2024 12:30:32 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 2F3C
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 11:45:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
58870
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 10 Dec 2024 11:45:46 GMT
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 741D
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 11:45:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
58870
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 10 Dec 2024 11:45:46 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 1380
38 KB
13 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
56184
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 11 Dec 2023 12:30:32 GMT
expires
Tue, 10 Dec 2024 12:30:32 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 8E0B
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 11:45:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
58870
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 10 Dec 2024 11:45:46 GMT
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 1380
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 11:45:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
58870
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 10 Dec 2024 11:45:46 GMT
rectangle.js
cdn.revjet.com/~cdn/JS/03/3.5.2/modules/ Frame 0271
20 KB
7 KB
Script
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/3.5.2/modules/rectangle.js
Requested by
Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6727) /
Resource Hash
dce3111ede9ead68dbb0c6343255a1cc111060d98da86a7e96e0fa8510bb1a02

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
last-modified
Mon, 21 Aug 2023 15:25:30 GMT
server
ECS (frb/6727)
age
235
etag
"64e381ea-4ee4+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600
content-length
7263
expires
Tue, 12 Dec 2023 04:16:56 GMT
sync.html
cdn.revjet.com/~cdn/JS/03/ Frame 4C48
2 KB
1 KB
Document
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/sync.html?origin=https%3A%2F%2F339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
Requested by
Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668D) /
Resource Hash
71afeaa2f8371d9b3f97e6a91b94b72b2eec42d37886a88207943877051187b7

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

access-control-allow-origin
*
age
434
cache-control
max-age=600
content-encoding
gzip
content-length
942
content-type
text/html
date
Tue, 12 Dec 2023 04:06:56 GMT
etag
"64e38310-744+gzip"
expires
Tue, 12 Dec 2023 04:16:56 GMT
last-modified
Mon, 21 Aug 2023 15:30:24 GMT
server
ECS (frb/668D)
vary
Accept-Encoding
x-cache
HIT
rectangle.js
cdn.revjet.com/~cdn/JS/03/3.5.2/modules/ Frame 5E5C
20 KB
7 KB
Script
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/3.5.2/modules/rectangle.js
Requested by
Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6727) /
Resource Hash
dce3111ede9ead68dbb0c6343255a1cc111060d98da86a7e96e0fa8510bb1a02

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
last-modified
Mon, 21 Aug 2023 15:25:30 GMT
server
ECS (frb/6727)
age
235
etag
"64e381ea-4ee4+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600
content-length
7263
expires
Tue, 12 Dec 2023 04:16:56 GMT
sync.html
cdn.revjet.com/~cdn/JS/03/ Frame D74D
2 KB
1002 B
Document
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/sync.html?origin=https%3A%2F%2F339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
Requested by
Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668D) /
Resource Hash
71afeaa2f8371d9b3f97e6a91b94b72b2eec42d37886a88207943877051187b7

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

access-control-allow-origin
*
age
434
cache-control
max-age=600
content-encoding
gzip
content-length
942
content-type
text/html
date
Tue, 12 Dec 2023 04:06:56 GMT
etag
"64e38310-744+gzip"
expires
Tue, 12 Dec 2023 04:16:56 GMT
last-modified
Mon, 21 Aug 2023 15:30:24 GMT
server
ECS (frb/668D)
vary
Accept-Encoding
x-cache
HIT
rectangle.js
cdn.revjet.com/~cdn/JS/03/3.5.2/modules/ Frame 3128
20 KB
7 KB
Script
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/3.5.2/modules/rectangle.js
Requested by
Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6727) /
Resource Hash
dce3111ede9ead68dbb0c6343255a1cc111060d98da86a7e96e0fa8510bb1a02

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
last-modified
Mon, 21 Aug 2023 15:25:30 GMT
server
ECS (frb/6727)
age
235
etag
"64e381ea-4ee4+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600
content-length
7263
expires
Tue, 12 Dec 2023 04:16:56 GMT
sync.html
cdn.revjet.com/~cdn/JS/03/ Frame DBB0
2 KB
1002 B
Document
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/sync.html?origin=https%3A%2F%2F339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
Requested by
Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668D) /
Resource Hash
71afeaa2f8371d9b3f97e6a91b94b72b2eec42d37886a88207943877051187b7

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

access-control-allow-origin
*
age
434
cache-control
max-age=600
content-encoding
gzip
content-length
942
content-type
text/html
date
Tue, 12 Dec 2023 04:06:56 GMT
etag
"64e38310-744+gzip"
expires
Tue, 12 Dec 2023 04:16:56 GMT
last-modified
Mon, 21 Aug 2023 15:30:24 GMT
server
ECS (frb/668D)
vary
Accept-Encoding
x-cache
HIT
rectangle.js
cdn.revjet.com/~cdn/JS/03/3.5.2/modules/ Frame 3989
20 KB
7 KB
Script
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/3.5.2/modules/rectangle.js
Requested by
Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6727) /
Resource Hash
dce3111ede9ead68dbb0c6343255a1cc111060d98da86a7e96e0fa8510bb1a02

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
last-modified
Mon, 21 Aug 2023 15:25:30 GMT
server
ECS (frb/6727)
age
235
etag
"64e381ea-4ee4+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600
content-length
7263
expires
Tue, 12 Dec 2023 04:16:56 GMT
sync.html
cdn.revjet.com/~cdn/JS/03/ Frame 138A
2 KB
1002 B
Document
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/sync.html?origin=https%3A%2F%2F339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
Requested by
Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668D) /
Resource Hash
71afeaa2f8371d9b3f97e6a91b94b72b2eec42d37886a88207943877051187b7

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

access-control-allow-origin
*
age
434
cache-control
max-age=600
content-encoding
gzip
content-length
942
content-type
text/html
date
Tue, 12 Dec 2023 04:06:56 GMT
etag
"64e38310-744+gzip"
expires
Tue, 12 Dec 2023 04:16:56 GMT
last-modified
Mon, 21 Aug 2023 15:30:24 GMT
server
ECS (frb/668D)
vary
Accept-Encoding
x-cache
HIT
/
onetag-sys.com/usync/ Frame A6DC
2 KB
863 B
Document
General
Full URL
https://onetag-sys.com/usync/?pubId=6b859b96c564fbe&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: pastelink.net
URL: https://pastelink.net/l3in7dnp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2F3C
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BVxiaYNx3ZYD4GaS1juwPi4G9oAYAAAAAOAHgBAI&bg=!Q0ClQA_NAAY3kmNgF5I7ADQBe5WfOOlqfV9bULZJjcTDqw-wB30oKtDbIRCOue3OgyaNdEnOhkb-7fg1tse28HeC3r-6AgAAAG1SAAAAAWgBB5kDBdhnGXRlw1AjZU0GjO_FXB0vt3J9inDtFh2C77fgifNcYhahrac2noHcqbTfIw1LKShIDlVD7aTFY6mJthcxmsX_xHGRQKRYhJtkAwZh2q3CGA01Bk1sKggROGdUQWjX1mzPk5wN0FhpbhWHhJeGlihrrUr3uGTu_6VBoWBqDpS_FjlOw-y_tq47l_U8jKaMh90HqXboN8YV5ZbKrFWKs9xbetHXqZK7QPjWqsku7VPrkXxU2lAzepqey82R2W9sJ8gOgxWonY2AV7V7T4nAFrquDk5g3CYLNW3Ukq4Va9WKqPctES6RDCYqdmMNp1fOREIs5Qao3OdS9aRU3wdlhh9DTpdFuDnB3qSzVPwgyRr2326MvTdWYPzZITDTWm0wwK5xNvfvaWLnirbb6MYhTd6W-5AlzVyCtidbwY5lmkEIceJW31rHB6B_FfjoUXqnh3ZRpv4vDhjdRwSuGo5Tj-f-4QXsfA9LiPrt11hrTJ9g6J01dHAKCZ1CPLm47FvBX7V-eJX_joYTWWudOAAZ-3koW5_ZDHUsTZ87yDaUae1g498bEcVtaBOGvhPtQIAszARVu3rH3MEbpVLoDTPzpcMUqOPSQdcLDFb_jSnq3nHALL2UMZBYtyP9G5EMFWKhWvwCk3L6TTYoMYTf027FhmCi0E33fox1JKFkjMXvdQs4nTtGIVDrdWbOOqI2-iYq_yOepi8i-qwoc-noRxOKJdUjruf9FOl4Xni4RKN1h3V4FSfic7woJomBkpN6qeEyvaJ7AnzE9BkVUeJtugO_FXlDlDfRyi2TccaWLmnN7cQLocG3E4eeGx48j7EKmSewGSKHB8UCPPXBfnU4lwouBRdjSLVZAH7bSGsPriHrw-M9T74SyGZ5-LihS2M5reaLZ3bQXyymY3ni6hv3v0o9rrrDKoZF-bv7r0Poz_XoNWyd0WWGkLo2rDgbpVYkZsyLx0NiFCo6Shy1Mo_JZcp2Wb5B_ewjFur7Z74ZXUDtUnr5FqUZEau7mB4LfE0RZRYqk0yl7dyx
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8E0B
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B48lyYNx3Zb2WHMPBgQeiob-ICQAAAAA4AeAEAg&bg=!6eql6qXNAAY3kmNgF5I7ADQBe5WfOP04d5GUGuK6KzFelBhb8BtM6_mKWIWRb6YAITc8Tjt9Bp-8aDGJfnzQ2yx8pgtUAgAAAFJSAAAAAWgBBwoAEEbCepTyNltY6coaB82SNGGZAwI5dhyDu4DfBb6q_RDYREJ5WG58VLIISFLhz1WLVAa4y6xXu9iTlYi4ac5FFW6QqGsaWRo0n1HH81UdTlsXX9kNad7-8Ec0Bz1n2WhO9OZKge-3QWKjvK3nIXli4rQq2psG9-yWzIJwjyi1Luz7uwM8IAMCNhfw06ryoc1L-YiHxY4PebrIuShbecRZaP2K2PWidHqBxTHXuar6a0Syu5-SmnAs431xgihjzGBg4MphReEMD2L0wvsQ9O_x-yiTb5ksHnhERgm6Rgo2k6TKVYX9K45bBcFa8bnq-ud6FOboMadsBNTmQoNSDvssQSfkPlEZnJ2hpph1GNnmgZwId4cksqlDn3Pmqqbyv0HsUw3xS-jnkhXOqvm6qi6J6P5wFmfVgvrAgm3hodIKo9HjOKsirkk3ZCfiTbLE0cFIT2lsBxoavN326IOCb7wXRxZkifqVfJ7l8h5r-N4v7MJ14b9GKgpLOSMBEeggmmwp6ll2u62o77s1VR1IiGrDflIQwYE4fpufYFfCV2JvSHJXde-0EjFDAnBHRlhJqmcwvBrG3eTrrnV2nGquTCBOzkCuvRPJ0-XtvPQh9W5AS1uQK4HZECT9OiZHcME1lSzBeAbKevU6W8joC_ndgl3II5fxp7LqduBvr8ofgZdhD_de5foH_uocNNuzjFFlMCdHzAYQlznXDV3KKB8ZpI1yf63OZRNiQ3opP3arehyNbr3Zj5BeQr9zb3mWsDQTENh9XD_9uG8KqUNNKFEBMYmCeJAG5wZEW1Hpp0h_NsuhYfCK6BnmDupvXCCnoCpWShS3PR5ru3BlbTsN0KkU4Eung-HXr_kw2QYORbdsewWLa8rwk6_TqDXBNfwWQPfNPW-gTkAGrLM0U9C1IDKq_2bg-osiJnyXvcZEM1CGNQnTz2zqQhx9c-iprGcPWSabZQdrsJlzJLcdmiERxgOOM0CGhwciV9sN515Y-pHSlkNXfF65kDYGqTZcEKaHXXanMJ9OH_2kjsQXvPEiczU5QcEYpN0UWgqYOA
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 741D
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bn--HYNx3ZdncGPuVjuwP8r-LqAIAAAAAOAHgBAI&bg=!5-Sl5KvNAAY3kmNgF5I7ADQBe5WfONGRQmO7Bt5JRu5ojdi9fkCsa21767f0JXBxzD9wb6F8bxkCnCfqMxnIROYQNRH5AgAAAHBSAAAAAmgBB5kDAuQCCBKYokoz1vUlrwclvDO1AWTOv1LTR8kSLAcZVtqukn2p-rRnNogHGzryk1LWjcDhsnKJmX1ExrUWHCcLtKSr06DWafAS0iLDPo82AnLvJiijYLq1DZu6QbRsxugyJp_cqMrUL9oKYo6Ny6k2sp3tt4eVcRdnpGbSJ1tcW6RWmHS0ORds5HuoiuyOq8AeswoRKvGUcycO1o6uJpLv9AOMWSU-SUFzTeDi0IquiZulswJmdS-9U06i8umiT_DBL6vmHnCj00lX9pyIL6v-c8r-F5zPJLi31rLMUqhzpi83-MY0Eh3jXdoxr2c6ztu6pCB8tHfpflYZRz-R3rpIKSXqoB0PNAqdU5nR5oC6IvFdExjVqwIAKuZl5jJVrrj87SDlUH0j0PlXii7cq-5P2gVwtErnnGuiBke1iPo2upPUcx2TJAqy-i-b03PJY5Zory6BH-h9zlC8vpivacGJ4esIbHO_l-_XCdgUjfn6AHxajsbKoezHuEPcfebF5jGj2gJJzMtjsaAPR7IGHm02sVN-D_cnxzfYo6U4HIhRe0RpazjqT-Iy1evPQ_Kclh590cwbe7Qt52T4Mt7BELvZ6_jJWqz3puZ-TK90m22MRvRtk8OUkxiGOunVGBR5GmLf6gXPiBZ5ytefL7MRhccSQ5XT1IhXznFPwU1g92ejsFTU7LJRPRm2z9fc8vxQkygKZy4SULJQZroUzq9PXz0d5BMxUgzuGXPnSBt1_pVsHqi9Jni3ncPG5IxPuMw550fvGRcB8qgRh34lE4BcsmElZxne_lL6znpkD-xcbglH6XnIW7jQaMnSVVltpSSCPQpp1qhzs5HLv7UXGW3AsPCyRQkixNUHlLOGulFBEUHthciqmx6kaE_kTIOZ4oJDSvl387PlHpM88KkhuwqBkvxorxxpBOC4TNjlpGg1oiYK4yruyqnNdBM6ecKYsltDjJ4JwdvnHTxyyG9QWfHPMet5I4KsbXO1tHz0YPJYpf0Zu2tA0HJlZ7ajUuV-rBWUgjfFP4IX
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tag239907
ads.revjet.com/ Frame 0271
257 KB
42 KB
Script
General
Full URL
https://ads.revjet.com/tag239907?_plc_id=114393514&_key=f1c&ct_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC_cUGX9x3ZZjEINWpjuwPlZ-WoAbMnf67dPu6rdTOEcCNtwEQASCGm6SQAWD1hYCA_AOgAbmskIspyAEJqQJHOaabtg-yPqgDAcgDmwSqBPUBT9CKMaHSA9VUG44LRMGKPaQzhXpKD2Cq_sITJCJ2VX4vyH1zevajTYPUVjdSTib6-IkHkxeMD9_UA44xq7oot200VmeLo51_X8A9ULLAGtGrjO08pMDLzLqnN9n7QiJAmd41DmH9XATht38c0lqWGLab3rVDS4eREeQeMkVdrtkGph1kaOR0ToHIc03gDqAQngrKkCjG6TWS544KAPG03nWVJY3O2R2jBwkNoQrNpCyYCtSH1nQRXZ2aRvUqZqnvgcDxEP4a2gL5TURh3llvCA8faWQJjR98en9lNvIxzl0Paj1ZiRDMchYOyRVv6O-edKah7pbABJvX8pC0BOAEA4gFmIGp1UuQBgGgBk2AB7nk4OoDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiAYRABGB0yAooCOgSAQIBASL39wTpY_PiA84KJgwOACgOYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJDSOINEwi0y4HzgomDAxXVlIMHHZWPBWSwE_GZ6BXYEw2IFALYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ%26sig%3DAOD64_1rYKUZrsyGY4n1Ltz7Q1fhtAR1EA%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-BR4km4mUSLHcX4zA_ohDLjHPl_QiBuamxw9NhWfQLBUY1xNUMjvP0bQSypWIafDVLM8kbRU_VAm0ZwTBnT3AV_MGC40hz6biH58FQCzInCecvQNkmkXRaV5yqwe9BMuKIXPAn3wd1XcmBMojO_CJX3nIApUFWg6nHh9Y9dsyi90PPlDeo%26cry%3D1%26dbm_d%3DAKAmf-AWobrg3ldokzdqANOU008XCLevV0aL4dq4gkqd0BstSgqRewap42Knu1UIpdHzpt1B6WL31NNpDaLP2zFJ3jlJfTzQ7rbkk_cBuvtrnmqEcRUWxhk9DEyREnb1401Jr9I6izzaROLZ30tR-Bkj7BGYq3CNhjNRL1TafE6ci-rRB6dU8Iv4bMNMCBIXrRPwOa5ZGJzrfQ8BGxsMWoyBNBpX99CnWv7xXTD7_a597n9bBCGB0uud_vUsK_IbMhIxUEb3sCoAXMzf4iad8KI5TNq184JTwKZoFpFbYFupZDiNKiI0H4-Iitpf0mlxv5Y-woqZ6OUd2wLzGzRRyLlDSipveBRO-44GN0l0BX7WmRbBSsgbM6umMLu-7Wtsqo5j5qL6-tQdZKXApY5SGbr7fpwU_iPEa4CnNZaWLWwMwHHyy2FBRSSFAvmQtjujGbnovvyNtdktCyxqDX8KptSciWeBsb6abhMTnWPq4N8uRU8FqX7xZfsP8X3_cLNaKkggwkNWnP7PrD0hsvuhmOl3Pns5FtgUE-zQ1T-mPbfT4VM1ZDpRsDiLRxOA6ymzPy5POsTZirO9%26adurl%3D&dv360_cmp_id=20311589016&dv360_li_id=1013245224&dv360_crv_id=471173997&jsonp=REVJET_TagObj_1.onLoad&_js_site_page=https%3A%2F%2F339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&_js_site_ref=https%3A%2F%2Fpastelink.net%2F&_js_device_w=1600&_js_device_h=1200&_js_gtx_id=2773a9992768304592d_1702354016839&_js_tag_freq=1&_js_vis_type=8&_js_measurable=1&_js_imp_banner_number=1&_js_imp_offsetx=0&_js_imp_offsety=0&_js_imp_vis=1&_js_sf=0&_js_fif=0&_js_imp_banner_topframe=1&_js_embd_tag_id=revjet-tag-0&_js_ao=https%3A%2F%2Fpastelink.net&_js_imp_banner_creative_attr=banner&_js_imp_tsver=3.5.2&_js_tstamp=1702354016841
Requested by
Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
65.109.98.108 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.108.98.109.65.clients.your-server.de
Software
nginx /
Resource Hash
504f32b9fddfce9ad528a607fc883f3196f38b1a85f07cd75f2bd477c5b778d2

