pastelink.net Open in urlscan Pro
89.35.29.15 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pastelink.net/ae55y2dx
Submission: On December 08 via manual (December 8th 2022, 11:55:34 pm UTC) from CA — Scanned from NZ

Summary HTTP 351 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 60 IPs in 9 countries across 65 domains to perform 351 HTTP transactions. The main IP is 89.35.29.15, located in London, United Kingdom and belongs to BANDWIDTH-AS, GB. The main domain is pastelink.net. The Cisco Umbrella rank of the primary domain is 143142.
TLS certificate: Issued by R3 on December 2nd 2022. Valid for: 3 months.

This is the only time pastelink.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	89.35.29.15 89.35.29.15	25369 (BANDWIDTH-AS) (BANDWIDTH-AS)
6	74.125.24.95 74.125.24.95	15169 (GOOGLE) (GOOGLE)
1	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.21.93.14 104.21.93.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	74.125.24.97 74.125.24.97	15169 (GOOGLE) (GOOGLE)
7	74.125.24.94 74.125.24.94	15169 (GOOGLE) (GOOGLE)
16	74.125.68.156 74.125.68.156	15169 (GOOGLE) (GOOGLE)
3	13.33.39.40 13.33.39.40	16509 (AMAZON-02) (AMAZON-02)
5	142.251.10.139 142.251.10.139	15169 (GOOGLE) (GOOGLE)
1	172.217.194.155 172.217.194.155	15169 (GOOGLE) (GOOGLE)
1	172.217.194.156 172.217.194.156	15169 (GOOGLE) (GOOGLE)
43	142.251.10.154 142.251.10.154	15169 (GOOGLE) (GOOGLE)
12	74.125.24.132 74.125.24.132	15169 (GOOGLE) (GOOGLE)
1	13.33.33.61 13.33.33.61	16509 (AMAZON-02) (AMAZON-02)
1	104.22.53.86 104.22.53.86	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	23.72.45.76 23.72.45.76	16625 (AKAMAI-AS) (AKAMAI-AS)
11	142.251.10.156 142.251.10.156	15169 (GOOGLE) (GOOGLE)
1	182.161.74.19 182.161.74.19	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	182.161.73.148 182.161.73.148	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
31	74.125.200.132 74.125.200.132	15169 (GOOGLE) (GOOGLE)
7	182.161.73.129 182.161.73.129	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	182.161.73.132 182.161.73.132	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
11	142.250.4.156 142.250.4.156	15169 (GOOGLE) (GOOGLE)
6	23.52.171.81 23.52.171.81	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	182.161.73.135 182.161.73.135	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
2	182.161.73.142 182.161.73.142	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
12 18	142.251.12.157 142.251.12.157	15169 (GOOGLE) (GOOGLE)
6 10	139.5.84.243 139.5.84.243	27381 (CASALE-MEDIA) (CASALE-MEDIA)
7 9	104.254.151.60 104.254.151.60	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	142.251.12.99 142.251.12.99	15169 (GOOGLE) (GOOGLE)
2 3	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	184.26.20.55 184.26.20.55	16625 (AKAMAI-AS) (AKAMAI-AS)
5	34.149.43.113 34.149.43.113	15169 (GOOGLE) (GOOGLE)
1	162.19.138.120 162.19.138.120	16276 (OVH) (OVH)
1	162.19.138.82 162.19.138.82	16276 (OVH) (OVH)
14	13.107.213.59 13.107.213.59	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
8	74.125.24.157 74.125.24.157	15169 (GOOGLE) (GOOGLE)
2	3.214.101.176 3.214.101.176	14618 (AMAZON-AES) (AMAZON-AES)
6 8	103.71.26.126 103.71.26.126	132134 (SPOTX-AS-...) (SPOTX-AS-AP SpotXchange)
9	172.217.194.148 172.217.194.148	15169 (GOOGLE) (GOOGLE)
1	54.217.2.253 54.217.2.253	16509 (AMAZON-02) (AMAZON-02)
1	52.76.151.156 52.76.151.156	16509 (AMAZON-02) (AMAZON-02)
5	52.63.31.162 52.63.31.162	16509 (AMAZON-02) (AMAZON-02)
21	52.95.132.99 52.95.132.99	16509 (AMAZON-02) (AMAZON-02)
1	162.19.138.116 162.19.138.116	16276 (OVH) (OVH)
4	23.36.253.246 23.36.253.246	16625 (AKAMAI-AS) (AKAMAI-AS)
1	172.253.118.148 172.253.118.148	15169 (GOOGLE) (GOOGLE)
1	34.160.184.46 34.160.184.46	15169 (GOOGLE) (GOOGLE)
10	66.225.223.127 66.225.223.127	3949 (NTTA-3946) (NTTA-3946)
1	42.99.140.170 42.99.140.170	4637 (ASN-TELST...) (ASN-TELSTRA-GLOBAL Telstra Global)
2	199.232.46.132 199.232.46.132	54113 (FASTLY) (FASTLY)
2	13.33.33.29 13.33.33.29	() ()
2 2	64.74.236.63 64.74.236.63	19024 (INTERNAP-...) (INTERNAP-BLK5)
1 2	52.35.83.72 52.35.83.72	16509 (AMAZON-02) (AMAZON-02)
1	54.150.208.159 54.150.208.159	16509 (AMAZON-02) (AMAZON-02)
2 2	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	34.210.112.208 34.210.112.208	16509 (AMAZON-02) (AMAZON-02)
1	18.155.68.53 18.155.68.53	16509 (AMAZON-02) (AMAZON-02)
2 2	18.158.185.48 18.158.185.48	() ()
1	182.161.73.146 182.161.73.146	() ()
1 1	85.114.159.93 85.114.159.93	() ()
2	52.45.196.192 52.45.196.192	() ()
351	60

12 89.35.29.15 (London, United Kingdom)

ASN25369 (BANDWIDTH-AS, GB)
PTR: 15.29.35.89.baremetal.zare.com

pastelink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 74.125.24.95 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.21.93.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.adligature.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.24.97 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 74.125.24.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 74.125.68.156 (United States)

ASN15169 (GOOGLE, US)
PTR: sc-in-f156.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.33.39.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-39-40.sin2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.251.10.139 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f139.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.194.155 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f155.1e100.net

adservice.google.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.194.156 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f156.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 142.251.10.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f154.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 74.125.24.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f132.1e100.net

78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.33.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-33-61.sin2.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.22.53.86 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 23.72.45.76 (Singapore, Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a23-72-45-76.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widget-pixels.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.251.10.156 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f156.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.74.19 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

rtb.jp2.as.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.148 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

ads.as.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 74.125.200.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sa-in-f132.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 182.161.73.129 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.132 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

cat.sg1.as.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.4.156 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f156.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.52.171.81 (Singapore, Singapore)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-52-171-81.deploy.static.akamaitechnologies.com

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 182.161.73.135 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

pix.as.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 182.161.73.142 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

csm.as.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.251.12.157 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: se-in-f157.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 139.5.84.243 (Canada) 6 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.254.151.60 (Los Angeles, United States) 7 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 899.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.12.99 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: se-in-f99.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.26.20.55 (Singapore, Singapore) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-26-20-55.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.149.43.113 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 113.43.149.34.bc.googleusercontent.com

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpsc-ae1.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.120 (France)

ASN16276 (OVH, FR)
PTR: ns31533571.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.82 (France)

ASN16276 (OVH, FR)
PTR: ns31532337.ip-162-19-138.eu

lbs.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 13.107.213.59 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cdn3.d4.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn2.d4.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 74.125.24.157 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f157.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.214.101.176 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-101-176.compute-1.amazonaws.com

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 103.71.26.126 (Singapore, Singapore) 6 redirects

ASN132134 (SPOTX-AS-AP SpotXchange, Inc, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.194.148 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f148.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.217.2.253 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-217-2-253.eu-west-1.compute.amazonaws.com

gs.kraftonde.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.76.151.156 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-76-151-156.ap-southeast-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.63.31.162 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-63-31-162.ap-southeast-2.compute.amazonaws.com

www.adtrek.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 52.95.132.99 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: s3-ap-southeast-2.amazonaws.com

s3-ap-southeast-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.116 (France)

ASN16276 (OVH, FR)
PTR: ns31533567.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.36.253.246 (Singapore, Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a23-36-253-246.deploy.static.akamaitechnologies.com

tcheck.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.118.148 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f148.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.160.184.46 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 46.184.160.34.bc.googleusercontent.com

imp.d4.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 66.225.223.127 (Sacramento, United States)

ASN3949 (NTTA-3946, US)
PTR: sa.outbrain.com

log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mcdp-sadc1.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 42.99.140.170 (Japan)

ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK)
PTR: ip-42-99-140-170.pacnet.net

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.46.132 (Singapore, Singapore)

ASN54113 (FASTLY, US)

odb.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.33.33.29 (None, )

ASN- ()

rock.defybrick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.74.236.63 (United States) 2 redirects

ASN19024 (INTERNAP-BLK5, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.35.83.72 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-35-83-72.us-west-2.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.150.208.159 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-150-208-159.ap-northeast-1.compute.amazonaws.com

sync-jp.im-apps.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.33.220.150 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.210.112.208 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-210-112-208.us-west-2.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.155.68.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-68-53.sin52.r.cloudfront.net

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.185.48 (None, ) 2 redirects

ASN- ()

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.146 (None, )

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (None, ) 1 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.45.196.192 (None, )

ASN- ()

flint.defybrick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
82	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 142	564 KB
54	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190 googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 205 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 298 ad.doubleclick.net — Cisco Umbrella Rank: 165	382 KB
25	outbrain.com widgets.outbrain.com — Cisco Umbrella Rank: 1335 widget-pixels.outbrain.com — Cisco Umbrella Rank: 3031 odb.outbrain.com — Cisco Umbrella Rank: 1523 mcdp-sadc1.outbrain.com — Cisco Umbrella Rank: 2666 sync.outbrain.com — Cisco Umbrella Rank: 711	195 KB
21	amazonaws.com s3-ap-southeast-2.amazonaws.com	233 KB
15	d4.digital cdn3.d4.digital cdn2.d4.digital imp.d4.digital	2 MB
12	criteo.net static.criteo.net — Cisco Umbrella Rank: 640 pix.as.criteo.net — Cisco Umbrella Rank: 15782 csm.as.criteo.net — Cisco Umbrella Rank: 15353	66 KB
12	pastelink.net pastelink.net — Cisco Umbrella Rank: 143142	220 KB
11	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 469 rtb0.doubleverify.com — Cisco Umbrella Rank: 700 tps.doubleverify.com — Cisco Umbrella Rank: 491 tpsc-ae1.doubleverify.com	243 KB
10	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 512 ssum-sec.casalemedia.com Failed	8 KB
10	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 188	408 KB
9	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 269	373 KB
9	adnxs.com 7 redirects ib.adnxs.com — Cisco Umbrella Rank: 208	9 KB
8	spotxchange.com 6 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 573	5 KB
7	outbrainimg.com tcheck.outbrainimg.com — Cisco Umbrella Rank: 8979 log.outbrainimg.com — Cisco Umbrella Rank: 2461 images.outbrainimg.com	49 KB
7	gstatic.com fonts.gstatic.com	201 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36	4 KB
5	adtrek.co www.adtrek.co — Cisco Umbrella Rank: 513974	116 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 371	109 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 26	20 KB
4	defybrick.com rock.defybrick.com flint.defybrick.com	40 KB
4	criteo.com rtb.jp2.as.criteo.com — Cisco Umbrella Rank: 19437 ads.as.criteo.com — Cisco Umbrella Rank: 15027 cat.sg1.as.criteo.com — Cisco Umbrella Rank: 15826 dis.criteo.com	44 KB
4	adligature.com cdn.adligature.com — Cisco Umbrella Rank: 75670	144 KB
3	openx.net 2 redirects us-u.openx.net — Cisco Umbrella Rank: 405 u.openx.net Failed	477 B
3	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	2 KB
3	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 304 aax-dtb-cf.amazon-adsystem.com Failed	49 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 316	917 B
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 198	2 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 553	1 KB
2	tremorhub.com partners.tremorhub.com — Cisco Umbrella Rank: 974	365 B
2	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1122 lbs.eu-1-id5-sync.com — Cisco Umbrella Rank: 1348	680 B
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1207	637 B
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 989 id5-sync.com — Cisco Umbrella Rank: 439	18 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1193 bcp.crwdcntrl.net — Cisco Umbrella Rank: 879 sync.crwdcntrl.net Failed	10 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 47	144 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 206	6 KB
1	adition.com 1 redirects dsp.adfarm1.adition.com	473 B
1	agkn.com aa.agkn.com — Cisco Umbrella Rank: 436	658 B
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 540	339 B
1	im-apps.net sync-jp.im-apps.net — Cisco Umbrella Rank: 3709	194 B
1	createjs.com code.createjs.com — Cisco Umbrella Rank: 1393	63 KB
1	kraftonde.com gs.kraftonde.com — Cisco Umbrella Rank: 32611	358 B
1	google.co.nz adservice.google.co.nz — Cisco Umbrella Rank: 142506	792 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 679	31 KB
0	opera.com Failed t.adx.opera.com Failed
0	mediago.io Failed trace.mediago.io Failed
0	contextweb.com Failed bh.contextweb.com Failed
0	quantserve.com Failed cms.quantserve.com Failed
0	sitescout.com Failed pixel-sync.sitescout.com Failed
0	rlcdn.com Failed id.rlcdn.com Failed
0	technoratimedia.com Failed sync.technoratimedia.com Failed
0	bing.com Failed c.bing.com Failed
0	smartadserver.com Failed ssbsync.smartadserver.com Failed
0	smaato.net Failed s.ad.smaato.net Failed
0	360yield.com Failed ice.360yield.com Failed
0	emxdgt.com Failed cs.emxdgt.com Failed
0	yahoo.com Failed ups.analytics.yahoo.com Failed
0	pubmatic.com Failed image8.pubmatic.com Failed
0	rubiconproject.com Failed pixel-us-east.rubiconproject.com Failed
0	creativecdn.com Failed creativecdn.com Failed
0	geistm.com Failed id.geistm.com Failed
0	1rx.io Failed sync.1rx.io Failed
0	mathtag.com Failed sync.mathtag.com Failed
0	linksynergy.com Failed tags.rd.linksynergy.com Failed
0	ip-api.com Failed pro.ip-api.com Failed
351	65

	Domain	Requested by
44	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com pagead2.googlesyndication.com www.googletagservices.com tpc.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net
31	tpc.googlesyndication.com	78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com securepubads.g.doubleclick.net pastelink.net googleads.g.doubleclick.net tpc.googlesyndication.com ad.doubleclick.net
21	s3-ap-southeast-2.amazonaws.com	www.adtrek.co s3-ap-southeast-2.amazonaws.com
18	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net widgets.outbrain.com
16	securepubads.g.doubleclick.net	cdn.adligature.com securepubads.g.doubleclick.net pastelink.net
14	widgets.outbrain.com	securepubads.g.doubleclick.net widgets.outbrain.com pastelink.net
13	cdn3.d4.digital	googleads.g.doubleclick.net cdn3.d4.digital
12	pastelink.net	pastelink.net
11	googleads.g.doubleclick.net	78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com pastelink.net pagead2.googlesyndication.com
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
10	www.googletagservices.com	securepubads.g.doubleclick.net 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com cdn.doubleverify.com www.googletagservices.com
9	s0.2mdn.net	78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com pastelink.net www.adtrek.co s0.2mdn.net
9	ib.adnxs.com	7 redirects googleads.g.doubleclick.net
8	sync.search.spotxchange.com	6 redirects googleads.g.doubleclick.net
8	googleads4.g.doubleclick.net	googleads.g.doubleclick.net pastelink.net ad.doubleclick.net
7	static.criteo.net	ads.as.criteo.com
7	78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	fonts.gstatic.com	fonts.googleapis.com
6	cdn.doubleverify.com	78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com cdn.doubleverify.com googleads.g.doubleclick.net pastelink.net
6	fonts.googleapis.com	pastelink.net cdnjs.cloudflare.com cdn3.d4.digital s3-ap-southeast-2.amazonaws.com
5	sync.outbrain.com	widgets.outbrain.com
5	www.adtrek.co	78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com www.adtrek.co s3-ap-southeast-2.amazonaws.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	cdn.adligature.com	pastelink.net cdn.adligature.com
3	log.outbrainimg.com	widgets.outbrain.com
3	us-u.openx.net	2 redirects googleads.g.doubleclick.net
3	pix.as.criteo.net	ads.as.criteo.com
3	c.amazon-adsystem.com	cdn.adligature.com c.amazon-adsystem.com
2	tpsc-ae1.doubleverify.com	cdn.doubleverify.com
2	flint.defybrick.com	rock.defybrick.com pastelink.net
2	rtb.mfadsrvr.com	2 redirects
2	match.adsrvr.org	2 redirects
2	dpm.demdex.net	1 redirects widgets.outbrain.com
2	b1sync.zemanta.com	2 redirects
2	images.outbrainimg.com	pastelink.net
2	rock.defybrick.com	widgets.outbrain.com
2	mcdp-sadc1.outbrain.com	widgets.outbrain.com
2	odb.outbrain.com	widgets.outbrain.com
2	tps.doubleverify.com	cdn.doubleverify.com
2	widget-pixels.outbrain.com	pastelink.net widgets.outbrain.com
2	tcheck.outbrainimg.com	widgets.outbrain.com
2	partners.tremorhub.com	googleads.g.doubleclick.net
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	www.google.com	1 redirects tpc.googlesyndication.com
2	csm.as.criteo.net	ads.as.criteo.com
2	www.googletagmanager.com	pastelink.net www.googletagmanager.com
2	cdnjs.cloudflare.com	pastelink.net ads.as.criteo.com
1	dsp.adfarm1.adition.com	1 redirects
1	dis.criteo.com	widgets.outbrain.com
1	aa.agkn.com	widgets.outbrain.com
1	beacon.krxd.net	widgets.outbrain.com
1	sync-jp.im-apps.net	widgets.outbrain.com
1	code.createjs.com	s0.2mdn.net
1	imp.d4.digital
1	ad.doubleclick.net	www.googletagservices.com
1	id5-sync.com	cdn.id5-sync.com widgets.outbrain.com
1	cdn2.d4.digital	cdn3.d4.digital
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	gs.kraftonde.com	78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
1	lbs.eu-1-id5-sync.com	cdn.id5-sync.com
1	lb.eu-1-id5-sync.com	cdn.id5-sync.com
1	rtb0.doubleverify.com	cdn.doubleverify.com
1	cat.sg1.as.criteo.com	ads.as.criteo.com
1	ads.as.criteo.com	78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
1	rtb.jp2.as.criteo.com	pastelink.net
1	cdn.id5-sync.com	pastelink.net
1	tags.crwdcntrl.net	pastelink.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.co.nz	securepubads.g.doubleclick.net
1	code.jquery.com	pastelink.net
0	t.adx.opera.com Failed	widgets.outbrain.com
0	trace.mediago.io Failed	widgets.outbrain.com
0	bh.contextweb.com Failed	widgets.outbrain.com
0	cms.quantserve.com Failed	widgets.outbrain.com
0	pixel-sync.sitescout.com Failed	widgets.outbrain.com
0	id.rlcdn.com Failed	widgets.outbrain.com
0	sync.technoratimedia.com Failed	widgets.outbrain.com
0	c.bing.com Failed	widgets.outbrain.com
0	ssbsync.smartadserver.com Failed	widgets.outbrain.com
0	s.ad.smaato.net Failed	widgets.outbrain.com
0	ice.360yield.com Failed	widgets.outbrain.com
0	cs.emxdgt.com Failed	widgets.outbrain.com
0	ups.analytics.yahoo.com Failed	widgets.outbrain.com
0	u.openx.net Failed	widgets.outbrain.com
0	image8.pubmatic.com Failed	widgets.outbrain.com
0	ssum-sec.casalemedia.com Failed	widgets.outbrain.com
0	sync.crwdcntrl.net Failed	widgets.outbrain.com
0	pixel-us-east.rubiconproject.com Failed	widgets.outbrain.com
0	creativecdn.com Failed	widgets.outbrain.com
0	id.geistm.com Failed	widgets.outbrain.com
0	sync.1rx.io Failed	widgets.outbrain.com
0	sync.mathtag.com Failed	widgets.outbrain.com
0	tags.rd.linksynergy.com Failed	widgets.outbrain.com
0	aax-dtb-cf.amazon-adsystem.com Failed	c.amazon-adsystem.com
0	pro.ip-api.com Failed	cdn.adligature.com
351	96

This site contains links to these domains. Also see Links.

Domain
www.bbc.co.uk
www.facebook.com
twitter.com
t.me
api.whatsapp.com
www.reddit.com
www.pinterest.com
www.tumblr.com
www.blogger.com
profitquery.com
www.linkedin.com
share.flipboard.com
social-plugins.line.me
www.meneame.net
diasp.org

Subject Issuer	Validity	Valid
pastelink.net R3	`2022-12-02` - `2023-03-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.google.co.nz GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-03` - `2023-04-04`	a year	crt.sh
*.jp2.as.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-18` - `2023-01-15`	3 months	crt.sh
*.as.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-09` - `2023-01-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-08` - `2023-02-04`	3 months	crt.sh
*.sg1.as.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-10` - `2023-01-10`	3 months	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-07`	a year	crt.sh
*.as.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-12` - `2023-02-10`	3 months	crt.sh
*.eu-1-id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
cdn3.d4.digital GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2022-12-02` - `2023-06-02`	6 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
gs.kraftonde.com R3	`2022-11-14` - `2023-02-12`	3 months	crt.sh
www.adtrek.co Amazon	`2022-10-22` - `2023-11-20`	a year	crt.sh
cdn2.d4.digital GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2022-11-07` - `2023-05-07`	6 months	crt.sh
*.s3-ap-southeast-2.amazonaws.com Amazon	`2022-09-21` - `2023-09-05`	a year	crt.sh
*.id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
*.outbrainimg.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.tps.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2022-09-28` - `2023-10-30`	a year	crt.sh
imp.d4.digital GTS CA 1D4	`2022-11-19` - `2023-02-17`	3 months	crt.sh
tls.adobe.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-29` - `2023-05-30`	a year	crt.sh
rock.defybrick.com Amazon	`2022-05-09` - `2023-06-07`	a year	crt.sh
*.im-apps.net Amazon	`2022-04-25` - `2023-05-24`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2022-10-20` - `2023-10-19`	a year	crt.sh
*.agkn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-09-06` - `2023-09-21`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-31` - `2023-01-26`	3 months	crt.sh
*.defybrick.com ZeroSSL ECC Domain Secure Site CA	`2022-11-25` - `2023-02-23`	3 months	crt.sh

This page contains 35 frames:

Primary Page: https://pastelink.net/ae55y2dx
Frame ID: 59A07930756885556826BA3A089C4520
Requests: 61 HTTP requests in this frame

Frame: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7AD1814CACD640AD7509B9AA7A76DE25
Requests: 1 HTTP requests in this frame

Frame: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 387AEDA4934D689A79B1CE18945D7FA3
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssZ5wOF_khJGEj2FLQ2gBWic_0CvtppeZjZfbUVBd1FGWl3yulwyk-jmCdKukh4gK1LlY9k1ZV6ugpHdiSHLIefyxvqXIH9qh82LcgWhWbVKqQneNHkgrKL6GP5VxCi8rxugYPWh1NMEJ3XehpNiEqlizdAc8Tr6ONqEAQFRf_0VNRaYoC0-3uJAXdHVvJIZIbWI9Nr2uUY9LBqq6Us_B8K3zP-T6o5h-euv-JiFIs75Fr3IbwR7tDq6MKiivtJmf3AHw9f5w_BnD2qpIlkrXxdnOjFYmipr8vjIkagjgli5H4Sp8pfMUMzvIs3yBnWW-tb7xJDCc2xz5wCX-G2aqbNGH-hUKR65w&sai=AMfl-YSKB_OBISny7Dx4ORlFA7BKmRMzPIpNkVgAb-nS_lgM7ZG4vByncWKezbnbNI2eGXRQBk05CjAvllIaE9dp9gEIFZAUnGl_hml2OdQnG5cRctxL6iUXf0NxDLIgAyylIghSwp3ueLTTYRtZD7L8Bw&sig=Cg0ArKJSzE22WXCQ-TMbEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: A578A92211A373146ED6A9F1FB7AD7C9
Requests: 17 HTTP requests in this frame

Frame: https://ads.as.criteo.com/delivery/r/afr.php?z=Y5J5awAAWVoBc9n5AALR_5suioSfd0u-h-LcDQ&u=%7CPvHmXY8Gt7LdQIM8TGdIGAUMBvuyR3pQidF29iftPeM%3D%7C&c1=2P_wVlUbBFsw5yK-nUdqc6nygJ274zNPTQIufB1xv3LmVsxNlD7xoiJRjE-u8MyoFkwSnvxmwvhCulRqxjEh4iItRXP0Wy4iGrbANOzC1ZtbbxuPzrPPf8x3axxhrgJWXcw5h0qCEhEcLd29266aGGcastDzzE7MZv3nXf7ZsBpOwO9XrINmnH-x2x4wlZhAzmIQtW7HOSUheR11dR13RqgZFTKSGEXx_QqanuVhJTpaLXXWrCt-i9jiQTsf4wh9KsoKworPObJfGR8xY5QEJgRu8hgptEx4S35zBjGvKoav7mBImHO-ZFW9eKl2DwkXppMykPDIgOp37K6EYj_cYu9pUxL8m6zX9TtoS-y6FZSLOymE1AWuLaah3_U__aZbrZOWHxgNh0TzjvEFqTXcLQpfiSXOnhol4Ked8xGFxUOWJHumNCLWXG3F-5bTpWBMtP7KMR_aJf__THmnK3HlhfCsGF1XrjZ953BCRgz8rHl1mgsKCxeVHtQmQqJpzw1Cy9XD6WSG8v4PaAQqQD1t4ZR3Me3wM8eGJuxEx4DU9b2H4EVdUB5-ja_EwwhlArG54hP7fpxEZnAsJrGZlUlmGmAzvvizlPfs5YYKExyirA_GJVDgGaz7Dg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXvx7a3mSY9qyAfmzz7sP_6OLwA2Y_NGxXKqEzOSFAcCNtwEQASAAYKvssYXgGIIBF2NhLXB1Yi0xNzUwODU2MjM5MjA0NDE0yAEJqQLrE3paObamPuACAKgDAaoE6QFP0EOrOlA8RHC2tDaty_2Rh3uQJQLE2v81QVvdFwPq44wVawBUjL2TtvPvvXQQmsSB2xOiKOU3WpKfjT-D70a8TG4UWl959PXhLh6nudx1vjmwptIJlNl857IlPFfOVi6DjgSNbjDldAoxezLbaXkOMHIteUX3vkJtJsPd1283AQZV4r_IMph4m8MceJBh-a6BiTEvT4TsN5TjcrEMYk-IKcAwKnBSbbf7xadal3IaW8MICQicAMiTv7UgmKHXZEXVocaT7NHb0K0nFPbJhNsU3rOC371Zz3bgGma8Kn2AboySL9mUb3VcDuAEAYAG1MPjwJC7t4NEoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_24MMl12o0rT8SyIVQexl6aWpLy5g%26client%3Dca-pub-1750856239204414%26adurl%3D
Frame ID: ECFC3429B678E9927BC4FBAE405B8569
Requests: 18 HTTP requests in this frame

Frame: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B80BA68DD95057B97880E01A016634A6
Requests: 20 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/022211060024000/amp4ads-v0.mjs
Frame ID: F2A3DFA915DA2949CAAA6BCF30AAE2FE
Requests: 11 HTTP requests in this frame

Frame: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2250ECA2F3E3FBE3004EB613670C98E7
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYoPn2xQEwAQ&v=APEucNVf_jzBnPI-FDYvpZQjv9AL2Nqkj80q3DMP-9Ulc5VwUvTezYTy0YHirmT33UbP3fc7-XktSEcHqE6V2kyYaoHmVnyAPg
Frame ID: AF97295E95BC473C716CBC0595C2E70D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWEHBDW_uPeAhjAjf7ZATAB&v=APEucNUKbv5GtPxo4N2rfRDhcCzwK2Iw6tkaQ7qmXdTxxRv_Hx9PIAQb1Il4A4jPhkl5UGR3_jCb72PTM9tJr7SmimVibn9Xeg
Frame ID: 36DC56F2206EA949E7D775C3B272A1E4
Requests: 5 HTTP requests in this frame

Frame: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 86FC899EE1F35F713C6BF4499A2EFDDF
Requests: 21 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstQ2z7Oo1NmvAwLhYh6ggvrUH-nKXA7499OiaLT1gXHL_brOlR83xpoIA4LsPFsFPjG_IWQPZ1ZpqxVPGB47ZyY7d-NZ3dY7BQNSJsqS3Y_JdR1OWk4_5ySx-zYjnp9nN0YDNd1NX8QrtMYEKd1oBerm58GllB2PQz63L6eTWCaeU_IhN48658vneckRCwVWEnOKzNMMY9umQdNxPPe1i6y1ln-KovU0T0wl9xLMBdApXkhFnyqNj7ZmmA2KNieCogkMcFSf7YyWdWFnfUiYBOJ3vEKsKzflxGR56plx5XVB0m5z2a-8s-ZmbVwPEpIUzWZ0b5epVejUKSX3csAgg&sai=AMfl-YQp3xqJRI3fBjaLdgqCQ4eKtqgiLtWraRBH-52wVXTQHlWl0kqe-rj8L21QXaAZ4eE2_2H_9koDpBJkrITHV585-olyptk_J1SjfnN8vVW7iKeAIgsWHMWxPsEpSTW7HwpgeQxMBsIdz7o6i0ufDGY&sig=Cg0ArKJSzE830QsWcphVEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: C85F084942837490950542B04BCF65AD
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJeVmwEQk5vwvQMY2ff_2AEwAQ&v=APEucNUKC5wiUbkPAwC3kY4qs1MXuEaFDdNlPce-M4eHgz4yEqMgAKSLQxghGAptwk8RDxoSZ327xs1qf2IQ39t8Pja4V6NOHw
Frame ID: 4BF1B023140CBACFAE492BD40D4C1FD5
Requests: 5 HTTP requests in this frame

Frame: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F730EE09189C6E2714D93722E868F917
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COXuopICENGjts4CGO-67bEBMAE&v=APEucNWh8tMf7PDlvvlWs4Xiqi7m7gxm05XJQotiifupfXRn9N9ExCGmz6hTSTDDumkej1Y8IKVI-kf0Y-zPWad-C0aojCyTjA
Frame ID: EDC70835D5AB471150ECBEC63624CEAE
Requests: 4 HTTP requests in this frame

Frame: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 86A2993C6DC816E2CEC4907E8B8E9858
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 48336BCBC199592BA082E7F7AE103F9D
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNaBw4cEEM-GhI4EGKTS19oBMAE&v=APEucNW98qK_iEnXBc_DJJCDHBUWjnh--qq9DwqDXkgD8ICmN2MEYDoxFrbl-CUwfvFGFw9t9any3DTozqIuELkoqppmmxS3cQ
Frame ID: 58D7263EA637EA67F820CBF5FADD0DCE
Requests: 4 HTTP requests in this frame