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
server
nginx
p3p
CP="CAO PSA OUR"
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
no-transform
x-server
ip54702
expires
Sat, 01 Jan 2000 12:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1380
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B7v_zYNx3ZbGgIfmg9u8PnOeWgA4AAAAAOAHgBAI&bg=!VlWlVRrNAAY3kmNgF5I7ADQBe5WfOKv-sYI99WN0HObb4_6RfMyqBzUUMa860x6jfSehag1f7znj3_rGbXTUaPl3_J4UAgAAAFRSAAAAAWgBB5kC99SLz16h6wFJVWt6nWFac6Iy5z8zduRJM0TWFoj2wobpAe67RfypyIxmkMmeMZWwdiwSf8lulkwWPHiEYeEvmT_U3utFayygKFp1e9pDkXWzPqpUb38Fi38Dmy8tAA_H8B4GCgvLyCrokPDWUZpmbOMT1eQGorQTd9Zt1TAh646VeTjBuOsb2iiq7X3nH_LCLO2FnXkY_5voIzOtNL4Q2phgYkdaCnMKc1r9_FrAjD8ed8qmpVWMvk7WSS4Pc7FqZDoJ-BmYDtCPEArh31F5ODwPjbkQrZoDEuaCBi94nanNJCNp7XSM03xajv1-FzKAHTE_COj7yjIejb1mmwPMY22i--O8er3TMsTQOQJvyNE17st6qXo8_AuXxGe2_h6RV6_LHl3jq70fNw71j_jYNrORQ82w82IgrnHSWNbBIWaXfTZsjrh0uHXlpb9-QGABJZ2fkcEg_Wvo-nh5sIw3BwsR_StUT5db44lNB8BhTBflJJRyk3xSE2EoATiFa9iqCUcexLSHCKQigUtu6dKWAVwYiozAK2mwdtyHDfW6adJR6aXfrOti2kiEgHCMsnnpLrZ08X-N9S7oF0CHdkfbuvUweun-HNcifQz8-PoiHdCozVwomF-lMVawcyi_HsQRZsYhvti7waBWxpiu3piigSQo44bcVGtIA3ueglCmKur3he0krsk3DkQKNqFIdCHb8rbLncdJtZY5DzaINPPm-M7O_uDguDAbGIPOCzteWJvmgCF4LmKLG_Iq21gcFYYojnIfQrfpTni5WUag_xe1YvoyORUKjFn-GIvDssAeq0oDMAUSKM3IW1eCFi676JfPTrX8AIS76davFfJnPiWKadeT4ZI1syPJRZuImKJW9NldF2nChgvgvJXKUMpU4BRrkVSfnj6jeX3SUFJSEVymjdOd5W7UO8HoY5vd8TPZPIrAcaG-VfDRTBdsvXjkwgv-lam2pk7YwBxbctYmBgynYqNn1qt0BQ1qcI9M3cH3cD3QXRouOIJ6xA
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tag239907
ads.revjet.com/ Frame 3989
256 KB
42 KB
Script
General
Full URL
https://ads.revjet.com/tag239907?_plc_id=114393514&_key=f1c&ct_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1zC7X9x3ZZnEINWpjuwPlZ-WoAbMnf67dPu6rdTOEcCNtwEQASCGm6SQAWD1hYCA_AOgAbmskIspyAEJqQJHOaabtg-yPqgDAcgDmwSqBPgBT9CudPdhoHtwQwapUuZmrp2yuo3OtCINQaBGKpoBIiF_BMHOLj3J_Y726DMeGcHFQ11OqbDP7342OXzRjF-o2N9NlsGI9FiuTGOKsnJEXp9eF0wJdXKaGNRYTfAdb0Wg1XLUKAGUoxyfNd_W3AmULiVHXoA450E1fmQ5SD9wquiTP_NHKMzbLz_GoGyH4_RtN5B4MgImB0n-ASKWPLzDJ73Ms8x91u8WQncN1rkzni8yyNFEAf2CsgK8P6uaoa2IjhvQ85OU2AKdvxCrzN_33MF5NcZk6C5PqpdIwm7HJ_HlROeGdHAZwh4XgvXK1V2ruu99GgJakmTABJvX8pC0BOAEA4gFmIGp1UuQBgGgBk2AB7nk4OoDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiAYRABGB0yAooCOgSAQIBASL39wTpY_PiA84KJgwOACgOYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJDSOINEwi1y4HzgomDAxXVlIMHHZWPBWSwE_GZ6BXYEw2IFALYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ%26sig%3DAOD64_1bx30KbyKYmUFXoJCbGkNBJPrCnA%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-BL485Blr7dwvlbwo6jOl4yZsEMdNRSnJgpwdQXc2FcXmC1H60tism5HDCksj4gunkR-5ilszt1U7WzvVQxQiKdLUpHNB-afylr6TznnPZzx3YPMR0qbYl5lgcPAdrlYdlykxrJwfWYNhX0PuSTj8ua1D7NnJLs3sgq17euIxBNT8I34lY%26cry%3D1%26dbm_d%3DAKAmf-CPBkVfeu4YXgchkNx9rXwYFxsWcjmkMsg7FdEvUlsmFmbOi7h9Xs3qPO7uLWnVAtcKqHyrjEQK2aCIPVYPS2yHR_X3WuapAPFXbwECbrVSQsv2DLaXVQpwRe2lE6AndLSUPR35t1ebYaOopu5uOHBydh0OjNIxaeLJFQq2ON6YGFldtZw316gQRI_odv0dho2QQ3skuF900RtLtx5J04rBIl4BEWtDX6rR3b8M61ZrwJ55uc4PlgIlWfVQnstp-_4Uo7Jdusi0szX208KH_dZTx2p6XzXtEKlXEwQkoCniq-FESBuSvfLfEyETHmUKNIOMH4smH9NiICtAWoHLIHot5U4Wm2vQYY8AU5ZqZ5sxYJYj8N7xy_llu4CTtdIJt4OreHWEKMjPEBij-a1Fr-bTIHj3SHSfcgl7IZJKrx2huafLkUElIUNkUwjhUD4jOKf5lhEheZoWqQK72nL097rEAYwxBW-d6MyG_5PxvotnP3pVwp0bX-re8VoumPG5-MZhGDRHEZPsoU_DwKWFuKlDL78IXZYgLpF6AqNnrmNmBnlTMLearUZPI_jJVVfKdQMktFxa%26adurl%3D&dv360_cmp_id=20311589016&dv360_li_id=1013245224&dv360_crv_id=471173997&jsonp=REVJET_TagObj_1.onLoad&_js_site_page=https%3A%2F%2F339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&_js_site_ref=https%3A%2F%2Fpastelink.net%2F&_js_device_w=1600&_js_device_h=1200&_js_gtx_id=2773a9992768304592d_1702354016839&_js_tag_freq=2&_js_vis_type=8&_js_measurable=1&_js_imp_banner_number=1&_js_imp_offsetx=0&_js_imp_offsety=0&_js_imp_vis=1&_js_sf=0&_js_fif=0&_js_imp_banner_topframe=1&_js_embd_tag_id=revjet-tag-0&_js_ao=https%3A%2F%2Fpastelink.net&_js_imp_banner_creative_attr=banner&_js_imp_tsver=3.5.2&_js_tstamp=1702354016847
Requested by
Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
65.109.98.108 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.108.98.109.65.clients.your-server.de
Software
nginx /
Resource Hash
bb5d3da67fa43926ac266f0bced856dd8e9bcff34aa13751caab3584f0c023ee

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
server
nginx
p3p
CP="CAO PSA OUR"
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
no-transform
x-server
ip54682
expires
Sat, 01 Jan 2000 12:00:00 GMT
tag239907
ads.revjet.com/ Frame 3128
256 KB
41 KB
Script
General
Full URL
https://ads.revjet.com/tag239907?_plc_id=114393514&_key=f1c&ct_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoUsbX9x3ZZrEINWpjuwPlZ-WoAbMnf67dPu6rdTOEcCNtwEQASCGm6SQAWD1hYCA_AOgAbmskIspyAEJqQJHOaabtg-yPqgDAcgDmwSqBPgBT9AqSv0io3uGilBnEj3Xd6_oJmhBAO3mT0HAyxe8qbael_7r2rqezCpUMgOx7nEt0OLqt-oH8IvdQJc7QBBIlDrVLYpf2qR37CAP8FmrD7k5VTg0ym66HRp6Ud7UM4JOVDThauT4uqOl23ms--HwJbvp-J8xgtg9t9pVlsCW1T5fpVxnTs0Fe4CJaMootE0ik1SXpU2XCIssNB5XyRSNB3nXsED0UpjeYdd4fvce4q3jagcgVzGP9u44gFBWnDlgHns3SOjiifDEXcKh0L_oWj8DDWmnD843WtfzUPn1z_BonHjDK1AvyV2jrXNybo0gaH4soTt6UFTABJvX8pC0BOAEA4gFmIGp1UuQBgGgBk2AB7nk4OoDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiAYRABGB0yAooCOgSAQIBASL39wTpY_PiA84KJgwOACgOYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJDSOINEwi2y4HzgomDAxXVlIMHHZWPBWSwE_GZ6BXYEw2IFALYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ%26sig%3DAOD64_2dHHmbA9JqehwCHDe0ts8lkvlREw%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-BgKx90O3B3szPANpzqgMSwIVlQtTkaj-XCAq_xFHMhfz3OnlNKeOor0oaGvdNGYGkpB9ALP7if1jY0_I0jV1R2milac3NRyGYAO96bUi17y9HWqREYMpeQ5NADZoB9hlJ0lFwQCZL0LBy6DjiBrp6st2pDHKSrk9XbXhFOf7BN8skCXrM%26cry%3D1%26dbm_d%3DAKAmf-C5WW7eLzkqR80vTJvwMscy_ncWwdbxygCfsZhoBOcNtRxt1Sks_SELurJkrDhqTZPtOwtHJbQgcO-W8g1f2pf8hX6vHtnAyKGcEgTtUnv7DpfN3c_tnGfdFyB8iOGZt7rqHq5_rg2OYqOroEUgILTprAqQq2qsBJUNn2gGLp4cj0AvFKgtNwXsQiB1W_1VNdnYbyovaj-1WDwYFeUQnFhysQgN4UwzQZMovd2Arkl1_OIlvBic2WR1yi-n2QYLWEsM2hp7QdxhAHf5vCWhztHXQPQY8RQhXT7NpRfIj9RUSES5GawgAZAUWh7cEui331vdJpcJzSOK3rC5uP1tO98li0eXruocSd0-pMQnc-_INM_NUjvKbNPogmSdOQl6Cs2W-KzrWZd79Ar4Ox--PWM77Gyzqza1g2PudumjQUw9tfFuessWp0Svd8XUGFBOR6uirscHjMIX7tgB8Oig3WymFluFt4PXMl34M7wPVtJEm8pDn9gk40jPofRkm4Tx7L1hqO41DMhIJNvytqXlzDI9ia3j5Z6EVdzi5L0w3uzWOe5pzvCBBZjy27ZUx7az68cxfz66%26adurl%3D&dv360_cmp_id=20311589016&dv360_li_id=1013245224&dv360_crv_id=471173997&jsonp=REVJET_TagObj_1.onLoad&_js_site_page=https%3A%2F%2F339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&_js_site_ref=https%3A%2F%2Fpastelink.net%2F&_js_device_w=1600&_js_device_h=1200&_js_gtx_id=2773a9992768304592d_1702354016839&_js_tag_freq=3&_js_vis_type=8&_js_measurable=1&_js_imp_banner_number=1&_js_imp_offsetx=0&_js_imp_offsety=0&_js_imp_vis=1&_js_sf=0&_js_fif=0&_js_imp_banner_topframe=1&_js_embd_tag_id=revjet-tag-0&_js_ao=https%3A%2F%2Fpastelink.net&_js_imp_banner_creative_attr=banner&_js_imp_tsver=3.5.2&_js_tstamp=1702354016854
Requested by
Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
65.109.98.108 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.108.98.109.65.clients.your-server.de
Software
nginx /
Resource Hash
d3ea3fc972c0f8282f6cfda911703cbd7698e7380dc3c6183d230521332e8cce