Frame: https://www.adtrek.co/adserver/frm?cc=678d19d1-9bf6-4282-b96d-5173d5d41281&clk=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCrTc7bHmSY-mrNs7cz7sPzIOziASivKfjbImF7Y3XDtnN2ZOSMBABIIabpJABYKvssYXgGKABus70sQHIAQmpAh4c6YtaZKU-qAMBqgSlAk_Q63ElvLBnpqN43rx6Ab5hpBsxp3Qq7exogehLps2GJ_34xQpA5bhR8QIxn1k5bSgo2uOSoBv0uS_4eDTlEBhGNCv-Hd0tJir7vgKhCRZaS1uuaMQhubjRL3MlcSbuR_3wmbsmLqrARy0R5K04ugmaDEBFeiv0akE1tUu5KvMNdgRrHTSDiJDMuo65qtYBPDjbqp5Lm_GyMcHzl84pei7SKb1NE0UL-hqWRiAS4IsO41aR6_DK-ms5s5BfhG52Uu0JOOAeq4h_Ca1K1fLQxvM1_bt3d-ZvEu4gaNpWdxMjT-6ryQBCWX838kKIdymVYTqh1M0erPuKm-pyjQyvOLRINIcplFFK4mwPaOwyiUeIcwPCMebKY0uHFvjrCEfqp5mFjXm6wASju4GC5wPgBAOQBgGgBk2AB66xi84CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQIAKA5gLAcgLAYAMAbAT8fWrEcgTmqzA3gPQEwDYEwrYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM%26sig%3DAOD64_1glGDAf_IfXWd_xPnvluR-Gsorjg%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-B51URJTG6msbEt0s2n6b7xo9C1uBCaGxpF4Bewu8oafWh3t4jN7UmEB3ig8qKGjMoGII-CWnIwlJCpWUGB4xyFfdDFMIbiGWPqbBLclBY39tTzavPHdbl_7ayp-5afR_Pz_oG8wK5q1QqOBL_MWkzE0MFVzHEOZZYo_-y6r_RvdwQwEvo%26cry%3D1%26dbm_d%3DAKAmf-BtX9ZCAPEaqaATXhsCEoB3SuX-kzo7ZoG7Yq80s3aJteOG1R10LjLM1xkiKJZjasqVxWfncae3N7BBaNYHluveKBir3phsYcOZpXvsjRPu-6CWt0RV7-Pf-u8X1nv4gonBwBuV8OKfUd8HsVYf8Z79Sib7tTDwQzAJBZJqjP7yjrCHXlG79whOnbrvkfb4TJ941d_2j62OtPJDc1awScvSAzLu_knBM2ojYEQVIJxGEBb9SpFjCcX2MuOoZJs66YVLf50gF3aF85waPdN4UEyAPK4EUZCILY6rLoC-BHGOwJI84_Aj4p3lHpTrImSUdaluNVuwiPy9IDCboxz6NRBCj-v0dw9EBWt1W7f5uJ40SOnAwpFTKRXhsU5beSK_P5pQmKRlYLRrFERhk9VNKD-oDhPbK95C39LB5FxY991qCdLlkizKFGtMPqNVG5RUSEzoT6XlI_pfb1ytnyjeVH3ZsY4XcFkf-OFpFgKcrRpGakDCnsSx0j5xHsO8zQDZozkirXS5Pvj2LesDTX7bN7OUnQIVMrPBLai9AN-77TIdMkOALU0%26adurl%3Dhttps%3a%2f%2fwww.adtrek.co%2fadserver%2fclick%3fcc%3d678d19d1-9bf6-4282-b96d-5173d5d41281&ord=1670543724890345
Frame ID: 03AC7A5676DBBA98A287B15BD340F2DE
Requests: 31 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D1EE3DFE2C8A91E0E7E162578AB3A5A0
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements3317.js
Frame ID: 12BCEF3A4978E66C5E6D5DABBF3645DA
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1E1B06A083F9C10A8794361B839EB6BE
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 33BE6831319776BA7A1F9EA1FA516489
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1EA217277ED3912FB745124B5F44D38F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CDEDB9B93820CCBF4316B1552DA312A5
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/300x250.html
Frame ID: 40705970CD594191C71A8E41803705FA
Requests: 6 HTTP requests in this frame

Frame: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/index.html?v=1&lat=-36.8507736&lng=174.7644675&moid=&sd=&bid=14955&pid9153&adid=9618&cid=1073&d4Filter=&cb=900108459
Frame ID: 0AC0F438CCB914C7A74F8521ABF41BA3
Requests: 13 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements3317.js
Frame ID: A39C85696BC3FC472795E186AE39720B
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D235C9D7B59366C3B9CC14DC3DD8E05E
Requests: 3 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=9f2b6c7b-aa78-4a0f-b030-25fba43c62ed
Frame ID: 58B8F9DDF5459DBD9CDC54AE97E9750A
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Frame ID: 2E6E73CE46B12A55D27D0EBACF2097C5
Requests: 2 HTTP requests in this frame

Frame: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Frame ID: 86BA8E249185286D0552841EC3A0BEAF
Requests: 36 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=bb2e0e40-0f4c-4704-9a03-1a29f8f8b6c1
Frame ID: 3F996836FDA6642393DAF7E0B7DEAC63
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Frame ID: 79241E23213CB85D32CE3A22C088B802
Requests: 2 HTTP requests in this frame

Frame: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Frame ID: 97C353923D5C04B2E43B164A22EFAC7C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

How to Bet in New Jersey - Pastelink.net

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Outbrain (Widgets) Expand

Overall confidence: 100%
Detected patterns

widgets\.outbrain\.com/outbrain\.js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

351
Requests

84 %
HTTPS

0 %
IPv6

65
Domains

96
Subdomains

60
IPs

9
Countries

5644 kB
Transfer

11003 kB
Size

44
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bbc.co.uk/search?q=Sports+Betting+Tips&page=1
Title: https://www.bbc.co.uk/search?q=Sports+Betting+Tips&page=1

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://pastelink.net/ae55y2dx

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=%20https://pastelink.net/ae55y2dx

Search URL Search Domain Scan URL

URL: https://t.me/share/url?url=%20%0Ahttps://pastelink.net/ae55y2dx

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=%20https://pastelink.net/ae55y2dx

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://https://pastelink.net/ae55y2dx&title=%20

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/button/?url=https://pastelink.net/ae55y2dx&description=%20&media=https://pastelink.net/assets/images/pastelink-logo-square.png

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share?v=3&u=https://pastelink.net/ae55y2dx&t=%20&posttype=link

Search URL Search Domain Scan URL

URL: https://www.blogger.com/blog-this.g?u=https://pastelink.net/ae55y2dx&n=%20

Search URL Search Domain Scan URL

URL: https://profitquery.com/add-to/livejournal/?url=https://pastelink.net/ae55y2dx&title=%20

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://pastelink.net/ae55y2dx

Search URL Search Domain Scan URL

URL: https://share.flipboard.com/bookmarklet/popout?v=2&title=%20&url=https://pastelink.net/ae55y2dx

Search URL Search Domain Scan URL

URL: https://social-plugins.line.me/lineit/share?url=https://pastelink.net/ae55y2dx&text=%20

Search URL Search Domain Scan URL

URL: https://www.meneame.net/submit?url=https://pastelink.net/ae55y2dx

Search URL Search Domain Scan URL

URL: https://diasp.org/bookmarklet?url=https://pastelink.net/ae55y2dx&title=%20&jump=doclose

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 119

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1&C=1

Request Chain 120

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5J5bh-suFht0vCBkJ4N0AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1

Request Chain 121

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEt2Ky7icqS4C_WDneV1iAg&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEEt2Ky7icqS4C_WDneV1iAg%26google_cver%3D1

Request Chain 122

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTkzMzI2NDA2NTUwNjk5MDcyNQ%3D%3D

Request Chain 123

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1&C=1

Request Chain 124

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5J5bsyJd9RGDBCxJH0rkgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1

Request Chain 125

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEt2Ky7icqS4C_WDneV1iAg&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEEt2Ky7icqS4C_WDneV1iAg%26google_cver%3D1

Request Chain 126

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjY2NzAwNjMyMDg3MjQ2NDU3OQ%3D%3D

Request Chain 134

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 135

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIjHmj3CcaIrOapUYhF4oQE&google_cver=1

Request Chain 136

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmM4ZGJiZmEtMGFkYS0yZDhiLWViNTgtYTViYWRhNzQyOWE1

Request Chain 137

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEIAdxpVFmxs-p9G7hrY2nAk&google_cver=1

Request Chain 138

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZTgxM2ViOTItOWExYS00MGM3LTkzMmQtZmFlMjczNDg5NDUz

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm HTTP 302
https://partners.tremorhub.com/sync?UIGL=CAESEOc4LRjfxvUFgWdlONKxwWo&google_cver=1

Request Chain 174

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKACXBtRRu3tX9t45CN5NKM&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKACXBtRRu3tX9t45CN5NKM&google_cver=1&__user_check__=1&sync_id=ca04e686-7753-11ed-8225-1f3a79850507

Request Chain 175

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=ca0477f1-7753-11ed-9edb-1d6193ca0407 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2EwNGU2NDYtNzc1My0xMWVkLTgyMjUtMWYzYTc5ODUwNTA3

Request Chain 176

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm HTTP 302
https://partners.tremorhub.com/sync?UIGL=CAESEOc4LRjfxvUFgWdlONKxwWo&google_cver=1

Request Chain 177

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKACXBtRRu3tX9t45CN5NKM&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKACXBtRRu3tX9t45CN5NKM&google_cver=1&__user_check__=1&sync_id=ca2ad070-7753-11ed-aa9e-1e0b86f70407

Request Chain 178

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=ca0465e0-7753-11ed-a12c-1852dfec0507 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2EwNGU2NDYtNzc1My0xMWVkLTgyMjUtMWYzYTc5ODUwNTA3

Request Chain 303

https://idsync.rlcdn.com/420046.gif?partner_uid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CM7RGRJMCkgIARC-ngEaQFFUazNvcDZaVlRXWWtrNDIwLUVRSnJzZUhQNXhzZFVVYTRXZlRXdU55ME0tRXhEUEpfUUJ5WkxCNHZ2Q2cycGMQABoNCPPyyZwGEgUI6AcQAEIASgA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=27e3319f695d8fae169c9ec1cd4fe3fde7af006e21f4db6162dd7e737c31d784791426b5417dce21&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlAyN2UzMzE5ZjY5NWQ4ZmFlMTY5YzllYzFjZDRmZTNmZGU3YWYwMDZlMjFmNGRiNjE2MmRkN2U3MzdjMzFkNzg0NzkxNDI2YjU0MTdkY2UyMRAAGgwI9PLJnAYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlAyN2UzMzE5ZjY5NWQ4ZmFlMTY5YzllYzFjZDRmZTNmZGU3YWYwMDZlMjFmNGRiNjE2MmRkN2U3MzdjMzFkNzg0NzkxNDI2YjU0MTdkY2UyMRAAGgwI9PLJnAYSBAgCEABCAEoA&google_gid=CAESECRMx2LViCwDnXV7pFB3Ms0&google_cver=1 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=

Request Chain 304

https://b1sync.zemanta.com/usersync/outbrain/?puid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://b1sync.zemanta.com/usersync/outbrain/?gdpr=0&gdpr_consent=&puid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&s=2&us_privacy=1--- HTTP 302
https://sync.outbrain.com/cookie-sync?p=zemanta&uid=fJv4JTZQq_-QpZ_FV2Za&gdpr=0&us_privacy=1---

Request Chain 305

https://ib.adnxs.com/getuid?https://sync.outbrain.com/cookie-sync?p=appnexus&uid=$UID&obUid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://sync.outbrain.com/cookie-sync?p=appnexus&uid=7259043930018617298&obUid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_consent=&us_privacy=1---

Request Chain 306

https://dpm.demdex.net/ibs:dpid=133726&dpuuid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_pd=1&gdpr_consent= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=133726&dpuuid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_pd=1&gdpr_consent=

Request Chain 308

https://match.adsrvr.org/track/cmf/generic?ttd_pid=icco6m5&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=icco6m5&ttd_tpi=1 HTTP 302
https://sync.outbrain.com/cookie-sync?p=ttd&uid=c5dc2253-485c-40c7-aa3f-d58e1ad4a3cd&gdpr=0&gdpr_consent=

Request Chain 311

https://rtb.mfadsrvr.com/sync?ssp=outbrain&ssp_user_id=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=outbrain&ssp_user_id=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc HTTP 302
https://sync.outbrain.com/cookie-sync?p=mediaforce&uid=934d75c5-dc65-4770-a772-655a19f2911a

Request Chain 312

https://x.bidswitch.net/sync?ssp=outbrain&user_id=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&us_privacy=1---&gdpr=0&gdpr_pd=1&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=outbrain&user_id=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&us_privacy=1---&gdpr=0&gdpr_pd=1&gdpr_consent= HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Doutbrain%26bsw_param%3D5ad34e60-4f40-4c1a-a55a-91570e8033fe&gdpr=0&gdpr_consent=

Request Chain 314

https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&google_dbm HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEOIVNXDBu78u6H3kDhNpBTU&google_cver=1 HTTP 302
https://sync.1rx.io/usersync/bidswitch/5ad34e60-4f40-4c1a-a55a-91570e8033fe?gdpr=&gdpr_consent=

Request Chain 315

https://dsp.adfarm1.adition.com/cookie/?ssp=25&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://sync.outbrain.com/cookie-sync?p=activeagent&uid=7174930699781339284&gdpr=0&gdpr_consent=

Request Chain 316

https://ps.eyeota.net/match?bid=1mpn7m0&uid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc HTTP 302
https://ps.eyeota.net/match/bounce/?bid=1mpn7m0&uid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MmRxb2hJNDdESmZKNW9nZzI5Nk5nOU1KWnF2bWt1Rmwxc2FCRDAyN0ZjTFU&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=1mpn7m0&

Request Chain 318

https://creativecdn.com/cm-notify?pi=outbrain&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://creativecdn.com/cm-notify?pi=outbrain&gdpr=0&gdpr_consent=&us_privacy=1---&tc=1

351 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request ae55y2dx Show response
pastelink.net/ 28 KB
8 KB 1218ms
412ms Document
text/html 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

44cdc43485f36e7061ef98f308888e4dff21054761f9939476bc137eca44ce20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 08 Dec 2022 23:55:17 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: SAMEORIGIN

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 817ms
274ms Stylesheet
text/css 74.125.24.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f95.1e100.net

Software

ESF /

Resource Hash

ebfd96030683611d9ed054682f1ddf8b9098bc7d10105602b338605b0ae82a9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 08 Dec 2022 23:55:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 23:55:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 08 Dec 2022 23:55:18 GMT

GET
H2 200 styles.css
pastelink.net/assets/css/ 121 KB
121 KB 396ms
394ms Stylesheet
text/css 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/css/styles.css?q=35

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

2d54d98b7aadd5155567c320319c92983229bf9efc7388f5abee37784d0879e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/ae55y2dx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 17 Nov 2022 12:00:15 GMT
server: nginx
etag: "6376224f-1e29e"
content-type: text/css
accept-ranges: bytes
content-length: 123550

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
31 KB 847ms
284ms Script
application/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:18 GMT
content-encoding: gzip
x-sp-metadata: HS256.CPaOypwGEogBCiQxYmJlM2EzMi0zYjBhLTQ4YWYtYjgxNC01MzRkNzg5MzRlNGQQ+OiCoKvU+wIaBgjm8smcBiINMTE2LjkwLjc0LjIxNCj2xQMwAzgEQhZUTFNfQUVTXzEyOF9HQ01fU0hBMjU2WiAzZTliMjA2MTAwOThiNmM5YmZmOTUzODU2ZTU4MDE2YRosCAESJDNhYzhmNWJhLWQxNDUtNDFjMC1iYzQyLWI5Y2YzNGJjYzUwNhib8QE=.Ct5kFaqxhYQpVhdueFzjBZY5cbiN1XuzQhMaEjgvVGI=
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
server: nginx
etag: W/"620cd6ff-15d9d"
vary: Accept-Encoding
x-hw: 1670543718.dop206.la3.t,1670543718.cds204.la3.hn,1670543718.cds267.la3.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 script.min.js Show response
pastelink.net/assets/js/ 41 KB
41 KB 395ms
395ms Script
application/javascript 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/js/script.min.js?q=35

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

190d542d8e593c755fd16e67ca62583e183957829dfb69cc2e00c7bf67df237d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/ae55y2dx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 17 Nov 2022 12:00:15 GMT
server: nginx
etag: "6376224f-a225"
content-type: application/javascript
accept-ranges: bytes
content-length: 41509

GET
H2 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/ 2 KB
1 KB 434ms
147ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/js.cookie.min.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 20833468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 772
last-modified: Mon, 04 May 2020 16:11:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec5-6d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WUZ6pFwVNkr3ZhvU%2FLEaCcljg2Vpm3tLDlMH3Trzbbw4JEHgHElSzbkprILOFHs5LPbAA6MIdW4hWelT2NCKGX09JivnnsuzT4wDC3doT1YyDypPvE1hFJ4TQxQPQ4TwqDy66SWc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 77696e5e0c26a87c-SYD
expires: Tue, 28 Nov 2023 23:55:18 GMT

GET
H2 200 rules.js Show response
cdn.adligature.com/pl/prod/ 18 KB
5 KB 450ms
162ms Script
application/javascript 104.21.93.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/rules.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.93.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95b79ad7efde1e0051f941e69fa5dfbc0e6fbb86fc6dc40f9dc534a56f394371

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 270
cf-polished: origSize=30189
x-guploader-uploadid: ADPycdvTctf_eZ7kYQJKmzdE4T1byGS2xc9JonEnlLp9HZG4s2AW_6DS34Qua9ewRCTTvSdPoYsM4MyqLcWr338KZYfYJgs8mnIL
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 11 Nov 2022 14:54:18 GMT
server: cloudflare
etag: W/"c1add06674d8ee3c323c3b5f066404f6"
vary: Accept-Encoding
x-goog-generation: 1668178458192164
content-type: application/javascript
x-goog-hash: crc32c=6DZcRA==, md5=wa3QZnTY7jwyPDtfBmQE9g==
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pAw0RGLt0TgDO0J9o3Jze4lonalOQshcWpDac04gPzShahMN1y8LvvnVxtxlVhlPHdSzLcvoi%2B6TOrbECuKYn6TVUKesHmW3myRTR8rVXVqG5C%2BveUewFMejJTVJnoxQV6b8rFM%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 30189
cf-ray: 77696e5e0b4aaac1-SYD
expires: Thu, 08 Dec 2022 23:51:20 GMT

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
545 B 817ms
275ms Stylesheet
text/css 74.125.24.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Comforter+Brush:wght@400&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f95.1e100.net

Software

ESF /

Resource Hash

832c9e581cf487c9d36ab27a59cc84d06493a972b85ce40e83f1b3b6e21f9cfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 08 Dec 2022 23:55:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 23:55:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 08 Dec 2022 23:55:18 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 192 KB
68 KB 815ms
272ms Script
application/javascript 74.125.24.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

39b34907c2dcd4e10bcc46613f4f1e3a132cc94d045b18f15cc1024e6449dfdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69581
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 08 Dec 2022 23:55:19 GMT

GET
H2 200 advally-5.0.0.js Show response
cdn.adligature.com/rules.js/ 104 KB
28 KB 171ms
168ms Script
application/javascript 104.21.93.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/rules.js/advally-5.0.0.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.93.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a29a65e75a48d9c432611eb70d0377c8610f1874474b65df01aa72fed0235e3

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1965
cf-polished: origSize=171037
x-guploader-uploadid: ADPycdvdAWAvvuQtlKRMSi2KJ-urgo-fqNWgyjU5AqjMDerQ9jppYNzdwtmtfbotaqP69jJhIqvoVucKaG-_E8DLNFzQV4avxRkz
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 07 Nov 2022 13:53:08 GMT
server: cloudflare
etag: W/"7b1394d4b04bfcbf82f0d4de7ba5a58d"
vary: Accept-Encoding
x-goog-generation: 1667829188108909
content-type: application/javascript
x-goog-hash: crc32c=/7AOYQ==, md5=exOU1LBL/L+C8NTee6WljQ==
cache-control: public, max-age=7200, s-maxage=7200, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=teb6FFbWX%2FJTQ9dMBnHx5qwVs2ZvJWu%2FaeTKYXhTaPzJTVoBZsMRHcMo5BtYUJ5abWFiYQur6CFQ9gKTt2uGw0rGkifwV4d5mij9n6n1NJByI4UaWK8MnHfezJn4J2aYgFuOs%2Fs%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 171037
cf-ray: 77696e63ca6faac1-SYD
expires: Fri, 09 Dec 2022 00:30:15 GMT

GET
H2 200 rules.css
cdn.adligature.com/pl/prod/ 148 B
649 B 169ms
166ms Stylesheet
application/javascript 104.21.93.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/rules.css
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.93.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd8e217991e65be206db184ca55d6673115a4579c6673739203181999150547b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 271
cf-polished: origSize=294
x-guploader-uploadid: ADPycdvtqwFxOejHFSe5GRRSxHMIJ--OZygKUBtoO2SDJiJhgZ2nZChJdoCZ-upDO3FjrkW9GlkHiFcEZLqHOdc9-qqZP_5nygH2
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 11 Nov 2022 14:54:17 GMT
server: cloudflare
etag: W/"53b5e5bc4c7d7cf111b728f22d660fdd"
vary: Accept-Encoding
x-goog-generation: 1668178456885584
content-type: application/javascript
x-goog-hash: crc32c=F8i4jg==, md5=U7XlvEx9fPERtyjyLWYP3Q==
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XnQRHWYw%2Btkj98Yt0oAe2bvZgy53iuNCjOpRz7Rk%2FX1OjaAJ6De6pEDogXK%2FyHogPV4AviAwT67hDdGU1pr%2Bqnz%2BXM2lxKaPiM1FkDBhfh6KV2OaTRwqM0m8134dijQcACrlxFE%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 294
cf-ray: 77696e63ca6caac1-SYD
expires: Thu, 08 Dec 2022 23:51:21 GMT

GET
H2 200 debut_light.png
pastelink.net/assets/images/ 4 KB
4 KB 397ms
394ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/debut_light.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-10c8"
content-type: image/png
accept-ranges: bytes
content-length: 4296

GET
H2 200 pastelink-logo.svg
pastelink.net/assets/images/logo/ 3 KB
3 KB 398ms
395ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-d3d"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3389

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 arrow-down-blue.svg
pastelink.net/assets/images/ 239 B
409 B 396ms
395ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/arrow-down-blue.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-ef"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 239

GET
H2 200 moon.svg
pastelink.net/assets/images/ 2 KB
2 KB 395ms
395ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/moon.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-62e"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 1582

GET
H2 200 public-black.svg
pastelink.net/assets/images/ 578 B
749 B 395ms
394ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/public-black.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-242"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 578

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 816ms
270ms Font
font/woff2 74.125.24.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f94.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 23:18:01 GMT
x-content-type-options: nosniff
age: 434238
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Dec 2023 23:18:01 GMT

GET
H2 200 Y4GTYa1xVSggrfzZI5WMjxRaOz0Tx7j8.woff2
fonts.gstatic.com/s/comforterbrush/v5/ 129 KB
129 KB 843ms
298ms Font
font/woff2 74.125.24.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/comforterbrush/v5/Y4GTYa1xVSggrfzZI5WMjxRaOz0Tx7j8.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Comforter+Brush:wght@400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f94.1e100.net

Software

sffe /

Resource Hash

56e4dad84e404c7a62ed7a448be974126af74c0f056156de65ab3ea96b462797

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 17:19:27 GMT
x-content-type-options: nosniff
age: 542152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131896
x-xss-protection: 0
last-modified: Thu, 21 Apr 2022 17:08:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Dec 2023 17:19:27 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 1582ms
1036ms Font
font/woff2 74.125.24.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f94.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 10:09:36 GMT
x-content-type-options: nosniff
age: 49543
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Dec 2023 10:09:36 GMT

GET
H2 200 social-spritesheet.png
pastelink.net/assets/images/ 28 KB
28 KB 396ms
396ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/social-spritesheet.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-70de"
content-type: image/png
accept-ranges: bytes
content-length: 28894

GET
H2 200 logo-bg-90-tl.svg
pastelink.net/assets/images/ 2 KB
2 KB 395ms
395ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-bg-90-tl.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-933"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2355

GET
H2 200 pastelink-logo-contrast.svg
pastelink.net/assets/images/logo/ 4 KB
4 KB 396ms
396ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo-contrast.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

3a73b36061944ebbb33696553917d393280f796e212afcd09057b441c1168606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-e31"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3633

GET
H2 200 logo-symbol-non-white-bg.svg
pastelink.net/assets/images/ 4 KB
5 KB 396ms
395ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-symbol-non-white-bg.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-11c0"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 4544

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 1588ms
1060ms Font
font/woff2 74.125.24.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f94.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:27:21 GMT
x-content-type-options: nosniff
age: 138478
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 09:27:21 GMT

GET /
pro.ip-api.com/json/ 0
0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 816ms
273ms Script
text/javascript 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-5.0.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

sffe /

Resource Hash

4057bba9a44fa0b4f97bfde3d7d3deb3db6cefb6d408b73d385104628ad46981

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27562
x-xss-protection: 0
server: sffe
etag: "1416 / 332 of 1000 / last-modified: 1670540977"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 08 Dec 2022 23:55:21 GMT

GET
H3 200 prebid.js Show response
cdn.adligature.com/pl/prod/ 350 KB
111 KB 175ms
174ms Script
application/javascript 104.21.93.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/prebid.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-5.0.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.93.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c5bdcb449fb1bfe6c2b49f5dfc6f627c599d795d41bc72cf194b55c619b2f13

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:20 GMT
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=359160
x-guploader-uploadid: ADPycdv37PmeUitRnSgW8VH2I1gifcWGMEicfm88CyQUJff0QDO44IY4k8fga5I3J-OLJHGsTcCZG3ey7lVQiu0EXKuRdQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 11 Nov 2022 14:54:15 GMT
server: cloudflare
etag: W/"f97facbb0a8715dfd020c1c728e23c44"
vary: Accept-Encoding
x-goog-generation: 1668178455689352
content-type: application/javascript
x-goog-hash: crc32c=Dp8FQA==, md5=+X+suwqHFd/QIMHHKOI8RA==
cache-control: public, max-age=900, s-maxage=300, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=byEsSnunXgqGPh7u5fYqenDDx5WNNT5xPkQBqRsdZa%2FGkbdxlgjuoLjrq0uEI9NU9zYv%2BuEoQBSRIJOxxJQQUYN6plKxv%2BK83GUMPO8Lab0q6m5tR4P0%2BUbIB8YGWIoamb7FHbI%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 359160
cf-ray: 77696e6ddfe3a889-SYD
expires: Thu, 08 Dec 2022 23:59:14 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 178 KB
45 KB 748ms
269ms Script
application/javascript 13.33.39.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-5.0.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.39.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-39-40.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1c1e1c3ae7f9b71951f0539bbea7738054c26fee2e896ebb54f253db765d4c84

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:16:20 GMT
content-encoding: gzip
via: 1.1 9f6f7c775068d68476f4af0ffa848d4a.cloudfront.net (CloudFront), 1.1 626bcc948b842c34ed60b35c5e127f38.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 21:39:34 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P2, SIN2-P1
age: 2342
x-amz-server-side-encryption: AES256
etag: W/"909ff158818033daa43a2d271ecda3db"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: 54yharYzjTFcskto2e6vto7OgKYHD3PAqumFLbAAVqCxdgbtRun0mg==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 812ms
269ms Script
text/javascript 142.251.10.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.139 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f139.1e100.net

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:48:10 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 431
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Fri, 09 Dec 2022 01:48:10 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
76 KB 572ms
271ms Script
application/javascript 74.125.24.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

3198a617788e651c0621ab134c5ca0e7132226ad24c975dce4eb91c89f59820d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77625
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 08 Dec 2022 23:55:20 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
169 B 572ms
270ms Ping
text/plain 142.251.10.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oebu0&_p=97116380&cid=937965645.1670543721&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1670543721&sct=1&seg=0&dl=https%3A%2F%2Fpastelink.net%2Fae55y2dx&dt=How%20to%20Bet%20in%20New%20Jersey%20-%20Pastelink.net&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.10.139 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sd-in-f139.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
91 B 572ms
271ms XHR
text/plain 142.251.10.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=97116380&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fae55y2dx&ul=en-us&de=UTF-8&dt=How%20to%20Bet%20in%20New%20Jersey%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=784262906&gjid=1660187955&cid=937965645.1670543721&tid=UA-55088947-2&_gid=1409408087.1670543721&_r=1&gtm=2wgbu055WHPWQ&z=2011468833

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.139 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f139.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 708ms
236ms XHR
application/javascript 13.33.39.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.39.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-39-40.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: KO0V33_zzBQMkGMaMpLupHqINiAUum0D
content-encoding: gzip
via: 1.1 475d669d6a669094dfa09def007f90d6.cloudfront.net (CloudFront)
date: Thu, 08 Dec 2022 02:43:15 GMT
x-amz-cf-pop: SIN2-P1
age: 76328
x-cache: Hit from cloudfront
last-modified: Wed, 07 Dec 2022 02:43:04 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: XzD39CNMTYHwLgkr-zhx3FJW5M449x8iErT_r7nCJTTdPH-4vn1P3w==

GET
H2 200 pubads_impl_2022120501.js Show response
securepubads.g.doubleclick.net/gpt/ 380 KB
129 KB 572ms
271ms Script
text/javascript 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

sffe /

Resource Hash

1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 12:06:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215316
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131905
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 09:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Dec 2023 12:06:46 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 73 B
84 B 823ms
276ms XHR
application/json 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

cafe /

Resource Hash

c64cda3c1c7c935b57b27894caec3b370b98d70011c8e5ea2f31691be13c8fe7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60
x-xss-protection: 0
expires: Thu, 08 Dec 2022 23:55:22 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 271ms
271ms XHR
text/plain 142.251.10.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&aip=1&a=97116380&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fae55y2dx&ul=en-us&de=UTF-8&dt=How%20to%20Bet%20in%20New%20Jersey%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABAAAAACAAI~&jid=2146508873&gjid=589162722&cid=937965645.1670543721&tid=UA-197326395-9&_gid=1409408087.1670543721&_r=1&_slc=1&z=1595672956

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.139 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f139.1e100.net

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 1 KB
1 KB 235ms
235ms XHR
application/json 13.33.39.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fpastelink.net&pubid=7e29cf92-dbd2-479a-865a-9cb3658a40f8
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.39.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-39-40.sin2.r.cloudfront.net
Software: Server /
Resource Hash: 59b0485c1fec4f53ce71bbf2805f19215f6651cc406e6ff66548444594eebc7b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 22:15:22 GMT
via: 1.1 626bcc948b842c34ed60b35c5e127f38.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: SIN2-P1
age: 6000
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1071
x-amz-cf-id: yHltTY0KtO2fTOa8xPQXxDh0Cq4F1RD6CoWBomQH02LZDQ3EpUZnXA==

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa68e17fb13028f96c0d5b38fcf7006182894eb694625f9dedf5824d5066a5f0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET bid
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 0
0

GET
H2 200 integrator.js Show response
adservice.google.co.nz/adsid/ 107 B
792 B 839ms
280ms Script
application/javascript 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.nz/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 839ms
281ms Script
application/javascript 172.217.194.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f156.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 601ms
601ms XHR
text/plain 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2688815392968168&correlator=2106784076126258&eid=31070873%2C31071221%2C44761477&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CBottom_adhesion_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=1&adks=759513158&sfv=1-0-40&prev_scp=rand_key%3D90&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1670543722849&lmt=1670543722&dlt=1670543717726&idt=5028&adxs=436&adys=1105&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=516&ohw=1600&ga_vid=937965645.1670543721&ga_sid=1670543723&ga_hid=97116380&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

cafe /

Resource Hash

45648453007fe78a5607a8fbfeee4c16c46c29532ce2cd9b7de665013d2e2e38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9553
x-xss-protection: 0
google-lineitem-id: 6050546567
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138396499933
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
6 KB 2042ms
2040ms XHR
text/plain 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2688815392968168&correlator=2106784076126258&eid=31070873%2C31071221%2C44761477&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CTop_leaderboard&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x250&fluid=height&ifi=2&adks=2603746535&sfv=1-0-40&prev_scp=rand_key%3D90&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1670543722855&lmt=1670543722&dlt=1670543717726&idt=5028&adxs=310&adys=312&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&frm=20&vis=1&psz=705x151&msz=705x0&fws=4&ohw=1600&ga_vid=937965645.1670543721&ga_sid=1670543723&ga_hid=97116380&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

cafe /

Resource Hash

c75e119993b955efad2ddb9782ad8a8ac4e2615403b80bc83bebf1f3a7067ac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6626
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 459ms
457ms XHR
text/plain 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2688815392968168&correlator=2106784076126258&eid=31070873%2C31071221%2C44761477&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=3&adks=3770940712&sfv=1-0-40&prev_scp=rand_key%3D90&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1670543722858&lmt=1670543722&dlt=1670543717726&idt=5028&adxs=513&adys=501&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=937965645.1670543721&ga_sid=1670543723&ga_hid=97116380&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

cafe /

Resource Hash

8c88213cb28a59634a0ce9130a11d2b2ea19530d9b776eaafb08d36cb7accd5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10057
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 50 KB
12 KB 1272ms
1271ms XHR
text/plain 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2688815392968168&correlator=2106784076126258&eid=31070873%2C31071221%2C44761477&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=4&adks=3575723800&sfv=1-0-40&prev_scp=rand_key%3D90&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1670543722859&lmt=1670543722&dlt=1670543717726&idt=5028&adxs=513&adys=985&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=937965645.1670543721&ga_sid=1670543723&ga_hid=97116380&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

cafe /

Resource Hash

c43051f2c84570375cc3ebb41afe9788c957ce6ad2f5b1d93656b7ad98f9b0b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12163
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
11 KB 1035ms
1033ms XHR
text/plain 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2688815392968168&correlator=2106784076126258&eid=31070873%2C31071221%2C44761477&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=5&adks=375354995&sfv=1-0-40&prev_scp=rand_key%3D90&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1670543722861&lmt=1670543722&dlt=1670543717726&idt=5028&adxs=513&adys=1469&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=937965645.1670543721&ga_sid=1670543723&ga_hid=97116380&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

cafe /

Resource Hash

199215d9dd71297e200ab4e8ee4378b5bc09abebe014e5a6a27f2c50033a226c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11145
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
6 KB 1644ms
1642ms XHR
text/plain 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2688815392968168&correlator=2106784076126258&eid=31070873%2C31071221%2C44761477&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=6&adks=3771912056&sfv=1-0-40&prev_scp=rand_key%3D90&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1670543722864&lmt=1670543722&dlt=1670543717726&idt=5028&adxs=513&adys=1906&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=937965645.1670543721&ga_sid=1670543723&ga_hid=97116380&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

cafe /

Resource Hash

a2800087a33a3dcb0a30f243883a2a855837a6e01ef12f37d3d588b781910c82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6624
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 2182ms
2180ms XHR
text/plain 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2688815392968168&correlator=2106784076126258&eid=31070873%2C31071221%2C44761477&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=7&adks=3537739154&sfv=1-0-40&prev_scp=rand_key%3D90&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1670543722866&lmt=1670543722&dlt=1670543717726&idt=5028&adxs=513&adys=2367&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=937965645.1670543721&ga_sid=1670543723&ga_hid=97116380&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

cafe /

Resource Hash

df77217df3fca327084f7d9ff5e4ec54fcb578079abd1cc547580b5481f0ab6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9413
x-xss-protection: 0
google-lineitem-id: 6050546567
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138395899325
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
11 KB 2780ms
2779ms XHR
text/plain 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2688815392968168&correlator=2106784076126258&eid=31070873%2C31071221%2C44761477&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=8&adks=3581406220&sfv=1-0-40&prev_scp=rand_key%3D90&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1670543722868&lmt=1670543722&dlt=1670543717726&idt=5028&adxs=513&adys=2898&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=4&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=937965645.1670543721&ga_sid=1670543723&ga_hid=97116380&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

cafe /

Resource Hash

6da3cb53db5ef55d32d97f7b61072cd702434441d6830057a92ce33ee1e73e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11119
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
10 KB 2468ms
2467ms XHR
text/plain 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2688815392968168&correlator=2106784076126258&eid=31070873%2C31071221%2C44761477&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CSidebar_MPU&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600&ifi=9&adks=3854452215&sfv=1-0-40&prev_scp=rand_key%3D90&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1670543722870&lmt=1670543722&dlt=1670543717726&idt=5028&adxs=1071&adys=521&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&frm=20&vis=1&psz=168x607&msz=160x-1&fws=4&ohw=1600&ga_vid=937965645.1670543721&ga_sid=1670543723&ga_hid=97116380&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

cafe /

Resource Hash

7690352336b82073858d0da56c003a4dd1ef59fb54e86aa4c0b629a178c4841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10528
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
13 KB 824ms
279ms XHR
application/json 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

fba166b69ce914e2dbba1acd7058eabad15cad553561a6c79be841dbc193cc78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12425
x-xss-protection: 0

GET
H2 200 container.html Show response
78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7AD1 6 KB
3 KB 841ms
279ms Document
text/html 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:23 GMT
expires: Fri, 08 Dec 2023 23:55:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16576/ 32 KB
10 KB 733ms
254ms Script
text/javascript 13.33.33.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.33.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-33-61.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c7ad2fb033696f6b193dc1e4ef7d353c1d9a4d4a39772bdd0b44175704986ef8

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:40:01 GMT
content-encoding: gzip
via: 1.1 69b39b6769984cf063fcfceb47941eb6.cloudfront.net (CloudFront)
last-modified: Mon, 21 Nov 2022 18:55:24 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P1
age: 39606
x-amz-server-side-encryption: AES256
etag: W/"51c5af7d71728569b41d03503fff2de7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age: 86400
x-amz-cf-id: lMlzrBsEniqBkiWXt3LY4vTPynnl5oVyzRDdbe3zANjD2z87EtNMHQ==

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 57 KB
17 KB 436ms
149ms Script
text/javascript 104.22.53.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.53.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39fae3dc476aaaa594e2c963401633dd5d02eccb3c175eda03912cfe0f91c92e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:26 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
server: cloudflare
x-amz-request-id: MPPZXSN02VSTMT9F
age: 3242
etag: W/"9ee82d693d1e83b3a37ee20226716f78"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 77696e8ffccdab07-SYD
x-amz-id-2: kw27fDfYfh8B9hjsFBCGebIKTd/A1DchBNERGw9YsWdDGKf049qNucAfSbx3f2jKywcCawKMjBM=

GET
H2 200 container.html Show response
78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 387A 6 KB
3 KB 325ms
280ms Document
text/html 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:23 GMT
expires: Fri, 08 Dec 2023 23:55:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A578 0
0 283ms
283ms Fetch
image/gif 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssZ5wOF_khJGEj2FLQ2gBWic_0CvtppeZjZfbUVBd1FGWl3yulwyk-jmCdKukh4gK1LlY9k1ZV6ugpHdiSHLIefyxvqXIH9qh82LcgWhWbVKqQneNHkgrKL6GP5VxCi8rxugYPWh1NMEJ3XehpNiEqlizdAc8Tr6ONqEAQFRf_0VNRaYoC0-3uJAXdHVvJIZIbWI9Nr2uUY9LBqq6Us_B8K3zP-T6o5h-euv-JiFIs75Fr3IbwR7tDq6MKiivtJmf3AHw9f5w_BnD2qpIlkrXxdnOjFYmipr8vjIkagjgli5H4Sp8pfMUMzvIs3yBnWW-tb7xJDCc2xz5wCX-G2aqbNGH-hUKR65w&sai=AMfl-YSKB_OBISny7Dx4ORlFA7BKmRMzPIpNkVgAb-nS_lgM7ZG4vByncWKezbnbNI2eGXRQBk05CjAvllIaE9dp9gEIFZAUnGl_hml2OdQnG5cRctxL6iUXf0NxDLIgAyylIghSwp3ueLTTYRtZD7L8Bw&sig=Cg0ArKJSzE22WXCQ-TMbEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 08 Dec 2022 23:55:23 GMT

GET
H2 200 outbrain.js Show response
widgets.outbrain.com/ Frame A578 216 KB
75 KB 779ms
236ms Script
application/x-javascript 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1a7fc0d7449c8f1215c2aca3bfc30b1aa12ef6aa60600c4d185f6cc5b6b36e1b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:26 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 07:59:13 GMT
etag: "17-OhJ4TOSc8tFNgdatKFJEXXqs7uU"
vary: Accept-Encoding
edge-cache-tag: widget-cheetah
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET,POST
cache-control: max-age=14400
access-control-allow-credentials: false
x-traceid: bc89aa1c4c1b8a653b8d4e70b3172baf
timing-allow-origin: *, *
content-length: 76097

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A578 153 KB
47 KB 815ms
273ms Script
text/javascript 142.251.10.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f156.1e100.net

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 23:55:24 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 387A 0
0 288ms
288ms Fetch
text/html 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cekhma3mSY9qyAfmzz7sP_6OLwA2Y_NGxXKqEzOSFAcCNtwEQASAAYKvssYXgGIIBF2NhLXB1Yi0xNzUwODU2MjM5MjA0NDE0yAEJqQLrE3paObamPuACAKgDAaoE5gFP0EOrOlA8RHC2tDaty_2Rh3uQJQLE2v81QVvdFwPq44wVawBUjL2TtvPvvXQQmsSB2xOiKOU3WpKfjT-D70a8TG4UWl959PXhLh6nudx1vjmwptIJlNl857IlPFfOVi6DjgSNbjDldAoxezLbaXkOMHIteUX3vkJtJsPd1283AQZV4r_IMph4m8MceJBh-a6BiTEvT4TsN5TjcrEMYk-IKcAwKnBSbbf7xadal3IaW8MICQicAMiTv7UgmKHXZEWXo-cBCR9SrlKuZWgi0kHX96eISLd3155o6TAm48OeQpR1xEjqkOAEAYAG1MPjwJC7t4NEoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItMTc1MDg1NjIzOTIwNDQxNBj63nw&sigh=z4aYKp6ldDE&uach_m=[UACH]&cid=CAQSTADq26N9fsLvxkbnmwFNcKxgyeCXWhFcjYjgkZtM5rN0yGK-PL5L2iF1bpdZ2yUOYBrPikYr1BK6Sa0RedektUO0KyQnSvF9xeZLxCcYASAT
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.68.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sc-in-f156.1e100.net
Software: /
Resource Hash

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.jp2.as.criteo.com/google/auction/ Frame 387A 0
0 923ms
307ms Fetch 182.161.74.19
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.jp2.as.criteo.com/google/auction/notify?profile=14&payload=kO3gCaOzWawC-gFi-C0SAgAAABhMXkAqKIAjEGp5kmNgGpkePsg5dSk-ogASAAA&wp=Y5J5awAAWVoBc9n5AALR_5suioSfd0u-h-LcDQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.19 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:24 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 175200
content-length: 0

GET
H2 200 afr.php Show response
ads.as.criteo.com/delivery/r/ Frame ECFC 124 KB
44 KB 754ms
281ms Document
text/html 182.161.73.148
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.as.criteo.com/delivery/r/afr.php?z=Y5J5awAAWVoBc9n5AALR_5suioSfd0u-h-LcDQ&u=%7CPvHmXY8Gt7LdQIM8TGdIGAUMBvuyR3pQidF29iftPeM%3D%7C&c1=2P_wVlUbBFsw5yK-nUdqc6nygJ274zNPTQIufB1xv3LmVsxNlD7xoiJRjE-u8MyoFkwSnvxmwvhCulRqxjEh4iItRXP0Wy4iGrbANOzC1ZtbbxuPzrPPf8x3axxhrgJWXcw5h0qCEhEcLd29266aGGcastDzzE7MZv3nXf7ZsBpOwO9XrINmnH-x2x4wlZhAzmIQtW7HOSUheR11dR13RqgZFTKSGEXx_QqanuVhJTpaLXXWrCt-i9jiQTsf4wh9KsoKworPObJfGR8xY5QEJgRu8hgptEx4S35zBjGvKoav7mBImHO-ZFW9eKl2DwkXppMykPDIgOp37K6EYj_cYu9pUxL8m6zX9TtoS-y6FZSLOymE1AWuLaah3_U__aZbrZOWHxgNh0TzjvEFqTXcLQpfiSXOnhol4Ked8xGFxUOWJHumNCLWXG3F-5bTpWBMtP7KMR_aJf__THmnK3HlhfCsGF1XrjZ953BCRgz8rHl1mgsKCxeVHtQmQqJpzw1Cy9XD6WSG8v4PaAQqQD1t4ZR3Me3wM8eGJuxEx4DU9b2H4EVdUB5-ja_EwwhlArG54hP7fpxEZnAsJrGZlUlmGmAzvvizlPfs5YYKExyirA_GJVDgGaz7Dg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXvx7a3mSY9qyAfmzz7sP_6OLwA2Y_NGxXKqEzOSFAcCNtwEQASAAYKvssYXgGIIBF2NhLXB1Yi0xNzUwODU2MjM5MjA0NDE0yAEJqQLrE3paObamPuACAKgDAaoE6QFP0EOrOlA8RHC2tDaty_2Rh3uQJQLE2v81QVvdFwPq44wVawBUjL2TtvPvvXQQmsSB2xOiKOU3WpKfjT-D70a8TG4UWl959PXhLh6nudx1vjmwptIJlNl857IlPFfOVi6DjgSNbjDldAoxezLbaXkOMHIteUX3vkJtJsPd1283AQZV4r_IMph4m8MceJBh-a6BiTEvT4TsN5TjcrEMYk-IKcAwKnBSbbf7xadal3IaW8MICQicAMiTv7UgmKHXZEXVocaT7NHb0K0nFPbJhNsU3rOC371Zz3bgGma8Kn2AboySL9mUb3VcDuAEAYAG1MPjwJC7t4NEoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_24MMl12o0rT8SyIVQexl6aWpLy5g%26client%3Dca-pub-1750856239204414%26adurl%3D

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.148 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

108a843c89700026fe82ad9568a376c43fa4af57adc8987127ab581a0287090a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:23 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.as.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.as.criteo.net/heavyad?cppv=3&cpp=Tb8Bd7E3czVVZltg3dDnlz_mFeo19ywDMLnjNEJlGo0cvbPDYta33RFl7hAnINn_VNJE9UbpEGgHW4fpICnvZ45X2--ZYjaMaQTxLDPBEIxl6c97NaQJCz9gNiX6_pwtmlL3c-MRV-QPsrec-aFhSg0j2pSs8D1amLYXGmhjUIQ_jgcndp1sxyHpxfnmBNFo-jCWBcI71P1SBkkche37yUIC3DS-aCwNyobzDqUAA7L4oOL_D3OujO5nAJ20bMV-cda3jQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 45966988
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 387A 3 KB
1 KB 902ms
348ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 20:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12576
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 20:25:48 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 387A 18 KB
8 KB 850ms
297ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 00:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 00:33:08 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 387A 24 KB
7 KB 828ms
276ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 04:57:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 241047
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Dec 2023 04:57:57 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 387A 153 KB
47 KB 1023ms
673ms Script
text/javascript 142.251.10.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f156.1e100.net

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 23:55:24 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 295ms
295ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 23:55:27 GMT

GET
H2 200 container.html Show response
78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B80B 6 KB
3 KB 580ms
278ms Document
text/html 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:23 GMT
expires: Fri, 08 Dec 2023 23:55:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/022211060024000/ Frame F2A3 221 KB
61 KB 818ms
270ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

dce9f5afda30bc387f9f1090b155cbb90596e3c7c1374ea9e135b7184c8fc707

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 08:55:46 GMT
age: 53978
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61620
x-xss-protection: 0
server: sffe
etag: "011de7b3056fa7b4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 08 Dec 2023 08:55:46 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/022211060024000/v0/ Frame F2A3 14 KB
5 KB 657ms
356ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 06 Dec 2022 00:47:26 GMT
age: 256081
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Dec 2023 00:47:26 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/022211060024000/v0/ Frame F2A3 94 KB
28 KB 571ms
270ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 07 Dec 2022 16:38:38 GMT
age: 112609
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 07 Dec 2023 16:38:38 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/022211060024000/v0/ Frame F2A3 5 KB
2 KB 672ms
371ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 08 Dec 2022 10:09:37 GMT
age: 49550
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 08 Dec 2023 10:09:37 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/022211060024000/v0/ Frame F2A3 40 KB
13 KB 279ms
279ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 06 Dec 2022 16:57:31 GMT
age: 197877
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Dec 2023 16:57:31 GMT

GET
DATA 200
OK truncated
/ Frame F2A3 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11bf5c7fcacc2dcf713e2764a9236712a04326335cdd0b1fd9d2ba91b0fe6dcb

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 9932462520429549001
tpc.googlesyndication.com/simgad/ Frame F2A3 104 KB
104 KB 614ms
549ms Image
image/gif 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9932462520429549001

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

859b0706792946076180c733c999b736b08559b15eb0b890efbb4d2e897056fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:24 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106372
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 20:02:31 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 08 Dec 2023 23:55:24 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F2A3 3 KB
3 KB 399ms
333ms Image
image/png 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/en.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 09:47:59 GMT
x-content-type-options: nosniff
server: cafe
age: 50845
etag: 15880770647744369592
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2982
x-xss-protection: 0
expires: Fri, 09 Dec 2022 09:47:59 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F2A3 344 B
449 B 413ms
347ms Image
image/png 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 16:15:05 GMT
x-content-type-options: nosniff
server: cafe
age: 27619
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Fri, 09 Dec 2022 16:15:05 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F2A3 0
0 289ms
288ms Image
text/html 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C86tDa3mSY7utLcq0z7sPs8eY0AOZlNSvbZjc5OfEEJiS-IezAhABIIabpJABYKvssYXgGKAB6eeY8wPIAQOpAra3a_mkX6U-4AIAqAMByAMIqgSlAk_Qnf7I6zS79rF-sl3VmG74o7R2FxTOvS_g2RBEVTIKSDR5GLrYv3jBjfhNZwPoMPf0Y6tFnl1t_TSHhZdERoYBz5_nhUVLaoJkInLHUtQQL0CehT3A0I2RQ43LwYLomSSm6c1RDhVBz2YHwOYg18fhdA0_L2a_38exCeU7ElAzqFwxqh5pMjQYD_nlOnUbMKpQzvGYw0PkufPKwrqSeg6S-yR9E8q1k2WgTzPx-vkjYewpjaelNuJp0sr31HoVFVJRpKkkkAhiZDL8MS5IB27LKKrsT1TYNqx3EeoX1F0hGPUn4I-R3HviWRgfgMOWhZwQQIPPDq7Ouxnl0wpszZDSUzoVjP-S3Knm2yZCSbl37fbpCTKe0WJZhbyoU1vF5O3_q__ZwASXxNyykgTgBAGgBgOAB_-X5wyoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDImwXSCA8IgGEQARgdMgKKAjoCgECACgPICwHYEwPQFQGAFwGyFx4KHAgAEhRwdWItOTYwMjUxOTUwMjYxODI2Mhj63nw&sigh=ofNkVsIApBI&uach_m=[UACH]&cid=CAQSTADq26N9k2U8wsoEvpAi_Tz1OH4Br3fJbMXEglWlVWlpPf4PqtIQ2wgD_e5YJl_RpKH4FK5oXuy6AA1mI7JwB-8ANODr9MiXEST8j8gYASAT
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.68.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sc-in-f156.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame ECFC 2 KB
1 KB 709ms
235ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.as.criteo.com
URL: https://ads.as.criteo.com/delivery/r/afr.php?z=Y5J5awAAWVoBc9n5AALR_5suioSfd0u-h-LcDQ&u=%7CPvHmXY8Gt7LdQIM8TGdIGAUMBvuyR3pQidF29iftPeM%3D%7C&c1=2P_wVlUbBFsw5yK-nUdqc6nygJ274zNPTQIufB1xv3LmVsxNlD7xoiJRjE-u8MyoFkwSnvxmwvhCulRqxjEh4iItRXP0Wy4iGrbANOzC1ZtbbxuPzrPPf8x3axxhrgJWXcw5h0qCEhEcLd29266aGGcastDzzE7MZv3nXf7ZsBpOwO9XrINmnH-x2x4wlZhAzmIQtW7HOSUheR11dR13RqgZFTKSGEXx_QqanuVhJTpaLXXWrCt-i9jiQTsf4wh9KsoKworPObJfGR8xY5QEJgRu8hgptEx4S35zBjGvKoav7mBImHO-ZFW9eKl2DwkXppMykPDIgOp37K6EYj_cYu9pUxL8m6zX9TtoS-y6FZSLOymE1AWuLaah3_U__aZbrZOWHxgNh0TzjvEFqTXcLQpfiSXOnhol4Ked8xGFxUOWJHumNCLWXG3F-5bTpWBMtP7KMR_aJf__THmnK3HlhfCsGF1XrjZ953BCRgz8rHl1mgsKCxeVHtQmQqJpzw1Cy9XD6WSG8v4PaAQqQD1t4ZR3Me3wM8eGJuxEx4DU9b2H4EVdUB5-ja_EwwhlArG54hP7fpxEZnAsJrGZlUlmGmAzvvizlPfs5YYKExyirA_GJVDgGaz7Dg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXvx7a3mSY9qyAfmzz7sP_6OLwA2Y_NGxXKqEzOSFAcCNtwEQASAAYKvssYXgGIIBF2NhLXB1Yi0xNzUwODU2MjM5MjA0NDE0yAEJqQLrE3paObamPuACAKgDAaoE6QFP0EOrOlA8RHC2tDaty_2Rh3uQJQLE2v81QVvdFwPq44wVawBUjL2TtvPvvXQQmsSB2xOiKOU3WpKfjT-D70a8TG4UWl959PXhLh6nudx1vjmwptIJlNl857IlPFfOVi6DjgSNbjDldAoxezLbaXkOMHIteUX3vkJtJsPd1283AQZV4r_IMph4m8MceJBh-a6BiTEvT4TsN5TjcrEMYk-IKcAwKnBSbbf7xadal3IaW8MICQicAMiTv7UgmKHXZEXVocaT7NHb0K0nFPbJhNsU3rOC371Zz3bgGma8Kn2AboySL9mUb3VcDuAEAYAG1MPjwJC7t4NEoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_24MMl12o0rT8SyIVQexl6aWpLy5g%26client%3Dca-pub-1750856239204414%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 23:55:25 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame ECFC 2 KB
1 KB 708ms
235ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 23:55:25 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame ECFC 308 B
637 B 705ms
234ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 03 Dec 2023 23:55:25 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame ECFC 293 B
621 B 707ms
236ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 03 Dec 2023 23:55:25 GMT

GET
H2 200 lg.php
cat.sg1.as.criteo.com/delivery/ Frame ECFC 43 B
348 B 709ms
236ms Image
image/gif 182.161.73.132
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.sg1.as.criteo.com/delivery/lg.php?cppv=3&cpp=rRZRZQQp68y3Dzwk2dJ_VK_Lzsna9Ga7g9K0Fap9AQJFF6jc5DGHwxCVvDhgMzmDv4o_CDDpUAdzfhWj_BNszxPFlS9m_5Z-u371JmvwY80Rl7D5cfJBRvFoW_ULfG13lPbo-t2aMkCr1dPawV7ZWyyKK4qj9nn3sMYnrlHdHtAlghmBk9C2maXI1gupHC7_x62pZFLeDYIBMSSdOpqERJvA8UY702ry86QVtBaDby3Xv1YQbwaTPxn90sqfvoeX37Vrb-qZ9xjW5Er4Fd7RxIamTXUd6bkLc-YmOV6-vZI7jC7WS52wnXBckILonDvNdzSyGPBcnLSlw93J7HW8t_9xXDLshfu7AYaqFtmHWP4thLwWm9lfWLOQ0TTYTWdzn3DrMyF5R2gRdpdGSuy8cC5crtcb-mHR9F7rXASFhgxG7Yxi

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.132 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:24 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2037722
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 container.html Show response
78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2250 6 KB
3 KB 270ms
270ms Document
text/html 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:23 GMT
expires: Fri, 08 Dec 2023 23:55:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AF97 624 B
782 B 843ms
283ms Document
text/html 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYoPn2xQEwAQ&v=APEucNVf_jzBnPI-FDYvpZQjv9AL2Nqkj80q3DMP-9Ulc5VwUvTezYTy0YHirmT33UbP3fc7-XktSEcHqE6V2kyYaoHmVnyAPg

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:25 GMT
expires: Thu, 08 Dec 2022 23:55:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B80B 15 KB
11 KB 862ms
303ms Script
text/javascript 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ApSxJ5DGF9VvRnC6Tqo-IPAmgp-mA-zZX-Xj0ZdERVYMYdcddtUZzDVzOnpSybRx29Fgi3eGz9Jv3603rG5eEAoIu0rd1CALrAIHhPkBlgwuAqgE6Zy5QILOYFroQ_TENaTN2z4PdzdxQ3PBF7AfGEQPikHnS1eggujKGV_ng6Ac7BKiE&cry=1&dbm_d=AKAmf-BtI19qdVvk-KTQzTHpHjbymxcJIFLQFXbkQzeA4WKG85cEeH7AXEgHYOXs-A3vYxTbgLz6ekT3yGbIaGsd8CZyfckCPibEUPCjwfI3NpMhqQkGkS6DmUAjhWxBAeoaDz50LWRl9VuGp5MAJEkbFhaS5V9jIYpO85gZswIy6Xryo6uFU31oKxsTptMhLVGA7TRm1b0016X0RQmXWFYaQp0PcTkChTLSFTZn7QkPYrWVBt6p65oZ3zQwwbQkv0mVkuiil-Dx1LMT8WcWgd9m3WJirSEPxz53dvQb96GEdVFOFTJAa5QQMvJPeKHDUal5CYRlSEIJQp-_pILwc39xwp5cByPOOHMR75teXdN38zGPZmCtS1JEBbx3pnwgTj1M7_ctSRA4hDRoszwV_xyfqZZloetfXL_Oygzm8mEOpRkvS2W4t92f1jcdTxg0NARTXZIyVz9KVYGS2Z2pVwasHVd4TDK5SJtJufKUzCAXiMytfATP45CW0BNqUyRow4valoXO11VjFmIroiSiq5PcFchLi_9EVDsszfyh-IpvUgp6zGn3Czpo6qXYhxA5KmFMazqWv5G_iFrbvFuvlap9tqie9H85-BxXj6bXu6ypi4-jJrMPZnT54Fv96WJzMLiqAbJesGTwTiPjdmAXTWvjCSgBRgn1p3oIe-3ghknYIZrjpB10LEYu94aKO8DLkqzviCqbtly2p1ykV0wt5lEcx6IFklS_rOjc0MbnJjWppT8mC3LhwchLFxSHwOwmEjL20zzLtPNNSFHiJp2NkQ-xUtUD1mc2VUfOuDXIaf39GseFEpb1tDf5wkXZdNUmRKYANICNc9DQ0lr6sYgb1YBAoLiTCm6LgUChYSi1yL93gJ_XZj19v8J0PEeaUduqvvDbaQ07W07baiPXSMDU3-7IbJs7gdhRK2mWpzV_RKoFuY7uLs_fY_Ter0Ek1XB-Gd0grnUVHxfnUWOder3cLNxGljlSWx_HeCV29voTDspPAWQYzGISLb7T9mzW8auC5mHu0-A2UzitcynfNB_YrtBPAHm2-m6vUL8w2IMDOmdwdi6HVBn6yn2f7WlJYZTUwxZhUvQz9d56hPYmxVT0AVcj6IrGHbYzMZoaGo50tWEZ38I5gi9HT5BrFMAwvuel1nHodNDTzlOpCHmj4eLeJZxQcYjbYvnglTbmlR4-X_y3zCNMcRAV1TI9errhftrDbb-_VgYnwKz0dL2TaDLmFxl8q4nB2jlrHf-A5HuyklqwLMFTK7oCOJwX1LhGDzJbk39IT5K_I_45WRyMqX4BMhv8PvTsy0pGkpbKOtX2AcId0uHkk700oHYV-0ay52xTLsP4TWAwVME92GiEX3B7dABAelV3MbtTGtAX9YJtH2nCW4ImDEpBYm-R5YuPYJNRTuxWS_4tmdFjG-Vm2utA9VkdMOPS8xBljEaeSyy8-u-wPmAPCMqJbA4ra7EvjNa7UnPlJPBQiCSI24EO4ym6MfB2uRtf0fO0OVd_yNy0m3udg7sgqit0VsL9QTu3Mv5natSkznR9x37Fo9iSDuyKGOnpfgWRsznzLxqTcqe34DghBXWJWAgmvPZ1FbcA5nz-I-Ga18sVmsCDAsVAWdQGtxVzF6lkrEm5BDiKzCh1I3XEQQgZf-Sbf9-hSHwR5S1JIvHSUVgkKTLlDZB9ql0sWxfvml-BVXFLjly0gZpHkXInaFwB74eqkYFP840BxQXn-6JbJOs7Uit59UircKildoXucGTJdIgQsjw7f-rC-fx4laJSolHFQo6vq8I9wB6VgTihTUL-mVtdK2zHRab0NmDhH49Ac-6EQ5ROOfv1_64RaVSqqHKVrbUh1tiPHexBKELNxrQI5-aUC5INa0WHlawFvmdlwfmVhJQSBG-sRW_aO8EuGP17Env0hu-jZIuUcGYmHGp_1VUhd1Z5ofnkQXtzlryfX5Fjvnc4ITxA2ST5LbtnrYakMq_mFKGug_t9x2Yh0k2e7xapMqBdM3rq2Q_PEO4cpS5yAeEhIR7YBWD7hHUQAFZdvlVmmYrsiwv90PZKMLVMsmiS-wAq7JkHY4ZKyD-9pbMzNGtTCDedKoGMY59GBaycE1FYYE28-69CqT-N8VYGC4BVcKHtcqy8p01P3MC5uEU_At9fvo-YAZnJNOAPey2VSTQQ4znK-Nphu4W_hXqLbxY_yOZB4V3xBQkA9Qx54FzoZRQxxQwfLtSBCqrITlfpQ2P-1rGyevBbcLiXXa_jULvqWkyP0h1eZP-Z_7aG7Lyvl2seTXXrotmvpwolyCdTVSWyXkExIP9TZWHhkA9TU8lP_ft3BENohlINOqCFy4PsxRPKib0t0vCfJE4nJaPWpwOIVyM2H-tvZ0gN3KKHo2t_8HB2a_i6K8b4RC_1RdjD7TZXnPr0zKOzb6BiU6tFjjMuDwAOEN1W7jLu6HY9w74Vg1pXTi1X1NWASvFMFJDwVhMtwt5_RHvE4kM14jUjtdzFSjCCdb-U2a5nPZubLt2SbgulOOVKY_6Ys5S6M2q8bCY14MSKrXd4RqkJwwNknUqRg31vM15XJx6gpVQxzwoc0Dv26g0IWff4IIz3t7BZclThXb0qmG1ygiWse_Ze3hh_PeGEA-FiL-9nb4UPSkFKtPYqAXS9VdTKkI26IgXUgxYRGnygTKlSkNdfNvvJzHoqrH8DH_E4RJIOFmny14ufg0V3IX6KmTO7hOQv6yK146fad1FRsgmOWzsdLqBN3q5GO-3klsfuQL5D1KzewIQXjEylQmQhJ67KgMPpFFGjEThTifoZjI6My1R1JNneENCDxIuL9Uxl9JGcMYTNGnHl7s0_JpfZ5I2a1KEpy1ks8sRRtLrB_t1Pp4Zc3Yv0AeWIp9pkQ1mstSRvCsIJ1oSkIS3nm116pfCFgOmLsX8U8DqnByYBb0_FONu_PGl3gNBkoNlioNlDgfYErRmU4pDc81CHLyM2OBtuxZf2jSKwVM58Y-c21IgwX3lnqYBLVW5Ua5NBdsGU85Szg7a9agln75P81mrhEvr55jFvKr_NIpgnI0pBhLw5pIcnYc7yW2P6Bd08O4UqkYqcuDNZknOeev9lAzUhk-teXa9Ilb1xH0Bhu0qwfyjg9o-fcpTkeDPKPBy6q_z5tllg7plMsFdBfbfS6gSnTcF_IJ-jp-MX-3YKq8YoriaiRWz-suAJYMoJ0O8Y-5A-y-ZE8fP7H2FjO2JIY_TEXmKhCZnvclrdwAfwphJZHJwvBy7sWUdGUb5LUXj4aSBouWcH_iDLh1hOMMR9ntu2sG-pRE2m-ZSW6AINRhj6WI-uukoDVXO2czHzQt3qcfcQVyLSgqafO3k4UqNM-dJAchg_yZPF6Aq6eudpioA4D8Sbed8U_TZueF4piBzkPPO4d_sT5QfAca2jJZgjd5TdYw-K4pxsrRTTznQZI5awm8lpTNaMwtip2xAAMbgr2SQ4S6qCtG2EzU9-RmtMSXOGALwyGHfy7IlE8VUk1_dY2Uuo32tEzhIXAIPVzkXCfkH4pjUuPhCgJq9S6OYnIRyFrQyXcSJrIXBZi4SzuLj8n1UieLKu1UCtE_-FLqU_44XqvZRqD6RamXL_2LgLUIInX-qtIwsxr24u5TjnNc8GwM836eNnhscq6qVP4sSl-_fUos9EKx9OU6mTfmNpPVvk8Y1DlM19g2olQhEoyNisSQ3uhNCTWMWe3nPt4wklLdge-4jihzn1Asae&cid=CAQSTADq26N990xUvyJ38kIKjn5UoRT817w42jlvJbWVET_M5Brhso9-mVn5JWtq4cz_3GOeWPFm58JoGEGSQ7tlxGNobhkHQzO2Fk1OWiMYASAT&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

cafe /

Resource Hash

92a052abc536e34d31135aa707d7491f841c88371ab68da4c0b95cb984ccc3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11367
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B80B 42 B
317 B 573ms
271ms Image
image/gif 142.251.10.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CKXqPym9aA1w6D1jEOoFhyh2i43L6CIMm8GGQi24v6efYZQG_u_L70t4_pPbqtJSSWp58bVE30n4alqPdRO1-mjzJJkKdaf_h7kslLQg5XenhMAuY