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
server
nginx
p3p
CP="CAO PSA OUR"
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
no-transform
x-server
ip54702
expires
Sat, 01 Jan 2000 12:00:00 GMT
tag239903
ads.revjet.com/ Frame 5E5C
246 KB
40 KB
Script
General
Full URL
https://ads.revjet.com/tag239903?_plc_id=114393526&_key=c68&ct_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCLSzcX9x3ZZfEINWpjuwPlZ-WoAbMnf67dMO8rdTOEcCNtwEQASCGm6SQAWD1hYCA_AOgAbmskIspyAEJqQJHOaabtg-yPqgDAcgDmwSqBPEBT9BhenNMZCTkh7LG97-kmPHAqDuL1NCva_x1yogNU59VMgS2QNBqWMb4HDuNiqFZOoD3dh-tB4EQ5EU1xELQcc28bqK6k6CYCbXYqMTs8zyAbP_tqdH9_BfnBskVgGzv0E_oYrvpkwMSz7EtOOMYFSuvnWknNsfGRZjQsdAa7-x6NCC7aUxU6xPM_DLWV5QsyDPRCsQlpM18YtzRi9xcHZ5vSsfveVM2P-0xNCaAcDQT64NZHfdRUFaolYwOG83VLadevMLvPBR5HFvs9kIJQa24fPOnjMVnH1CSMWICcsipsTQWuEp-RMvQrRyHGakcpMAEm9fykLQE4AQDiAWYganVS5AGAaAGTYAHueTg6gOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIBhEAEYHTICigI6BIBAgEBIvf3BOlj8-IDzgomDA4AKA5gLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkNI4g0TCLPLgfOCiYMDFdWUgwcdlY8FZLAT8ZnoFdgTDYgUAtgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ%26sig%3DAOD64_3IYVQGuWVSnzJPI59Ma1FW09-L8w%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-Cts31EikzKPV92OVFzYM7M-8LzlRmUn4Hv24TxykxrB1cZW_0r-gFxi00d0F6hGfp8pWHw_QczBXyhuEOBC7uBF0YCsmn-IhCblz6H1E91YFIPrTy-VUbjxkyzPOFBSfNK2VR7DoSXcCQj25T-WCqu3XVZtMKqsoPlkRoS0HzzPHXlySE%26cry%3D1%26dbm_d%3DAKAmf-DUf19-chtUJztyiEBe9qepN9Xa8_GSlu7Uhd8rTHEAr0oRVgMiCmWhaWgs7fxkCubMPYMPFO8D22gXor-mKaSn895J3xHaVffOXhCJiefidzDb1hTf3kEIwGL0sHb8JMz_23FC2Wm3NkxG7Eg7Bd02t-GfHJn3ih3hTzIQpTzxKgR7ghd2une2W3bZbV8cNTldiLOfdc4GmZgExU1LIDXRk7Vwg2PSfH8X4byOlBZY4cdmfN-oZY34KSqfhzZwiV1TMxo0n74jEUI9j6B8PPoVQqE9cqF33mlHCn2ITFw9WafrcgrUD4hgUiQ3AcaWI4bCbRgNesIi95Y0IN2fftkdonnNDSTIWPpKoK2xrnqLy_0FhQugH7u8f58WsU5OLEsKF-3pbJ7Yh_2OgYCXDwgYO5kVqktWaSoBKnSRhzV2nU50ERQ5UodjNjjZgWNlOknieyasCZ60hCZTKbZ-X326rzKJitACgcvEwDAnxcQFU4tZjhEgAz5e-SDAXHkZLzNX3MKVTF92F4hCsyZSQw0HHjRTva_sDp42vgDITBTVZNvhn2kOIyIDDiCI7GKPoCyil5qg%26adurl%3D&dv360_cmp_id=20311589016&dv360_li_id=1013245224&dv360_crv_id=471145179&jsonp=REVJET_TagObj_1.onLoad&_js_site_page=https%3A%2F%2F339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&_js_site_ref=https%3A%2F%2Fpastelink.net%2F&_js_device_w=1600&_js_device_h=1200&_js_gtx_id=2773a9992768304592d_1702354016839&_js_tag_freq=1&_js_vis_type=8&_js_measurable=1&_js_imp_banner_number=1&_js_imp_offsetx=0&_js_imp_offsety=0&_js_imp_vis=1&_js_sf=0&_js_fif=0&_js_imp_banner_topframe=1&_js_embd_tag_id=revjet-tag-0&_js_ao=https%3A%2F%2Fpastelink.net&_js_imp_banner_creative_attr=banner&_js_imp_tsver=3.5.2&_js_tstamp=1702354016855
Requested by
Host: ads.revjet.com
URL: https://ads.revjet.com/bg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
65.109.98.108 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.108.98.109.65.clients.your-server.de
Software
nginx /
Resource Hash
8c7399e423b3a75a762778a041db8e953ece89e1ae6ff5f24f7c3adbcbea4275

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
server
nginx
p3p
CP="CAO PSA OUR"
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
no-transform
x-server
ip54677
expires
Sat, 01 Jan 2000 12:00:00 GMT
elements-2.10.0.js
cdn.revjet.com/~cdn/JS/03/ Frame D95D
167 KB
49 KB
Script
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/elements-2.10.0.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67E2) /
Resource Hash
c3958950542c3d4350757a80f8b16785b6b72aafcccaa6deca82bb70b8be692e

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
last-modified
Mon, 28 Aug 2023 14:15:13 GMT
server
ECS (frb/67E2)
age
597
etag
"64ecabf1-29d9b+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600
content-length
50474
expires
Tue, 12 Dec 2023 04:16:57 GMT
999
pix.revjet.com/interaction/ Frame D95D
43 B
277 B
Image
General
Full URL
https://pix.revjet.com/interaction/999?__ads=32ddd3c34d8eff21ad62c16997d08120&__adt=8240603580741971623&__ade=1&vid=5092673995794602593
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.76.120 Rostock, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.120.76.4.46.clients.your-server.de
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
cache-control
no-store
content-length
43
expires
Sat, 01 Jan 2000 12:00:00 GMT
square.jpg
cdn.revjet.com/s3/csp/1680014892294/ Frame D95D
866 KB
867 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1680014892294/square.jpg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67F3) /
Resource Hash
0c95ec12dc6c2ab6093951c6b917ff6c896553f1ce59a5ed02baf1235baedc25

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
x-amz-version-id
3fPaQivslqxi3yIkxxJfWm_vcpkRhCV.
age
21357
x-amz-request-id
P1XCZ3X6W9QEHTSK
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
886632
x-amz-id-2
GjLNWzgcH841b0kbGzVT4DJt2EDVGRdwARg4bSOtc1Jk835Bek3XVyM+NvueS6BjMl62a0nUT6k=
last-modified
Tue, 28 Mar 2023 14:48:27 GMT
server
ECS (frb/67F3)
etag
"7edde919394f0ebd665a2aba0ea6ccbf"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:56 GMT
gallery-2.1.9.js
cdn.revjet.com/~cdn/JS/03/ Frame D95D
56 KB
15 KB
Script
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/gallery-2.1.9.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668C) /
Resource Hash
4ba7441454b993f6dc09527c8a03ab527e59496d04796dec6f7189208bd315b6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
last-modified
Thu, 25 May 2023 21:15:20 GMT
server
ECS (frb/668C)
age
470
etag
"646fcfe8-df39+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600
content-length
15443
expires
Tue, 12 Dec 2023 04:16:56 GMT
logo_mark.svg
cdn.revjet.com/s3/csp/1662732637087/ Frame D95D
632 B
661 B
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732637087/logo_mark.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674B) /
Resource Hash
b139d97a9012d835c86920887e867490265c309ae069a99e595fa697fb56e82e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-amz-version-id
zSXLBJjIwslgGmxmaRmaJDS_oPpkgt8F
age
23692
x-amz-request-id
0R1ZG2H2SWRXPTXZ
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
427
x-amz-id-2
AP9X9wwi4K94Cirj4OKeQCMWHR0zbCkRxmCdwnQ0nTdRxn0LfLyzy7Tfikh9QImeuRcutQXeaOU=
last-modified
Fri, 09 Sep 2022 14:10:39 GMT
server
ECS (frb/674B)
etag
"e55996d0b9b8b1e1bba2e8168cf0d3a1+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:56 GMT
Logo-Wordmark-noShadow.svg
cdn.revjet.com/s3/csp/1679927261226/ Frame D95D
7 KB
4 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1679927261226/Logo-Wordmark-noShadow.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6738) /
Resource Hash
27c91b042b50c145ccbe32c722d890e2e13b662302c269e1c990591348d98875

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-amz-version-id
_LI8vXFq5W37Tvc9LZcnQweHjqGcRfe8
age
21356
x-amz-request-id
GJYMA3RZMM6VB8VQ
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
3634
x-amz-id-2
hZGG39sy0m+T6t4f89DWSpMR0tA0VnQ1/RtbZYFevzBQOJ4jP/134ovMtURL/FOTakmeomxDy7g=
last-modified
Mon, 27 Mar 2023 14:27:43 GMT
server
ECS (frb/6738)
etag
"66704ffec01c0a05020997e7776a8b76+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:56 GMT
Logo-Wordmark-White.svg
cdn.revjet.com/s3/csp/1680256735421/ Frame D95D
7 KB
4 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1680256735421/Logo-Wordmark-White.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67A8) /
Resource Hash
63f7be1d0a480f22ca23ca1a147f759d5199f5a16ad731633cd3aa81f857ec5c

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-amz-version-id
AwNg3pZ_b3UTO1Gv2fLqLaH_CNFtNLJM
age
21357
x-amz-request-id
P1X6TDDZD8Y5DRC4
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
3628
x-amz-id-2
dI18f5B4krn+aosyRvy3o92ZMyNOJ2kbone7S1iHUeIHM0ZddlTNjXLTBsxGlTRrO07nuUL1lIs=
last-modified
Fri, 31 Mar 2023 09:58:57 GMT
server
ECS (frb/67A8)
etag
"6802dc95d8e5a742e4e3e3e09650a7c7+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:56 GMT
B29254154.359134036;dc_pre=CICm2fOCiYMDFWyi_QcdHowDHA;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016882
ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/ Frame D95D
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=17023540...
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_pre=CICm2fOCiYMDFWyi_QcdHowDHA;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_chil...
42 B
63 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_pre=CICm2fOCiYMDFWyi_QcdHowDHA;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016882
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f6.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_pre=CICm2fOCiYMDFWyi_QcdHowDHA;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016882
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
follow-only-when-prerender-shown
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
162455845.woff
cdn.revjet.com/s3/fonts/162455845/ Frame D95D
470 KB
470 KB
Font
General
Full URL
https://cdn.revjet.com/s3/fonts/162455845/162455845.woff
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6727) /
Resource Hash
6d7416c9352e4b00c83f1dcf6964c89586d517e10fe4806a9da14abd0af76f35

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
kVq59ccinPiVDgarv_TkFQgofQrkf2s4
age
21358
x-amz-request-id
P1XBHH22DE7G8434
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
480984
x-amz-id-2
yQ4Z4y2tUCLBF5vx/27n1sy/rpJsisZJw0jFadb6sB/Cu6/BOpUU08zHXMaEyFytMhK/TsNU/og=
last-modified
Thu, 16 Nov 2023 19:47:31 GMT
server
ECS (frb/6727)
etag
"a7d9ee6baf67661e8e26d1e5c04f7fd5"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
elements-2.10.0.js
cdn.revjet.com/~cdn/JS/03/ Frame 806E
167 KB
49 KB
Script
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/elements-2.10.0.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67E2) /
Resource Hash
c3958950542c3d4350757a80f8b16785b6b72aafcccaa6deca82bb70b8be692e

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
last-modified
Mon, 28 Aug 2023 14:15:13 GMT
server
ECS (frb/67E2)
age
597
etag
"64ecabf1-29d9b+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600
content-length
50474
expires
Tue, 12 Dec 2023 04:16:57 GMT
999
pix.revjet.com/interaction/ Frame 806E
43 B
276 B
Image
General
Full URL
https://pix.revjet.com/interaction/999?__ads=4458f49b8eef873ae12882617a0aed8f&__adt=8240603533555724023&__ade=1&vid=5092849917655046754
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.76.120 Rostock, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.120.76.4.46.clients.your-server.de
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
cache-control
no-store
content-length
43
expires
Sat, 01 Jan 2000 12:00:00 GMT
square.jpg
cdn.revjet.com/s3/csp/1680014892294/ Frame 806E
866 KB
866 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1680014892294/square.jpg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67F3) /
Resource Hash
0c95ec12dc6c2ab6093951c6b917ff6c896553f1ce59a5ed02baf1235baedc25

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
x-amz-version-id
3fPaQivslqxi3yIkxxJfWm_vcpkRhCV.
age
21357
x-amz-request-id
P1XCZ3X6W9QEHTSK
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
886632
x-amz-id-2
GjLNWzgcH841b0kbGzVT4DJt2EDVGRdwARg4bSOtc1Jk835Bek3XVyM+NvueS6BjMl62a0nUT6k=
last-modified
Tue, 28 Mar 2023 14:48:27 GMT
server
ECS (frb/67F3)
etag
"7edde919394f0ebd665a2aba0ea6ccbf"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:56 GMT
gallery-2.1.9.js
cdn.revjet.com/~cdn/JS/03/ Frame 806E
56 KB
15 KB
Script
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/gallery-2.1.9.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668C) /
Resource Hash
4ba7441454b993f6dc09527c8a03ab527e59496d04796dec6f7189208bd315b6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
last-modified
Thu, 25 May 2023 21:15:20 GMT
server
ECS (frb/668C)
age
470
etag
"646fcfe8-df39+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600
content-length
15443
expires
Tue, 12 Dec 2023 04:16:56 GMT
logo_mark.svg
cdn.revjet.com/s3/csp/1662732637087/ Frame 806E
632 B
506 B
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732637087/logo_mark.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674B) /
Resource Hash
b139d97a9012d835c86920887e867490265c309ae069a99e595fa697fb56e82e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-amz-version-id
zSXLBJjIwslgGmxmaRmaJDS_oPpkgt8F
age
23692
x-amz-request-id
0R1ZG2H2SWRXPTXZ
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
427
x-amz-id-2
AP9X9wwi4K94Cirj4OKeQCMWHR0zbCkRxmCdwnQ0nTdRxn0LfLyzy7Tfikh9QImeuRcutQXeaOU=
last-modified
Fri, 09 Sep 2022 14:10:39 GMT
server
ECS (frb/674B)
etag
"e55996d0b9b8b1e1bba2e8168cf0d3a1+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:56 GMT
Logo-Wordmark-noShadow.svg
cdn.revjet.com/s3/csp/1679927261226/ Frame 806E
7 KB
4 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1679927261226/Logo-Wordmark-noShadow.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6738) /
Resource Hash
27c91b042b50c145ccbe32c722d890e2e13b662302c269e1c990591348d98875

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-amz-version-id
_LI8vXFq5W37Tvc9LZcnQweHjqGcRfe8
age
21356
x-amz-request-id
GJYMA3RZMM6VB8VQ
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
3634
x-amz-id-2
hZGG39sy0m+T6t4f89DWSpMR0tA0VnQ1/RtbZYFevzBQOJ4jP/134ovMtURL/FOTakmeomxDy7g=
last-modified
Mon, 27 Mar 2023 14:27:43 GMT
server
ECS (frb/6738)
etag
"66704ffec01c0a05020997e7776a8b76+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:56 GMT
Logo-Wordmark-White.svg
cdn.revjet.com/s3/csp/1680256735421/ Frame 806E
7 KB
4 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1680256735421/Logo-Wordmark-White.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67A8) /
Resource Hash
63f7be1d0a480f22ca23ca1a147f759d5199f5a16ad731633cd3aa81f857ec5c

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
x-amz-version-id
AwNg3pZ_b3UTO1Gv2fLqLaH_CNFtNLJM
age
21357
x-amz-request-id
P1X6TDDZD8Y5DRC4
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
3628
x-amz-id-2
dI18f5B4krn+aosyRvy3o92ZMyNOJ2kbone7S1iHUeIHM0ZddlTNjXLTBsxGlTRrO07nuUL1lIs=
last-modified
Fri, 31 Mar 2023 09:58:57 GMT
server
ECS (frb/67A8)
etag
"6802dc95d8e5a742e4e3e3e09650a7c7+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:56 GMT
B29254154.359134036;dc_pre=CO7u2_OCiYMDFeSX_Qcd6SwDlA;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016886
ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/ Frame 806E
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=17023540...
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_pre=CO7u2_OCiYMDFeSX_Qcd6SwDlA;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_chil...
42 B
63 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_pre=CO7u2_OCiYMDFeSX_Qcd6SwDlA;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016886
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f6.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_pre=CO7u2_OCiYMDFeSX_Qcd6SwDlA;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016886
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
follow-only-when-prerender-shown
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
elements-2.10.0.js
cdn.revjet.com/~cdn/JS/03/ Frame 51BB
167 KB
49 KB
Script
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/elements-2.10.0.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67E2) /
Resource Hash
c3958950542c3d4350757a80f8b16785b6b72aafcccaa6deca82bb70b8be692e

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
last-modified
Mon, 28 Aug 2023 14:15:13 GMT
server
ECS (frb/67E2)
age
597
etag
"64ecabf1-29d9b+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600
content-length
50474
expires
Tue, 12 Dec 2023 04:16:57 GMT
999
pix.revjet.com/interaction/ Frame 51BB
43 B
276 B
Image
General
Full URL
https://pix.revjet.com/interaction/999?__ads=63b4b9f0229c1a05e09376f470a4e500&__adt=8240603518308582481&__ade=1&vid=5092849917655046765
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.76.120 Rostock, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.120.76.4.46.clients.your-server.de
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
cache-control
no-store
content-length
43
expires
Sat, 01 Jan 2000 12:00:00 GMT
square.jpg
cdn.revjet.com/s3/csp/1680014892294/ Frame 51BB
866 KB
866 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1680014892294/square.jpg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67F3) /
Resource Hash
0c95ec12dc6c2ab6093951c6b917ff6c896553f1ce59a5ed02baf1235baedc25

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
3fPaQivslqxi3yIkxxJfWm_vcpkRhCV.
age
21358
x-amz-request-id
P1XCZ3X6W9QEHTSK
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
886632
x-amz-id-2
GjLNWzgcH841b0kbGzVT4DJt2EDVGRdwARg4bSOtc1Jk835Bek3XVyM+NvueS6BjMl62a0nUT6k=
last-modified
Tue, 28 Mar 2023 14:48:27 GMT
server
ECS (frb/67F3)
etag
"7edde919394f0ebd665a2aba0ea6ccbf"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
gallery-2.1.9.js
cdn.revjet.com/~cdn/JS/03/ Frame 51BB
56 KB
15 KB
Script
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/gallery-2.1.9.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668C) /
Resource Hash
4ba7441454b993f6dc09527c8a03ab527e59496d04796dec6f7189208bd315b6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:56 GMT
content-encoding
gzip
last-modified
Thu, 25 May 2023 21:15:20 GMT
server
ECS (frb/668C)
age
470
etag
"646fcfe8-df39+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600
content-length
15443
expires
Tue, 12 Dec 2023 04:16:56 GMT
logo_mark.svg
cdn.revjet.com/s3/csp/1662732637087/ Frame 51BB
632 B
506 B
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732637087/logo_mark.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674B) /
Resource Hash
b139d97a9012d835c86920887e867490265c309ae069a99e595fa697fb56e82e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
zSXLBJjIwslgGmxmaRmaJDS_oPpkgt8F
age
23693
x-amz-request-id
0R1ZG2H2SWRXPTXZ
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
427
x-amz-id-2
AP9X9wwi4K94Cirj4OKeQCMWHR0zbCkRxmCdwnQ0nTdRxn0LfLyzy7Tfikh9QImeuRcutQXeaOU=
last-modified
Fri, 09 Sep 2022 14:10:39 GMT
server
ECS (frb/674B)
etag
"e55996d0b9b8b1e1bba2e8168cf0d3a1+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
Logo-Wordmark-noShadow.svg
cdn.revjet.com/s3/csp/1679927261226/ Frame 51BB
7 KB
4 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1679927261226/Logo-Wordmark-noShadow.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6738) /
Resource Hash
27c91b042b50c145ccbe32c722d890e2e13b662302c269e1c990591348d98875

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
_LI8vXFq5W37Tvc9LZcnQweHjqGcRfe8
age
21357
x-amz-request-id
GJYMA3RZMM6VB8VQ
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
3634
x-amz-id-2
hZGG39sy0m+T6t4f89DWSpMR0tA0VnQ1/RtbZYFevzBQOJ4jP/134ovMtURL/FOTakmeomxDy7g=
last-modified
Mon, 27 Mar 2023 14:27:43 GMT
server
ECS (frb/6738)
etag
"66704ffec01c0a05020997e7776a8b76+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
Logo-Wordmark-White.svg
cdn.revjet.com/s3/csp/1680256735421/ Frame 51BB
7 KB
4 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1680256735421/Logo-Wordmark-White.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67A8) /
Resource Hash
63f7be1d0a480f22ca23ca1a147f759d5199f5a16ad731633cd3aa81f857ec5c

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
AwNg3pZ_b3UTO1Gv2fLqLaH_CNFtNLJM
age
21358
x-amz-request-id
P1X6TDDZD8Y5DRC4
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
3628
x-amz-id-2
dI18f5B4krn+aosyRvy3o92ZMyNOJ2kbone7S1iHUeIHM0ZddlTNjXLTBsxGlTRrO07nuUL1lIs=
last-modified
Fri, 31 Mar 2023 09:58:57 GMT
server
ECS (frb/67A8)
etag
"6802dc95d8e5a742e4e3e3e09650a7c7+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
B29254154.359134036;dc_pre=CLHV3fOCiYMDFbzkEQgdfOILNw;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016893
ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/ Frame 51BB
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=17023540...
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_pre=CLHV3fOCiYMDFbzkEQgdfOILNw;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_chil...
42 B
63 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_pre=CLHV3fOCiYMDFbzkEQgdfOILNw;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016893
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f6.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134036;dc_pre=CLHV3fOCiYMDFbzkEQgdfOILNw;dc_trk_aid=550284142;dc_trk_cid=186355462;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016893
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
follow-only-when-prerender-shown
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
162455845.woff
cdn.revjet.com/s3/fonts/162455845/ Frame 806E
470 KB
470 KB
Font
General
Full URL
https://cdn.revjet.com/s3/fonts/162455845/162455845.woff
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6727) /
Resource Hash
6d7416c9352e4b00c83f1dcf6964c89586d517e10fe4806a9da14abd0af76f35

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
kVq59ccinPiVDgarv_TkFQgofQrkf2s4
age
21358
x-amz-request-id
P1XBHH22DE7G8434
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
480984
x-amz-id-2
yQ4Z4y2tUCLBF5vx/27n1sy/rpJsisZJw0jFadb6sB/Cu6/BOpUU08zHXMaEyFytMhK/TsNU/og=
last-modified
Thu, 16 Nov 2023 19:47:31 GMT
server
ECS (frb/6727)
etag
"a7d9ee6baf67661e8e26d1e5c04f7fd5"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
elements-2.10.0.js
cdn.revjet.com/~cdn/JS/03/ Frame 1676
167 KB
49 KB
Script
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/elements-2.10.0.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67E2) /
Resource Hash
c3958950542c3d4350757a80f8b16785b6b72aafcccaa6deca82bb70b8be692e

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
last-modified
Mon, 28 Aug 2023 14:15:13 GMT
server
ECS (frb/67E2)
age
597
etag
"64ecabf1-29d9b+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600
content-length
50474
expires
Tue, 12 Dec 2023 04:16:57 GMT
999
pix.revjet.com/interaction/ Frame 1676
43 B
169 B
Image
General
Full URL
https://pix.revjet.com/interaction/999?__ads=93785cb83f7faccdf88674140a9d12d5&__adt=8240602539657920273&__ade=1&vid=5092630015329491557
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.76.120 Rostock, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.120.76.4.46.clients.your-server.de
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
cache-control
no-store
content-length
43
expires
Sat, 01 Jan 2000 12:00:00 GMT
lifestyle_optimized.jpg
cdn.revjet.com/s3/csp/1671558630301/ Frame 1676
33 KB
33 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1671558630301/lifestyle_optimized.jpg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6712) /
Resource Hash
3e1406c94587637a7460b7a2089dc1db426ce759c728f4a5479215e1f9360a8b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
GWmWzsiL4gZfS8p3bOBsR38yaINgc04d
age
23689
x-amz-request-id
JB4R8C1WRA1393S7
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
33574
x-amz-id-2
JRqUgTdHarNyBkRMq6lJz5JEFNSJBMzyMouvsIHjzNEX9C5IxNqxIVm5C4Xzik1cVy4tySn9xm0=
last-modified
Tue, 20 Dec 2022 17:50:32 GMT
server
ECS (frb/6712)
etag
"432e30fdf56b7e1babca672b7e5398e9"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
gallery-2.1.9.js
cdn.revjet.com/~cdn/JS/03/ Frame 1676
56 KB
15 KB
Script
General
Full URL
https://cdn.revjet.com/~cdn/JS/03/gallery-2.1.9.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668C) /
Resource Hash
4ba7441454b993f6dc09527c8a03ab527e59496d04796dec6f7189208bd315b6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
last-modified
Thu, 25 May 2023 21:15:20 GMT
server
ECS (frb/668C)
age
471
etag
"646fcfe8-df39+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=600
content-length
15443
expires
Tue, 12 Dec 2023 04:16:57 GMT
logo_word_black.svg
cdn.revjet.com/s3/csp/1662732637080/ Frame 1676
3 KB
2 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732637080/logo_word_black.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/673A) /
Resource Hash
c2754c8058fdfdf9c8aef009eb9b3c25b93aeab0c7a0cbe5a4be020620ee4966

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
6dP9WoKtkjdaRlsO3V7DUipbqdCKLzpR
age
18717
x-amz-request-id
GG6XQD6KYHVR20JC
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
1556
x-amz-id-2
FVgCbfxd4vM1fEzSQXbE90T1exiurFH7QSyzjj7ciDOl7UX5zhNW5oqS+pZn70yuGnVcj/ojQOI=
last-modified
Fri, 09 Sep 2022 14:10:39 GMT
server
ECS (frb/673A)
etag
"4e3f110ca066e6b8dc4a9827ae6e6f50+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
logo_mark.svg
cdn.revjet.com/s3/csp/1662732637087/ Frame 1676
632 B
506 B
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732637087/logo_mark.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674B) /
Resource Hash
b139d97a9012d835c86920887e867490265c309ae069a99e595fa697fb56e82e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
zSXLBJjIwslgGmxmaRmaJDS_oPpkgt8F
age
23693
x-amz-request-id
0R1ZG2H2SWRXPTXZ
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
427
x-amz-id-2
AP9X9wwi4K94Cirj4OKeQCMWHR0zbCkRxmCdwnQ0nTdRxn0LfLyzy7Tfikh9QImeuRcutQXeaOU=
last-modified
Fri, 09 Sep 2022 14:10:39 GMT
server
ECS (frb/674B)
etag
"e55996d0b9b8b1e1bba2e8168cf0d3a1+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
Logo-Wordmark-White.svg
cdn.revjet.com/s3/csp/1680256735421/ Frame 1676
7 KB
4 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1680256735421/Logo-Wordmark-White.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67A8) /
Resource Hash
63f7be1d0a480f22ca23ca1a147f759d5199f5a16ad731633cd3aa81f857ec5c

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
AwNg3pZ_b3UTO1Gv2fLqLaH_CNFtNLJM
age
21358
x-amz-request-id
P1X6TDDZD8Y5DRC4
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
3628
x-amz-id-2
dI18f5B4krn+aosyRvy3o92ZMyNOJ2kbone7S1iHUeIHM0ZddlTNjXLTBsxGlTRrO07nuUL1lIs=
last-modified
Fri, 31 Mar 2023 09:58:57 GMT
server
ECS (frb/67A8)
etag
"6802dc95d8e5a742e4e3e3e09650a7c7+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
B29254154.359134039;dc_pre=CMru3_OCiYMDFYf0EQgdH3AGwQ;dc_trk_aid=550145342;dc_trk_cid=186929037;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016887
ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/ Frame 1676
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134039;dc_trk_aid=550145342;dc_trk_cid=186929037;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=17023540...
  • https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134039;dc_pre=CMru3_OCiYMDFYf0EQgdH3AGwQ;dc_trk_aid=550145342;dc_trk_cid=186929037;dc_lat=;dc_rdid=;tag_for_chil...
42 B
63 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134039;dc_pre=CMru3_OCiYMDFYf0EQgdH3AGwQ;dc_trk_aid=550145342;dc_trk_cid=186929037;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016887
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f6.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ad.doubleclick.net/ddm/trackimp/N6698.4753384DV360REVJETZALANDO/B29254154.359134039;dc_pre=CMru3_OCiYMDFYf0EQgdH3AGwQ;dc_trk_aid=550145342;dc_trk_cid=186929037;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1702354016887
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
follow-only-when-prerender-shown
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
162455845.woff
cdn.revjet.com/s3/fonts/162455845/ Frame 51BB
470 KB
470 KB
Font
General
Full URL
https://cdn.revjet.com/s3/fonts/162455845/162455845.woff
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6727) /
Resource Hash
6d7416c9352e4b00c83f1dcf6964c89586d517e10fe4806a9da14abd0af76f35

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
kVq59ccinPiVDgarv_TkFQgofQrkf2s4
age
21358
x-amz-request-id
P1XBHH22DE7G8434
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
480984
x-amz-id-2
yQ4Z4y2tUCLBF5vx/27n1sy/rpJsisZJw0jFadb6sB/Cu6/BOpUU08zHXMaEyFytMhK/TsNU/og=
last-modified
Thu, 16 Nov 2023 19:47:31 GMT
server
ECS (frb/6727)
etag
"a7d9ee6baf67661e8e26d1e5c04f7fd5"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
square.jpg
cdn.revjet.com/s3/csp/1680014892294/ Frame D95D
866 KB
866 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1680014892294/square.jpg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67F3) /
Resource Hash
0c95ec12dc6c2ab6093951c6b917ff6c896553f1ce59a5ed02baf1235baedc25