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f156.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame B80B 2 KB
1 KB 749ms
235ms Script
application/javascript 23.52.171.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115843&plc=6403715&sid=18330&dvregion=0&unit=300x250&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0gjW6ZdAyqMrMiMU1tH7Uir&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=16645325641&DVP_DBM_4=415087776&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/ae55y2dx&DVP_PP_BUNDLE_ID=
Requested by: Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.171.81 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-52-171-81.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 54e51249021fabff65b4ca7eb728f0a56cff080a37d9b0b13d1c401d5b9e6184

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:25 GMT
Content-Encoding: gzip
Last-Modified: Sun, 30 Oct 2022 09:55:21 GMT
Server: Microsoft-IIS/10.0
ETag: "42b02eb945ecd81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1170

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame B80B 8 KB
4 KB 760ms
243ms Script
application/javascript 23.52.171.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0gjW6ZdAyqMrMiMU1tH7Uir&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=16645325641&DVP_DBM_4=415087776&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/ae55y2dx&DVP_PP_BUNDLE_ID=
Requested by: Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.171.81 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-52-171-81.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 1a12532324261fcc9e92664b32cea31bf3a14a1128cf6a7531cc6a9ce9197cb9

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:25 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Dec 2022 11:39:13 GMT
Server: Microsoft-IIS/10.0
ETag: "8065f8730ad91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3315

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame B80B 3 KB
1 KB 297ms
270ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 20:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12577
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 20:25:48 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame B80B 18 KB
7 KB 769ms
768ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 00:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 00:33:08 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B80B 153 KB
47 KB 1927ms
1626ms Script
text/javascript 142.251.10.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f156.1e100.net

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 23:55:26 GMT

GET
DATA 200
OK truncated
/ Frame 387A 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd94dabab723d8e879aa3b0d1f40dc4258b5d03f2229c5fce36e8e75cb77a5bd

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame ECFC 12 KB
5 KB 293ms
148ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 105853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FEB87tgPeAGubk%2F5D8tzvK%2F8mN4%2BYVkJr3rBipEXphVhwlatyjdMd9aQbF3yCT%2BSEKAUyc6MfD9%2BMLukwHQIOeJikfr0SLTBhtBdTy0G1EUhnJYdOuO0H%2Fp0xJjzw6c%2FEBAZZni9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 77696e8bff34a949-SYD
expires: Tue, 28 Nov 2023 23:55:25 GMT

GET
DATA 200
OK truncated
/ Frame A578 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67b14ff4bef013edded6afb8e588600170f53c281dec38bb5611c1b32569f87d

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 36DC 624 B
368 B 560ms
284ms Document
text/html 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWEHBDW_uPeAhjAjf7ZATAB&v=APEucNUKbv5GtPxo4N2rfRDhcCzwK2Iw6tkaQ7qmXdTxxRv_Hx9PIAQb1Il4A4jPhkl5UGR3_jCb72PTM9tJr7SmimVibn9Xeg

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:25 GMT
expires: Thu, 08 Dec 2022 23:55:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2250 76 KB
27 KB 535ms
278ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

def1424f4f259a4cf927fe1f7ea7ec24bdc2fc78edca55fdb593cc0c293dbec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27387
x-xss-protection: 0
server: cafe
etag: 15442950961169408521
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 23:55:25 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2250 42 B
63 B 529ms
271ms Image
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BoOpAin2cv71WTvq7ZmssIyegaYpi603UQ0-BmkCPiIHwIMFEGVQVvqKg18GWsKWW07ATUiv4kHJQNNvXZW2Dc-o1fIm-zLnnhoRb-TMjtfevgVVM

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2250 0
20 B 532ms
275ms Image
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3410982535188684223&x=1&ct=76

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 2250 3 KB
1 KB 592ms
290ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 20:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12577
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 20:25:48 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 2250 18 KB
7 KB 579ms
276ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 00:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 00:33:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2250 153 KB
47 KB 2062ms
1803ms Script
text/javascript 142.251.10.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f156.1e100.net

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 23:55:26 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame ECFC 12 KB
6 KB 235ms
235ms Script
text/javascript 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 23:55:25 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame ECFC 32 KB
32 KB 1043ms
570ms Image
image/png 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?h=76&m=0&partner=52913&q=80&r=0&u=http%3A%2F%2Fstatic.sg1.as.criteo.net%2Fdesign%2Fdt%2F15516%2F190213%2F86f0f1f708604b2d82f69cc681c004dd_untitled-1.png&v=3&w=596&s=ywrMWPeHbKxpAJ0LjoX1w9JJ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

8adfe9068b6f9cc594b1d0ce23e9185785920812b8c9ff3cb7524fc03a022def

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=27831291
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 32923
expires: Fri, 27 Oct 2023 02:50:16 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame ECFC 8 KB
8 KB 707ms
235ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=52913&q=80&r=0&u=https%3A%2F%2Fcdn2.pipingrock.com%2Fimages%2Fproduct%2Fshoppingservice%2Fmelatonin-10-mg-120-tablets-4231.jpg&v=3&w=400&s=nycThUmqCuRUq7uk0XKGzoRw&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

31154658c0f43551d13209857161e9d915b4e3b90fb2ef653462c34441e9fcda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:24 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=28189429
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7770
expires: Tue, 31 Oct 2023 06:19:15 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame ECFC 13 KB
13 KB 939ms
467ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=52913&q=80&r=0&u=https%3A%2F%2Fcdn2.pipingrock.com%2Fimages%2Fproduct%2Fshoppingservice%2Falpha-lipoic-acid-600-mg-90-quick-release-capsules-291.jpg&v=3&w=400&s=iMAgN-QE_em3vkQFfBjupVQA&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

509bc156822de7a27d5a7c96cbfc5125a57927c1c9f2c30b850ecf6d19302835

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30273189
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 12848
expires: Fri, 24 Nov 2023 09:08:35 GMT

POST
H2 200 all
csm.as.criteo.net/ Frame ECFC 0
128 B 707ms
235ms Ping
text/plain 182.161.73.142
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.as.criteo.net/all?cppv=3&cpp=Tb8Bd7E3czVVZltg3dDnlz_mFeo19ywDMLnjNEJlGo0cvbPDYta33RFl7hAnINn_VNJE9UbpEGgHW4fpICnvZ45X2--ZYjaMaQTxLDPBEIxl6c97NaQJCz9gNiX6_pwtmlL3c-MRV-QPsrec-aFhSg0j2pSs8D1amLYXGmhjUIQ_jgcndp1sxyHpxfnmBNFo-jCWBcI71P1SBkkche37yUIC3DS-aCwNyobzDqUAA7L4oOL_D3OujO5nAJ20bMV-cda3jQ&sds=2&rev=83862.2&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.142 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.as.criteo.com/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 08 Dec 2022 23:55:25 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame ECFC 2 KB
1 KB 255ms
254ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 23:55:25 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame ECFC 2 KB
1 KB 235ms
234ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 03 Dec 2023 23:55:25 GMT

GET
H3 200 container.html Show response
78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 86FC 6 KB
3 KB 270ms
270ms Document
text/html 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:23 GMT
expires: Fri, 08 Dec 2023 23:55:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C85F 0
0 305ms
305ms Fetch
image/gif 74.125.68.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstQ2z7Oo1NmvAwLhYh6ggvrUH-nKXA7499OiaLT1gXHL_brOlR83xpoIA4LsPFsFPjG_IWQPZ1ZpqxVPGB47ZyY7d-NZ3dY7BQNSJsqS3Y_JdR1OWk4_5ySx-zYjnp9nN0YDNd1NX8QrtMYEKd1oBerm58GllB2PQz63L6eTWCaeU_IhN48658vneckRCwVWEnOKzNMMY9umQdNxPPe1i6y1ln-KovU0T0wl9xLMBdApXkhFnyqNj7ZmmA2KNieCogkMcFSf7YyWdWFnfUiYBOJ3vEKsKzflxGR56plx5XVB0m5z2a-8s-ZmbVwPEpIUzWZ0b5epVejUKSX3csAgg&sai=AMfl-YQp3xqJRI3fBjaLdgqCQ4eKtqgiLtWraRBH-52wVXTQHlWl0kqe-rj8L21QXaAZ4eE2_2H_9koDpBJkrITHV585-olyptk_J1SjfnN8vVW7iKeAIgsWHMWxPsEpSTW7HwpgeQxMBsIdz7o6i0ufDGY&sig=Cg0ArKJSzE830QsWcphVEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.68.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 outbrain.js Show response
widgets.outbrain.com/ Frame C85F 216 KB
75 KB 255ms
254ms Script
application/x-javascript 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1a7fc0d7449c8f1215c2aca3bfc30b1aa12ef6aa60600c4d185f6cc5b6b36e1b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:28 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 07:59:13 GMT
etag: "17-OhJ4TOSc8tFNgdatKFJEXXqs7uU"
vary: Accept-Encoding
edge-cache-tag: widget-cheetah
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET,POST
cache-control: max-age=14400
access-control-allow-credentials: false
x-traceid: bc89aa1c4c1b8a653b8d4e70b3172baf
timing-allow-origin: *, *
content-length: 76097

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C85F 153 KB
47 KB 1475ms
1475ms Script
text/javascript 142.251.10.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f156.1e100.net

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 23:55:26 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4BF1 640 B
391 B 449ms
448ms Document
text/html 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJeVmwEQk5vwvQMY2ff_2AEwAQ&v=APEucNUKC5wiUbkPAwC3kY4qs1MXuEaFDdNlPce-M4eHgz4yEqMgAKSLQxghGAptwk8RDxoSZ327xs1qf2IQ39t8Pja4V6NOHw

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:25 GMT
expires: Thu, 08 Dec 2022 23:55:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 86FC 76 KB
27 KB 311ms
310ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

def1424f4f259a4cf927fe1f7ea7ec24bdc2fc78edca55fdb593cc0c293dbec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27387
x-xss-protection: 0
server: cafe
etag: 15442950961169408521
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 23:55:25 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86FC 42 B
63 B 469ms
468ms Image
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AT6T1hdsSpWmkOt_i3wT-8fldofU7V-KOqqwe8oOyILL2--4jjgfFhV8CKtHbIAbporGf_SYoeRE-BHfkSSIjaJUCqAi0mwRrQdQQqGSbEGwkrCCI

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86FC 0
20 B 469ms
468ms Image
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17161241058957156004&x=1&ct=76

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 86FC 3 KB
1 KB 480ms
321ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 20:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12577
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 20:25:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 86FC 18 KB
7 KB 435ms
277ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 00:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 00:33:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 86FC 153 KB
47 KB 1257ms
1256ms Script
text/javascript 142.251.10.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f156.1e100.net

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 23:55:26 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AF97
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1&C=1

43 B
766 B

467ms
337ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYoPn2xQEwAQ&v=APEucNVf_jzBnPI-FDYvpZQjv9AL2Nqkj80q3DMP-9Ulc5VwUvTezYTy0YHirmT33UbP3fc7-XktSEcHqE6V2kyYaoHmVnyAPg
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:26 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AF97
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5J5bh-suFht0vCBkJ4N0AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1

43 B
766 B

352ms
352ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYoPn2xQEwAQ&v=APEucNVf_jzBnPI-FDYvpZQjv9AL2Nqkj80q3DMP-9Ulc5VwUvTezYTy0YHirmT33UbP3fc7-XktSEcHqE6V2kyYaoHmVnyAPg
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame AF97
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEt2Ky7icqS4C_WDneV1iAg&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEEt2Ky7icqS4C_WDneV1iAg%26google_cver%3D1

43 B
1 KB

275ms
275ms

Image
image/gif

104.254.151.60
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEEt2Ky7icqS4C_WDneV1iAg%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYoPn2xQEwAQ&v=APEucNVf_jzBnPI-FDYvpZQjv9AL2Nqkj80q3DMP-9Ulc5VwUvTezYTy0YHirmT33UbP3fc7-XktSEcHqE6V2kyYaoHmVnyAPg

Protocol

HTTP/1.1

Server

104.254.151.60 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

899.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:27 GMT
AN-X-Request-Uuid: dfaf85b9-2e64-4d91-921a-d28bb4525f3d
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 116.90.74.214; 116.90.74.214; 899.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:26 GMT
AN-X-Request-Uuid: cca2a036-d1ba-4a80-a447-a3eb5252e5d9
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEEt2Ky7icqS4C_WDneV1iAg%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 116.90.74.214; 116.90.74.214; 899.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame AF97
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTkzMzI2NDA2NTUwNjk5MDcyNQ%3D%3D

170 B
243 B

574ms
274ms

Image
image/png

142.251.12.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTkzMzI2NDA2NTUwNjk5MDcyNQ%3D%3D

Requested by

Protocol

Server

142.251.12.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:26 GMT
AN-X-Request-Uuid: ddc11309-61e9-4418-94cd-fe3cc4a02d97
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTkzMzI2NDA2NTUwNjk5MDcyNQ%3D%3D
Connection: keep-alive
X-Proxy-Origin: 116.90.74.214; 116.90.74.214; 899.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 36DC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1&C=1

43 B
766 B

406ms
351ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWEHBDW_uPeAhjAjf7ZATAB&v=APEucNUKbv5GtPxo4N2rfRDhcCzwK2Iw6tkaQ7qmXdTxxRv_Hx9PIAQb1Il4A4jPhkl5UGR3_jCb72PTM9tJr7SmimVibn9Xeg
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:26 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 36DC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5J5bsyJd9RGDBCxJH0rkgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1

43 B
766 B

352ms
351ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWEHBDW_uPeAhjAjf7ZATAB&v=APEucNUKbv5GtPxo4N2rfRDhcCzwK2Iw6tkaQ7qmXdTxxRv_Hx9PIAQb1Il4A4jPhkl5UGR3_jCb72PTM9tJr7SmimVibn9Xeg
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM27Vz-WLltwgvA2e2SD-oE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 36DC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEt2Ky7icqS4C_WDneV1iAg&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEEt2Ky7icqS4C_WDneV1iAg%26google_cver%3D1

43 B
1 KB

291ms
276ms

Image
image/gif

104.254.151.60
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEEt2Ky7icqS4C_WDneV1iAg%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWEHBDW_uPeAhjAjf7ZATAB&v=APEucNUKbv5GtPxo4N2rfRDhcCzwK2Iw6tkaQ7qmXdTxxRv_Hx9PIAQb1Il4A4jPhkl5UGR3_jCb72PTM9tJr7SmimVibn9Xeg

Protocol

HTTP/1.1

Server

104.254.151.60 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

899.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:26 GMT
AN-X-Request-Uuid: 1cfe09a8-2ed2-4c49-8758-045af0405e4f
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 116.90.74.214; 116.90.74.214; 899.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:26 GMT
AN-X-Request-Uuid: a95efd29-69ba-403c-bb87-90736d612ea4
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEEt2Ky7icqS4C_WDneV1iAg%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 116.90.74.214; 116.90.74.214; 899.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 36DC
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjY2NzAwNjMyMDg3MjQ2NDU3OQ%3D%3D

170 B
188 B

312ms
276ms

Image
image/png

142.251.12.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjY2NzAwNjMyMDg3MjQ2NDU3OQ%3D%3D

Requested by

Protocol

Server

142.251.12.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:26 GMT
AN-X-Request-Uuid: 354bdcdd-0e7c-49fb-9bd1-6e3949606661
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjY2NzAwNjMyMDg3MjQ2NDU3OQ%3D%3D
Connection: keep-alive
X-Proxy-Origin: 116.90.74.214; 116.90.74.214; 899.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 container.html Show response
78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F730 6 KB
3 KB 270ms
269ms Document
text/html 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:23 GMT
expires: Fri, 08 Dec 2023 23:55:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B80B 41 KB
15 KB 270ms
269ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ApSxJ5DGF9VvRnC6Tqo-IPAmgp-mA-zZX-Xj0ZdERVYMYdcddtUZzDVzOnpSybRx29Fgi3eGz9Jv3603rG5eEAoIu0rd1CALrAIHhPkBlgwuAqgE6Zy5QILOYFroQ_TENaTN2z4PdzdxQ3PBF7AfGEQPikHnS1eggujKGV_ng6Ac7BKiE&cry=1&dbm_d=AKAmf-BtI19qdVvk-KTQzTHpHjbymxcJIFLQFXbkQzeA4WKG85cEeH7AXEgHYOXs-A3vYxTbgLz6ekT3yGbIaGsd8CZyfckCPibEUPCjwfI3NpMhqQkGkS6DmUAjhWxBAeoaDz50LWRl9VuGp5MAJEkbFhaS5V9jIYpO85gZswIy6Xryo6uFU31oKxsTptMhLVGA7TRm1b0016X0RQmXWFYaQp0PcTkChTLSFTZn7QkPYrWVBt6p65oZ3zQwwbQkv0mVkuiil-Dx1LMT8WcWgd9m3WJirSEPxz53dvQb96GEdVFOFTJAa5QQMvJPeKHDUal5CYRlSEIJQp-_pILwc39xwp5cByPOOHMR75teXdN38zGPZmCtS1JEBbx3pnwgTj1M7_ctSRA4hDRoszwV_xyfqZZloetfXL_Oygzm8mEOpRkvS2W4t92f1jcdTxg0NARTXZIyVz9KVYGS2Z2pVwasHVd4TDK5SJtJufKUzCAXiMytfATP45CW0BNqUyRow4valoXO11VjFmIroiSiq5PcFchLi_9EVDsszfyh-IpvUgp6zGn3Czpo6qXYhxA5KmFMazqWv5G_iFrbvFuvlap9tqie9H85-BxXj6bXu6ypi4-jJrMPZnT54Fv96WJzMLiqAbJesGTwTiPjdmAXTWvjCSgBRgn1p3oIe-3ghknYIZrjpB10LEYu94aKO8DLkqzviCqbtly2p1ykV0wt5lEcx6IFklS_rOjc0MbnJjWppT8mC3LhwchLFxSHwOwmEjL20zzLtPNNSFHiJp2NkQ-xUtUD1mc2VUfOuDXIaf39GseFEpb1tDf5wkXZdNUmRKYANICNc9DQ0lr6sYgb1YBAoLiTCm6LgUChYSi1yL93gJ_XZj19v8J0PEeaUduqvvDbaQ07W07baiPXSMDU3-7IbJs7gdhRK2mWpzV_RKoFuY7uLs_fY_Ter0Ek1XB-Gd0grnUVHxfnUWOder3cLNxGljlSWx_HeCV29voTDspPAWQYzGISLb7T9mzW8auC5mHu0-A2UzitcynfNB_YrtBPAHm2-m6vUL8w2IMDOmdwdi6HVBn6yn2f7WlJYZTUwxZhUvQz9d56hPYmxVT0AVcj6IrGHbYzMZoaGo50tWEZ38I5gi9HT5BrFMAwvuel1nHodNDTzlOpCHmj4eLeJZxQcYjbYvnglTbmlR4-X_y3zCNMcRAV1TI9errhftrDbb-_VgYnwKz0dL2TaDLmFxl8q4nB2jlrHf-A5HuyklqwLMFTK7oCOJwX1LhGDzJbk39IT5K_I_45WRyMqX4BMhv8PvTsy0pGkpbKOtX2AcId0uHkk700oHYV-0ay52xTLsP4TWAwVME92GiEX3B7dABAelV3MbtTGtAX9YJtH2nCW4ImDEpBYm-R5YuPYJNRTuxWS_4tmdFjG-Vm2utA9VkdMOPS8xBljEaeSyy8-u-wPmAPCMqJbA4ra7EvjNa7UnPlJPBQiCSI24EO4ym6MfB2uRtf0fO0OVd_yNy0m3udg7sgqit0VsL9QTu3Mv5natSkznR9x37Fo9iSDuyKGOnpfgWRsznzLxqTcqe34DghBXWJWAgmvPZ1FbcA5nz-I-Ga18sVmsCDAsVAWdQGtxVzF6lkrEm5BDiKzCh1I3XEQQgZf-Sbf9-hSHwR5S1JIvHSUVgkKTLlDZB9ql0sWxfvml-BVXFLjly0gZpHkXInaFwB74eqkYFP840BxQXn-6JbJOs7Uit59UircKildoXucGTJdIgQsjw7f-rC-fx4laJSolHFQo6vq8I9wB6VgTihTUL-mVtdK2zHRab0NmDhH49Ac-6EQ5ROOfv1_64RaVSqqHKVrbUh1tiPHexBKELNxrQI5-aUC5INa0WHlawFvmdlwfmVhJQSBG-sRW_aO8EuGP17Env0hu-jZIuUcGYmHGp_1VUhd1Z5ofnkQXtzlryfX5Fjvnc4ITxA2ST5LbtnrYakMq_mFKGug_t9x2Yh0k2e7xapMqBdM3rq2Q_PEO4cpS5yAeEhIR7YBWD7hHUQAFZdvlVmmYrsiwv90PZKMLVMsmiS-wAq7JkHY4ZKyD-9pbMzNGtTCDedKoGMY59GBaycE1FYYE28-69CqT-N8VYGC4BVcKHtcqy8p01P3MC5uEU_At9fvo-YAZnJNOAPey2VSTQQ4znK-Nphu4W_hXqLbxY_yOZB4V3xBQkA9Qx54FzoZRQxxQwfLtSBCqrITlfpQ2P-1rGyevBbcLiXXa_jULvqWkyP0h1eZP-Z_7aG7Lyvl2seTXXrotmvpwolyCdTVSWyXkExIP9TZWHhkA9TU8lP_ft3BENohlINOqCFy4PsxRPKib0t0vCfJE4nJaPWpwOIVyM2H-tvZ0gN3KKHo2t_8HB2a_i6K8b4RC_1RdjD7TZXnPr0zKOzb6BiU6tFjjMuDwAOEN1W7jLu6HY9w74Vg1pXTi1X1NWASvFMFJDwVhMtwt5_RHvE4kM14jUjtdzFSjCCdb-U2a5nPZubLt2SbgulOOVKY_6Ys5S6M2q8bCY14MSKrXd4RqkJwwNknUqRg31vM15XJx6gpVQxzwoc0Dv26g0IWff4IIz3t7BZclThXb0qmG1ygiWse_Ze3hh_PeGEA-FiL-9nb4UPSkFKtPYqAXS9VdTKkI26IgXUgxYRGnygTKlSkNdfNvvJzHoqrH8DH_E4RJIOFmny14ufg0V3IX6KmTO7hOQv6yK146fad1FRsgmOWzsdLqBN3q5GO-3klsfuQL5D1KzewIQXjEylQmQhJ67KgMPpFFGjEThTifoZjI6My1R1JNneENCDxIuL9Uxl9JGcMYTNGnHl7s0_JpfZ5I2a1KEpy1ks8sRRtLrB_t1Pp4Zc3Yv0AeWIp9pkQ1mstSRvCsIJ1oSkIS3nm116pfCFgOmLsX8U8DqnByYBb0_FONu_PGl3gNBkoNlioNlDgfYErRmU4pDc81CHLyM2OBtuxZf2jSKwVM58Y-c21IgwX3lnqYBLVW5Ua5NBdsGU85Szg7a9agln75P81mrhEvr55jFvKr_NIpgnI0pBhLw5pIcnYc7yW2P6Bd08O4UqkYqcuDNZknOeev9lAzUhk-teXa9Ilb1xH0Bhu0qwfyjg9o-fcpTkeDPKPBy6q_z5tllg7plMsFdBfbfS6gSnTcF_IJ-jp-MX-3YKq8YoriaiRWz-suAJYMoJ0O8Y-5A-y-ZE8fP7H2FjO2JIY_TEXmKhCZnvclrdwAfwphJZHJwvBy7sWUdGUb5LUXj4aSBouWcH_iDLh1hOMMR9ntu2sG-pRE2m-ZSW6AINRhj6WI-uukoDVXO2czHzQt3qcfcQVyLSgqafO3k4UqNM-dJAchg_yZPF6Aq6eudpioA4D8Sbed8U_TZueF4piBzkPPO4d_sT5QfAca2jJZgjd5TdYw-K4pxsrRTTznQZI5awm8lpTNaMwtip2xAAMbgr2SQ4S6qCtG2EzU9-RmtMSXOGALwyGHfy7IlE8VUk1_dY2Uuo32tEzhIXAIPVzkXCfkH4pjUuPhCgJq9S6OYnIRyFrQyXcSJrIXBZi4SzuLj8n1UieLKu1UCtE_-FLqU_44XqvZRqD6RamXL_2LgLUIInX-qtIwsxr24u5TjnNc8GwM836eNnhscq6qVP4sSl-_fUos9EKx9OU6mTfmNpPVvk8Y1DlM19g2olQhEoyNisSQ3uhNCTWMWe3nPt4wklLdge-4jihzn1Asae&cid=CAQSTADq26N990xUvyJ38kIKjn5UoRT817w42jlvJbWVET_M5Brhso9-mVn5JWtq4cz_3GOeWPFm58JoGEGSQ7tlxGNobhkHQzO2Fk1OWiMYASAT&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 18:55:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 449971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Dec 2023 18:55:54 GMT

GET
H/1.1 200
OK dvbs_src_internal113.js Show response
cdn.doubleverify.com/ Frame B80B 59 KB
19 KB 263ms
262ms Script
application/javascript 23.52.171.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal113.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115843&plc=6403715&sid=18330&dvregion=0&unit=300x250&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0gjW6ZdAyqMrMiMU1tH7Uir&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=16645325641&DVP_DBM_4=415087776&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/ae55y2dx&DVP_PP_BUNDLE_ID=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.171.81 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-52-171-81.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: c2da1bde386dc1e71e6f0cf3ddcce6650ba703109c5194f52c991f48755ad806

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:25 GMT
Content-Encoding: gzip
Last-Modified: Sun, 30 Oct 2022 09:56:00 GMT
Server: Microsoft-IIS/10.0
ETag: "0b85bd045ecd81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19448

GET
H2 200 css
fonts.googleapis.com/ Frame ECFC 2 KB
635 B 574ms
273ms Stylesheet
text/css 74.125.24.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f95.1e100.net

Software

ESF /

Resource Hash

234b9bab83aa0c52e9e5192995427a2bc44876cf1a11545ed631f369b8dc6534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 23:55:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 08 Dec 2022 23:55:25 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2250 0
20 B 272ms
272ms Ping
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2201967942611&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2250 0
20 B 271ms
271ms Ping
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2201967942611&version=m202209210101&ct=76&x=1&cor=3410982535188684300

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2250 45 KB
19 KB 604ms
303ms Script
text/javascript 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DTDbWeZNfoEdquUDHAl45HxxJHQOx9C0t7p4wouaGTUDmP-yrq31k7B-lTtFk5D_35ddhq8pn3RLTkvqjitaT-Z_Rikg&cry=1&dbm_d=AKAmf-BFqYt0YRY9omrUwUMnzNMv-7iJ5UiJwd1NGHcIaL6BRDB2HnoUzK1vjoYl3ZPb9kAkJ3YQy_IH8ajcXduyoL5NbUMuLwhr3KvnXUsKWWi2N5dxu52OitoKmyT3AY7GfUXzY3g3FLBJHEVLLvcuFaT1czmh9iRO7eh5Qe7bNqHSkQPNqCU75dPkPi7f8ej43_Skxmq5SrckG76ogEjHehPjWzQX9i6pqJqGIwwy00L1AWT0YdI83AcRE1T9O1qH_1XytX7yy1bHoWf7wRGwXaSmEJzlUZU_B8d-pNn6vnxXnQQEWXxR0fuex46nKzkG21HQEjVzLZ7Chl2qCq-IZWas94Kkt5llFRmLANAPpWGmJ7IookrGGP1IQHCXst78bEgOCCkDrCd8hfQKd3JfXxRcWtr7M2fqpkFuo9hIvd99DW9WlqrQxb1K6I5ioEmykqPi4J4h6R1p4u9REr7Enh_1p-Z7jvE8yxhTfwC1mU2F_H9buQr7ws-66AfRlUezKiP0jYHFWC3lDOaFgtwCQq6cnPdupES3FvZ26J-uMWpRE1fnfnmc9DeywFEB6xnjEy9952AyhJPszPOzHRjeYXuhscFOIG-moaaJE_2NBrqYhZet3biDbqgNFDfHVWGT_f-9RK71l3L8tqZxOrBfpf5vmdHa-GUNJXqfQlKtsjX2UFsEoNMR2CkmjDc8BABMM-I42VTdfRUrtQxMC-dK2yEaLJUFTvFphk4cR4g6Cz3RH2MZuOaOZxqjgN6gkBM1XbH2g_6KGJd4yZBTM1KvQg4cniyh4D0n0x4DwAddX2bOy1LePKK7I4AIzCkKMUlkU2qdPxUhhLrb7JXfQvvWpzSg1vIP0BXEOJ_uheoNhOFu3YWePf4Ji5Re20-IkRUGxKyiMctj45xZD7rlxxRzfs4ZzP0D251ktoaPc68hGzwkF__00hUmj07fwCSvvzvt7aefExDvZiiLYo0vm0KaYRdU6FLp8SaFVScpu7_naI-obgCrVMoMtNtoY1vEOFNnhDjTAFCArQIOtCxyVf9k0EvEDhh7SHAWb9nq8zVsH5z19TDVG19iQmgwMmtlMHoOlb3j645RuB_8qqxFSMM4WuROF-7q-n0ic5bi6FzO9KJCD1gdrYC-_NQU24BS5Y71he4uJwRg2kqTDZxkCHKmEVYjCC695rvomkKOYnlpiNb2Ru4UaY16nMzrO9sJnI5KmsHhm37z_kjz1AUxpysTL_POCkzuzbbz657H78YeXyWHYeSFZH2nIOjL4-UE9qriCYFEddkM4H_EmgsUpY3WsoCas2zbrtn0ggIdYBWhtzLTD3yh-BS1YC5R07c_-oo-O3cy9NSgu6rN1H3nXi7gJOOgwb1iX4Krzwd1BNKfw9_D-RoYq8t63kEWTvXCJSI2C9Ms5-cYgVj02c3ill_FLBsnMVsEtf7f_8yc9nUFD2fJpgVJQc8ZOBm63AFt42P9W320MrLJKa7BMFQ_Imr1uPBDOWltvM82D6iwPFzx3EhYKJxTA-snPGe57vorVibYk9miYcs6OtQrTA_EZRpmn5a_gy4Z-lV5XO2a6D6ZypkMqRwVMpNazvctoeu1Qaf-Ul85ghGf-8losbVLAtOpqZHHS5IohyanZ9oO_gJ-C9li5gwST3Li3Y41T_JKNvJyz3m3fcPowNkIdor_onF2tHHKRfUsH7IFTLFxcCJKdfESYf484yht7YuqAJluEUWMADe7OUKOK6Ap6M8VV-YYgPjgT205DH8B8ZZ1DYuFX2a_4IKwlwFpLiH7TZmQ9XtQCIay8on09EmOfdz0T90hN7Zhs18hQE7loIjZXlqCdu-Th6EKlzU3GBw4-Fr-KtQqUpI5VogYRqd1B405K_ntzhYE-oVJa66MJgY6bXkE9Jh38P39pl5HZlJy3jfaPnYQMKP4C7Vpw_Aju0cJuZ-HVa-el_mGsZ_1g53OyS3Z9mEw4FMDmnEeJRzQSh0BJA-DffGs1cjVkiA5C9fi5uvXOdt8TiDur-fTEwRtMqan6GcY9ETFlmXiRBfH69g33Ckf4veGJMHboCnjGqZh08oF1RYlT_OB5mFoF98hpESA-JljtAtgsyx6cR2o2xodF8O06PZ8JA5bZ9UCKlHVhfQOPTSLj6vMQEsCGt1riHl5iI5sfJAbgOCy3372mzvG5P-lj40rDhdN-_tY9Ln8WwrqbmF6m1K5NuT_Wdj6TfT6b8LMZWZe_S8gL6C7h_-vKooeDSe2xvE2YKrZZRdqsYiGfyLFsSaB93v3RZCrgzfHwR3BS9lZ-E20KtUU52dm0ekw6TjhjYQLusZsOV5mK9tskeEiMTBYWowgDU9NSWDuqo80XPaiCkdhBHDIa-c-j94mDLfR-0lgwy6tgo9lGF5FS8OoUPbUveZalW6REhYcPSPNEN-PnhXVjZyf69NBbgDCU12AeWOqMH0Rvw2bH8qWHsJdFOq3qG1RH4977RNyie6ZSHsWx6JfnaXELV96-OBjoCvLwmpz1T6raY_naVOkgyvWU7Fdsbd9gOhPct6Hlb6pjXUjMkPlzwFYZUv6xpaWkz638MqcMrtTWyVDag8FedP1Q8y_2_hiV0bQkuuWh-NupB8neLWEIN8hCRjFWCIi24f83_cAYHYFUx0MimeHimJ7cWXx0P4UZQpKeGbFBBEiSVrATVmitRiFyGCUYKZjPAFVEw-18DPJeL9Kpv-shbtAJO_Q48UHB-Z-iEjcknf3qUPSexGkUBPliy675G-S5o9pSj95iqK1gxYOzfE2ibosDdRdl9oq3qZhhMi0KucNoRPwpzdMuDONK2l4TKAY1vLUGDT7yJJietj5nVRea4WSmXMi1T9-w1vmQQ7dpj90q9zLOzYK34muY8KoXbeDrZST6gjEZPw0DtjDfu7sJvZWrtUEkI_QW7ySENXasjG9LB2MNeMzmeZCMl-M1ZFqYDDIsA2S485XZNHMWx0k8qAE3yapslAvd_QsnEKFwHRcg-qWt7bR6FVBtKu-20LwPIbIZTcM1ci-m2_eHvFs45UvdOnfm5mjMZhfItvbPg6JJlQvCXPQdZzqORQ1patGzTRpBuoxApTG71Qx06O91G3wQfle9NYBppytWqWCBg-SmAtJPmBREcxZKO3VAfIYngqIgmBURJBCOoJ6AZc7Zx1BUJUOnqq6o_SBbPuyOvDx4oVCs_Cf6jXjOK5JV1FR29DLIG5bbK2FUEWi0TaO0q98QfgpkrhSjgAgI_gvpXBxINT8puKCYXA9RdJ9F6_6WT14riHUU12lRDwKCzZ3G0vCnO_LqFt6m-jpVGiEXMDGVdETvZp-J4td_H9uplPtx9xGA3GX7IZgXziU7VIZkrSacfkYDFyxWHGCD6RPGpyDKqaXYQbvynadWUvdKpLlZMALiOIw8T99IEGBgZmhhT9t14ndRA&cid=CAQSSwDq26N9w3BOW5QJDuLs8300_d7O7Zh6lPduqwi5xatfSYlWIBfw_pVBwOBrQJwW3tAunxfAx8z-wEAZ7YwJSYoz1Q8nZ6bbWhFsRBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=3410982535188684300&adk=3047537735&idt=694&cac=0&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

cafe /

Resource Hash

dc30b5b9240b7386a1a099c1fb5d0839e30d1fab3fa12ef2c1cb69d6d54a6ed6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19843
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame F2A3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