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
3fPaQivslqxi3yIkxxJfWm_vcpkRhCV.
age
21358
x-amz-request-id
P1XCZ3X6W9QEHTSK
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
886632
x-amz-id-2
GjLNWzgcH841b0kbGzVT4DJt2EDVGRdwARg4bSOtc1Jk835Bek3XVyM+NvueS6BjMl62a0nUT6k=
last-modified
Tue, 28 Mar 2023 14:48:27 GMT
server
ECS (frb/67F3)
etag
"7edde919394f0ebd665a2aba0ea6ccbf"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
logo_mark.svg
cdn.revjet.com/s3/csp/1662732637087/ Frame D95D
632 B
506 B
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732637087/logo_mark.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674B) /
Resource Hash
b139d97a9012d835c86920887e867490265c309ae069a99e595fa697fb56e82e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
zSXLBJjIwslgGmxmaRmaJDS_oPpkgt8F
age
23693
x-amz-request-id
0R1ZG2H2SWRXPTXZ
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
427
x-amz-id-2
AP9X9wwi4K94Cirj4OKeQCMWHR0zbCkRxmCdwnQ0nTdRxn0LfLyzy7Tfikh9QImeuRcutQXeaOU=
last-modified
Fri, 09 Sep 2022 14:10:39 GMT
server
ECS (frb/674B)
etag
"e55996d0b9b8b1e1bba2e8168cf0d3a1+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
162455845.woff
cdn.revjet.com/s3/fonts/162455845/ Frame 1676
470 KB
470 KB
Font
General
Full URL
https://cdn.revjet.com/s3/fonts/162455845/162455845.woff
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6727) /
Resource Hash
6d7416c9352e4b00c83f1dcf6964c89586d517e10fe4806a9da14abd0af76f35

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
kVq59ccinPiVDgarv_TkFQgofQrkf2s4
age
21358
x-amz-request-id
P1XBHH22DE7G8434
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
480984
x-amz-id-2
yQ4Z4y2tUCLBF5vx/27n1sy/rpJsisZJw0jFadb6sB/Cu6/BOpUU08zHXMaEyFytMhK/TsNU/og=
last-modified
Thu, 16 Nov 2023 19:47:31 GMT
server
ECS (frb/6727)
etag
"a7d9ee6baf67661e8e26d1e5c04f7fd5"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
GeorgiaW01Regular.woff2
cdn.revjet.com/~cdn/Ads/ad_shared/fonts/Georgia/GeorgiaW01Regular/ Frame D95D
33 KB
33 KB
Font
General
Full URL
https://cdn.revjet.com/~cdn/Ads/ad_shared/fonts/Georgia/GeorgiaW01Regular/GeorgiaW01Regular.woff2
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6772) /
Resource Hash
ec0252ba8694b474f3b887ffe91c07341280451a177944d79ff2a94d877a07d5

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
last-modified
Fri, 04 Mar 2022 15:24:09 GMT
server
ECS (frb/6772)
age
583
etag
"62222f19-842c"
x-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
content-length
33836
expires
Tue, 12 Dec 2023 04:16:57 GMT
162453298.woff
cdn.revjet.com/s3/fonts/162453298/ Frame D95D
13 KB
13 KB
Font
General
Full URL
https://cdn.revjet.com/s3/fonts/162453298/162453298.woff
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6795) /
Resource Hash
489c8bd821038a9ce8f643de824f6a507c68e3a4e024fb56209d7b9464134036

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
.Is8JR1jYDeMhMM7ZjPhsnsyUTdaBiJa
age
36922
x-amz-request-id
F8A7K7SJCRC9WHRE
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
12940
x-amz-id-2
220jlJjHRK2BWCmBcjm49AD2FoW8tXyIdEmQ1jzkfmJTIuDjmBjqdNWXgyX1dh2v/pZCaRNTC/g=
last-modified
Thu, 16 Nov 2023 19:31:22 GMT
server
ECS (frb/6795)
etag
"31b663ffd91c821398bdd07236df4b22"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
arrow_grey.svg
cdn.revjet.com/s3/csp/1662732236308/ Frame D95D
286 B
456 B
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732236308/arrow_grey.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674C) /
Resource Hash
d144365863e6bb29da96e647c672152326639ed4bad9f7f4092eeb3698eba532

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
xvWQ2m3sdbfn_7tiBj4ob78SzYdaK8j7
age
23692
x-amz-request-id
CFT485JFYNGA8C70
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
237
x-amz-id-2
hpOUSd86INoSr/UMqPk/Pci7i1B8hD00ERs8uC0R2jvW38vfcAsT2ARuCJT8Pd4HTTDdeWXGBW0=
last-modified
Fri, 09 Sep 2022 14:03:58 GMT
server
ECS (frb/674C)
etag
"7744a5e73070172a2534ddcbd966d020+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
162455845.woff
cdn.revjet.com/s3/fonts/162455845/ Frame D95D
470 KB
470 KB
Font
General
Full URL
https://cdn.revjet.com/s3/fonts/162455845/162455845.woff
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6727) /
Resource Hash
6d7416c9352e4b00c83f1dcf6964c89586d517e10fe4806a9da14abd0af76f35

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
kVq59ccinPiVDgarv_TkFQgofQrkf2s4
age
21358
x-amz-request-id
P1XBHH22DE7G8434
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
480984
x-amz-id-2
yQ4Z4y2tUCLBF5vx/27n1sy/rpJsisZJw0jFadb6sB/Cu6/BOpUU08zHXMaEyFytMhK/TsNU/og=
last-modified
Thu, 16 Nov 2023 19:47:31 GMT
server
ECS (frb/6727)
etag
"a7d9ee6baf67661e8e26d1e5c04f7fd5"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
square.jpg
cdn.revjet.com/s3/csp/1680014892294/ Frame 806E
866 KB
866 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1680014892294/square.jpg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67F3) /
Resource Hash
0c95ec12dc6c2ab6093951c6b917ff6c896553f1ce59a5ed02baf1235baedc25

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
3fPaQivslqxi3yIkxxJfWm_vcpkRhCV.
age
21358
x-amz-request-id
P1XCZ3X6W9QEHTSK
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
886632
x-amz-id-2
GjLNWzgcH841b0kbGzVT4DJt2EDVGRdwARg4bSOtc1Jk835Bek3XVyM+NvueS6BjMl62a0nUT6k=
last-modified
Tue, 28 Mar 2023 14:48:27 GMT
server
ECS (frb/67F3)
etag
"7edde919394f0ebd665a2aba0ea6ccbf"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
logo_mark.svg
cdn.revjet.com/s3/csp/1662732637087/ Frame 806E
632 B
512 B
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732637087/logo_mark.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674B) /
Resource Hash
b139d97a9012d835c86920887e867490265c309ae069a99e595fa697fb56e82e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
zSXLBJjIwslgGmxmaRmaJDS_oPpkgt8F
age
23693
x-amz-request-id
0R1ZG2H2SWRXPTXZ
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
427
x-amz-id-2
AP9X9wwi4K94Cirj4OKeQCMWHR0zbCkRxmCdwnQ0nTdRxn0LfLyzy7Tfikh9QImeuRcutQXeaOU=
last-modified
Fri, 09 Sep 2022 14:10:39 GMT
server
ECS (frb/674B)
etag
"e55996d0b9b8b1e1bba2e8168cf0d3a1+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
GeorgiaW01Regular.woff2
cdn.revjet.com/~cdn/Ads/ad_shared/fonts/Georgia/GeorgiaW01Regular/ Frame 806E
33 KB
33 KB
Font
General
Full URL
https://cdn.revjet.com/~cdn/Ads/ad_shared/fonts/Georgia/GeorgiaW01Regular/GeorgiaW01Regular.woff2
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6772) /
Resource Hash
ec0252ba8694b474f3b887ffe91c07341280451a177944d79ff2a94d877a07d5

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
last-modified
Fri, 04 Mar 2022 15:24:09 GMT
server
ECS (frb/6772)
age
583
etag
"62222f19-842c"
x-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
content-length
33836
expires
Tue, 12 Dec 2023 04:16:57 GMT
162453298.woff
cdn.revjet.com/s3/fonts/162453298/ Frame 806E
13 KB
13 KB
Font
General
Full URL
https://cdn.revjet.com/s3/fonts/162453298/162453298.woff
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6795) /
Resource Hash
489c8bd821038a9ce8f643de824f6a507c68e3a4e024fb56209d7b9464134036

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
.Is8JR1jYDeMhMM7ZjPhsnsyUTdaBiJa
age
36922
x-amz-request-id
F8A7K7SJCRC9WHRE
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
12940
x-amz-id-2
220jlJjHRK2BWCmBcjm49AD2FoW8tXyIdEmQ1jzkfmJTIuDjmBjqdNWXgyX1dh2v/pZCaRNTC/g=
last-modified
Thu, 16 Nov 2023 19:31:22 GMT
server
ECS (frb/6795)
etag
"31b663ffd91c821398bdd07236df4b22"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
arrow_grey.svg
cdn.revjet.com/s3/csp/1662732236308/ Frame 806E
286 B
316 B
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732236308/arrow_grey.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674C) /
Resource Hash
d144365863e6bb29da96e647c672152326639ed4bad9f7f4092eeb3698eba532

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
xvWQ2m3sdbfn_7tiBj4ob78SzYdaK8j7
age
23692
x-amz-request-id
CFT485JFYNGA8C70
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
237
x-amz-id-2
hpOUSd86INoSr/UMqPk/Pci7i1B8hD00ERs8uC0R2jvW38vfcAsT2ARuCJT8Pd4HTTDdeWXGBW0=
last-modified
Fri, 09 Sep 2022 14:03:58 GMT
server
ECS (frb/674C)
etag
"7744a5e73070172a2534ddcbd966d020+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
162455845.woff
cdn.revjet.com/s3/fonts/162455845/ Frame 806E
470 KB
470 KB
Font
General
Full URL
https://cdn.revjet.com/s3/fonts/162455845/162455845.woff
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6727) /
Resource Hash
6d7416c9352e4b00c83f1dcf6964c89586d517e10fe4806a9da14abd0af76f35

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
kVq59ccinPiVDgarv_TkFQgofQrkf2s4
age
21358
x-amz-request-id
P1XBHH22DE7G8434
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
480984
x-amz-id-2
yQ4Z4y2tUCLBF5vx/27n1sy/rpJsisZJw0jFadb6sB/Cu6/BOpUU08zHXMaEyFytMhK/TsNU/og=
last-modified
Thu, 16 Nov 2023 19:47:31 GMT
server
ECS (frb/6727)
etag
"a7d9ee6baf67661e8e26d1e5c04f7fd5"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
square.jpg
cdn.revjet.com/s3/csp/1680014892294/ Frame 51BB
866 KB
866 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1680014892294/square.jpg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67F3) /
Resource Hash
0c95ec12dc6c2ab6093951c6b917ff6c896553f1ce59a5ed02baf1235baedc25

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
3fPaQivslqxi3yIkxxJfWm_vcpkRhCV.
age
21358
x-amz-request-id
P1XCZ3X6W9QEHTSK
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
886632
x-amz-id-2
GjLNWzgcH841b0kbGzVT4DJt2EDVGRdwARg4bSOtc1Jk835Bek3XVyM+NvueS6BjMl62a0nUT6k=
last-modified
Tue, 28 Mar 2023 14:48:27 GMT
server
ECS (frb/67F3)
etag
"7edde919394f0ebd665a2aba0ea6ccbf"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
logo_mark.svg
cdn.revjet.com/s3/csp/1662732637087/ Frame 51BB
632 B
506 B
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732637087/logo_mark.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674B) /
Resource Hash
b139d97a9012d835c86920887e867490265c309ae069a99e595fa697fb56e82e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
zSXLBJjIwslgGmxmaRmaJDS_oPpkgt8F
age
23693
x-amz-request-id
0R1ZG2H2SWRXPTXZ
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
427
x-amz-id-2
AP9X9wwi4K94Cirj4OKeQCMWHR0zbCkRxmCdwnQ0nTdRxn0LfLyzy7Tfikh9QImeuRcutQXeaOU=
last-modified
Fri, 09 Sep 2022 14:10:39 GMT
server
ECS (frb/674B)
etag
"e55996d0b9b8b1e1bba2e8168cf0d3a1+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
logo_mark.svg
cdn.revjet.com/s3/csp/1662732637087/ Frame 1676
632 B
506 B
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732637087/logo_mark.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674B) /
Resource Hash
b139d97a9012d835c86920887e867490265c309ae069a99e595fa697fb56e82e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
zSXLBJjIwslgGmxmaRmaJDS_oPpkgt8F
age
23693
x-amz-request-id
0R1ZG2H2SWRXPTXZ
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
427
x-amz-id-2
AP9X9wwi4K94Cirj4OKeQCMWHR0zbCkRxmCdwnQ0nTdRxn0LfLyzy7Tfikh9QImeuRcutQXeaOU=
last-modified
Fri, 09 Sep 2022 14:10:39 GMT
server
ECS (frb/674B)
etag
"e55996d0b9b8b1e1bba2e8168cf0d3a1+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
162453298.woff
cdn.revjet.com/s3/fonts/162453298/ Frame 1676
13 KB
13 KB
Font
General
Full URL
https://cdn.revjet.com/s3/fonts/162453298/162453298.woff
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6795) /
Resource Hash
489c8bd821038a9ce8f643de824f6a507c68e3a4e024fb56209d7b9464134036

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
.Is8JR1jYDeMhMM7ZjPhsnsyUTdaBiJa
age
36922
x-amz-request-id
F8A7K7SJCRC9WHRE
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
12940
x-amz-id-2
220jlJjHRK2BWCmBcjm49AD2FoW8tXyIdEmQ1jzkfmJTIuDjmBjqdNWXgyX1dh2v/pZCaRNTC/g=
last-modified
Thu, 16 Nov 2023 19:31:22 GMT
server
ECS (frb/6795)
etag
"31b663ffd91c821398bdd07236df4b22"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
arrow_grey.svg
cdn.revjet.com/s3/csp/1662732236308/ Frame 1676
286 B
316 B
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732236308/arrow_grey.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674C) /
Resource Hash
d144365863e6bb29da96e647c672152326639ed4bad9f7f4092eeb3698eba532

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
xvWQ2m3sdbfn_7tiBj4ob78SzYdaK8j7
age
23692
x-amz-request-id
CFT485JFYNGA8C70
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
237
x-amz-id-2
hpOUSd86INoSr/UMqPk/Pci7i1B8hD00ERs8uC0R2jvW38vfcAsT2ARuCJT8Pd4HTTDdeWXGBW0=
last-modified
Fri, 09 Sep 2022 14:03:58 GMT
server
ECS (frb/674C)
etag
"7744a5e73070172a2534ddcbd966d020+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
162455845.woff
cdn.revjet.com/s3/fonts/162455845/ Frame 1676
470 KB
470 KB
Font
General
Full URL
https://cdn.revjet.com/s3/fonts/162455845/162455845.woff
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6727) /
Resource Hash
6d7416c9352e4b00c83f1dcf6964c89586d517e10fe4806a9da14abd0af76f35

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
kVq59ccinPiVDgarv_TkFQgofQrkf2s4
age
21358
x-amz-request-id
P1XBHH22DE7G8434
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
480984
x-amz-id-2
yQ4Z4y2tUCLBF5vx/27n1sy/rpJsisZJw0jFadb6sB/Cu6/BOpUU08zHXMaEyFytMhK/TsNU/og=
last-modified
Thu, 16 Nov 2023 19:47:31 GMT
server
ECS (frb/6727)
etag
"a7d9ee6baf67661e8e26d1e5c04f7fd5"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
GeorgiaW01Regular.woff2
cdn.revjet.com/~cdn/Ads/ad_shared/fonts/Georgia/GeorgiaW01Regular/ Frame 1676
33 KB
33 KB
Font
General
Full URL
https://cdn.revjet.com/~cdn/Ads/ad_shared/fonts/Georgia/GeorgiaW01Regular/GeorgiaW01Regular.woff2
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6772) /
Resource Hash
ec0252ba8694b474f3b887ffe91c07341280451a177944d79ff2a94d877a07d5

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
last-modified
Fri, 04 Mar 2022 15:24:09 GMT
server
ECS (frb/6772)
age
583
etag
"62222f19-842c"
x-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
content-length
33836
expires
Tue, 12 Dec 2023 04:16:57 GMT
GeorgiaW01Regular.woff2
cdn.revjet.com/~cdn/Ads/ad_shared/fonts/Georgia/GeorgiaW01Regular/ Frame 51BB
33 KB
33 KB
Font
General
Full URL
https://cdn.revjet.com/~cdn/Ads/ad_shared/fonts/Georgia/GeorgiaW01Regular/GeorgiaW01Regular.woff2
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6772) /
Resource Hash
ec0252ba8694b474f3b887ffe91c07341280451a177944d79ff2a94d877a07d5

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
last-modified
Fri, 04 Mar 2022 15:24:09 GMT
server
ECS (frb/6772)
age
583
etag
"62222f19-842c"
x-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
content-length
33836
expires
Tue, 12 Dec 2023 04:16:57 GMT
162453298.woff
cdn.revjet.com/s3/fonts/162453298/ Frame 51BB
13 KB
13 KB
Font
General
Full URL
https://cdn.revjet.com/s3/fonts/162453298/162453298.woff
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6795) /
Resource Hash
489c8bd821038a9ce8f643de824f6a507c68e3a4e024fb56209d7b9464134036

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
.Is8JR1jYDeMhMM7ZjPhsnsyUTdaBiJa
age
36922
x-amz-request-id
F8A7K7SJCRC9WHRE
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
12940
x-amz-id-2
220jlJjHRK2BWCmBcjm49AD2FoW8tXyIdEmQ1jzkfmJTIuDjmBjqdNWXgyX1dh2v/pZCaRNTC/g=
last-modified
Thu, 16 Nov 2023 19:31:22 GMT
server
ECS (frb/6795)
etag
"31b663ffd91c821398bdd07236df4b22"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
arrow_grey.svg
cdn.revjet.com/s3/csp/1662732236308/ Frame 51BB
286 B
316 B
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1662732236308/arrow_grey.svg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674C) /
Resource Hash
d144365863e6bb29da96e647c672152326639ed4bad9f7f4092eeb3698eba532

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
x-amz-version-id
xvWQ2m3sdbfn_7tiBj4ob78SzYdaK8j7
age
23692
x-amz-request-id
CFT485JFYNGA8C70
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
237
x-amz-id-2
hpOUSd86INoSr/UMqPk/Pci7i1B8hD00ERs8uC0R2jvW38vfcAsT2ARuCJT8Pd4HTTDdeWXGBW0=
last-modified
Fri, 09 Sep 2022 14:03:58 GMT
server
ECS (frb/674C)
etag
"7744a5e73070172a2534ddcbd966d020+gzip"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=86400
expires
Wed, 13 Dec 2023 04:06:57 GMT
162455845.woff
cdn.revjet.com/s3/fonts/162455845/ Frame 51BB
470 KB
470 KB
Font
General
Full URL
https://cdn.revjet.com/s3/fonts/162455845/162455845.woff
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6727) /
Resource Hash
6d7416c9352e4b00c83f1dcf6964c89586d517e10fe4806a9da14abd0af76f35

Request headers

Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
Origin
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
kVq59ccinPiVDgarv_TkFQgofQrkf2s4
age
21358
x-amz-request-id
P1XBHH22DE7G8434
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
480984
x-amz-id-2
yQ4Z4y2tUCLBF5vx/27n1sy/rpJsisZJw0jFadb6sB/Cu6/BOpUU08zHXMaEyFytMhK/TsNU/og=
last-modified
Thu, 16 Nov 2023 19:47:31 GMT
server
ECS (frb/6727)
etag
"a7d9ee6baf67661e8e26d1e5c04f7fd5"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
publishertag.prebid.136.js
static.criteo.net/js/ld/
94 KB
30 KB
Script
General
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.136.js
Requested by
Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1702353600000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
ed3dc50aa8e28ea856d113dfbd2bd12dbb09ceb4381f2bdf8dba7b14b2a00108
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 07 Nov 2023 09:08:30 GMT
server
nginx
etag
W/"6549fe8e-17704"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Wed, 13 Dec 2023 04:06:57 GMT
1575737461_uc
cdn.revjet.com/s3/csp/1701857001932/ Frame D95D
7 KB
7 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1701857001932/1575737461_uc
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67D3) /
Resource Hash
ca074d67be27a599eb8695bf524fe22a98dd3f9417ce7cde25af6ab63f66e72c

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
CXQFil_mD5Bh0O7sDGdB6lYZ.X3CcAl5
age
61396
x-amz-request-id
5C2N3TND4808PMJG
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
7366
x-amz-id-2
TIHzP1DCDkHtoc4N0Ky/hdtNdl6xAGgordrOEZZ8I9lr/xptB29WXe/k6gWnX2+jD0CdxsmKtyI=
last-modified
Wed, 06 Dec 2023 10:03:23 GMT
server
ECS (frb/67D3)
etag
"056e218dd51b2347f7e457389d8bdfd7"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
syncframe
gum.criteo.com/ Frame E901
15 KB
6 KB
Document
General
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=pastelink.net
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.136.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c -, , ASN (),
Reverse DNS
Software
Kestrel /
Resource Hash
4563823fd629a48517c7feb8bf33640e12440e08bdde7a172ce477c2ddfc9c4d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://pastelink.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 12 Dec 2023 04:06:57 GMT
server
Kestrel
server-processing-duration-in-ticks
299047
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
x-robots-tag
noindex
publishertag.prebid.136.js
static.criteo.net/js/ld/
94 KB
30 KB
XHR
General
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.136.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.136.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
ed3dc50aa8e28ea856d113dfbd2bd12dbb09ceb4381f2bdf8dba7b14b2a00108
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 07 Nov 2023 09:08:30 GMT
server
nginx
etag
W/"6549fe8e-17704"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Wed, 13 Dec 2023 04:06:57 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 5E5C
42 B
174 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssMn6cBdJxiKkvj-DsjUGtSr_KdyTCBsqP9zyNpuoaoCoQPWR5by5CpZtePEZruGe1NBDgW1PdO_-v0S1Fb8SIWHyEBfGf1P-5QFPUrZZuOffbO1AF1oKOvfhg_Y-7I7IFnVXaEQ1nIOThfepecWGVhv8EK&sai=AMfl-YRPGdLSpFPoeiLox45TUNF9xgOuQ8BcqUA8-Cx2Mhh7ptPE3cmOGOdng428wUc_rfifYzBHm4xvJ_IUtK_bpgx1RTkPanwPKJDCIuMV3HnILa2LPNxQ4HDaXsNY4gkoTKmOy0oL6ios48_gf6G4kw&sig=Cg0ArKJSzNjOj7nx12jAEAE&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&id=lidar2&mcvt=1000&p=1105,436,1195,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231211&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=840525636&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702354016054&rpt=451&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 0271
42 B
108 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssE-5OOaZeKhT7SeL77v9sq7uTNs1_Ze3oIuGSTUJ6WosjE2fyJKJkLU3aOqV1Mm_iGIGLL_bzub6curRKVg9z-jilbkTMGIStAauc6OHXbXD6YeDgO01Jh9wlxIkAuDrVkSqwQraTe5QJj7upAyiX0s9GL&sai=AMfl-YRsz-V9ugfqLhG0Hj6oobXhn9kAS1e8jcIwLOPYTt9SOhASyyrf-dtQBU12MDrkOmTg1JWCXEK-U4rL3uINJLSOZiGUjdtvMzbxx0OKIUn-rlh5jLKvmF6FxA_AN3DHjyoxcXSZzw8Hbuc7ivzoJw&sig=Cg0ArKJSzI_DU8ZE6eTTEAE&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&id=lidar2&mcvt=1003&p=354,512,604,812&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20231211&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1703297318&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702354016066&rpt=451&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sid
mug.criteo.com/ Frame E901
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=pastelink.net&sn=ChromeSyncframe&so=0&topUrl=pastelink.net&cw=1&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=3On-yXwwdzk1SnVoYXRzSE1nWGFUK2VybllVdkNoQXMvVUdMK2NpWFNmUU5WM1hvcUlwNVBVa3RmRkYyRlNjODJoeGo2b2tZMEVvanJob1l1MnFmU0pYVXlKekdxRzJ0OEdmazNYSlhsb1VJODMvMGFBQVBwWTJ0WFRJVG...
422 B
647 B
Fetch
General
Full URL
https://mug.criteo.com/sid?cpp=3On-yXwwdzk1SnVoYXRzSE1nWGFUK2VybllVdkNoQXMvVUdMK2NpWFNmUU5WM1hvcUlwNVBVa3RmRkYyRlNjODJoeGo2b2tZMEVvanJob1l1MnFmU0pYVXlKekdxRzJ0OEdmazNYSlhsb1VJODMvMGFBQVBwWTJ0WFRJVGovV3VGWlRUUWJRdjVmaE5UWlZvVGJ3WGo1Zlp4TmhIZmFKWnpMcERySlhZU2drYVBzY1V1dmE1MHFtY0ZheGFiNSttZzh0dFdZaTFpRFNjdTVlLzlNcitDSm1xcnowcm4wcE1iTll4TWk4eGJTbWV1OWhFTVB5QU1ySkJGaklxdHFCNk02cmZ6RDJXeUtBVGVCaW1KQWpsWlU2K1lFczFIZXVYSElHSktmMmMwQnNONjBmMD18&cppv=2
Protocol
H2
Server
2a02:2638:3::c -, , ASN (),
Reverse DNS
Software
Kestrel /
Resource Hash
394f6540e23edf6e61cf17046475e2cdaa266f592c378668c5dadf87f76f86c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:56 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1290075
expires
0

Redirect headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=3On-yXwwdzk1SnVoYXRzSE1nWGFUK2VybllVdkNoQXMvVUdMK2NpWFNmUU5WM1hvcUlwNVBVa3RmRkYyRlNjODJoeGo2b2tZMEVvanJob1l1MnFmU0pYVXlKekdxRzJ0OEdmazNYSlhsb1VJODMvMGFBQVBwWTJ0WFRJVGovV3VGWlRUUWJRdjVmaE5UWlZvVGJ3WGo1Zlp4TmhIZmFKWnpMcERySlhZU2drYVBzY1V1dmE1MHFtY0ZheGFiNSttZzh0dFdZaTFpRFNjdTVlLzlNcitDSm1xcnowcm4wcE1iTll4TWk4eGJTbWV1OWhFTVB5QU1ySkJGaklxdHFCNk02cmZ6RDJXeUtBVGVCaW1KQWpsWlU2K1lFczFIZXVYSElHSktmMmMwQnNONjBmMD18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
375269
content-length
0
expires
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 3989
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuOAVEe2SasTXtSNBl82k1SI4gMxYhHwKV3ui8CTZhxNRZ246ZPmtmKdVai8am4wSvmAcNgNW2yT6gfKTTt59-HH3O-CPKg2rJRBnsLgTE3ruEPCP_1fdUk_8o1vMq0B58sGfrdpAI1bddwvtaD6Ib4LYuv&sai=AMfl-YQRPFkADf2ZgxlPFsEMvk2C1W5t_Er6nptbmd3Tp5kTAHXRRBHGNuUbj2Nd-fvwcYDSWllCJlMrkljG8wbkoD_NZiozVC4y7PkoYQ4MHDGK1K31M4hY6O8zWnP-ENEg6WLqAj1szjJAhZFlSnwMww&sig=Cg0ArKJSzOOBfS5LDvqjEAE&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&id=lidar2&mcvt=1000&p=498,1077,748,1377&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231211&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=997962782&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702354016073&rpt=477&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 3128
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssT1HyWofiq1E5JJ7RN8vZFhneMdshinH1wAxTx4hPYJWwHFLwpE6k-c210zN7NVfDy_6zjuvlln_1bZycsWhw9kpsxcQrI5ee-9U0n52sRQp11nFkphwqkODu9DNkZJ7t_cypff361IVUfMWkTUJL_5gCu&sai=AMfl-YRvfFsZ_EBNewiSbAAx4ONI9wJFyIT69JOd8gTBzjJ6Y-16UZOPsnuwx9QwhF-pNqePcbDSRV01BWufUgoUCljH97Z-Zup0Ng1SL6ZyTXlhNARYyrxS4M3Wvmyc5Ih2wA-lwXUR9tapiODUo3Q5uw&sig=Cg0ArKJSzMEObNeZUeb3EAE&cid=CAQSTwDICaaNoNgZV_ueTb0jeT5kZcV_yFljRt65GViBj4U8LXMEceSQ8qIcAxgc77JEkjN-q4tT6muJP-cp8Tp8unnX-zkuUJawy_jbNvIJEREYAQ&id=lidar2&mcvt=1000&p=798,1077,1048,1377&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231211&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=997962783&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702354016081&rpt=536&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
938415984_uc
cdn.revjet.com/s3/csp/1701857026459/ Frame 806E
20 KB
21 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1701857026459/938415984_uc
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BE) /
Resource Hash
deb823ad1c8372ecaf1d56730f2d7d5a7986972be33528bed4568c48d40881e8

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
IM5KUYTytRu6fKXEdNIjBKyHO4YJH7Y0
age
61224
x-amz-request-id
8BNZC0506TW6P423
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
20842
x-amz-id-2
ckdn5kVl6uThk68W2PqRMaFI26uZqgE46OrRZZ5Vsufcvl4XKdgy58Um53lYOOp5dBip7bqTqMQ=
last-modified
Wed, 06 Dec 2023 10:03:47 GMT
server
ECS (frb/67BE)
etag
"9874a8166424dba00a99c81575d4a338"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
setuid
u.4dex.io/
Redirect Chain
  • https://ice.360yield.com/server_match?partner_id=1790&r=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dimprovedigital%26uid%3D%7BPUB_USER_ID%7D
  • https://ice.360yield.com/ul_cb/server_match?partner_id=1790&r=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dimprovedigital%26uid%3D%7BPUB_USER_ID%7D
  • https://u.4dex.io/setuid?bidder=improvedigital&uid=64858801-c33c-46cb-9689-7c4b8f4380f5
0
705 B
Image
General
Full URL
https://u.4dex.io/setuid?bidder=improvedigital&uid=64858801-c33c-46cb-9689-7c4b8f4380f5
Protocol
H2
Server
34.149.40.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
38.40.149.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pastelink.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 04:06:58 GMT
via
1.1 google
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
0

Redirect headers

location
https://u.4dex.io/setuid?bidder=improvedigital&uid=64858801-c33c-46cb-9689-7c4b8f4380f5
access-control-allow-origin
*
date
Tue, 12 Dec 2023 04:06:58 GMT
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
1915244110_uc
cdn.revjet.com/s3/csp/1701857413039/ Frame 1676
87 KB
88 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1701857413039/1915244110_uc
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6763) /
Resource Hash
e9f95e133ef6625b0e64ba50fe1869c25c70ca572aa74d0de9c8ae31abc92912

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
VimuTI4gxjTqfo9y4PWM8TbVpAka7nuQ
age
61567
x-amz-request-id
5T90ATK5NND3JW5S
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
89413
x-amz-id-2
t8hpBwHb19MlA5A+ztWY4O/9HcBIvew8zoeGz7sOOvtfD7Q5leoUGRemAiKENsWKFTO9vOdTPso=
last-modified
Wed, 06 Dec 2023 10:10:15 GMT
server
ECS (frb/6763)
etag
"73b47f384c043c20e4c3477024ed740e"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
938415984_uc
cdn.revjet.com/s3/csp/1701857026459/ Frame 51BB
20 KB
20 KB
Image
General
Full URL
https://cdn.revjet.com/s3/csp/1701857026459/938415984_uc
Requested by
Host: cdn.revjet.com
URL: https://cdn.revjet.com/~cdn/JS/03/elements-2.10.0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.6 Brigham City, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BE) /
Resource Hash
deb823ad1c8372ecaf1d56730f2d7d5a7986972be33528bed4568c48d40881e8