283ms
283ms

Image
text/html

142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H3
Server: 142.250.4.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sm-in-f156.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Thu, 08 Dec 2022 23:55:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 4BF1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIjHmj3CcaIrOapUYhF4oQE&google_cver=1

43 B
61 B

417ms
295ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIjHmj3CcaIrOapUYhF4oQE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJeVmwEQk5vwvQMY2ff_2AEwAQ&v=APEucNUKC5wiUbkPAwC3kY4qs1MXuEaFDdNlPce-M4eHgz4yEqMgAKSLQxghGAptwk8RDxoSZ327xs1qf2IQ39t8Pja4V6NOHw
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIjHmj3CcaIrOapUYhF4oQE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4BF1
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmM4ZGJiZmEtMGFkYS0yZDhiLWViNTgtYTViYWRhNzQyOWE1

170 B
188 B

525ms
277ms

Image
image/png

142.251.12.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmM4ZGJiZmEtMGFkYS0yZDhiLWViNTgtYTViYWRhNzQyOWE1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJeVmwEQk5vwvQMY2ff_2AEwAQ&v=APEucNUKC5wiUbkPAwC3kY4qs1MXuEaFDdNlPce-M4eHgz4yEqMgAKSLQxghGAptwk8RDxoSZ327xs1qf2IQ39t8Pja4V6NOHw

Protocol

Server

142.251.12.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 08 Dec 2022 23:55:26 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmM4ZGJiZmEtMGFkYS0yZDhiLWViNTgtYTViYWRhNzQyOWE1
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

um
sync.teads.tv/ Frame 4BF1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEIAdxpVFmxs-p9G7hrY2nAk&google_cver=1

23 B
287 B

501ms
320ms

Image
image/gif

184.26.20.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEIAdxpVFmxs-p9G7hrY2nAk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJeVmwEQk5vwvQMY2ff_2AEwAQ&v=APEucNUKC5wiUbkPAwC3kY4qs1MXuEaFDdNlPce-M4eHgz4yEqMgAKSLQxghGAptwk8RDxoSZ327xs1qf2IQ39t8Pja4V6NOHw
Protocol: H2
Server: 184.26.20.55 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-26-20-55.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Thu, 08 Dec 2022 23:55:26 GMT
pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEIAdxpVFmxs-p9G7hrY2nAk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4BF1
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZTgxM2ViOTItOWExYS00MGM3LTkzMmQtZmFlMjczNDg5NDUz

170 B
188 B

376ms
273ms

Image
image/png

142.251.12.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZTgxM2ViOTItOWExYS00MGM3LTkzMmQtZmFlMjczNDg5NDUz

Requested by

Protocol

Server

142.251.12.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
server: akka-http/10.2.9
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZTgxM2ViOTItOWExYS00MGM3LTkzMmQtZmFlMjczNDg5NDUz
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Thu, 08 Dec 2022 23:55:26 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86FC 0
20 B 272ms
272ms Ping
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6308050731741&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86FC 0
20 B 271ms
271ms Ping
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6308050731741&version=m202209210101&ct=76&x=1&cor=17161241058957156000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 86FC 72 KB
34 KB 611ms
310ms Script
text/javascript 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CfBFN9fr8_11O2SCBaCEg6-G2KjEikpQQuandlaJelsdZnqR_eqzoVHXDaZJS2i2JYLAr0adCzO43Qqlk849vkJUpPNA&cry=1&dbm_d=AKAmf-CCZx_xLko3Sf58sKGEoll_V3_X0R0WK3nu__5B2zcd3zLsLEd6Qrzn77Y0PlzRB37iQhGvwIM1mwY17D7BV9I7W_hGOjH6ppNhVWkjJEPsOsRfmSavccbgzi6QzwsoT05mgDTTHHbJZUzUIF8yZEdw163AY9Rgx5u7kLnoDbHyL45F73058BPKzQLa7IlZKwSQJ7Y4IeVlp07a1aUERAiL8p7ypubJgtxqrlPfkms_1VBQqgvjdOh494sDG507N168UrnplzwebPGQ7j-4eEExQQNseeWLW633y4lxRPRPTjTpt6X1cd2UgvbjmjFFK2o9Tw1rowei4pxPHxfqu_7G3pwrb9mAyufKOYASRrUYHDqlVbVe8tach5H3LUxKCItCgAdmMKLxlel9wIPMDs3xvUEjWhfvtJfegP94EwmhO7A5IcG7930pu3JYowbXbPzWuA7y_R1-31RzOOUDakTyOc_J8NYVZVnVhWzQXPAK69pITy3J1OFWsFkzwhETZCDPu86IyQFZm6d_-9h6n5FLxIDZxbEe5kAvRaNo1nVdOpfSi2lOQQJ1PCtbIpzonmG-DVJTjzp3ZfxD0jRXZuUNAfQv39X4-scG4EI5CPDRspxDHMC6hZ8J7Vwz0SY9p0vapzgeWQB0hfXSk9fVOJXWIfThW44lXVQcZoOyODVKaMx0xok7KBZekxvBOpdiVi2oCKsgN8Vv_wyHkb1Vo5nrnQgkrbq_P_Rl26wQgns4ef539aVoDfnpYR7MIRggl_EXemVrL2htUHJsEQ_sI52at5YLtf-etqCLRGsTg-ViVhZhNSxz071UmeNCbTd9tZzh8sZs5eNEUgIAyNnNHdkzSDkWitZACPnI8K1fp022PUoL1XK0yf2Nfvz8sbdCv71bQ76wtK60680bBis89Y9LhhLGc38YbdKq3JLARNpdEyyIv1CDRP3uZMwKXTiccgV9oqLCw6RTaAMO-j99LtVRVwoc1IxxAjOHB6-28gtlR3JiPeYNBdYVN8XBIZQ73O24nsXSGfwaV7cee4GFXZ7jz_WrcuPoPvoEBy4fGhXI-bF-iX9kiZF_GlTOYFCLENlsLgroqnDRrq0dXe1FMbbO_nUbcBSJ6u3FqsgGssaHydtRCgs-RKBOPPab9-HzoMjHELpvNWXfsjW5WpY4FeOOevhC-6H0x6Jlo-tWb8xJkArZlenpZe2uovjelR7_2QPuOIpMVTysjF68IsvjEMlwhtO5Cg1jxojlfGjMHmrmuDF94eZnBwBNg5heEbCzTDQ2tLGGsOHZg1OG2XodoJXd1ZvJqpLMiTuG_CAe_r8anurFnImsqx89OmdEN6YyYsIoNSLTKQVxRuJw1BX-wsa9RZPJUftjLbzNCkoLr_sKh7vfBy83e2J5y2sqBPkDzXiBJDST17CqE34-yTCfXq8uXV23oEC5i2FF40J9MMlXMvekC-4EMvIA-Z0EgMaEnTzGmpzbpf6M3w1RRxG8WqHZ6XxtDYuA8Jy_MZnvPb2Dfjdn9Mv5EEc_GpnoPwSlYsZB0ybUTvNDiQR_zc94zUNFJhB79ELq5OfI2zAA_wK3zOq7fMcgjU29gSDeStlDbTOI6JTGbRv1dJljtnxnKLknza_d4Mngn74doI078SKAdl15fVkFz-549hqB_LVpi_8uJmCtGXdi6VzNcy1kews8FP41RuikRTS3eyb6l2XvHZzflmeUSLUuayeZ_1NB5tmMIMkz8yJyDLQb6V9pyFkU0qBTaFo8aIynVuTxzTnfH9dsT7Trs3m9Z1eN75uomdNpebQgRKKztbK0OYo8mXyCg2oFI0TOS0SLSiWbdw27WFI_TI4eGw3RzRlM48JiNv8pwLpijAILQ00mIU7_Co9zf40c2yFPWZ_dNj2y9EkVnsE2IR9amnjweiJlZk-bQVdCMHB8Vo-5xHpM7t6RYKIjsP4r3OODtnbDIS5k3Zo10u2ZIdLd7LLpn9X8ORTAdCJDi6AyRHvxf7MmFp27cOhBqX6EZsiTyu19mrS8eoHmRydIHWDOiY6m-xbiIhMfHqIfAGw6hCjrF7CdvkvCae2FsR7gHMQN-CGxEzrSMeiwu9-fTw7e7db6XabRsIAQoSNBKpHxY7ADtcfRtMFfOGnolfTC29AdwqhK18e-4rCjWuuUw6TaHcUOganCaydUPQkLFGi6qaUbyLxdmdAvMf3-Z1yc3l9GyomUDsEtZYKN8ZIX2W1gF3bRnK7ZQ3i8_w2hAsV1WzeFM4ePe9xBzAnh2u4bogNyT6vDhzqskmeJ0lHhZ7YIxthHNaVkl_1uTdOdCB0JC_VrijBbyOds0shGMLLX8gXtmEJ8iFdJI08L3UBCzGA-gxh3f9UkFrE0HmTqaeymuHWLmwTGBudLBOquieYwp0q-38LMtSu1v2o7bkTZ7-nAw7akEY4zA_LRzEo7eJVRf9DYMoj12hgdXKIhILsM6kX0oEwzCLb3avE4pPIvrjzWuO-DSLg8oI6tYtcIZan5LF4SXq4w7ReWcDbsqJPrVzqeyAPJdgdrsyAdWf_H2Tka1YDS-9R56cnl3Iojc0TauXhDEtBI_nVdZhcxEnpq4hf4ihx1yBT3_O8AM1pQRFrI31s7Tc9T5rgfE-hTRQC_s1Fxcpai8RMhMzKuM00sNQY65ML3sfIDUWqaGyoajXFV4gKBdl4GdX0nSUhMrInb81BuvQgzzWiyI-oaBFnABCPCZRy5HJgN6IOVyLiTvdauUATPPk7h0IQrP0nnkTjguVVRYgazOLI7M_JJlM_8kDpP6-Yw38bXwICPcLPrmYuXPYOo2zu_00w8oa_l-29sM0wmZSTcMrCzgzM0pZUZx49iVh6a45JAnIolmVeesn9mpyHh-tYdoY7L2tQBBF5Rq_JCHf2ShA19B_AMhSHkx5rCW35zgJHDmRifRhAIJ_cMGCYoAOOPXoQ--lFFrVjNx01jSf1EClDvFK869M-nBqqS8d55JMgWrqsIrjHgEjewlIBOdhpsGORy6DZS-NIdqXbX6XC3-ezSs_JOZGzhqPlzE6EiiKZI9GOKOXZ1E29TTne9MxhmpPo0EBbqdjnIWvN3AxecTSy6WMo1VgeEjxio0MbW_ShoFUbxC7U8tP06Cj2dsLIWFbPvpzeXC6REoL0fLTJPpnPJ_RUDc99EdPqkQavWyYEjPFq8jVqi5m-KTdpT8gzdWD6jElVbzGpr-l3uLhYqtdPOc5ikPKodVvS8RWJNhkuFBj2nNA9otD4uYY1uuDYrC1fBd8CcdrYHDSAVInKRyiRmC1KZekQP35vYDzV7jgHzS0d8szvuXitxHpj2789XFmKW-C7Ufp5ULxP98NNTO89zIX5k3uOsJ6dh-eN4HnAJWTpIzi5sA7hdNS14-ATfaxtuGW_3s8gU&cid=CAQSSwDq26N9umSZbRBwU6-yQlOuiTLxvr5-WZ31Refm4I08H_iwywdKUVU6obLUXs_aH6aHZwhfUK8iyoJAUead0txGvMtlUGnhHM4YdRgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=17161241058957156000&adk=2857193498&idt=470&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

cafe /

Resource Hash

8072b9ebd73abea5647392ec9a7012a60e6a2d26607fcd2e4dcb7f421850f998

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34832
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EDC7 482 B
260 B 585ms
282ms Document
text/html 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COXuopICENGjts4CGO-67bEBMAE&v=APEucNWh8tMf7PDlvvlWs4Xiqi7m7gxm05XJQotiifupfXRn9N9ExCGmz6hTSTDDumkej1Y8IKVI-kf0Y-zPWad-C0aojCyTjA

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

cafe /

Resource Hash

7599e0a5ce1ba2a12f036e998e19e60b6e982178e4363d4630ab3a91ca73bf62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 193
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F730 76 KB
27 KB 277ms
277ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

def1424f4f259a4cf927fe1f7ea7ec24bdc2fc78edca55fdb593cc0c293dbec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27387
x-xss-protection: 0
server: cafe
etag: 15442950961169408521
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 23:55:25 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F730 42 B
63 B 273ms
272ms Image
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BXHjigN-l3R88GqopFgXoFZzWeo4NMuWzYTqSGVBYZCdASTSJaJdn7BPDpsaMm-mCe3-kHg7B4ZAaIgo0eUZAEgNxjoJdVgnOVDQd6CBgijEdpMTY

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F730 0
20 B 273ms
272ms Image
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7767304888226883407&x=1&ct=77

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame F730 3 KB
1 KB 270ms
269ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 20:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12577
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 20:25:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame F730 18 KB
7 KB 278ms
277ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 00:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 00:33:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F730 153 KB
47 KB 979ms
978ms Script
text/javascript 142.251.10.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f156.1e100.net

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 23:55:26 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame F730 23 KB
9 KB 323ms
322ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 20:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12577
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 20:25:48 GMT

GET
H3 200 container.html Show response
78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 86A2 6 KB
3 KB 270ms
269ms Document
text/html 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js?cb=31071221

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:23 GMT
expires: Fri, 08 Dec 2023 23:55:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame B80B 1 KB
902 B 1244ms
240ms Script
text/javascript 34.149.43.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_170406142037&jsTagObjCallback=__tagObject_callback_170406142037&num=6&ctx=1828362&cmp=115843&plc=6403715&sid=18330&advid=&adsrv=&unit=300x250&isdvvid=&uid=170406142037&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.40&dvpx_strhd=0.40&brid=3&brver=89&bridua=3&dup=null&turl=https://pastelink.net/ae55y2dx&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0gjW6ZdAyqMrMiMU1tH7Uir&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=16645325641&DVP_DBM_4=415087776&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=4&fcifrms=11&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=161&eparams=DC4FC%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETar9EEADTbpTauTaufgebdacc3cd4dh5fafg74f57d2aa4257%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETau26ddJa5I&dvp_exetime=5.80&callbackName=__verify_callback_170406142037
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal113.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.43.113 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 113.43.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 8d024a9be2e323b01e184c756658cd940451bb0f684ae2b2e107bec8a0136401

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:26 GMT
Content-Encoding: br
X-DV-Response: 1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: close
Expires: 12/07/2022 23:55:26

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4833 22 KB
8 KB 270ms
269ms Document
text/html 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 138229
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 09:31:36 GMT
expires: Thu, 07 Dec 2023 09:31:36 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 all
csm.as.criteo.net/ Frame ECFC 0
127 B 236ms
236ms Ping
text/plain 182.161.73.142
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.142 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.as.criteo.com/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 08 Dec 2022 23:55:25 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 58D7 482 B
213 B 393ms
283ms Document
text/html 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNaBw4cEEM-GhI4EGKTS19oBMAE&v=APEucNW98qK_iEnXBc_DJJCDHBUWjnh--qq9DwqDXkgD8ICmN2MEYDoxFrbl-CUwfvFGFw9t9any3DTozqIuELkoqppmmxS3cQ

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

cafe /

Resource Hash

7599e0a5ce1ba2a12f036e998e19e60b6e982178e4363d4630ab3a91ca73bf62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 193
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 86A2 80 KB
34 KB 421ms
312ms Script
text/javascript 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AY93MZVf0oWjeAis2LS7MPajBpvDDJ1TPXzVFz_BaA_-KapvVFGeGqmpTVBblg0XIhedL1JnNE7WVg8axIyG-8DnCoBg&cry=1&dbm_d=AKAmf-AKc-es_GSIHqwKMw2hzdZJbTMcSHC9F5JnzPXl_N7f2-EjZ0gtJ5ouLROWP8UaTeTiCcZYnX0vLru-_2794ZugPCHZmTN3HMOtBwzoXurcZ0gNyTQox-5GRwBWkMqiQJJp7kWX6AHhxU4Ttr05Vs2xKb7-Mqfx4l8n0Z4BU-EzY8MUYxWAjr18j_z5yBk7TOGwDoL1AT3KNCUqjBcC0r2oIv_3n8WOfZnI3OeC8EZJSJmRd_qpQrBfrRUZJTcszNpVjjjIkl90VqH7CrBGTl4nCm-FO5AFage-_DLs-gCdOSevBYnlx8-eHjJQbiN5sdiX-5whDTqpLq7MVBewZi6eRl-6jE4wjHAz8rUmROpLlr1H4QQkd8smYAKr-wU58V3UGlDgf2zGP8WVgmQBrYw2DzvMUUAkeFMhHi0oWz9lEiLMVk-l6gmRm6-gmBsTAoVdt-1NHlgBjTMVEGsWjAysOoBkiwRV9NhBguR87Pxn457EGWgl2Ew0rOaBNrpZSrGJkHW0nXotKMttbrkwo52HNnoNcjQfwWYngsU7Jd3YztvilcsjP9aMYHWrT0yjcTk6vAyh5nce7RvAdGlAPhUn8BP7A6nvq-1ADP9d0qtq6812ODl0ftWBGW6625uNIDpN2YPod2COLuP5KW39SO8rrFX2p-0RnnJdvRghXpppVKODz71iAErDd2YTCFayT3BNgzJJBpPjn-Me9Aci__BYmI7O5vtWYgwlKrEsPotD8MbXDudPyNsP7BRSUv_JM49xC8epoGCs07QpXF1gPPhnJk69E_NE-B9TcsHRGGqkNK8pTbr6DRF-jQ0YVOAst3ziQnMNkc0DtaUYKzSJr5ObcnZjqfrdgqNaCOQ_B4-yfuPXVP91P8JwwS2oEoEZh3QnWAblge9G_NeuWqnt4YDRZEqulay5p2oNn8PM827hmjvJbsT-UKQ4b3h4bKVLhpv62XtUygtixGuohBaI_IKpyyyZMvDW5OuipBItnMM87FRH8LvZgciQ5ZXnK0slPs6OHsYnA89ecWt7MHrqIiqzZ5M4GullwntXgBjXL-I91W4pVI9WwyC5MUBjkCHHA1Kcels5t4bqB7ghOhDcJM_VddGwa5BLNXlerUaGeBg9J6HONTPt5Rr_kiGiJcaEjLQCqWQX6dq52rYkWmJOdm-yPNeKC2Jw93zImJJApyAEZnKStZmPB3uuC6CDdWSOIwevpwgrX2hBUOrvVfUHbF3b7ffZgtAAy72IBR9oC-LWPDuP2I3hvdjaB2AaTGWamXsvVorvV7We5B-KT-PYM9m_F7k4XCPEwaxvqFR4oEF1RBv2EGPfzCfh5-IrUTypuuQ4uwgLXzijhhr3_4ioJb8ywSR9BumWDPqXRqEk4wQu5ievvY9zerEwjpdMWTqWHniB0IUKOFE-y1xAXR-CBPEmX10zqx2FACyjotfz4F7tUeXfroiDrBzpZmM6LqmCxTVbEqYGCKYFd1Dz4ylfC3g6IqEpeE_0NtOiuBx_MSnqdDHj1KosJrx3SUDfDHEdS7oil0hP0t39qOoo2wOVKGjPpHyd6lHFc87fayVYZ4eivt79wKszTmiF-jwNPUGpssdJeON07y93jvas8MJnqllWbogKLqPPvopk5zhyTOPAO1xjggh7-mDCgpyN6T1Kd1VUoon1Y0iYcac_znu7MRo1w-Zb1pKuUzZ2sOQnc3UGQd3t7-aeZzijrAwuqn3Y19Jw43Bcvrw-oEzrJ1YuDsRj1NqfEoSraf-QAsLjxjMe_6TOJtV_79lw4avQ-ZpDiGHmJghlpgiEtyw2jDBlDtkA6BUD-zxIMCgssdDjus3fxikklf0sxUYZgdg9JQliAra6Ml1PuWX8iQh8TxyXFdlDHWViGaYfxNGsO8tMiCGD0188_7c3fy9mIKKlhKav71fljKYKaGN2HFd8OVfkFWxjGngQ2NbF0duCdGdcQvQAT_eMPq5h9TV5ilpNFwHBVn3uHsBPH2fa97xaB9nM_gRz1Ed-kZ_EYVzyHHO3HNIZQga2v0h3mIBOlbn0CzctID2Tprl4kfAYXEh5uc8TOxG0xCOQpTVjxEzmMKpvnQK-Xa39toS4xsdUXTklF1lezJGFp7jVvSCv6wWq22XPMWkroN7cGV6qGce9yJkhBZVtAWfbDD1mp8QnJvYu50LPvo7edPJKDHEcpcRUJ5M1CGY78jqbRSe6MB0_Bq_2QQkdS7z1rpUNpv4gVcdWnVOk5HVWumYTg1NzlDcCgBCBPZnZ6A6QInvrkGhMv1P3MntDOgeRbAAaCWLRYVsSQ61llfxP_z8wGhuGv3_BLFfRJxFGv8YVvZhecs2FeENidh3LTvy4drnvXcbU8ezw_QQF-GoBUnvaVkO9vK2oKKObPV9s8N29FxfeM1xK61200bV5iiFPBJ6dIy6vd1Ww_MYBD4JbJVgemFfCwsNIZZsTwsBb4EokoHfAr2qA50oM80Syjq4ivsnQ_Vud_U5yQdBCmJld5fvRSZd5FjjzcHDLG9fI-pbM_sSRZnctPAkYIzUcCJDs_kBnRXNx9ljG0ERSs7sRGzreYtw1-XiDg0l4v4xoo7JjEc8WHwWQ3ahkyPtb83CxR889Xsmh1mp5Dqzdc1c2JrgqDZlWFmAhpVmZIyRpnhrxZxGekacP3ow3SYXuiZi3yEUOq7SmpqWD1yIWxUQxST4AJtO94zjul-a8dLX3OT9Vf1OpxvJyfdi_Ku5TmTJ6TQxTbZJgmMUkw57kYet_ZWP58ro5GwXuMAmHWHYLsDQJ8HjKjdSRv9rdjiWZGnfYPMi68dWjf2pMvWMsEiTkRjfPEoXofJwFvuBKYp0GAIqinzN8iqNQzhvKtETB_Hzyq7dI9iUmKUYdMDL8a4sZC27Mquoxz-WBzE-7uENKOJXisVh6QZvxdzSs5dxlmAFK-IIHcCcmR6oozW8LIKAYNyCGtKJCzpGTgXPgvQIXy2KFNS13a2UIrGsrsx3q_gXi3BoO8CRcZHa7HcEI1Tf8bhKL2jBcXBF2wLabjPf4H2KHJBxCxsXCYylym33fSlIKpH_8Ml1dodwUdLWldyAjosy96uAu7wwD5kYXTJLJy2clX7YUfw3qAN_ILdXDcPvS6p75ZZba3v03FdIV__nnQDEWJoSAp_8MazcZ4ZZRQoa_Os2wyG_Omwi8unYifJcUSf8p0V674vSrokXuUf_DYj4DTBGXpcHT74JVyA3TwqNW_trecRTfKlhUnDMOlJB5zY_2kJwikZ9j4dYTrOsWgGuJUInRd3siUFqKNoNII3ERyOFJqSDzVE8ThsFiL1X18E2E7HotX4ZdB3akZjXPYo5HL6N7Wpqq-9i0fybC9knJHbM94LHPOBsQMjKhyFU2rej9XbPl8Y441UC-f8c70BHQFRRpyXULZlPMqX4p4TfgAXI25TTtv_vVXgm0dIsBx-jljeMEHVDi83GV8jPPWWWvsNoujt60pZlCcEhvhZKraCx6Fc-tdP7R-ukIjD1kfXk&cid=CAQSTADq26N9e_rVLPE1nYNRqnSX7CFfojtYDPdP2oR2tWpiO2Mne0tXxadiJqe0ojXQEMdBDeLTJAnTzVSvGkwvZheuycjasytVQaCEZ1sYASAT&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

cafe /

Resource Hash

a3fea1f1d985b2d7aa994aeed04eb4b7046e46760b33dee0786a0b2ac3df1235

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34572
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86A2 42 B
63 B 274ms
273ms Image
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CX450FKoXKw5LW7NQymcwNQYMRDNbn_05MSXBo4W73IoXcAjhIhVWkrAIosZ1rhAz2DzlFKb7BcGCWlAmLHLR2cudxAwqoEQL0HZPiLyNj9XMLLgI

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 86A2 3 KB
1 KB 272ms
271ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 20:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 20:25:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 86A2 18 KB
7 KB 313ms
312ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 00:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 00:33:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 86A2 153 KB
47 KB 796ms
795ms Script
text/javascript 142.251.10.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f156.1e100.net