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:57 GMT
x-amz-version-id
IM5KUYTytRu6fKXEdNIjBKyHO4YJH7Y0
age
61224
x-amz-request-id
8BNZC0506TW6P423
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
20842
x-amz-id-2
ckdn5kVl6uThk68W2PqRMaFI26uZqgE46OrRZZ5Vsufcvl4XKdgy58Um53lYOOp5dBip7bqTqMQ=
last-modified
Wed, 06 Dec 2023 10:03:47 GMT
server
ECS (frb/67BE)
etag
"9874a8166424dba00a99c81575d4a338"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
expires
Wed, 13 Dec 2023 04:06:57 GMT
1000
pix.revjet.com/interaction/ Frame D95D
43 B
276 B
Image
General
Full URL
https://pix.revjet.com/interaction/1000?__ads=32ddd3c34d8eff21ad62c16997d08120&__adt=8240603580741971623&__ade=1&vid=5092673995794602593&__clstampdif=1012&__stamp=1702354017938
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.76.120 Rostock, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.120.76.4.46.clients.your-server.de
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
cache-control
no-store
content-length
43
expires
Sat, 01 Jan 2000 12:00:00 GMT
1000
pix.revjet.com/interaction/ Frame 806E
43 B
276 B
Image
General
Full URL
https://pix.revjet.com/interaction/1000?__ads=4458f49b8eef873ae12882617a0aed8f&__adt=8240603533555724023&__ade=1&vid=5092849917655046754&__clstampdif=1021&__stamp=1702354017988
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.76.120 Rostock, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.120.76.4.46.clients.your-server.de
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Tue, 12 Dec 2023 04:06:57 GMT
cache-control
no-store
content-length
43
expires
Sat, 01 Jan 2000 12:00:00 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame CE70
0
128 B
Script
General
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=159110&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 04:06:58 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
1000
pix.revjet.com/interaction/ Frame 1676
43 B
276 B
Image
General
Full URL
https://pix.revjet.com/interaction/1000?__ads=93785cb83f7faccdf88674140a9d12d5&__adt=8240602539657920273&__ade=1&vid=5092630015329491557&__clstampdif=1039&__stamp=1702354018026
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.76.120 Rostock, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.120.76.4.46.clients.your-server.de
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Tue, 12 Dec 2023 04:06:58 GMT
cache-control
no-store
content-length
43
expires
Sat, 01 Jan 2000 12:00:00 GMT
1000
pix.revjet.com/interaction/ Frame 51BB
43 B
276 B
Image
General
Full URL
https://pix.revjet.com/interaction/1000?__ads=63b4b9f0229c1a05e09376f470a4e500&__adt=8240603518308582481&__ade=1&vid=5092849917655046765&__clstampdif=1080&__stamp=1702354018063
Requested by
Host: 339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
URL: https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.76.120 Rostock, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.120.76.4.46.clients.your-server.de
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Tue, 12 Dec 2023 04:06:58 GMT
cache-control
no-store
content-length
43
expires
Sat, 01 Jan 2000 12:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cm-supply-web.gammaplatform.com
URL
https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel

Verdicts & Comments Add Verdict or Comment

89 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| documentPictureInPicture function| $ function| jQuery function| Cookies object| dataLayer object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| find_height function| setCookie function| copyToClipboard function| getCookie function| eraseCookie function| validateEmail function| unsure function| clearexplain function| resize function| changeGenerateButtonState function| notify function| removeNotification function| refreshView function| captchaLoaded function| callCustomAjax function| retrieveGetVariables function| setGetVariables string| size object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| recaptcha function| onYouTubeIframeAPIReady object| googletag object| gaGlobal object| gaplugins object| gaData object| bsaexperiments object| bsablockthrough object| bsagpt object| bsaheaderbid object| optimize object| bsapbChunk object| bsapb object| _pbjsGlobals object| ADAGIO object| mnet string| nobidVersion object| nobid object| BSAOPTIMIZE_TARGETING object| BSAOPTIMIZE_targeting object| BSAS2S_TARGETING object| BSAS2S_targeting object| BSA_TARGETING object| bsa_targeting object| bsas2s object| __bt object| __bt_intrnl object| __bt_tag_d object| __bt_tag_am object| ggeac object| google_js_reporting_queue undefined| google_measure_js_timing object| google_reactive_ads_global_state object| Criteo boolean| __bt_already_invoked object| sas object| apntag object| _ADAGIO number| google_unique_id object| GoogleGcLKhOms object| ONFOCUS object| google_image_requests object| criteo_syncframe_state object| criteo_pubtag object| criteo_pubtag_prebid_136 object| Criteo_prebid_136

102 Cookies

Domain/Path Name / Value
pastelink.net/ Name: PHPSESSID
Value: u9vnn54lci7qosmep31hvsmvt4
.pastelink.net/ Name: _gcl_au
Value: 1.1.1647927264.1702354014
.pastelink.net/ Name: _ga
Value: GA1.2.1827017792.1702354014
.pastelink.net/ Name: _gid
Value: GA1.2.153472093.1702354014
.pastelink.net/ Name: _gat_UA-55088947-2
Value: 1
.pastelink.net/ Name: _ga_4KDXYD7HFC
Value: GS1.2.1702354013.1.0.1702354013.0.0.0
.rubiconproject.com/ Name: audit
Value: 1|SDziDG3X/EhiUXi/2AgH0bVTIkcAJPBTCyji7+n+ttI7PQdoYZ4Ad2EFz0oK9fMJ5P7PBULMJxYRMprldrdh8Yn0kEOGVL/NzxTqj0kKQGgijy0RC4Zd8RuybVyVU0yt
.rubiconproject.com/ Name: khaos
Value: LQ1TMKGA-D-9NGZ
.omnitagjs.com/ Name: ayl_visitor
Value: 2f5a6b979a142b10fbe67280df9aa00f
.adnxs.com/ Name: icu
Value: ChgIvahBEAoYASABKAEw3rjfqwY4AUABSAEQ3rjfqwYYAA..
.adnxs.com/ Name: uuid2
Value: 7726304148053272367
.smartadserver.com/ Name: pbw
Value: %24b%3d16890%3b%24o%3d11100
.smartadserver.com/ Name: vs
Value: 587752=5755926
.smartadserver.com/ Name: TestIfCookie
Value: ok
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: sasd
Value: %24qc%3D1500016409%3B%24ql%3DHigh%3B%24qpc%3D6331%3B%24qt%3D73_82_98174t%3B%24dma%3D0
.smartadserver.com/ Name: pid
Value: 9038138657779389971
.smartadserver.com/ Name: sasd2
Value: q=%24qc%3D1500016409%3B%24ql%3DHigh%3B%24qpc%3D6331%3B%24qt%3D73_82_98174t%3B%24dma%3D0&c=1&l=1047347517&lo=1852618765&lt=638379508151499610&o=1
.ads.pubmatic.com/ Name: KCCH
Value: YES
.pubmatic.com/ Name: KADUSERCOOKIE
Value: B5B0DC23-EF24-44B6-96D4-87CDBBEF7136
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 159110:2
.pubmatic.com/ Name: DPSync3
Value: 1703548800%3A201_245_241_235
.pubmatic.com/ Name: SyncRTB3
Value: 1704931200%3A203%7C1703203200%3A63%7C1703548800%3A161_7_233_165_234_46_254_13_8_251_264_88_54_3_55_81_220_56_238_166_22_214_21_71%7C1702944000%3A223_15_2%7C1703635200%3A35
.quantserve.com/ Name: d
Value: ELgBCwHSKvijAA
.quantserve.com/ Name: mc
Value: 6577dc60-068e2-f4c45-6d1cf
.pastelink.net/ Name: __gads
Value: ID=f80f628e4d644168:T=1702354015:RT=1702354015:S=ALNI_MbZ3SKKg-xNGGQeSWiJFOkEoE9y0A
.pastelink.net/ Name: __gpi
Value: UID=00000d13c1a1e74c:T=1702354015:RT=1702354015:S=ALNI_MZOFQBJ2eiF5pKoI7t5K28dLlYyaw
.ctnsnet.com/ Name: cid_7378f07a129a434a8e57f86ef1e4e936
Value: 1
.weborama.fr/ Name: AFFICHE_W
Value: vNjYBTfHC-C814
.4dex.io/ Name: uids
Value: eyJzeW5jcyI6eyIzM2Fjcm9zcyI6IjIwMjMtMTItMTJUMDQ6MDY6NTQuNzMyMDQ4MDMxWiIsImltcHJvdmVkaWdpdGFsIjoiMjAyMy0xMi0xMlQwNDowNjo1NC43MzIwNTc0MzNaIiwib25ldGFnIjoiMjAyMy0xMi0xMlQwNDowNjo1NC43MzIwNTUzN1oiLCJwdWJtYXRpYyI6IjIwMjMtMTItMTJUMDQ6MDY6NTQuNzMyMDQ5ODY0WiJ9LCJ1aWRzIjp7ImFkYWdpbyI6eyJ1aWQiOiIyMzc3MGJkZS02NDU1LTRlMWYtYmE5Zi1lODgxMTVhNGU1MDQiLCJleHBpcmVzIjoiMjAyNC0wMi0xMFQwNDowNjo1NC43MzA3MDMyNFoifSwicHVibWF0aWMiOnsidWlkIjoiQjVCMERDMjMtRUYyNC00NEI2LTk2RDQtODdDREJCRUY3MTM2IiwiZXhwaXJlcyI6IjIwMjQtMDItMTBUMDQ6MDY6NTYuMDM3NDk3MzgxWiJ9fSwiYmRheSI6IjIwMjMtMTItMTJUMDQ6MDY6NTQuNzMwNjM3NDk5WiJ9
.adfarm1.adition.com/ Name: UserID1
Value: 7311554824934914191
.bidswitch.net/ Name: tuuid
Value: e98ca359-d536-4904-b973-11bb58fa7c1b
.bidswitch.net/ Name: c
Value: 1702354016
.bidswitch.net/ Name: tuuid_lu
Value: 1702354016
.mathtag.com/ Name: uuid
Value: 0a846577-dc60-4500-9024-20a9a02905d3
.simpli.fi/ Name: suid
Value: 51BB54ED8B3245F3AE2C36FB510C2D6E
.adx.opera.com/ Name: UID
Value: OPU86d7538f3ea747988cecb0036de59bee
.csync.loopme.me/ Name: viewer_token
Value: dcf4bb8a-3f0e-47d7-8407-a88bdb05e5ba
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-7726304148053272367&KRTB&23339-7726304148053272367
.pubmatic.com/ Name: KRTBCOOKIE_1101
Value: 23040-7311554824934914191&KRTB&23369-7311554824934914191
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:0a846577-dc60-4500-9024-20a9a02905d3
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-e98ca359-d536-4904-b973-11bb58fa7c1b
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 1923-JBNp3XZFaNo_FmjSdxRzjCZFat8_EDrbcUBwtRqS&KRTB&19420-JBNp3XZFaNo_FmjSdxRzjCZFat8_EDrbcUBwtRqS&KRTB&22979-JBNp3XZFaNo_FmjSdxRzjCZFat8_EDrbcUBwtRqS&KRTB&23462-JBNp3XZFaNo_FmjSdxRzjCZFat8_EDrbcUBwtRqS
.pubmatic.com/ Name: KRTBCOOKIE_1323
Value: 23480-OPU86d7538f3ea747988cecb0036de59bee&KRTB&23485-OPU86d7538f3ea747988cecb0036de59bee&KRTB&23524-OPU86d7538f3ea747988cecb0036de59bee
.doubleclick.net/ Name: IDE
Value: AHWqTUk9fAF-h1HkxhXbvWyh-FrtAEiSgeQI5NhOaZWjNOKoE0x91MJ-nOz8tIKJfJs
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_9vEyGtobmBkbGpiYGhmaGAMAEFWNLgQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjU0MTG1sDA1Mre0tDSzMLU0MxDiM9RNDXT1scwzLCrLM00HAKK2y60lAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjU0MTG1sDA1Mre0tDSzMLU0MxDiM9RNDXT1scwzLCrLM00HAKK2y60lAAAA
.adform.net/ Name: C
Value: 1
.de17a.com/ Name: guid
Value: 1.1644826649221451976
.pastelink.net/ Name: _ga_S3DKHVPF03
Value: GS1.1.1702354013.1.0.1702354016.0.0.0
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEH44qrJ1iBVszqXwxLHDFBU&KRTB&23025-CAESEH44qrJ1iBVszqXwxLHDFBU&KRTB&23386-CAESEH44qrJ1iBVszqXwxLHDFBU
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZXfcYAAGTf-8MwBH
.pubmatic.com/ Name: KRTBCOOKIE_18
Value: 22947-5144588527999685960
.audrte.com/ Name: arcki2
Value: 37bC1VZDaSGTHaySByhUaj3yw!20220908!1702354016134!ip#176.10.106.3
.audrte.com/ Name: arcki2_pubmatic
Value: B5B0DC23-EF24-44B6-96D4-87CDBBEF7136!20220908!1702354016134
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: 734d58b0cea31816cce07e19f571548b
.adform.net/ Name: uid
Value: 8281154537407726195
.yahoo.com/ Name: A3
Value: d=AQABBGDcd2UCEOml_nskGB22i1noTiBcC0cFEgEBAQEteWWBZbti0CMA_eMAAA&S=AQAAAspKrRNLAHakWnmWCraVMiw
.sitescout.com/ Name: ssi
Value: 2fd9e568-28fe-4950-b2e4-d206f46d1484#1702354016168
.onaudience.com/ Name: cookie
Value: 047d72e299b7650d
.onaudience.com/ Name: done_redirects104
Value: 1
.bidr.io/ Name: bito
Value: AABBn07K77kAABU03teMng
.bidr.io/ Name: bitoIsSecure
Value: ok
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-1644826649221451976
.analytics.yahoo.com/ Name: IDSYNC
Value: 18z8~2fk4
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-8281154537407726195&KRTB&23263-8281154537407726195&KRTB&23481-8281154537407726195
.sitescout.com/ Name: _ssuma
Value: eyI0NSI6MTcwMjM1NDAxNjE5NX0
.turn.com/ Name: uid
Value: 2875652969077825227
.pubmatic.com/ Name: KRTBCOOKIE_188
Value: 3189-2fd9e568-28fe-4950-b2e4-d206f46d1484-6577dc60-4348&KRTB&23418-2fd9e568-28fe-4950-b2e4-d206f46d1484-6577dc60-4348
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-2875652969077825227&KRTB&23150-2875652969077825227&KRTB&23527-2875652969077825227
.audrte.com/ Name: arcki2_ddp2
Value: 37bC1VZDaSGTHaySByhUaj3yw!20220908!1702354016236
.pubmatic.com/ Name: KRTBCOOKIE_409
Value: 22966-39puKE4JaWTQTXnXRRhTUVaQ
.adsby.bidtheatre.com/ Name: __kuid
Value: 3d0487c1-d251-46f1-bdaf-fa4aa5f24389.471568016
.amazon-adsystem.com/ Name: ad-id
Value: A-AD9ATk10STvH5X4QYdQ-g
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.pubmatic.com/ Name: SPugT
Value: 1702354015
.dotomi.com/ Name: DotomiTest
Value: 9509fdada2817d9
.smartadserver.com/ Name: csync
Value: 127:AABBn07K77kAABU03teMng
.audrte.com/ Name: arcki2_adform
Value: 8281154537407726195!20220908!1702354016389
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-fcdc0a88-7db3-536c-5835-cba76c5667ff.L0ellMKaRyguGogmwiTfD3FbWx7zENQ8dSuwd4pN8GU
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-fcdc0a88-7db3-536c-5835-cba76c5667ff.L0ellMKaRyguGogmwiTfD3FbWx7zENQ8dSuwd4pN8GU
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A_NwKiH2zU2xYNcunbFZn_7AKagM.fWZQu7GbGHMtroHygbEjn%2FjyM18NRujUA%2BnIFxj1p80
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A_NwKiH2zU2xYNcunbFZn_7AKagM.fWZQu7GbGHMtroHygbEjn%2FjyM18NRujUA%2BnIFxj1p80
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIPTl3JkjU7b5TWhtmxBbhpGc6JYbCF5mZ7uNvrorTFGiEHwYBCDguN-rBjABOgTwi70wQgQIi4_Y.Ofvb129g4OtwVdcsdhLpaKt2sD6pvKe0rWDm9pO%2BTts
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIPTl3JkjU7b5TWhtmxBbhpGc6JYbCF5mZ7uNvrorTFGiEHwYBCDguN-rBjABOgTwi70wQgQIi4_Y.Ofvb129g4OtwVdcsdhLpaKt2sD6pvKe0rWDm9pO%2BTts
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-_NwKiH2zU2xYNcunbFZn_7AKagM&KRTB&23334-_NwKiH2zU2xYNcunbFZn_7AKagM&KRTB&23417-_NwKiH2zU2xYNcunbFZn_7AKagM&KRTB&23426-_NwKiH2zU2xYNcunbFZn_7AKagM
.pubmatic.com/ Name: KRTBCOOKIE_32
Value: 11175-AAAISbTrPy59UgNfE09YAAAAAAA&KRTB&22713-AAAISbTrPy59UgNfE09YAAAAAAA&KRTB&22715-AAAISbTrPy59UgNfE09YAAAAAAA&KRTB&23519-AAAISbTrPy59UgNfE09YAAAAAAA
.casalemedia.com/ Name: CMPS
Value: 3244
.casalemedia.com/ Name: CMID
Value: ZXfcYACdR7WjgTSGHblQ-AAA
.casalemedia.com/ Name: CMPRO
Value: 3244
.doubleclick.net/ Name: DSID
Value: NO_DATA
.doubleclick.net/ Name: ar_debug
Value: 1
.contextweb.com/ Name: V
Value: uqfaYzerh65u
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1ohz|7dN.0.AABBn07K77kAABU03teMng
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 3a2cb37e86a262eb
.pubmatic.com/ Name: KRTBCOOKIE_699
Value: 22727-AABBn07K77kAABU03teMng
.pubmatic.com/ Name: PugT
Value: 1702354016
.revjet.com/ Name: ads
Value: 93785cb83f7faccdf88674140a9d12d5
.revjet.com/ Name: trx
Value: 5092849917655046754

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

339f100fe24f685c276dfdec46566f78.safeframe.googlesyndication.com
a.audrte.com
aax-eu.amazon-adsystem.com
ad-delivery.net
ad.doubleclick.net
ad.turn.com
ads.pubmatic.com
ads.revjet.com
ads.servenobid.com
api.btloader.com
bh.contextweb.com
bidder.criteo.com
btloader.com
c1.adform.net
cdn.revjet.com
cdn4.buysellads.net
cdnjs.cloudflare.com
cm-supply-web.gammaplatform.com
cm.adgrx.com
cm.g.doubleclick.net
cms.quantserve.com
core.iprom.net
cr.frontend.weborama.fr
csync.loopme.me
d5p.de17a.com
dis.criteo.com
dmp.adform.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
green.erne.co
gum.criteo.com
hb-api.omnitagjs.com
hbopenbid.pubmatic.com
ib.adnxs.com
ice.360yield.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
ipac.ctnsnet.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
mp.4dex.io
mug.criteo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pastelink.net
pix.revjet.com
pixel-eu.onaudience.com
pixel-sync.sitescout.com
pr-bh.ybp.yahoo.com
prebid.media.net
prg.smartadserver.com
pubmatic-match.dotomi.com
region1.google-analytics.com
rt.marphezis.com
rtb-csync.smartadserver.com
s0.2mdn.net
script.4dex.io
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
srv.buysellads.com
ssc-cms.33across.com
static.criteo.net
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.mathtag.com
sync.srv.stackadapt.com
t.adx.opera.com
tpc.googlesyndication.com
u.4dex.io
um.simpli.fi
ups.analytics.yahoo.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
cm-supply-web.gammaplatform.com
130.211.23.194
141.94.240.143
146.59.148.16
151.101.194.49
167.172.55.208
172.217.23.102
172.64.151.101
178.128.135.204
178.250.1.9
184.30.16.195
185.29.134.244
185.64.189.112
185.64.190.81
185.86.138.152
185.86.139.116
188.166.17.21
192.229.233.6
193.0.160.131
195.5.165.20
198.47.127.19
198.47.127.205
2001:4860:4802:34::36
2001:678:cb4:bbbb::11
208.93.169.131
213.155.156.167
216.58.212.162
2602:803:c003:200::44
2606:4700:10::6816:4bd8
2606:4700:20::681a:246
2606:4700:20::681a:9a9
2606:4700:4400::ac40:994e
2606:4700::6811:180e
2620:116:800d:21:e365:4988:e8a7:3270
2a00:1450:4001:800::2003
2a00:1450:4001:808::2006
2a00:1450:4001:812::2003
2a00:1450:4001:813::2002
2a00:1450:4001:813::2008
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::2004
2a00:1450:4001:829::200e
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2001
2a00:1450:4001:831::2002
2a02:2638:3::3
2a02:2638:3::7
2a02:2638:3::c
2a02:fa8:8806:13::1370
2a05:d018:d29:3602:b72b:cd0:cea1:c93f
3.75.62.37
34.111.129.221
34.120.63.153
34.149.40.38
35.156.28.132
35.186.193.173
35.204.74.118
35.214.224.182
35.71.131.137
37.157.6.243
37.252.171.21
46.4.76.120
51.89.9.253
52.19.8.73
52.31.247.171
52.48.177.163
52.51.96.110
52.94.223.37
54.209.153.200
54.220.71.122
63.251.232.165
63.32.188.239
64.227.38.224
65.109.98.108
67.202.105.23
82.145.213.8
85.114.159.118
88.208.215.108
98.98.134.243
02614d11cbdc1f220b7be546d59ef5e14489c86a5fdce3f22ce7b6bf9990bc71
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
094e36b185127f5637a78d1dd4ca9ac27c1cdda22aeddbc1f6ecd4d6e3ac5638
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c95ec12dc6c2ab6093951c6b917ff6c896553f1ce59a5ed02baf1235baedc25
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
11c944a9b642b5b1e3886a4e734cd3619ea5732612c7c62d7a8c12703e0c4adb
12b2573815dac6ac5646fab27841f398fa908cc13d510f2e14bffb595b726bbf
13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b
1320f933d44a7f2a8ca6cfc2405141a144d328377f60856581387c17b4ca8f40
15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc
17ec4b81d602840bf1445adc4998a189f3bdb2b853eeb7d6053f455b7ee224a7
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1b16a5af84666feb9f8f195d3a8b74042f80439ca327b61f1c598f58072911ea
1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107
21583f4b15a0f65d561ad634303be9436c7fc3c34041b11e008a11729ebe1d2a
2336803724aa89aeb7ad70b03f9193081c713c4f2816e9acc0527643d33a9ff6
25219d3218cf61c9214a6b6ab78ad54f0d1ea87fa5ff9b5ce3a2f7e3586c3765
26305a08644b4f51b55812cf0ecf879c22da303a365b3d2769baa1b54c028c4d
27c91b042b50c145ccbe32c722d890e2e13b662302c269e1c990591348d98875
27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b
2a25a841bdb9b41efdbba9815fd37be806319572f41bf88b4b41384c8444456c
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2bd5b9251c4107f00e4031b3b6262a41576ea4b5daf5c1475a37ea6afea2aa49
2c662e7374b753a959ff10db29a1a580efc8e5040ab2bc4e7fb4d8be2981d7c6
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2f72b5c4440b7fdd0096df73fd298010d900ea2fb0783375d0ae02cdd47f5274
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
394f6540e23edf6e61cf17046475e2cdaa266f592c378668c5dadf87f76f86c2
395a036b18c09f33407f1a29a3fe592e7e43a41b14234980dfbf05c7fdd55ade
39c0495e4b24a50cf3183d811eb53e90364b9ef103a90d0ae4a14823dcb379bf
3a5593142805bbb80aaabe1e0ea25a2d0120d9f0347cb0ece29891316da4455b
3e1406c94587637a7460b7a2089dc1db426ce759c728f4a5479215e1f9360a8b
416401a9e29112f4d03e0ab734039b6c3c0e9404117d5cee975fa4c9860a69e5
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4563823fd629a48517c7feb8bf33640e12440e08bdde7a172ce477c2ddfc9c4d
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
489c8bd821038a9ce8f643de824f6a507c68e3a4e024fb56209d7b9464134036
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48c997dad566c02a0a4f8416efa520f838a711d067a08f33b3ccffd541333e92
49045fb86b248062da5355e1ab949a7c1cb630245a55fcca0f5c1190712cebc2
49f3aee237b8df140e4084f880b2bfd59892686ac6a58490f9bf4a5cd1527551
4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311
4ba7441454b993f6dc09527c8a03ab527e59496d04796dec6f7189208bd315b6
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
504f32b9fddfce9ad528a607fc883f3196f38b1a85f07cd75f2bd477c5b778d2
50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc
59f54385b5965269222e149e9366f1ef140d4260be268c9b1ff843158f8e8f04
5abdc72b6809cd53c64b8aa0e250a14b744bfb9240f815d65e992dbab406c0f3
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5f0430ccdf48ea353c809786e1d59aecd0896b0dbda31edaf5ab295a936ff0dd
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63f7be1d0a480f22ca23ca1a147f759d5199f5a16ad731633cd3aa81f857ec5c
658763708a45d3b028477e7bde12bf3da7292317c8f82c01131600f89052ef53
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
6a4f84a245dc09a554be48f4c018505e284d92258b95c57c0201111716767293
6b40641f40b50a3e453a45339ac5638a8d37ffba450d0f0e2967bce633be9b03
6bf1da233645c84549609f619670d4d3e946ac61d516fd53e597c10ad100608a
6d7416c9352e4b00c83f1dcf6964c89586d517e10fe4806a9da14abd0af76f35
6dd83ec6e8f83ef96b778d3727dc92711c82841ccf940e982260ed4ad25721ab
71afeaa2f8371d9b3f97e6a91b94b72b2eec42d37886a88207943877051187b7
739e323a66663bcddcb9a5c3032978b0a6cfafff794550097f4aea359d3c1d24
77ce3a0d4565509d35b759ea7916a971ce1caa63d8e0b9fed15b018908915b23
7c9cf14d9d3f454a3c0a6826faf35aac15c8480eb5282fb5be53475fee556117
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7f6c8a370b9e8462352f13c86940e8530440dbfe8743d7fc52a9e345a7c65c66
810a07eb186774757a7d33843bf4b335fe683ddd951c85cded55a78ce57664e5
8525333b249ceeb45d8503b5512b520efe613a29dcf11eb67b490a3048a3a5c6
89f0335d649cdccf5bc16b4fad138e1fa6da670d851c82b48ccdd31273371110
8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7
8c7399e423b3a75a762778a041db8e953ece89e1ae6ff5f24f7c3adbcbea4275
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652
90eeae92543ff947736a7e1a24ca2f3b072d9c9707b60c592bcdcd4bfb46352e
9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
968e895b43cfcc541db9acc9864beebff5df657d994d2ca8a2dffcaee878e54f
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9c824709d38547ce93ceb231e2679d37c83526fbe4728c561e14d49d6712282a
9cf06c0eb781e2308d77807f4da2f408af76143e2310275ffbf65b15215656bf
a4afbc3e06ec6edfe4458428a968f7b314a8f600d7de3fca7338d75fbe430f23
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
abcb9d8cec0a582f956a6fe2da413d6e8be4e93ccec63677d3a2585474a7422f
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
af9edf3e86a80586d0770850908bf3929a2112adc59211e9cb715c0218f14b9c
b139d97a9012d835c86920887e867490265c309ae069a99e595fa697fb56e82e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b57f87a2da863877c7b85f199d4a25ea39e83d845cd1105ce4b570202283f0c5
b9a612d2d6c2eec3b9853c21eb8dbc4f3a35daac565b95b4b554f3f9bff13266
ba014b41e87e2deda011cf92146d1b1842133b416d5ce0be02719670c0d46e10
bb5d3da67fa43926ac266f0bced856dd8e9bcff34aa13751caab3584f0c023ee
bbc0501cf54d3ce33f1a074c348625f091cfb6979b00f8ca44e4aba56af1f6a2
bcdaedbfd60b8d0a8a9eb4b16285345a749068b601c93f494362990f2a3e61f4
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
c2754c8058fdfdf9c8aef009eb9b3c25b93aeab0c7a0cbe5a4be020620ee4966
c3958950542c3d4350757a80f8b16785b6b72aafcccaa6deca82bb70b8be692e
c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1
ca074d67be27a599eb8695bf524fe22a98dd3f9417ce7cde25af6ab63f66e72c
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
ce44d9d3620877fb90e5a0dc690fb51323242adfd601d2d327e623488f94c67d
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d144365863e6bb29da96e647c672152326639ed4bad9f7f4092eeb3698eba532
d3ea3fc972c0f8282f6cfda911703cbd7698e7380dc3c6183d230521332e8cce
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9ab2a033eae53a2af485cc9c7fcdf627d0287b46e6a3b45aa0a5bfc36f278d8
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
dce3111ede9ead68dbb0c6343255a1cc111060d98da86a7e96e0fa8510bb1a02
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
deb823ad1c8372ecaf1d56730f2d7d5a7986972be33528bed4568c48d40881e8
e2b80247038739299b71545084dc4ebff2edd21e6f1ffafe013376bb2e92c4be
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e90da0d424bb520c967b650ca6d844ef24b943ac1de9eaff9f0c8d916f509568
e9f95e133ef6625b0e64ba50fe1869c25c70ca572aa74d0de9c8ae31abc92912
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ec0252ba8694b474f3b887ffe91c07341280451a177944d79ff2a94d877a07d5
ece77ab2a51ab02e81b52eb4418f84fef38f76b9cb334a95b6dffb11e5b24959
ed3dc50aa8e28ea856d113dfbd2bd12dbb09ceb4381f2bdf8dba7b14b2a00108
ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f
ee24b726cf8c06c1dca9dbf0c08b85653e5fe36057c9a03f8d387ebbf7abbfc1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4
f828558e893602825f659aea1996d30f5c1a9f45bc5cde83f72b77c137be000f
f9dddccc9d75f6059b2c6cddbbe2902fed7063b8e897b00213d3606c6dbe9e8f
fddf9d072851b250ca3ae1188d617dae62fe94c950895df10e2726d17ffd13a2
fe63f3a2a8dd997fc96e24fe8371b888be225016cfd0695296d525ba89600f6a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e