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 23:55:26 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 86A2 23 KB
9 KB 276ms
275ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 20:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 20:25:48 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 387A 42 B
174 B 573ms
272ms Fetch
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstwamCjIhMGDSmshAFVn1ky7_DpISUF03yJ5oFzPSa26wBnK9rXgPNiVaE7cAGZqGvrEAnhlXNaRxf3k9ySQALG00ts&sig=Cg0ArKJSzH0aL70xI9LpEAE&id=lidar2&mcvt=1002&p=751,513,1001,813&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3770940712&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670543723395&rpt=1612&isd=0&lsd=0&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F730 0
20 B 272ms
271ms Ping
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2964824247944&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F730 0
20 B 272ms
272ms Ping
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2964824247944&version=m202209210101&ct=77&x=1&cor=7767304888226884000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F730 15 KB
11 KB 499ms
416ms Script
text/javascript 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CaC6-9R8eCt1zxywIbT0dhHPvfeOjCbRi4GORDs0elOkSrS9CiHmSSp3cl80VF9YN1oZZEbooqBL2iunzdlUDurVwuagM2-fwPdrZ_G1AgAGyuhfJATMeEgCb9v6pDwn2-z45TOKQQVUmI4f6gQywXS8aYfG9-fEFMi9qu744VoHdEybs&cry=1&dbm_d=AKAmf-CH9cmwqUSyqjp-8TXlOJ3EJCArxXagzBVw21c-jx5_biZPbOH_Pt0PrV-TpQ0ou-8YWujfDah22QtfjNQlCvo-MtZ7F9jm5D7U31SHshPtzlo36NbsIY9f4eeUYqCFxarFtzgWAsvPojosf_HS0Dg3OBlnh6Do81pZu_Oi_VVSNQJgASgPqI0CJW0cwcEgMy89yCZYEPdjBD8DOVtAjOd9WwQlYx1j5mthGOHAWOUTRNm_dbaqCt5YbhcmknZrzVfPPj2jLb6N7UaGy4M6xdSb-setXX0PwiXq9O1XDxOUob5LKzuaZZ5UD3kjYaKfjySC9gSt-DJeZ2m9kw8x2FH1dnFF-JZdzZnQXbzPchQrBhIx4gFvN2KvWYc-LYvtxn-AG8Psg-7FCfeOBoc89H9MUTkH5mSBcr6iOHxtGVY2-XvqyDwsk0fs6xUTpX2N4Kz1Bg_NlGLmmib6zVC3mbA94IpqnY7D78M5U3ou9iFB3PL60mtrvb_RbBb0FkspQyHI7R54yTyEOd9HSm1pXXDQAPK1hamA9eJ1JcLsXu4_dTLRJqDHooaIa82QG0z7l1IXWzh-vanNpDiUZurv4ZXNi-A8NMSv1w_op6sHOY5929nVoGYO4XjkxrG_vZ4FOkUDDppobIxJWiiXgH9EGHsddPBGgeA-Yc_OBTnFgB2dA_d40oW-fsCjRJQ0xxaSMZ5CQmWcwtxSFobpqtFU8ZvAZigdsuNUDw4u4vTFprUlISgA5rDfEqYxe0izp694-gF6bnOQQiSpW9aC5_z_I8kZ3EB8HduLNiMp0C5Esk5ENXClzCWx4YlONCH3sTrBVb2JQU8KIwpEo02KWH3aAhzAeefABFJnuJWuMU4uvoGxmefCOLIYk0izX2Hc95bpPBCKevaG-lShVLHfU4lwnQTkeEnjvYEpJebYJP85HiAKH1iazXKlP9mHV8Rzt4q3nU3w0hjhgsxt5Hb-kjYRCt5r-bUuXDzZ9dMkpm2QsOQKXnoo-06eZv6UgRcQI1uhko8-HnKvMOjP5RoBBtso0he-Z6AyVzyRa_9jUFh9psoJbWgAUVbimfo3AIrccBOCPGNxHnuwGLMpotBySmgFVrCnlQP8Qa00DQNcEQnvRk6nKi2nxPRcypV41qiD4Q8ISWTzNlrScNfpLLh6QBsb3NXAqUZxyo1g1Dp-DKjdfxGpXEGdWqLPYFWmvHNrUXHBTElj-R03JJtyc7QBNOPJ8yvtS8J5kGgczqgxjjNLHZLOVr1oBPTB-rNIIMZbB-RnN22MpscCJy0HgkqqSt82CrEL7Zs_yudR2zY-1gk75BgZFel2RjM5NwudhURMQHSQtNEsJD3LeWiSGdCa_PVk5i_v-Z3Hc4485rlXon6b8Xb_fc5WLUPHZRqF9yY9NOIx9LChKiVXqlLnfB1PYLq6QoTBN_CobWt4XWkAlwCLqHu5c8YZAe05stE1kaKGqhZWIMU_BF4p9FN52PB_ha7FIBSqmELDh0Ak03KjgxMAw7Igf2O-YQZMYjkFqThdYk7RMsfo8aguf4B9CkeY8BY8YmrhDe4itiDajjn2WdOr-SV6hJtXtIIQDL9qbAtLDc5KDiUD0NJwTqjBabxK7Q70jHps348aR-RKB5CGvtMeTI68BX1gzPnX-fxGLQl5hYIT8T02aPdwE5oRAdPfGECFZemJSLfmJ4LodRuTtlRc4C4laF_lXcn86VENL6D0MEDQhrq7muY14vnb5pj9D-VJI5fsv4J0WndlzLH2BUifiz30oP1N9MzJonYV-thh1lrtRFUtHXKbOt0bL5m7wINXsb7f6KDacdXMcNtRUuJN4rnNsX0Gz6IcIbV77WcYSLkS9SoxRZUvMsTF2yNFC8E52wMac0XZR-0B5jr2g2-7YxPV2lBDtoWMVRlQUoRpTC71NxHz5-8SeLr4eIgJ8KoFBmWhqcDZ15zJHA6euAO1p5Nqu8JNYBBukOwF9YLx1y5L1GhSe2vpKpF4NZpIp6luzFzh85wJNafwo08GO_c_RYM7lfkEMzTNGlcJR1B66dDT1gteGWb0xyPHp8P6sDaF1YyrKP2SOOHOxcpyXDtq6ZJqo3bjSiDs86zucIjIeuk2GdFT7Nu2zxw8zs0RyIrG2rzmmjQXVPsUBY_G8HjuJmgtXqgyQ94s16SdzZ8WnU-Yd9mui229AWH7RinB0XXBd63eG8JjKdhQbxhUAseE4ttPbChGrvYMb53SV3Voy4MTcdg9M-suVVQKoOawYuX7eLmZCDuqCrRvRN9kg5eXXjXEbzS5HDHLBR2WSjxQGRY7RveqUeBlf4hz0FrEBapNDuKj7rb3LemAPyFuZ0adCybLzc3LmV2Iw872M-LqdWrPi3I_uVuXh9zdl7JPAsk6mI5myza75i4BCLgoo475E49Efjy0_psPcvJt016ov1PvKWMHLr4mH4yLNiR5hMvFBGV72SYbAApUUNgfe08UAGT3sko9zFV66iHmoy6WmxYFexVLpEzhv1v-FWKlMZNE_fVy-e4En05Yn0p65m1_Uum-ZRSmTBtA-c2yTWRezr7sWBjUuRZu1EMStMKVeCiTJuzt9KZP51TBCqDoErkCt-d8MCf-pEArT2A7ceTFZC9VlIBf_z9kl7D1nbtAYNg8-pUmTes4UFAac0PkX-zpcHhe9qwLlivhDHOXJIpRx9MTBdr2q34NVv3kKIUJCY5G5BNtI2dr7p6I98107AJcjT2h4P61A5sWpWWcrSAIykw_btf3fl8vwQvy6G-6kJh6A9Zo4nEX-yCcc_pcPKmcL7QByiyckoA2KBDkyHwPH8Jw5k9IvwN372TT_WpKStQzJUnEjrvMvtmcDiowb_VMMN5i8n4Phh91qwvZQdMwwwgiUJJ3O0zN_sTqHzorq_OJzrCvplLHNKeDqK3X9meD6tht4dXlfF55DKymks-6ET3P4ZR2r9sXcWt2vSqBHrxlwc2FydnX4hX1Rf2yrjP3c-9XvngOmiIoI8ierhly9F9pKj71z5MmfsT_1SzIy2st-S9FU4y_sc6m7OJeRrkm5OeefDW_HaNu2L3eE-3TmlvXQBolbr6Y3BZHG3PVsaVFsBzY7MfXy82Rk9mRvOKsbPmpNesCRe8kw1KcqMI8hEEIFN6Wsg64MFhZooj5NydK0OC8FQbOsL-cC5pUYz9bfzUI6MKScrWkVfdVDTLLLVwpZeCm7dC8hLu7wMetEjEIlXIG30m8yUX2Lks3C4df3jqHcCDPqMOZ1xT5cLIkHDjBU3iN6pKrdG_o_4ef25Rohf2QsaN0k2apykCnTMVUMZO4BcMeVosynbNS-BbLa3hViv3ODQ82vSB7ZMsU5c5yzEiQutLkQbjQhjCtHb324583a9HKtj5caSF1mb0s16nUcmcvJeHB9YCnNxCn9A0GbDgzCo4U8annMGkt9mq5ddX9V7X2c4Itz-FFOFU9B3PwuO-mwF3OaTV7sTPUeloCtjKFXcn3bOwhEup1SnFa3b6z9pE2XWp7TEKBr5s7pzjBgBK3co3z&cid=CAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=7767304888226884000&adk=3944675600&idt=332&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

cafe /

Resource Hash

ca129c50afbcfdf529c11252f0cfe378b11653308791531b2b7ad66dec7e5b50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11403
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame ECFC 15 KB
15 KB 571ms
269ms Font
font/woff2 74.125.24.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f94.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.as.criteo.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 12:55:16 GMT
x-content-type-options: nosniff
age: 298810
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 12:55:16 GMT

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame 4833 36 KB
16 KB 270ms
269ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 124747
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 13:16:19 GMT

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
400 B 1187ms
394ms XHR
application/json 162.19.138.120
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.120 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533571.ip-162-19-138.eu

Software

Resource Hash

a4cd6d044563f8fc2c7fc87393b37140160a1c21a71645dbf135155b68bf9ec5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://pastelink.net
date: Thu, 08 Dec 2022 23:55:26 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK v1 Show response
lbs.eu-1-id5-sync.com/lbs/ 34 B
280 B 1189ms
396ms XHR
application/json 162.19.138.82
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lbs.eu-1-id5-sync.com/lbs/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.82 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31532337.ip-162-19-138.eu

Software

Resource Hash

863feef6ea41f14f5a7aa3e5e32abf22b34377a5a9f9a6a9a294db2a53e229f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://pastelink.net
date: Thu, 8 Dec 2022 23:55:27 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 34
vary: Origin
content-type: application/json

GET
H2 200 d4adlib.js Show response
cdn3.d4.digital/libs/ Frame 2250 4 KB
4 KB 456ms
143ms Script
application/javascript 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn3.d4.digital/libs/d4adlib.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DTDbWeZNfoEdquUDHAl45HxxJHQOx9C0t7p4wouaGTUDmP-yrq31k7B-lTtFk5D_35ddhq8pn3RLTkvqjitaT-Z_Rikg&cry=1&dbm_d=AKAmf-BFqYt0YRY9omrUwUMnzNMv-7iJ5UiJwd1NGHcIaL6BRDB2HnoUzK1vjoYl3ZPb9kAkJ3YQy_IH8ajcXduyoL5NbUMuLwhr3KvnXUsKWWi2N5dxu52OitoKmyT3AY7GfUXzY3g3FLBJHEVLLvcuFaT1czmh9iRO7eh5Qe7bNqHSkQPNqCU75dPkPi7f8ej43_Skxmq5SrckG76ogEjHehPjWzQX9i6pqJqGIwwy00L1AWT0YdI83AcRE1T9O1qH_1XytX7yy1bHoWf7wRGwXaSmEJzlUZU_B8d-pNn6vnxXnQQEWXxR0fuex46nKzkG21HQEjVzLZ7Chl2qCq-IZWas94Kkt5llFRmLANAPpWGmJ7IookrGGP1IQHCXst78bEgOCCkDrCd8hfQKd3JfXxRcWtr7M2fqpkFuo9hIvd99DW9WlqrQxb1K6I5ioEmykqPi4J4h6R1p4u9REr7Enh_1p-Z7jvE8yxhTfwC1mU2F_H9buQr7ws-66AfRlUezKiP0jYHFWC3lDOaFgtwCQq6cnPdupES3FvZ26J-uMWpRE1fnfnmc9DeywFEB6xnjEy9952AyhJPszPOzHRjeYXuhscFOIG-moaaJE_2NBrqYhZet3biDbqgNFDfHVWGT_f-9RK71l3L8tqZxOrBfpf5vmdHa-GUNJXqfQlKtsjX2UFsEoNMR2CkmjDc8BABMM-I42VTdfRUrtQxMC-dK2yEaLJUFTvFphk4cR4g6Cz3RH2MZuOaOZxqjgN6gkBM1XbH2g_6KGJd4yZBTM1KvQg4cniyh4D0n0x4DwAddX2bOy1LePKK7I4AIzCkKMUlkU2qdPxUhhLrb7JXfQvvWpzSg1vIP0BXEOJ_uheoNhOFu3YWePf4Ji5Re20-IkRUGxKyiMctj45xZD7rlxxRzfs4ZzP0D251ktoaPc68hGzwkF__00hUmj07fwCSvvzvt7aefExDvZiiLYo0vm0KaYRdU6FLp8SaFVScpu7_naI-obgCrVMoMtNtoY1vEOFNnhDjTAFCArQIOtCxyVf9k0EvEDhh7SHAWb9nq8zVsH5z19TDVG19iQmgwMmtlMHoOlb3j645RuB_8qqxFSMM4WuROF-7q-n0ic5bi6FzO9KJCD1gdrYC-_NQU24BS5Y71he4uJwRg2kqTDZxkCHKmEVYjCC695rvomkKOYnlpiNb2Ru4UaY16nMzrO9sJnI5KmsHhm37z_kjz1AUxpysTL_POCkzuzbbz657H78YeXyWHYeSFZH2nIOjL4-UE9qriCYFEddkM4H_EmgsUpY3WsoCas2zbrtn0ggIdYBWhtzLTD3yh-BS1YC5R07c_-oo-O3cy9NSgu6rN1H3nXi7gJOOgwb1iX4Krzwd1BNKfw9_D-RoYq8t63kEWTvXCJSI2C9Ms5-cYgVj02c3ill_FLBsnMVsEtf7f_8yc9nUFD2fJpgVJQc8ZOBm63AFt42P9W320MrLJKa7BMFQ_Imr1uPBDOWltvM82D6iwPFzx3EhYKJxTA-snPGe57vorVibYk9miYcs6OtQrTA_EZRpmn5a_gy4Z-lV5XO2a6D6ZypkMqRwVMpNazvctoeu1Qaf-Ul85ghGf-8losbVLAtOpqZHHS5IohyanZ9oO_gJ-C9li5gwST3Li3Y41T_JKNvJyz3m3fcPowNkIdor_onF2tHHKRfUsH7IFTLFxcCJKdfESYf484yht7YuqAJluEUWMADe7OUKOK6Ap6M8VV-YYgPjgT205DH8B8ZZ1DYuFX2a_4IKwlwFpLiH7TZmQ9XtQCIay8on09EmOfdz0T90hN7Zhs18hQE7loIjZXlqCdu-Th6EKlzU3GBw4-Fr-KtQqUpI5VogYRqd1B405K_ntzhYE-oVJa66MJgY6bXkE9Jh38P39pl5HZlJy3jfaPnYQMKP4C7Vpw_Aju0cJuZ-HVa-el_mGsZ_1g53OyS3Z9mEw4FMDmnEeJRzQSh0BJA-DffGs1cjVkiA5C9fi5uvXOdt8TiDur-fTEwRtMqan6GcY9ETFlmXiRBfH69g33Ckf4veGJMHboCnjGqZh08oF1RYlT_OB5mFoF98hpESA-JljtAtgsyx6cR2o2xodF8O06PZ8JA5bZ9UCKlHVhfQOPTSLj6vMQEsCGt1riHl5iI5sfJAbgOCy3372mzvG5P-lj40rDhdN-_tY9Ln8WwrqbmF6m1K5NuT_Wdj6TfT6b8LMZWZe_S8gL6C7h_-vKooeDSe2xvE2YKrZZRdqsYiGfyLFsSaB93v3RZCrgzfHwR3BS9lZ-E20KtUU52dm0ekw6TjhjYQLusZsOV5mK9tskeEiMTBYWowgDU9NSWDuqo80XPaiCkdhBHDIa-c-j94mDLfR-0lgwy6tgo9lGF5FS8OoUPbUveZalW6REhYcPSPNEN-PnhXVjZyf69NBbgDCU12AeWOqMH0Rvw2bH8qWHsJdFOq3qG1RH4977RNyie6ZSHsWx6JfnaXELV96-OBjoCvLwmpz1T6raY_naVOkgyvWU7Fdsbd9gOhPct6Hlb6pjXUjMkPlzwFYZUv6xpaWkz638MqcMrtTWyVDag8FedP1Q8y_2_hiV0bQkuuWh-NupB8neLWEIN8hCRjFWCIi24f83_cAYHYFUx0MimeHimJ7cWXx0P4UZQpKeGbFBBEiSVrATVmitRiFyGCUYKZjPAFVEw-18DPJeL9Kpv-shbtAJO_Q48UHB-Z-iEjcknf3qUPSexGkUBPliy675G-S5o9pSj95iqK1gxYOzfE2ibosDdRdl9oq3qZhhMi0KucNoRPwpzdMuDONK2l4TKAY1vLUGDT7yJJietj5nVRea4WSmXMi1T9-w1vmQQ7dpj90q9zLOzYK34muY8KoXbeDrZST6gjEZPw0DtjDfu7sJvZWrtUEkI_QW7ySENXasjG9LB2MNeMzmeZCMl-M1ZFqYDDIsA2S485XZNHMWx0k8qAE3yapslAvd_QsnEKFwHRcg-qWt7bR6FVBtKu-20LwPIbIZTcM1ci-m2_eHvFs45UvdOnfm5mjMZhfItvbPg6JJlQvCXPQdZzqORQ1patGzTRpBuoxApTG71Qx06O91G3wQfle9NYBppytWqWCBg-SmAtJPmBREcxZKO3VAfIYngqIgmBURJBCOoJ6AZc7Zx1BUJUOnqq6o_SBbPuyOvDx4oVCs_Cf6jXjOK5JV1FR29DLIG5bbK2FUEWi0TaO0q98QfgpkrhSjgAgI_gvpXBxINT8puKCYXA9RdJ9F6_6WT14riHUU12lRDwKCzZ3G0vCnO_LqFt6m-jpVGiEXMDGVdETvZp-J4td_H9uplPtx9xGA3GX7IZgXziU7VIZkrSacfkYDFyxWHGCD6RPGpyDKqaXYQbvynadWUvdKpLlZMALiOIw8T99IEGBgZmhhT9t14ndRA&cid=CAQSSwDq26N9w3BOW5QJDuLs8300_d7O7Zh6lPduqwi5xatfSYlWIBfw_pVBwOBrQJwW3tAunxfAx8z-wEAZ7YwJSYoz1Q8nZ6bbWhFsRBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=3410982535188684300&adk=3047537735&idt=694&cac=0&dtd=7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: fa35c84fadc3510259178567e3478a478e2ed08b89a18f8df03355a7c562cabd

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:25 GMT
last-modified: Fri, 18 Nov 2022 04:01:19 GMT
server: Microsoft-IIS/10.0
etag: "c9dee6692fbd81:0"
x-azure-ref: 0bnmSYwAAAAAZE0SnwY8qR66FodPkfR0HU1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_HIT
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=60
accept-ranges: bytes
access-control-allow-headers: Content-Type
content-length: 3895

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 2250 30 KB
11 KB 270ms
269ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DTDbWeZNfoEdquUDHAl45HxxJHQOx9C0t7p4wouaGTUDmP-yrq31k7B-lTtFk5D_35ddhq8pn3RLTkvqjitaT-Z_Rikg&cry=1&dbm_d=AKAmf-BFqYt0YRY9omrUwUMnzNMv-7iJ5UiJwd1NGHcIaL6BRDB2HnoUzK1vjoYl3ZPb9kAkJ3YQy_IH8ajcXduyoL5NbUMuLwhr3KvnXUsKWWi2N5dxu52OitoKmyT3AY7GfUXzY3g3FLBJHEVLLvcuFaT1czmh9iRO7eh5Qe7bNqHSkQPNqCU75dPkPi7f8ej43_Skxmq5SrckG76ogEjHehPjWzQX9i6pqJqGIwwy00L1AWT0YdI83AcRE1T9O1qH_1XytX7yy1bHoWf7wRGwXaSmEJzlUZU_B8d-pNn6vnxXnQQEWXxR0fuex46nKzkG21HQEjVzLZ7Chl2qCq-IZWas94Kkt5llFRmLANAPpWGmJ7IookrGGP1IQHCXst78bEgOCCkDrCd8hfQKd3JfXxRcWtr7M2fqpkFuo9hIvd99DW9WlqrQxb1K6I5ioEmykqPi4J4h6R1p4u9REr7Enh_1p-Z7jvE8yxhTfwC1mU2F_H9buQr7ws-66AfRlUezKiP0jYHFWC3lDOaFgtwCQq6cnPdupES3FvZ26J-uMWpRE1fnfnmc9DeywFEB6xnjEy9952AyhJPszPOzHRjeYXuhscFOIG-moaaJE_2NBrqYhZet3biDbqgNFDfHVWGT_f-9RK71l3L8tqZxOrBfpf5vmdHa-GUNJXqfQlKtsjX2UFsEoNMR2CkmjDc8BABMM-I42VTdfRUrtQxMC-dK2yEaLJUFTvFphk4cR4g6Cz3RH2MZuOaOZxqjgN6gkBM1XbH2g_6KGJd4yZBTM1KvQg4cniyh4D0n0x4DwAddX2bOy1LePKK7I4AIzCkKMUlkU2qdPxUhhLrb7JXfQvvWpzSg1vIP0BXEOJ_uheoNhOFu3YWePf4Ji5Re20-IkRUGxKyiMctj45xZD7rlxxRzfs4ZzP0D251ktoaPc68hGzwkF__00hUmj07fwCSvvzvt7aefExDvZiiLYo0vm0KaYRdU6FLp8SaFVScpu7_naI-obgCrVMoMtNtoY1vEOFNnhDjTAFCArQIOtCxyVf9k0EvEDhh7SHAWb9nq8zVsH5z19TDVG19iQmgwMmtlMHoOlb3j645RuB_8qqxFSMM4WuROF-7q-n0ic5bi6FzO9KJCD1gdrYC-_NQU24BS5Y71he4uJwRg2kqTDZxkCHKmEVYjCC695rvomkKOYnlpiNb2Ru4UaY16nMzrO9sJnI5KmsHhm37z_kjz1AUxpysTL_POCkzuzbbz657H78YeXyWHYeSFZH2nIOjL4-UE9qriCYFEddkM4H_EmgsUpY3WsoCas2zbrtn0ggIdYBWhtzLTD3yh-BS1YC5R07c_-oo-O3cy9NSgu6rN1H3nXi7gJOOgwb1iX4Krzwd1BNKfw9_D-RoYq8t63kEWTvXCJSI2C9Ms5-cYgVj02c3ill_FLBsnMVsEtf7f_8yc9nUFD2fJpgVJQc8ZOBm63AFt42P9W320MrLJKa7BMFQ_Imr1uPBDOWltvM82D6iwPFzx3EhYKJxTA-snPGe57vorVibYk9miYcs6OtQrTA_EZRpmn5a_gy4Z-lV5XO2a6D6ZypkMqRwVMpNazvctoeu1Qaf-Ul85ghGf-8losbVLAtOpqZHHS5IohyanZ9oO_gJ-C9li5gwST3Li3Y41T_JKNvJyz3m3fcPowNkIdor_onF2tHHKRfUsH7IFTLFxcCJKdfESYf484yht7YuqAJluEUWMADe7OUKOK6Ap6M8VV-YYgPjgT205DH8B8ZZ1DYuFX2a_4IKwlwFpLiH7TZmQ9XtQCIay8on09EmOfdz0T90hN7Zhs18hQE7loIjZXlqCdu-Th6EKlzU3GBw4-Fr-KtQqUpI5VogYRqd1B405K_ntzhYE-oVJa66MJgY6bXkE9Jh38P39pl5HZlJy3jfaPnYQMKP4C7Vpw_Aju0cJuZ-HVa-el_mGsZ_1g53OyS3Z9mEw4FMDmnEeJRzQSh0BJA-DffGs1cjVkiA5C9fi5uvXOdt8TiDur-fTEwRtMqan6GcY9ETFlmXiRBfH69g33Ckf4veGJMHboCnjGqZh08oF1RYlT_OB5mFoF98hpESA-JljtAtgsyx6cR2o2xodF8O06PZ8JA5bZ9UCKlHVhfQOPTSLj6vMQEsCGt1riHl5iI5sfJAbgOCy3372mzvG5P-lj40rDhdN-_tY9Ln8WwrqbmF6m1K5NuT_Wdj6TfT6b8LMZWZe_S8gL6C7h_-vKooeDSe2xvE2YKrZZRdqsYiGfyLFsSaB93v3RZCrgzfHwR3BS9lZ-E20KtUU52dm0ekw6TjhjYQLusZsOV5mK9tskeEiMTBYWowgDU9NSWDuqo80XPaiCkdhBHDIa-c-j94mDLfR-0lgwy6tgo9lGF5FS8OoUPbUveZalW6REhYcPSPNEN-PnhXVjZyf69NBbgDCU12AeWOqMH0Rvw2bH8qWHsJdFOq3qG1RH4977RNyie6ZSHsWx6JfnaXELV96-OBjoCvLwmpz1T6raY_naVOkgyvWU7Fdsbd9gOhPct6Hlb6pjXUjMkPlzwFYZUv6xpaWkz638MqcMrtTWyVDag8FedP1Q8y_2_hiV0bQkuuWh-NupB8neLWEIN8hCRjFWCIi24f83_cAYHYFUx0MimeHimJ7cWXx0P4UZQpKeGbFBBEiSVrATVmitRiFyGCUYKZjPAFVEw-18DPJeL9Kpv-shbtAJO_Q48UHB-Z-iEjcknf3qUPSexGkUBPliy675G-S5o9pSj95iqK1gxYOzfE2ibosDdRdl9oq3qZhhMi0KucNoRPwpzdMuDONK2l4TKAY1vLUGDT7yJJietj5nVRea4WSmXMi1T9-w1vmQQ7dpj90q9zLOzYK34muY8KoXbeDrZST6gjEZPw0DtjDfu7sJvZWrtUEkI_QW7ySENXasjG9LB2MNeMzmeZCMl-M1ZFqYDDIsA2S485XZNHMWx0k8qAE3yapslAvd_QsnEKFwHRcg-qWt7bR6FVBtKu-20LwPIbIZTcM1ci-m2_eHvFs45UvdOnfm5mjMZhfItvbPg6JJlQvCXPQdZzqORQ1patGzTRpBuoxApTG71Qx06O91G3wQfle9NYBppytWqWCBg-SmAtJPmBREcxZKO3VAfIYngqIgmBURJBCOoJ6AZc7Zx1BUJUOnqq6o_SBbPuyOvDx4oVCs_Cf6jXjOK5JV1FR29DLIG5bbK2FUEWi0TaO0q98QfgpkrhSjgAgI_gvpXBxINT8puKCYXA9RdJ9F6_6WT14riHUU12lRDwKCzZ3G0vCnO_LqFt6m-jpVGiEXMDGVdETvZp-J4td_H9uplPtx9xGA3GX7IZgXziU7VIZkrSacfkYDFyxWHGCD6RPGpyDKqaXYQbvynadWUvdKpLlZMALiOIw8T99IEGBgZmhhT9t14ndRA&cid=CAQSSwDq26N9w3BOW5QJDuLs8300_d7O7Zh6lPduqwi5xatfSYlWIBfw_pVBwOBrQJwW3tAunxfAx8z-wEAZ7YwJSYoz1Q8nZ6bbWhFsRBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=3410982535188684300&adk=3047537735&idt=694&cac=0&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 00:18:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85028
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 00:18:18 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame 2250 8 KB
3 KB 269ms
269ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 15:52:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28989
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 15:52:17 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2250 0
0 829ms
284ms Fetch
image/gif 74.125.24.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDMN9CA8ZCx9LSargE9of2Xdxi3PsmWUZh4slnZVCm31hXsdoFghvUu1QrXf6ugR5Kl85W_1KFI_LaqoxnQX_GHpOqxqZ-Ok5WQ46kfJaiDGCvoYX07h0sbDHXlRAft8lIOO9qIIqpr6STSHMLMO36S2_MfcUgJ8RDHnsLE4rBQyYceCv7A0E6tNXDu2y7DQ4B3VIUPpOB0xm2oNrfhpOKPe3YaK5Z_r1yo4gAUYGjyoDFaRO5yrcIOKJcor_LHzIuQdRJogXPtHb_IyOMmUlnGGqfEjEcyRwmUY6PMSJocT-_N1OwXyWxI9fXm5lIQi6-pYGYyDzQ138K2LLQ6fZ-Wz1RRR1lLucALcKSKH1o07xtH1-NmBFfHZ-fYgjnguZPjw8XsewkYeH7g4feBCNYs8IVK_Razqsqc5Jt28z95siytjGT9wvNI3a70VrX7ET1dQ7OwIsiI_MmimNI0lQ6F7dumSzHY3v27K742VCVp8jRjUiPGFx6ym0OLX8C0WGEtSz7MFE32ZOVH0cU8nE-tKke9HO9glNsmERr8GE0RKQ7KzZbwVLSJhLbozruXUyc1mAD3pgOBBVTwMgsKKHeud-lQHn8ARRv_I8lJm32Cg6ep6PDiC9xWa4MozTEQ6yVtfkOBqU0m6IwaGCr2iLgo3GpWcVyn0Y2jFExRIt8rRVElP9gWYfaFrzxnk7hBzbUgMNDnm-v2b5mAbUkSAxCFRyUZsODeI_OKHha0FU0Y8B8rhkmOJMGOjg7JKB4M5MbQSpMXFj79lWhA225kgbHMH7ETFFVQjAJlSdsc09Iq850zadDW9vr3-UQN6zRWUDram5A6OvQ_pAu_aAQ342seDhGJ-QV0Puu0geBPBAnCpWaTR3OWucIIV7VbR7jPfZGKUKXJdBAZDW2WJaBezpWApNfkyrT5P197gedKcWrJZZLCQXQh0DTM05cfE27_mHJ7PmMsNCDcGSMp1_5efbX_OaHChFWyyUTIvtnoouEmYU80KPLOoh1QakPz35m6MQyxmMjKBuec_m9HlwKvXEzafxY01Pc_2wWzCWQ8ecdiObMFqdc5hM0ZFnQJ8yzoMr5zNPK-slB6-_DtQPGmfO2i5XznY9OPR6VobAARjHcL7fXd9BiaOovMCxxjEd7CWta2gTa_PZGff5IRv1R1aqJqQUY95cjtaEGR44ZBhtq7ZbZcewTns7kDVxbqGzfFJ9aZ9GT8dWUl1OWgv2J8UrNO92PJUBZi6b7EV9eT0U8IpUlxzgt8sLoKb7j6W9m6MO0WXG9qjn_1gI&sai=AMfl-YRefPq52ruFFJNrZ3dY1nA-KtMcKu2BZvK0PGMt73HqUOe7BPmbaONCOmx7g4WIGCix3zoH-4QiX5HmLB-ZnxfDySc_RQxfOwdAj-vMxOSnCQ98BOzvBL6ce8yAjle73kn05Gx1DlqCUB9AjQR7lwdfuRAAF53xSyjY35-miJ4kDFnykyYbZompjbRnJTR4wqS-MO_vaCIZ3PEh5D0hiakBwtq2--cIaJ1e6GlsC6xKWa7h9lrd2_VdtJjYvtBfHRwgDwA3cT1F_e11NyTFo7gTyw8VU2yNGV40Nu4&sig=Cg0ArKJSzNgFLYqUFOhaEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221206.70547&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 08 Dec 2022 23:55:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 08 Dec 2022 23:55:26 GMT

GET
H2

200

sync
partners.tremorhub.com/ Frame EDC7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm
https://partners.tremorhub.com/sync?UIGL=CAESEOc4LRjfxvUFgWdlONKxwWo&google_cver=1

43 B
182 B

1020ms
338ms

Image
image/gif

3.214.101.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIGL=CAESEOc4LRjfxvUFgWdlONKxwWo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COXuopICENGjts4CGO-67bEBMAE&v=APEucNWh8tMf7PDlvvlWs4Xiqi7m7gxm05XJQotiifupfXRn9N9ExCGmz6hTSTDDumkej1Y8IKVI-kf0Y-zPWad-C0aojCyTjA
Protocol: H2
Server: 3.214.101.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-101-176.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Thu, 08 Dec 2022 23:55:27 GMT
server: Apache-Coyote/1.1
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://partners.tremorhub.com/sync?UIGL=CAESEOc4LRjfxvUFgWdlONKxwWo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 283
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame EDC7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKACXBtRRu3tX9t45CN5NKM&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKACXBtRRu3tX9t45CN5NKM&google_cver=1&__user_check__=1&sync_id=ca04e686-7753-11ed-8225-1f3a79850507

43 B
548 B

310ms
235ms

Image
image/gif

103.71.26.126
SPOTX-AS-AP SpotX...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKACXBtRRu3tX9t45CN5NKM&google_cver=1&__user_check__=1&sync_id=ca04e686-7753-11ed-8225-1f3a79850507
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COXuopICENGjts4CGO-67bEBMAE&v=APEucNWh8tMf7PDlvvlWs4Xiqi7m7gxm05XJQotiifupfXRn9N9ExCGmz6hTSTDDumkej1Y8IKVI-kf0Y-zPWad-C0aojCyTjA
Protocol: HTTP/1.1
Server: 103.71.26.126 Singapore, Singapore, ASN132134 (SPOTX-AS-AP SpotXchange, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:27 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 21
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Thu, 08 Dec 2022 23:55:27 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEKACXBtRRu3tX9t45CN5NKM&google_cver=1&__user_check__=1&sync_id=ca04e686-7753-11ed-8225-1f3a79850507
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 12
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EDC7
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2EwNGU2NDYtNzc1My0xMWVkLTgyMjUtMWYzYTc5ODUwNTA3

170 B
188 B

273ms
273ms

Image
image/png

142.251.12.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2EwNGU2NDYtNzc1My0xMWVkLTgyMjUtMWYzYTc5ODUwNTA3

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COXuopICENGjts4CGO-67bEBMAE&v=APEucNWh8tMf7PDlvvlWs4Xiqi7m7gxm05XJQotiifupfXRn9N9ExCGmz6hTSTDDumkej1Y8IKVI-kf0Y-zPWad-C0aojCyTjA

Protocol

Server

142.251.12.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 08 Dec 2022 23:55:27 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2EwNGU2NDYtNzc1My0xMWVkLTgyMjUtMWYzYTc5ODUwNTA3
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 49
Connection: keep-alive
Content-Length: 0

GET
H2

200

sync
partners.tremorhub.com/ Frame 58D7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm
https://partners.tremorhub.com/sync?UIGL=CAESEOc4LRjfxvUFgWdlONKxwWo&google_cver=1

43 B
183 B

895ms
337ms

Image
image/gif

3.214.101.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIGL=CAESEOc4LRjfxvUFgWdlONKxwWo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNaBw4cEEM-GhI4EGKTS19oBMAE&v=APEucNW98qK_iEnXBc_DJJCDHBUWjnh--qq9DwqDXkgD8ICmN2MEYDoxFrbl-CUwfvFGFw9t9any3DTozqIuELkoqppmmxS3cQ
Protocol: H2
Server: 3.214.101.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-101-176.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Thu, 08 Dec 2022 23:55:27 GMT
server: Apache-Coyote/1.1
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://partners.tremorhub.com/sync?UIGL=CAESEOc4LRjfxvUFgWdlONKxwWo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 283
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 58D7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKACXBtRRu3tX9t45CN5NKM&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKACXBtRRu3tX9t45CN5NKM&google_cver=1&__user_check__=1&sync_id=ca2ad070-7753-11ed-aa9e-1e0b86f70407

43 B
548 B

236ms
235ms

Image
image/gif

103.71.26.126
SPOTX-AS-AP SpotX...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKACXBtRRu3tX9t45CN5NKM&google_cver=1&__user_check__=1&sync_id=ca2ad070-7753-11ed-aa9e-1e0b86f70407
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNaBw4cEEM-GhI4EGKTS19oBMAE&v=APEucNW98qK_iEnXBc_DJJCDHBUWjnh--qq9DwqDXkgD8ICmN2MEYDoxFrbl-CUwfvFGFw9t9any3DTozqIuELkoqppmmxS3cQ
Protocol: HTTP/1.1
Server: 103.71.26.126 Singapore, Singapore, ASN132134 (SPOTX-AS-AP SpotXchange, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:27 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 37
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Thu, 08 Dec 2022 23:55:27 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEKACXBtRRu3tX9t45CN5NKM&google_cver=1&__user_check__=1&sync_id=ca2ad070-7753-11ed-aa9e-1e0b86f70407
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 38
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 58D7
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2EwNGU2NDYtNzc1My0xMWVkLTgyMjUtMWYzYTc5ODUwNTA3

170 B
188 B

274ms
274ms

Image
image/png

142.251.12.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2EwNGU2NDYtNzc1My0xMWVkLTgyMjUtMWYzYTc5ODUwNTA3

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNaBw4cEEM-GhI4EGKTS19oBMAE&v=APEucNW98qK_iEnXBc_DJJCDHBUWjnh--qq9DwqDXkgD8ICmN2MEYDoxFrbl-CUwfvFGFw9t9any3DTozqIuELkoqppmmxS3cQ

Protocol

Server

142.251.12.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 08 Dec 2022 23:55:27 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2EwNGU2NDYtNzc1My0xMWVkLTgyMjUtMWYzYTc5ODUwNTA3
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 8
Connection: keep-alive
Content-Length: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 86FC 30 KB
11 KB 270ms
269ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CfBFN9fr8_11O2SCBaCEg6-G2KjEikpQQuandlaJelsdZnqR_eqzoVHXDaZJS2i2JYLAr0adCzO43Qqlk849vkJUpPNA&cry=1&dbm_d=AKAmf-CCZx_xLko3Sf58sKGEoll_V3_X0R0WK3nu__5B2zcd3zLsLEd6Qrzn77Y0PlzRB37iQhGvwIM1mwY17D7BV9I7W_hGOjH6ppNhVWkjJEPsOsRfmSavccbgzi6QzwsoT05mgDTTHHbJZUzUIF8yZEdw163AY9Rgx5u7kLnoDbHyL45F73058BPKzQLa7IlZKwSQJ7Y4IeVlp07a1aUERAiL8p7ypubJgtxqrlPfkms_1VBQqgvjdOh494sDG507N168UrnplzwebPGQ7j-4eEExQQNseeWLW633y4lxRPRPTjTpt6X1cd2UgvbjmjFFK2o9Tw1rowei4pxPHxfqu_7G3pwrb9mAyufKOYASRrUYHDqlVbVe8tach5H3LUxKCItCgAdmMKLxlel9wIPMDs3xvUEjWhfvtJfegP94EwmhO7A5IcG7930pu3JYowbXbPzWuA7y_R1-31RzOOUDakTyOc_J8NYVZVnVhWzQXPAK69pITy3J1OFWsFkzwhETZCDPu86IyQFZm6d_-9h6n5FLxIDZxbEe5kAvRaNo1nVdOpfSi2lOQQJ1PCtbIpzonmG-DVJTjzp3ZfxD0jRXZuUNAfQv39X4-scG4EI5CPDRspxDHMC6hZ8J7Vwz0SY9p0vapzgeWQB0hfXSk9fVOJXWIfThW44lXVQcZoOyODVKaMx0xok7KBZekxvBOpdiVi2oCKsgN8Vv_wyHkb1Vo5nrnQgkrbq_P_Rl26wQgns4ef539aVoDfnpYR7MIRggl_EXemVrL2htUHJsEQ_sI52at5YLtf-etqCLRGsTg-ViVhZhNSxz071UmeNCbTd9tZzh8sZs5eNEUgIAyNnNHdkzSDkWitZACPnI8K1fp022PUoL1XK0yf2Nfvz8sbdCv71bQ76wtK60680bBis89Y9LhhLGc38YbdKq3JLARNpdEyyIv1CDRP3uZMwKXTiccgV9oqLCw6RTaAMO-j99LtVRVwoc1IxxAjOHB6-28gtlR3JiPeYNBdYVN8XBIZQ73O24nsXSGfwaV7cee4GFXZ7jz_WrcuPoPvoEBy4fGhXI-bF-iX9kiZF_GlTOYFCLENlsLgroqnDRrq0dXe1FMbbO_nUbcBSJ6u3FqsgGssaHydtRCgs-RKBOPPab9-HzoMjHELpvNWXfsjW5WpY4FeOOevhC-6H0x6Jlo-tWb8xJkArZlenpZe2uovjelR7_2QPuOIpMVTysjF68IsvjEMlwhtO5Cg1jxojlfGjMHmrmuDF94eZnBwBNg5heEbCzTDQ2tLGGsOHZg1OG2XodoJXd1ZvJqpLMiTuG_CAe_r8anurFnImsqx89OmdEN6YyYsIoNSLTKQVxRuJw1BX-wsa9RZPJUftjLbzNCkoLr_sKh7vfBy83e2J5y2sqBPkDzXiBJDST17CqE34-yTCfXq8uXV23oEC5i2FF40J9MMlXMvekC-4EMvIA-Z0EgMaEnTzGmpzbpf6M3w1RRxG8WqHZ6XxtDYuA8Jy_MZnvPb2Dfjdn9Mv5EEc_GpnoPwSlYsZB0ybUTvNDiQR_zc94zUNFJhB79ELq5OfI2zAA_wK3zOq7fMcgjU29gSDeStlDbTOI6JTGbRv1dJljtnxnKLknza_d4Mngn74doI078SKAdl15fVkFz-549hqB_LVpi_8uJmCtGXdi6VzNcy1kews8FP41RuikRTS3eyb6l2XvHZzflmeUSLUuayeZ_1NB5tmMIMkz8yJyDLQb6V9pyFkU0qBTaFo8aIynVuTxzTnfH9dsT7Trs3m9Z1eN75uomdNpebQgRKKztbK0OYo8mXyCg2oFI0TOS0SLSiWbdw27WFI_TI4eGw3RzRlM48JiNv8pwLpijAILQ00mIU7_Co9zf40c2yFPWZ_dNj2y9EkVnsE2IR9amnjweiJlZk-bQVdCMHB8Vo-5xHpM7t6RYKIjsP4r3OODtnbDIS5k3Zo10u2ZIdLd7LLpn9X8ORTAdCJDi6AyRHvxf7MmFp27cOhBqX6EZsiTyu19mrS8eoHmRydIHWDOiY6m-xbiIhMfHqIfAGw6hCjrF7CdvkvCae2FsR7gHMQN-CGxEzrSMeiwu9-fTw7e7db6XabRsIAQoSNBKpHxY7ADtcfRtMFfOGnolfTC29AdwqhK18e-4rCjWuuUw6TaHcUOganCaydUPQkLFGi6qaUbyLxdmdAvMf3-Z1yc3l9GyomUDsEtZYKN8ZIX2W1gF3bRnK7ZQ3i8_w2hAsV1WzeFM4ePe9xBzAnh2u4bogNyT6vDhzqskmeJ0lHhZ7YIxthHNaVkl_1uTdOdCB0JC_VrijBbyOds0shGMLLX8gXtmEJ8iFdJI08L3UBCzGA-gxh3f9UkFrE0HmTqaeymuHWLmwTGBudLBOquieYwp0q-38LMtSu1v2o7bkTZ7-nAw7akEY4zA_LRzEo7eJVRf9DYMoj12hgdXKIhILsM6kX0oEwzCLb3avE4pPIvrjzWuO-DSLg8oI6tYtcIZan5LF4SXq4w7ReWcDbsqJPrVzqeyAPJdgdrsyAdWf_H2Tka1YDS-9R56cnl3Iojc0TauXhDEtBI_nVdZhcxEnpq4hf4ihx1yBT3_O8AM1pQRFrI31s7Tc9T5rgfE-hTRQC_s1Fxcpai8RMhMzKuM00sNQY65ML3sfIDUWqaGyoajXFV4gKBdl4GdX0nSUhMrInb81BuvQgzzWiyI-oaBFnABCPCZRy5HJgN6IOVyLiTvdauUATPPk7h0IQrP0nnkTjguVVRYgazOLI7M_JJlM_8kDpP6-Yw38bXwICPcLPrmYuXPYOo2zu_00w8oa_l-29sM0wmZSTcMrCzgzM0pZUZx49iVh6a45JAnIolmVeesn9mpyHh-tYdoY7L2tQBBF5Rq_JCHf2ShA19B_AMhSHkx5rCW35zgJHDmRifRhAIJ_cMGCYoAOOPXoQ--lFFrVjNx01jSf1EClDvFK869M-nBqqS8d55JMgWrqsIrjHgEjewlIBOdhpsGORy6DZS-NIdqXbX6XC3-ezSs_JOZGzhqPlzE6EiiKZI9GOKOXZ1E29TTne9MxhmpPo0EBbqdjnIWvN3AxecTSy6WMo1VgeEjxio0MbW_ShoFUbxC7U8tP06Cj2dsLIWFbPvpzeXC6REoL0fLTJPpnPJ_RUDc99EdPqkQavWyYEjPFq8jVqi5m-KTdpT8gzdWD6jElVbzGpr-l3uLhYqtdPOc5ikPKodVvS8RWJNhkuFBj2nNA9otD4uYY1uuDYrC1fBd8CcdrYHDSAVInKRyiRmC1KZekQP35vYDzV7jgHzS0d8szvuXitxHpj2789XFmKW-C7Ufp5ULxP98NNTO89zIX5k3uOsJ6dh-eN4HnAJWTpIzi5sA7hdNS14-ATfaxtuGW_3s8gU&cid=CAQSSwDq26N9umSZbRBwU6-yQlOuiTLxvr5-WZ31Refm4I08H_iwywdKUVU6obLUXs_aH6aHZwhfUK8iyoJAUead0txGvMtlUGnhHM4YdRgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=17161241058957156000&adk=2857193498&idt=470&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 00:18:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85028
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 00:18:18 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame 86FC 8 KB
3 KB 290ms
290ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 15:52:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28989
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 15:52:17 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 86FC 0
0 590ms
283ms Fetch
image/gif 74.125.24.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstF6n9oY8lJ6fhitoPKTpYzPCpwHrsSVrZJhwkLz6RAVsAokTD55zYe7z1000Vv3KKqrTdEpLKfBQIdpEeu3sZShVCptcz4ZmGpQQJM3T6BHzfTECRkU-odGLOcXvDWDgQ_PbiXlhb6mTvelXt_gII_Q2RPs77vCWxByfhQcmjEjEiGe0uCboQOSypcOEtmrHBht6-0aK1CJ6g8E8BcrwB-ahn9QY_v_pzqCiCVDO8Ukb4UWa-OBt8PqyasLcA2Z3FJyKQMB1RdKOlg1cWSvr-6j_o5lMAp9kI12XkyfFsenPe7B4WP43C3PBuzGue-AkTI74BZmc84zLhyo2NmpqGJ6KDaAIJ6z13QXTjO7rqpD9P0Gj3ZzU07oMmHT8C2jwOQi5JDwjyLiyrpOAJ4dsNGKC1LkgH3ni7RY-PHigVLrNjG31rQE_Aq6VrpdQi1gjmMYsyMvfJsg_31tmW0paFDN82TeuZVkjq9KH_vKy9J-ZkxknO0VG-HtXNgz4IUsREBDnRbIOHPzSmvTxVoNt-8bkE1uSXm8pHbxMhekIzGoZ0ZkPEnZu6VxRb_QeamXB6D1X2kYPIrYUK8x9f1rVSUR8j87QNS6KXAtji6T0Zc4y5Vx9VAWLSzSc6iroAVx-GzjHx5XEW-dRRvC-JQZakhsd0pS3SrllDoaET2TvL9MvT0QsnqBw3HZ6AVd8eOc7kCo_NRrto6LfqN5qfhfjbQ7o6WT5ETboFTRqQUm4sMLXQ5YlqMxUcWrOpWag5EX4ouRji8RpKPR_UGt6Rsko8Oy1UsJeVKJKuvsQS_efD7JmZQX1Z0UnESqISp4yletJPewkL9eZls3qUMNn6_AMQTHayJt9lVuVmtYFu_OGL81rbaCugEsX-tOkAmIWMoLlfCkBhbyllKiOsyFF8mfUZyJ1AXrqAkFsWX40zeAoT3AlAQgQMQtdAO-DAdpPo8r1_AAkuD6jBo1Nw-gQyX0q0kyJGFCn0lPr7WHVHyfdaHiVfo1FwSUWjynog7GMClznvY-HUpa-Ien-pA7IA0U9tbxrYBsVOwRUL8TYDBk6mGTRyBBh66QyZ6roNo0meDg3SR3ocI4GNnSFNC6TvbkIk0QCslnnIHyAUUuhVl_zJpUmttglsp8zDcriE0dS87va9TvInfacQWCUNAUsVIG5cOyGMXJulJ6Q49aJnEkt-j7nSaes2b7dCPR1BLQj8htxOAmGBG56Uv00WXjwalGtuEPjJ_Fh5tT4ZZXjN0ClJPD6MgvLNopVXl72_HK2d4Vhimy0ZTDwzSAcOlH75rO7zDUBkmKEBKdoVrvhTeeviLTeErteX9421e&sai=AMfl-YQNe0Q0kt_pROR5ToPh2gXsbcWExBtQuur6n7_0UoTr0_Vm5ekvomfgfttt1DDGPm3YPXf_d6Xf0ovNTSLlPPbjpyYrUF6cdAzpokYSn5ZL9ZwMJj48_nB0WGjFdyV58-XTx59W9E636YB5mwFb0Wp4sNBz3RMMEMxWT6364CwLzDI5WdHqmxDAYdfUOdwmo5QR7Jam406nAA5Bm4FAh5jbrkIDUPXwwsmcEIiOURONUWA8uuOx4kywsn2FwwsW0l0xdPzuFcYd75pFGeLdFQIPiNkKMaFRPAPUK8k&sig=Cg0ArKJSzEYpUicEHAsJEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=1&cisv=r20221206.56243&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 08 Dec 2022 23:55:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 08 Dec 2022 23:55:26 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 86FC 8 KB
4 KB 243ms
242ms Script
application/javascript 23.52.171.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CfBFN9fr8_11O2SCBaCEg6-G2KjEikpQQuandlaJelsdZnqR_eqzoVHXDaZJS2i2JYLAr0adCzO43Qqlk849vkJUpPNA&cry=1&dbm_d=AKAmf-CCZx_xLko3Sf58sKGEoll_V3_X0R0WK3nu__5B2zcd3zLsLEd6Qrzn77Y0PlzRB37iQhGvwIM1mwY17D7BV9I7W_hGOjH6ppNhVWkjJEPsOsRfmSavccbgzi6QzwsoT05mgDTTHHbJZUzUIF8yZEdw163AY9Rgx5u7kLnoDbHyL45F73058BPKzQLa7IlZKwSQJ7Y4IeVlp07a1aUERAiL8p7ypubJgtxqrlPfkms_1VBQqgvjdOh494sDG507N168UrnplzwebPGQ7j-4eEExQQNseeWLW633y4lxRPRPTjTpt6X1cd2UgvbjmjFFK2o9Tw1rowei4pxPHxfqu_7G3pwrb9mAyufKOYASRrUYHDqlVbVe8tach5H3LUxKCItCgAdmMKLxlel9wIPMDs3xvUEjWhfvtJfegP94EwmhO7A5IcG7930pu3JYowbXbPzWuA7y_R1-31RzOOUDakTyOc_J8NYVZVnVhWzQXPAK69pITy3J1OFWsFkzwhETZCDPu86IyQFZm6d_-9h6n5FLxIDZxbEe5kAvRaNo1nVdOpfSi2lOQQJ1PCtbIpzonmG-DVJTjzp3ZfxD0jRXZuUNAfQv39X4-scG4EI5CPDRspxDHMC6hZ8J7Vwz0SY9p0vapzgeWQB0hfXSk9fVOJXWIfThW44lXVQcZoOyODVKaMx0xok7KBZekxvBOpdiVi2oCKsgN8Vv_wyHkb1Vo5nrnQgkrbq_P_Rl26wQgns4ef539aVoDfnpYR7MIRggl_EXemVrL2htUHJsEQ_sI52at5YLtf-etqCLRGsTg-ViVhZhNSxz071UmeNCbTd9tZzh8sZs5eNEUgIAyNnNHdkzSDkWitZACPnI8K1fp022PUoL1XK0yf2Nfvz8sbdCv71bQ76wtK60680bBis89Y9LhhLGc38YbdKq3JLARNpdEyyIv1CDRP3uZMwKXTiccgV9oqLCw6RTaAMO-j99LtVRVwoc1IxxAjOHB6-28gtlR3JiPeYNBdYVN8XBIZQ73O24nsXSGfwaV7cee4GFXZ7jz_WrcuPoPvoEBy4fGhXI-bF-iX9kiZF_GlTOYFCLENlsLgroqnDRrq0dXe1FMbbO_nUbcBSJ6u3FqsgGssaHydtRCgs-RKBOPPab9-HzoMjHELpvNWXfsjW5WpY4FeOOevhC-6H0x6Jlo-tWb8xJkArZlenpZe2uovjelR7_2QPuOIpMVTysjF68IsvjEMlwhtO5Cg1jxojlfGjMHmrmuDF94eZnBwBNg5heEbCzTDQ2tLGGsOHZg1OG2XodoJXd1ZvJqpLMiTuG_CAe_r8anurFnImsqx89OmdEN6YyYsIoNSLTKQVxRuJw1BX-wsa9RZPJUftjLbzNCkoLr_sKh7vfBy83e2J5y2sqBPkDzXiBJDST17CqE34-yTCfXq8uXV23oEC5i2FF40J9MMlXMvekC-4EMvIA-Z0EgMaEnTzGmpzbpf6M3w1RRxG8WqHZ6XxtDYuA8Jy_MZnvPb2Dfjdn9Mv5EEc_GpnoPwSlYsZB0ybUTvNDiQR_zc94zUNFJhB79ELq5OfI2zAA_wK3zOq7fMcgjU29gSDeStlDbTOI6JTGbRv1dJljtnxnKLknza_d4Mngn74doI078SKAdl15fVkFz-549hqB_LVpi_8uJmCtGXdi6VzNcy1kews8FP41RuikRTS3eyb6l2XvHZzflmeUSLUuayeZ_1NB5tmMIMkz8yJyDLQb6V9pyFkU0qBTaFo8aIynVuTxzTnfH9dsT7Trs3m9Z1eN75uomdNpebQgRKKztbK0OYo8mXyCg2oFI0TOS0SLSiWbdw27WFI_TI4eGw3RzRlM48JiNv8pwLpijAILQ00mIU7_Co9zf40c2yFPWZ_dNj2y9EkVnsE2IR9amnjweiJlZk-bQVdCMHB8Vo-5xHpM7t6RYKIjsP4r3OODtnbDIS5k3Zo10u2ZIdLd7LLpn9X8ORTAdCJDi6AyRHvxf7MmFp27cOhBqX6EZsiTyu19mrS8eoHmRydIHWDOiY6m-xbiIhMfHqIfAGw6hCjrF7CdvkvCae2FsR7gHMQN-CGxEzrSMeiwu9-fTw7e7db6XabRsIAQoSNBKpHxY7ADtcfRtMFfOGnolfTC29AdwqhK18e-4rCjWuuUw6TaHcUOganCaydUPQkLFGi6qaUbyLxdmdAvMf3-Z1yc3l9GyomUDsEtZYKN8ZIX2W1gF3bRnK7ZQ3i8_w2hAsV1WzeFM4ePe9xBzAnh2u4bogNyT6vDhzqskmeJ0lHhZ7YIxthHNaVkl_1uTdOdCB0JC_VrijBbyOds0shGMLLX8gXtmEJ8iFdJI08L3UBCzGA-gxh3f9UkFrE0HmTqaeymuHWLmwTGBudLBOquieYwp0q-38LMtSu1v2o7bkTZ7-nAw7akEY4zA_LRzEo7eJVRf9DYMoj12hgdXKIhILsM6kX0oEwzCLb3avE4pPIvrjzWuO-DSLg8oI6tYtcIZan5LF4SXq4w7ReWcDbsqJPrVzqeyAPJdgdrsyAdWf_H2Tka1YDS-9R56cnl3Iojc0TauXhDEtBI_nVdZhcxEnpq4hf4ihx1yBT3_O8AM1pQRFrI31s7Tc9T5rgfE-hTRQC_s1Fxcpai8RMhMzKuM00sNQY65ML3sfIDUWqaGyoajXFV4gKBdl4GdX0nSUhMrInb81BuvQgzzWiyI-oaBFnABCPCZRy5HJgN6IOVyLiTvdauUATPPk7h0IQrP0nnkTjguVVRYgazOLI7M_JJlM_8kDpP6-Yw38bXwICPcLPrmYuXPYOo2zu_00w8oa_l-29sM0wmZSTcMrCzgzM0pZUZx49iVh6a45JAnIolmVeesn9mpyHh-tYdoY7L2tQBBF5Rq_JCHf2ShA19B_AMhSHkx5rCW35zgJHDmRifRhAIJ_cMGCYoAOOPXoQ--lFFrVjNx01jSf1EClDvFK869M-nBqqS8d55JMgWrqsIrjHgEjewlIBOdhpsGORy6DZS-NIdqXbX6XC3-ezSs_JOZGzhqPlzE6EiiKZI9GOKOXZ1E29TTne9MxhmpPo0EBbqdjnIWvN3AxecTSy6WMo1VgeEjxio0MbW_ShoFUbxC7U8tP06Cj2dsLIWFbPvpzeXC6REoL0fLTJPpnPJ_RUDc99EdPqkQavWyYEjPFq8jVqi5m-KTdpT8gzdWD6jElVbzGpr-l3uLhYqtdPOc5ikPKodVvS8RWJNhkuFBj2nNA9otD4uYY1uuDYrC1fBd8CcdrYHDSAVInKRyiRmC1KZekQP35vYDzV7jgHzS0d8szvuXitxHpj2789XFmKW-C7Ufp5ULxP98NNTO89zIX5k3uOsJ6dh-eN4HnAJWTpIzi5sA7hdNS14-ATfaxtuGW_3s8gU&cid=CAQSSwDq26N9umSZbRBwU6-yQlOuiTLxvr5-WZ31Refm4I08H_iwywdKUVU6obLUXs_aH6aHZwhfUK8iyoJAUead0txGvMtlUGnhHM4YdRgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=17161241058957156000&adk=2857193498&idt=470&cac=0&dtd=3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.171.81 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-52-171-81.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 1a12532324261fcc9e92664b32cea31bf3a14a1128cf6a7531cc6a9ce9197cb9

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:27 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Dec 2022 11:39:13 GMT
Server: Microsoft-IIS/10.0
ETag: "8065f8730ad91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3315

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 86FC 41 KB
15 KB 271ms
270ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 18:55:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 449973
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Dec 2023 18:55:54 GMT

GET
H2 200 17523282347391065960
s0.2mdn.net/simgad/ Frame 86FC 67 KB
67 KB 817ms
272ms Image
image/jpeg 172.217.194.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/17523282347391065960

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f148.1e100.net

Software

sffe /

Resource Hash

54219d2eded0fda428258661ac26895aaaf2f834a7f49c5e26e86fdf8aa81958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 02:23:55 GMT
x-content-type-options: nosniff
age: 163892
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68362
x-xss-protection: 0
last-modified: Sun, 27 Nov 2022 00:55:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 02:23:55 GMT

GET
H2 200 2q78ew
gs.kraftonde.com/imgp/ Frame 86FC 43 B
358 B 1298ms
408ms Image
image/gif 54.217.2.253
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gs.kraftonde.com/imgp/2q78ew?campaign=28858185&ad_group=543391863&ad=182826581&site_id=5376014&placement=352032870&_cbust=11437796
Requested by: Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.217.2.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-217-2-253.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:28 GMT
server: envoy
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 2
content-length: 43
expires: 0

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 156 B
612 B 730ms
254ms XHR
application/json 52.76.151.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.76.151.156 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-76-151-156.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 81c54121e3092c7ed30b3f60ad2989b474079e0a77601827a253b13f1b978a5b

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:27 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://pastelink.net
cache-control: no-cache
x-server: 10.42.22.210
access-control-allow-credentials: true
content-length: 156
expires: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4833 0
20 B 274ms
273ms Image
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BWZ8AbXmSY-6ODoHNrQGtz5WICgAAAAA4AeAEAg&bg=!TE-lTwvNAAYgquz3AKo7ACkAdvg8WvkbCwulijmAzehVHtX5gumTOu5ZxhLU4DnIZ6SiQV_1A_3ldQIAAAB4UgAAAARoAQeZAuu2J3JDi4AGmbEUEZFtrxJzF7-fM039MobQbN_s7moUHi7tzsvv5Hm5k_k5VrdtAnlSmLWkfecrAK9tBvhOckFz7-ATUI7jplY0juUlDKm24LvgQambFxWrLmRSNYwal8uKzpBhmiDrWkmfvt3taji6T90_TlypBKfQJynwRTzNCyj8R3OiLKaIbYuYOdVxje8DDBtACpk6_noJgy3pH1sLS-iQXJjT7BOSVthOvfbfLpNY-DZWDv-_ieV9w02TuO27s6O9A1qJsTwq44pF55ty0WP1LW5mDo3zaz-zpLyvI6s2qSoEJNq9krmOmtIIwkesFIhMw-z03ck5ZiKiWH3k3E3Q-51H7pmCQbDwuCubeWQ3u7gZ1UbfiPSKcSBdhyHn7EK5hdgh9nU0tuwtIb5Crq4TsXTBhiU9Avx8NU_XUmturGKoR3DMkMV13J6VoNRGbWKg_tYk_p8NWInES4hYtnzZseflHVqKYhvrzf1l35N8Othi122WCGjxv0bAcjgYvZpee0pWjXPtqeAQe69T0IfFE02rvU0Sp2uWTzWMxsuj1p8mtxSdeIc9yfYu-em7bAeIhTI4PacooJ-28Phlj7K4mf4aAvEd9i12QuJJmDkEWPaudMJpPue-4dakvH-paL-8lAW0X_dysnM4SUUOB_IK_B-sxF5JuincMN12dQB7zOXtRNbT0uhIAS5dyi26CB9vQO78l5KRMoom9ysA3DTuxi-nYB0P5hCNihyFCpCJOgVDd0GZU1HFKTbl9h2CNo5I2XSIv6rSAqdMqeQp45Z59cvcJdOs7FJDF7WfqbB9svCkK0JCrZGd1l9bQ7TsWOLoXsGuroywqxFLf_wQVsKIQYANDVOOhoOHfZ5oWPKMziviE-fo3YUI0An3m_kyxULsvzD3xeYNpRzXiapDWw7IKbu1wP5YT_r1UntjbW5gRDhRHmLhmXe-F5mF0-DOJZL8kTHD-s5FSBb9unOa6YU8lwJ9J-jr9_4

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F730 41 KB
15 KB 270ms
270ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CaC6-9R8eCt1zxywIbT0dhHPvfeOjCbRi4GORDs0elOkSrS9CiHmSSp3cl80VF9YN1oZZEbooqBL2iunzdlUDurVwuagM2-fwPdrZ_G1AgAGyuhfJATMeEgCb9v6pDwn2-z45TOKQQVUmI4f6gQywXS8aYfG9-fEFMi9qu744VoHdEybs&cry=1&dbm_d=AKAmf-CH9cmwqUSyqjp-8TXlOJ3EJCArxXagzBVw21c-jx5_biZPbOH_Pt0PrV-TpQ0ou-8YWujfDah22QtfjNQlCvo-MtZ7F9jm5D7U31SHshPtzlo36NbsIY9f4eeUYqCFxarFtzgWAsvPojosf_HS0Dg3OBlnh6Do81pZu_Oi_VVSNQJgASgPqI0CJW0cwcEgMy89yCZYEPdjBD8DOVtAjOd9WwQlYx1j5mthGOHAWOUTRNm_dbaqCt5YbhcmknZrzVfPPj2jLb6N7UaGy4M6xdSb-setXX0PwiXq9O1XDxOUob5LKzuaZZ5UD3kjYaKfjySC9gSt-DJeZ2m9kw8x2FH1dnFF-JZdzZnQXbzPchQrBhIx4gFvN2KvWYc-LYvtxn-AG8Psg-7FCfeOBoc89H9MUTkH5mSBcr6iOHxtGVY2-XvqyDwsk0fs6xUTpX2N4Kz1Bg_NlGLmmib6zVC3mbA94IpqnY7D78M5U3ou9iFB3PL60mtrvb_RbBb0FkspQyHI7R54yTyEOd9HSm1pXXDQAPK1hamA9eJ1JcLsXu4_dTLRJqDHooaIa82QG0z7l1IXWzh-vanNpDiUZurv4ZXNi-A8NMSv1w_op6sHOY5929nVoGYO4XjkxrG_vZ4FOkUDDppobIxJWiiXgH9EGHsddPBGgeA-Yc_OBTnFgB2dA_d40oW-fsCjRJQ0xxaSMZ5CQmWcwtxSFobpqtFU8ZvAZigdsuNUDw4u4vTFprUlISgA5rDfEqYxe0izp694-gF6bnOQQiSpW9aC5_z_I8kZ3EB8HduLNiMp0C5Esk5ENXClzCWx4YlONCH3sTrBVb2JQU8KIwpEo02KWH3aAhzAeefABFJnuJWuMU4uvoGxmefCOLIYk0izX2Hc95bpPBCKevaG-lShVLHfU4lwnQTkeEnjvYEpJebYJP85HiAKH1iazXKlP9mHV8Rzt4q3nU3w0hjhgsxt5Hb-kjYRCt5r-bUuXDzZ9dMkpm2QsOQKXnoo-06eZv6UgRcQI1uhko8-HnKvMOjP5RoBBtso0he-Z6AyVzyRa_9jUFh9psoJbWgAUVbimfo3AIrccBOCPGNxHnuwGLMpotBySmgFVrCnlQP8Qa00DQNcEQnvRk6nKi2nxPRcypV41qiD4Q8ISWTzNlrScNfpLLh6QBsb3NXAqUZxyo1g1Dp-DKjdfxGpXEGdWqLPYFWmvHNrUXHBTElj-R03JJtyc7QBNOPJ8yvtS8J5kGgczqgxjjNLHZLOVr1oBPTB-rNIIMZbB-RnN22MpscCJy0HgkqqSt82CrEL7Zs_yudR2zY-1gk75BgZFel2RjM5NwudhURMQHSQtNEsJD3LeWiSGdCa_PVk5i_v-Z3Hc4485rlXon6b8Xb_fc5WLUPHZRqF9yY9NOIx9LChKiVXqlLnfB1PYLq6QoTBN_CobWt4XWkAlwCLqHu5c8YZAe05stE1kaKGqhZWIMU_BF4p9FN52PB_ha7FIBSqmELDh0Ak03KjgxMAw7Igf2O-YQZMYjkFqThdYk7RMsfo8aguf4B9CkeY8BY8YmrhDe4itiDajjn2WdOr-SV6hJtXtIIQDL9qbAtLDc5KDiUD0NJwTqjBabxK7Q70jHps348aR-RKB5CGvtMeTI68BX1gzPnX-fxGLQl5hYIT8T02aPdwE5oRAdPfGECFZemJSLfmJ4LodRuTtlRc4C4laF_lXcn86VENL6D0MEDQhrq7muY14vnb5pj9D-VJI5fsv4J0WndlzLH2BUifiz30oP1N9MzJonYV-thh1lrtRFUtHXKbOt0bL5m7wINXsb7f6KDacdXMcNtRUuJN4rnNsX0Gz6IcIbV77WcYSLkS9SoxRZUvMsTF2yNFC8E52wMac0XZR-0B5jr2g2-7YxPV2lBDtoWMVRlQUoRpTC71NxHz5-8SeLr4eIgJ8KoFBmWhqcDZ15zJHA6euAO1p5Nqu8JNYBBukOwF9YLx1y5L1GhSe2vpKpF4NZpIp6luzFzh85wJNafwo08GO_c_RYM7lfkEMzTNGlcJR1B66dDT1gteGWb0xyPHp8P6sDaF1YyrKP2SOOHOxcpyXDtq6ZJqo3bjSiDs86zucIjIeuk2GdFT7Nu2zxw8zs0RyIrG2rzmmjQXVPsUBY_G8HjuJmgtXqgyQ94s16SdzZ8WnU-Yd9mui229AWH7RinB0XXBd63eG8JjKdhQbxhUAseE4ttPbChGrvYMb53SV3Voy4MTcdg9M-suVVQKoOawYuX7eLmZCDuqCrRvRN9kg5eXXjXEbzS5HDHLBR2WSjxQGRY7RveqUeBlf4hz0FrEBapNDuKj7rb3LemAPyFuZ0adCybLzc3LmV2Iw872M-LqdWrPi3I_uVuXh9zdl7JPAsk6mI5myza75i4BCLgoo475E49Efjy0_psPcvJt016ov1PvKWMHLr4mH4yLNiR5hMvFBGV72SYbAApUUNgfe08UAGT3sko9zFV66iHmoy6WmxYFexVLpEzhv1v-FWKlMZNE_fVy-e4En05Yn0p65m1_Uum-ZRSmTBtA-c2yTWRezr7sWBjUuRZu1EMStMKVeCiTJuzt9KZP51TBCqDoErkCt-d8MCf-pEArT2A7ceTFZC9VlIBf_z9kl7D1nbtAYNg8-pUmTes4UFAac0PkX-zpcHhe9qwLlivhDHOXJIpRx9MTBdr2q34NVv3kKIUJCY5G5BNtI2dr7p6I98107AJcjT2h4P61A5sWpWWcrSAIykw_btf3fl8vwQvy6G-6kJh6A9Zo4nEX-yCcc_pcPKmcL7QByiyckoA2KBDkyHwPH8Jw5k9IvwN372TT_WpKStQzJUnEjrvMvtmcDiowb_VMMN5i8n4Phh91qwvZQdMwwwgiUJJ3O0zN_sTqHzorq_OJzrCvplLHNKeDqK3X9meD6tht4dXlfF55DKymks-6ET3P4ZR2r9sXcWt2vSqBHrxlwc2FydnX4hX1Rf2yrjP3c-9XvngOmiIoI8ierhly9F9pKj71z5MmfsT_1SzIy2st-S9FU4y_sc6m7OJeRrkm5OeefDW_HaNu2L3eE-3TmlvXQBolbr6Y3BZHG3PVsaVFsBzY7MfXy82Rk9mRvOKsbPmpNesCRe8kw1KcqMI8hEEIFN6Wsg64MFhZooj5NydK0OC8FQbOsL-cC5pUYz9bfzUI6MKScrWkVfdVDTLLLVwpZeCm7dC8hLu7wMetEjEIlXIG30m8yUX2Lks3C4df3jqHcCDPqMOZ1xT5cLIkHDjBU3iN6pKrdG_o_4ef25Rohf2QsaN0k2apykCnTMVUMZO4BcMeVosynbNS-BbLa3hViv3ODQ82vSB7ZMsU5c5yzEiQutLkQbjQhjCtHb324583a9HKtj5caSF1mb0s16nUcmcvJeHB9YCnNxCn9A0GbDgzCo4U8annMGkt9mq5ddX9V7X2c4Itz-FFOFU9B3PwuO-mwF3OaTV7sTPUeloCtjKFXcn3bOwhEup1SnFa3b6z9pE2XWp7TEKBr5s7pzjBgBK3co3z&cid=CAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=7767304888226884000&adk=3944675600&idt=332&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 18:55:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 449972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Dec 2023 18:55:54 GMT

GET
H/1.1 200
OK frm Show response
www.adtrek.co/adserver/ Frame 03AC 26 KB
26 KB 725ms
289ms Document
text/html 52.63.31.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.adtrek.co/adserver/frm?cc=678d19d1-9bf6-4282-b96d-5173d5d41281&clk=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCrTc7bHmSY-mrNs7cz7sPzIOziASivKfjbImF7Y3XDtnN2ZOSMBABIIabpJABYKvssYXgGKABus70sQHIAQmpAh4c6YtaZKU-qAMBqgSlAk_Q63ElvLBnpqN43rx6Ab5hpBsxp3Qq7exogehLps2GJ_34xQpA5bhR8QIxn1k5bSgo2uOSoBv0uS_4eDTlEBhGNCv-Hd0tJir7vgKhCRZaS1uuaMQhubjRL3MlcSbuR_3wmbsmLqrARy0R5K04ugmaDEBFeiv0akE1tUu5KvMNdgRrHTSDiJDMuo65qtYBPDjbqp5Lm_GyMcHzl84pei7SKb1NE0UL-hqWRiAS4IsO41aR6_DK-ms5s5BfhG52Uu0JOOAeq4h_Ca1K1fLQxvM1_bt3d-ZvEu4gaNpWdxMjT-6ryQBCWX838kKIdymVYTqh1M0erPuKm-pyjQyvOLRINIcplFFK4mwPaOwyiUeIcwPCMebKY0uHFvjrCEfqp5mFjXm6wASju4GC5wPgBAOQBgGgBk2AB66xi84CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQIAKA5gLAcgLAYAMAbAT8fWrEcgTmqzA3gPQEwDYEwrYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM%26sig%3DAOD64_1glGDAf_IfXWd_xPnvluR-Gsorjg%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-B51URJTG6msbEt0s2n6b7xo9C1uBCaGxpF4Bewu8oafWh3t4jN7UmEB3ig8qKGjMoGII-CWnIwlJCpWUGB4xyFfdDFMIbiGWPqbBLclBY39tTzavPHdbl_7ayp-5afR_Pz_oG8wK5q1QqOBL_MWkzE0MFVzHEOZZYo_-y6r_RvdwQwEvo%26cry%3D1%26dbm_d%3DAKAmf-BtX9ZCAPEaqaATXhsCEoB3SuX-kzo7ZoG7Yq80s3aJteOG1R10LjLM1xkiKJZjasqVxWfncae3N7BBaNYHluveKBir3phsYcOZpXvsjRPu-6CWt0RV7-Pf-u8X1nv4gonBwBuV8OKfUd8HsVYf8Z79Sib7tTDwQzAJBZJqjP7yjrCHXlG79whOnbrvkfb4TJ941d_2j62OtPJDc1awScvSAzLu_knBM2ojYEQVIJxGEBb9SpFjCcX2MuOoZJs66YVLf50gF3aF85waPdN4UEyAPK4EUZCILY6rLoC-BHGOwJI84_Aj4p3lHpTrImSUdaluNVuwiPy9IDCboxz6NRBCj-v0dw9EBWt1W7f5uJ40SOnAwpFTKRXhsU5beSK_P5pQmKRlYLRrFERhk9VNKD-oDhPbK95C39LB5FxY991qCdLlkizKFGtMPqNVG5RUSEzoT6XlI_pfb1ytnyjeVH3ZsY4XcFkf-OFpFgKcrRpGakDCnsSx0j5xHsO8zQDZozkirXS5Pvj2LesDTX7bN7OUnQIVMrPBLai9AN-77TIdMkOALU0%26adurl%3Dhttps%3a%2f%2fwww.adtrek.co%2fadserver%2fclick%3fcc%3d678d19d1-9bf6-4282-b96d-5173d5d41281&ord=1670543724890345
Requested by: Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.63.31.162 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-63-31-162.ap-southeast-2.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 5653c74311fd551f5983ae64e616ebe69a3b9db4fe259f47e41703eda307a42d

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

Cache-Control: no-cache
Connection: keep-alive
Content-Length: 26400
Content-Type: text/html; charset=utf-8
Date: Thu, 08 Dec 2022 23:55:25 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 5.2
X-Powered-By: ASP.NET

GET
DATA 200
OK truncated
/ Frame F730 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4dddfe756111e83d6c726e981d0b57f7823a3d221fa2aecc81c59244fba56415

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 86A2 106 KB
38 KB 835ms
279ms Script
text/javascript 172.217.194.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f148.1e100.net

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Origin: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 09:20:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52522
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 09:20:05 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame 86A2 8 KB
3 KB 269ms
269ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AY93MZVf0oWjeAis2LS7MPajBpvDDJ1TPXzVFz_BaA_-KapvVFGeGqmpTVBblg0XIhedL1JnNE7WVg8axIyG-8DnCoBg&cry=1&dbm_d=AKAmf-AKc-es_GSIHqwKMw2hzdZJbTMcSHC9F5JnzPXl_N7f2-EjZ0gtJ5ouLROWP8UaTeTiCcZYnX0vLru-_2794ZugPCHZmTN3HMOtBwzoXurcZ0gNyTQox-5GRwBWkMqiQJJp7kWX6AHhxU4Ttr05Vs2xKb7-Mqfx4l8n0Z4BU-EzY8MUYxWAjr18j_z5yBk7TOGwDoL1AT3KNCUqjBcC0r2oIv_3n8WOfZnI3OeC8EZJSJmRd_qpQrBfrRUZJTcszNpVjjjIkl90VqH7CrBGTl4nCm-FO5AFage-_DLs-gCdOSevBYnlx8-eHjJQbiN5sdiX-5whDTqpLq7MVBewZi6eRl-6jE4wjHAz8rUmROpLlr1H4QQkd8smYAKr-wU58V3UGlDgf2zGP8WVgmQBrYw2DzvMUUAkeFMhHi0oWz9lEiLMVk-l6gmRm6-gmBsTAoVdt-1NHlgBjTMVEGsWjAysOoBkiwRV9NhBguR87Pxn457EGWgl2Ew0rOaBNrpZSrGJkHW0nXotKMttbrkwo52HNnoNcjQfwWYngsU7Jd3YztvilcsjP9aMYHWrT0yjcTk6vAyh5nce7RvAdGlAPhUn8BP7A6nvq-1ADP9d0qtq6812ODl0ftWBGW6625uNIDpN2YPod2COLuP5KW39SO8rrFX2p-0RnnJdvRghXpppVKODz71iAErDd2YTCFayT3BNgzJJBpPjn-Me9Aci__BYmI7O5vtWYgwlKrEsPotD8MbXDudPyNsP7BRSUv_JM49xC8epoGCs07QpXF1gPPhnJk69E_NE-B9TcsHRGGqkNK8pTbr6DRF-jQ0YVOAst3ziQnMNkc0DtaUYKzSJr5ObcnZjqfrdgqNaCOQ_B4-yfuPXVP91P8JwwS2oEoEZh3QnWAblge9G_NeuWqnt4YDRZEqulay5p2oNn8PM827hmjvJbsT-UKQ4b3h4bKVLhpv62XtUygtixGuohBaI_IKpyyyZMvDW5OuipBItnMM87FRH8LvZgciQ5ZXnK0slPs6OHsYnA89ecWt7MHrqIiqzZ5M4GullwntXgBjXL-I91W4pVI9WwyC5MUBjkCHHA1Kcels5t4bqB7ghOhDcJM_VddGwa5BLNXlerUaGeBg9J6HONTPt5Rr_kiGiJcaEjLQCqWQX6dq52rYkWmJOdm-yPNeKC2Jw93zImJJApyAEZnKStZmPB3uuC6CDdWSOIwevpwgrX2hBUOrvVfUHbF3b7ffZgtAAy72IBR9oC-LWPDuP2I3hvdjaB2AaTGWamXsvVorvV7We5B-KT-PYM9m_F7k4XCPEwaxvqFR4oEF1RBv2EGPfzCfh5-IrUTypuuQ4uwgLXzijhhr3_4ioJb8ywSR9BumWDPqXRqEk4wQu5ievvY9zerEwjpdMWTqWHniB0IUKOFE-y1xAXR-CBPEmX10zqx2FACyjotfz4F7tUeXfroiDrBzpZmM6LqmCxTVbEqYGCKYFd1Dz4ylfC3g6IqEpeE_0NtOiuBx_MSnqdDHj1KosJrx3SUDfDHEdS7oil0hP0t39qOoo2wOVKGjPpHyd6lHFc87fayVYZ4eivt79wKszTmiF-jwNPUGpssdJeON07y93jvas8MJnqllWbogKLqPPvopk5zhyTOPAO1xjggh7-mDCgpyN6T1Kd1VUoon1Y0iYcac_znu7MRo1w-Zb1pKuUzZ2sOQnc3UGQd3t7-aeZzijrAwuqn3Y19Jw43Bcvrw-oEzrJ1YuDsRj1NqfEoSraf-QAsLjxjMe_6TOJtV_79lw4avQ-ZpDiGHmJghlpgiEtyw2jDBlDtkA6BUD-zxIMCgssdDjus3fxikklf0sxUYZgdg9JQliAra6Ml1PuWX8iQh8TxyXFdlDHWViGaYfxNGsO8tMiCGD0188_7c3fy9mIKKlhKav71fljKYKaGN2HFd8OVfkFWxjGngQ2NbF0duCdGdcQvQAT_eMPq5h9TV5ilpNFwHBVn3uHsBPH2fa97xaB9nM_gRz1Ed-kZ_EYVzyHHO3HNIZQga2v0h3mIBOlbn0CzctID2Tprl4kfAYXEh5uc8TOxG0xCOQpTVjxEzmMKpvnQK-Xa39toS4xsdUXTklF1lezJGFp7jVvSCv6wWq22XPMWkroN7cGV6qGce9yJkhBZVtAWfbDD1mp8QnJvYu50LPvo7edPJKDHEcpcRUJ5M1CGY78jqbRSe6MB0_Bq_2QQkdS7z1rpUNpv4gVcdWnVOk5HVWumYTg1NzlDcCgBCBPZnZ6A6QInvrkGhMv1P3MntDOgeRbAAaCWLRYVsSQ61llfxP_z8wGhuGv3_BLFfRJxFGv8YVvZhecs2FeENidh3LTvy4drnvXcbU8ezw_QQF-GoBUnvaVkO9vK2oKKObPV9s8N29FxfeM1xK61200bV5iiFPBJ6dIy6vd1Ww_MYBD4JbJVgemFfCwsNIZZsTwsBb4EokoHfAr2qA50oM80Syjq4ivsnQ_Vud_U5yQdBCmJld5fvRSZd5FjjzcHDLG9fI-pbM_sSRZnctPAkYIzUcCJDs_kBnRXNx9ljG0ERSs7sRGzreYtw1-XiDg0l4v4xoo7JjEc8WHwWQ3ahkyPtb83CxR889Xsmh1mp5Dqzdc1c2JrgqDZlWFmAhpVmZIyRpnhrxZxGekacP3ow3SYXuiZi3yEUOq7SmpqWD1yIWxUQxST4AJtO94zjul-a8dLX3OT9Vf1OpxvJyfdi_Ku5TmTJ6TQxTbZJgmMUkw57kYet_ZWP58ro5GwXuMAmHWHYLsDQJ8HjKjdSRv9rdjiWZGnfYPMi68dWjf2pMvWMsEiTkRjfPEoXofJwFvuBKYp0GAIqinzN8iqNQzhvKtETB_Hzyq7dI9iUmKUYdMDL8a4sZC27Mquoxz-WBzE-7uENKOJXisVh6QZvxdzSs5dxlmAFK-IIHcCcmR6oozW8LIKAYNyCGtKJCzpGTgXPgvQIXy2KFNS13a2UIrGsrsx3q_gXi3BoO8CRcZHa7HcEI1Tf8bhKL2jBcXBF2wLabjPf4H2KHJBxCxsXCYylym33fSlIKpH_8Ml1dodwUdLWldyAjosy96uAu7wwD5kYXTJLJy2clX7YUfw3qAN_ILdXDcPvS6p75ZZba3v03FdIV__nnQDEWJoSAp_8MazcZ4ZZRQoa_Os2wyG_Omwi8unYifJcUSf8p0V674vSrokXuUf_DYj4DTBGXpcHT74JVyA3TwqNW_trecRTfKlhUnDMOlJB5zY_2kJwikZ9j4dYTrOsWgGuJUInRd3siUFqKNoNII3ERyOFJqSDzVE8ThsFiL1X18E2E7HotX4ZdB3akZjXPYo5HL6N7Wpqq-9i0fybC9knJHbM94LHPOBsQMjKhyFU2rej9XbPl8Y441UC-f8c70BHQFRRpyXULZlPMqX4p4TfgAXI25TTtv_vVXgm0dIsBx-jljeMEHVDi83GV8jPPWWWvsNoujt60pZlCcEhvhZKraCx6Fc-tdP7R-ukIjD1kfXk&cid=CAQSTADq26N9e_rVLPE1nYNRqnSX7CFfojtYDPdP2oR2tWpiO2Mne0tXxadiJqe0ojXQEMdBDeLTJAnTzVSvGkwvZheuycjasytVQaCEZ1sYASAT&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 15:52:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28989
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 15:52:17 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 86A2 30 KB
11 KB 272ms
272ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 00:18:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85028
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 00:18:18 GMT

GET
DATA 200
OK truncated
/ Frame 2250 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdfb4b4fcca97deb8ce5bc747b42b71505c01c8548a4a798946940026028b585

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 86FC 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b57727a09f300e12cc61537b1ea29b12dfaba32b2c7e586360de741d92e8fffe

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D1EE 22 KB
8 KB 272ms
269ms Document
text/html 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 138231
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 09:31:36 GMT
expires: Thu, 07 Dec 2023 09:31:36 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame B80B 28 KB
11 KB 296ms
296ms Script
text/javascript 142.251.10.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal113.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f156.1e100.net

Software

sffe /

Resource Hash

c9406a92f81fad251295cd64386a8bb62ee7503f589ae1b96893faae2f4fcb18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:01:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3236
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10900
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 17:19:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 09 Dec 2022 00:01:31 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 86A2 41 KB
15 KB 270ms
270ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 18:55:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 449973
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Dec 2023 18:55:54 GMT

GET
DATA 200
OK truncated
/ Frame 86A2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 487b7fe2276a8020ccc561492b1026a2961a7eec82944fb0c758db06bb890ed6

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame D1EE 36 KB
16 KB 270ms
269ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 124748
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 13:16:19 GMT

GET
DATA 200
OK truncated
/ Frame C85F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 28afd47b728bfa375ba5d36188c5e9e8684a48441b1b6be8fedf43558b452c53

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 impl_v92.js Show response
www.googletagservices.com/dcm/ Frame B80B 60 KB
23 KB 274ms
274ms Script
text/javascript 142.251.10.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v92.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f156.1e100.net

Software

sffe /

Resource Hash

8acf96115cb55ad61bfdc24b7918a946d1b983ac14062a584dbbe8744021430a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 14:42:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 292392
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23563
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 16:32:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Dec 2023 14:42:15 GMT

GET
H2 200 IW4r.js Show response
cdn2.d4.digital/AdServerFtpJson/eRMr/ Frame 2250 691 B
1 KB 642ms
335ms Fetch
text/javascript 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn2.d4.digital/AdServerFtpJson/eRMr/IW4r.js?cb=900108459

Requested by

Host: cdn3.d4.digital
URL: https://cdn3.d4.digital/libs/d4adlib.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a0043efcca7a674117e41cce050edd1e6598edb6ca5153cb3859a2808dbb5792

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ua-compatible: IE=Edge,chrome=1
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests
date: Thu, 08 Dec 2022 23:55:27 GMT
x-azure-ref: 0b3mSYwAAAAAseEAIb7iRQ5W+q1dLuzP5U1lEMDNFREdFMTIwNwBjZWExNjNiMS03Mjc3LTQ5Y2EtOTg4OS1kODdjOTZiNTk5ODk=
x-cache: TCP_MISS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: public
access-control-allow-headers: Content-Type
content-length: 691
expires: Thu, 08 Dec 2022 23:56:27 GMT

GET
H/1.1 200
OK dv-measurements3317.js Show response
cdn.doubleverify.com/ Frame 12BC 552 KB
106 KB 265ms
264ms Script
application/javascript 23.52.171.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements3317.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.171.81 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-52-171-81.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: e71922ba9eed9d98158859ef8fd8c83fd817943005acddd4166cde52a04f5aa4

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:27 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Dec 2022 09:45:11 GMT
Server: Microsoft-IIS/10.0
ETag: "80ad389920ad91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 108147

GET
H2 200 Enabler.js Show response
s0.2mdn.net/ads/studio/ Frame 03AC 136 KB
46 KB 575ms
273ms Script
text/javascript 172.217.194.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/Enabler.js

Requested by

Host: www.adtrek.co
URL: https://www.adtrek.co/adserver/frm?cc=678d19d1-9bf6-4282-b96d-5173d5d41281&clk=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCrTc7bHmSY-mrNs7cz7sPzIOziASivKfjbImF7Y3XDtnN2ZOSMBABIIabpJABYKvssYXgGKABus70sQHIAQmpAh4c6YtaZKU-qAMBqgSlAk_Q63ElvLBnpqN43rx6Ab5hpBsxp3Qq7exogehLps2GJ_34xQpA5bhR8QIxn1k5bSgo2uOSoBv0uS_4eDTlEBhGNCv-Hd0tJir7vgKhCRZaS1uuaMQhubjRL3MlcSbuR_3wmbsmLqrARy0R5K04ugmaDEBFeiv0akE1tUu5KvMNdgRrHTSDiJDMuo65qtYBPDjbqp5Lm_GyMcHzl84pei7SKb1NE0UL-hqWRiAS4IsO41aR6_DK-ms5s5BfhG52Uu0JOOAeq4h_Ca1K1fLQxvM1_bt3d-ZvEu4gaNpWdxMjT-6ryQBCWX838kKIdymVYTqh1M0erPuKm-pyjQyvOLRINIcplFFK4mwPaOwyiUeIcwPCMebKY0uHFvjrCEfqp5mFjXm6wASju4GC5wPgBAOQBgGgBk2AB66xi84CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQIAKA5gLAcgLAYAMAbAT8fWrEcgTmqzA3gPQEwDYEwrYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM%26sig%3DAOD64_1glGDAf_IfXWd_xPnvluR-Gsorjg%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-B51URJTG6msbEt0s2n6b7xo9C1uBCaGxpF4Bewu8oafWh3t4jN7UmEB3ig8qKGjMoGII-CWnIwlJCpWUGB4xyFfdDFMIbiGWPqbBLclBY39tTzavPHdbl_7ayp-5afR_Pz_oG8wK5q1QqOBL_MWkzE0MFVzHEOZZYo_-y6r_RvdwQwEvo%26cry%3D1%26dbm_d%3DAKAmf-BtX9ZCAPEaqaATXhsCEoB3SuX-kzo7ZoG7Yq80s3aJteOG1R10LjLM1xkiKJZjasqVxWfncae3N7BBaNYHluveKBir3phsYcOZpXvsjRPu-6CWt0RV7-Pf-u8X1nv4gonBwBuV8OKfUd8HsVYf8Z79Sib7tTDwQzAJBZJqjP7yjrCHXlG79whOnbrvkfb4TJ941d_2j62OtPJDc1awScvSAzLu_knBM2ojYEQVIJxGEBb9SpFjCcX2MuOoZJs66YVLf50gF3aF85waPdN4UEyAPK4EUZCILY6rLoC-BHGOwJI84_Aj4p3lHpTrImSUdaluNVuwiPy9IDCboxz6NRBCj-v0dw9EBWt1W7f5uJ40SOnAwpFTKRXhsU5beSK_P5pQmKRlYLRrFERhk9VNKD-oDhPbK95C39LB5FxY991qCdLlkizKFGtMPqNVG5RUSEzoT6XlI_pfb1ytnyjeVH3ZsY4XcFkf-OFpFgKcrRpGakDCnsSx0j5xHsO8zQDZozkirXS5Pvj2LesDTX7bN7OUnQIVMrPBLai9AN-77TIdMkOALU0%26adurl%3Dhttps%3a%2f%2fwww.adtrek.co%2fadserver%2fclick%3fcc%3d678d19d1-9bf6-4282-b96d-5173d5d41281&ord=1670543724890345

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f148.1e100.net

Software

sffe /

Resource Hash

bf6ec42c97f86957a324a484a37dd528b568a9ff2570965be53e6ec4b0dfdae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:40:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 881
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46978
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 19:45:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 08 Dec 2022 23:55:46 GMT

GET
H/1.1 200
OK dyn-hype-multiitem.js Show response
www.adtrek.co/Scripts/Inserts/ Frame 03AC 11 KB
3 KB 142ms
142ms Script
application/javascript 52.63.31.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.adtrek.co/Scripts/Inserts/dyn-hype-multiitem.js?v=1-4
Requested by: Host: www.adtrek.co
URL: https://www.adtrek.co/adserver/frm?cc=678d19d1-9bf6-4282-b96d-5173d5d41281&clk=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCrTc7bHmSY-mrNs7cz7sPzIOziASivKfjbImF7Y3XDtnN2ZOSMBABIIabpJABYKvssYXgGKABus70sQHIAQmpAh4c6YtaZKU-qAMBqgSlAk_Q63ElvLBnpqN43rx6Ab5hpBsxp3Qq7exogehLps2GJ_34xQpA5bhR8QIxn1k5bSgo2uOSoBv0uS_4eDTlEBhGNCv-Hd0tJir7vgKhCRZaS1uuaMQhubjRL3MlcSbuR_3wmbsmLqrARy0R5K04ugmaDEBFeiv0akE1tUu5KvMNdgRrHTSDiJDMuo65qtYBPDjbqp5Lm_GyMcHzl84pei7SKb1NE0UL-hqWRiAS4IsO41aR6_DK-ms5s5BfhG52Uu0JOOAeq4h_Ca1K1fLQxvM1_bt3d-ZvEu4gaNpWdxMjT-6ryQBCWX838kKIdymVYTqh1M0erPuKm-pyjQyvOLRINIcplFFK4mwPaOwyiUeIcwPCMebKY0uHFvjrCEfqp5mFjXm6wASju4GC5wPgBAOQBgGgBk2AB66xi84CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQIAKA5gLAcgLAYAMAbAT8fWrEcgTmqzA3gPQEwDYEwrYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM%26sig%3DAOD64_1glGDAf_IfXWd_xPnvluR-Gsorjg%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-B51URJTG6msbEt0s2n6b7xo9C1uBCaGxpF4Bewu8oafWh3t4jN7UmEB3ig8qKGjMoGII-CWnIwlJCpWUGB4xyFfdDFMIbiGWPqbBLclBY39tTzavPHdbl_7ayp-5afR_Pz_oG8wK5q1QqOBL_MWkzE0MFVzHEOZZYo_-y6r_RvdwQwEvo%26cry%3D1%26dbm_d%3DAKAmf-BtX9ZCAPEaqaATXhsCEoB3SuX-kzo7ZoG7Yq80s3aJteOG1R10LjLM1xkiKJZjasqVxWfncae3N7BBaNYHluveKBir3phsYcOZpXvsjRPu-6CWt0RV7-Pf-u8X1nv4gonBwBuV8OKfUd8HsVYf8Z79Sib7tTDwQzAJBZJqjP7yjrCHXlG79whOnbrvkfb4TJ941d_2j62OtPJDc1awScvSAzLu_knBM2ojYEQVIJxGEBb9SpFjCcX2MuOoZJs66YVLf50gF3aF85waPdN4UEyAPK4EUZCILY6rLoC-BHGOwJI84_Aj4p3lHpTrImSUdaluNVuwiPy9IDCboxz6NRBCj-v0dw9EBWt1W7f5uJ40SOnAwpFTKRXhsU5beSK_P5pQmKRlYLRrFERhk9VNKD-oDhPbK95C39LB5FxY991qCdLlkizKFGtMPqNVG5RUSEzoT6XlI_pfb1ytnyjeVH3ZsY4XcFkf-OFpFgKcrRpGakDCnsSx0j5xHsO8zQDZozkirXS5Pvj2LesDTX7bN7OUnQIVMrPBLai9AN-77TIdMkOALU0%26adurl%3Dhttps%3a%2f%2fwww.adtrek.co%2fadserver%2fclick%3fcc%3d678d19d1-9bf6-4282-b96d-5173d5d41281&ord=1670543724890345
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.63.31.162 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-63-31-162.ap-southeast-2.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: f824af6240aaa57ba4104f1969365afa9b6904544545284db4a7469e6a94768a

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/adserver/frm?cc=678d19d1-9bf6-4282-b96d-5173d5d41281&clk=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCrTc7bHmSY-mrNs7cz7sPzIOziASivKfjbImF7Y3XDtnN2ZOSMBABIIabpJABYKvssYXgGKABus70sQHIAQmpAh4c6YtaZKU-qAMBqgSlAk_Q63ElvLBnpqN43rx6Ab5hpBsxp3Qq7exogehLps2GJ_34xQpA5bhR8QIxn1k5bSgo2uOSoBv0uS_4eDTlEBhGNCv-Hd0tJir7vgKhCRZaS1uuaMQhubjRL3MlcSbuR_3wmbsmLqrARy0R5K04ugmaDEBFeiv0akE1tUu5KvMNdgRrHTSDiJDMuo65qtYBPDjbqp5Lm_GyMcHzl84pei7SKb1NE0UL-hqWRiAS4IsO41aR6_DK-ms5s5BfhG52Uu0JOOAeq4h_Ca1K1fLQxvM1_bt3d-ZvEu4gaNpWdxMjT-6ryQBCWX838kKIdymVYTqh1M0erPuKm-pyjQyvOLRINIcplFFK4mwPaOwyiUeIcwPCMebKY0uHFvjrCEfqp5mFjXm6wASju4GC5wPgBAOQBgGgBk2AB66xi84CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQIAKA5gLAcgLAYAMAbAT8fWrEcgTmqzA3gPQEwDYEwrYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM%26sig%3DAOD64_1glGDAf_IfXWd_xPnvluR-Gsorjg%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-B51URJTG6msbEt0s2n6b7xo9C1uBCaGxpF4Bewu8oafWh3t4jN7UmEB3ig8qKGjMoGII-CWnIwlJCpWUGB4xyFfdDFMIbiGWPqbBLclBY39tTzavPHdbl_7ayp-5afR_Pz_oG8wK5q1QqOBL_MWkzE0MFVzHEOZZYo_-y6r_RvdwQwEvo%26cry%3D1%26dbm_d%3DAKAmf-BtX9ZCAPEaqaATXhsCEoB3SuX-kzo7ZoG7Yq80s3aJteOG1R10LjLM1xkiKJZjasqVxWfncae3N7BBaNYHluveKBir3phsYcOZpXvsjRPu-6CWt0RV7-Pf-u8X1nv4gonBwBuV8OKfUd8HsVYf8Z79Sib7tTDwQzAJBZJqjP7yjrCHXlG79whOnbrvkfb4TJ941d_2j62OtPJDc1awScvSAzLu_knBM2ojYEQVIJxGEBb9SpFjCcX2MuOoZJs66YVLf50gF3aF85waPdN4UEyAPK4EUZCILY6rLoC-BHGOwJI84_Aj4p3lHpTrImSUdaluNVuwiPy9IDCboxz6NRBCj-v0dw9EBWt1W7f5uJ40SOnAwpFTKRXhsU5beSK_P5pQmKRlYLRrFERhk9VNKD-oDhPbK95C39LB5FxY991qCdLlkizKFGtMPqNVG5RUSEzoT6XlI_pfb1ytnyjeVH3ZsY4XcFkf-OFpFgKcrRpGakDCnsSx0j5xHsO8zQDZozkirXS5Pvj2LesDTX7bN7OUnQIVMrPBLai9AN-77TIdMkOALU0%26adurl%3Dhttps%3a%2f%2fwww.adtrek.co%2fadserver%2fclick%3fcc%3d678d19d1-9bf6-4282-b96d-5173d5d41281&ord=1670543724890345
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:23 GMT
Content-Encoding: gzip
Last-Modified: Wed, 27 Apr 2022 14:29:24 GMT
Server: Microsoft-IIS/8.5
ETag: "0fa1131435ad81:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2968

GET
H/1.1 200
OK pol.jpg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 11 KB
8 KB 496ms
154ms Image
image/jpeg 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/pol.jpg
Requested by: Host: www.adtrek.co
URL: https://www.adtrek.co/adserver/frm?cc=678d19d1-9bf6-4282-b96d-5173d5d41281&clk=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCrTc7bHmSY-mrNs7cz7sPzIOziASivKfjbImF7Y3XDtnN2ZOSMBABIIabpJABYKvssYXgGKABus70sQHIAQmpAh4c6YtaZKU-qAMBqgSlAk_Q63ElvLBnpqN43rx6Ab5hpBsxp3Qq7exogehLps2GJ_34xQpA5bhR8QIxn1k5bSgo2uOSoBv0uS_4eDTlEBhGNCv-Hd0tJir7vgKhCRZaS1uuaMQhubjRL3MlcSbuR_3wmbsmLqrARy0R5K04ugmaDEBFeiv0akE1tUu5KvMNdgRrHTSDiJDMuo65qtYBPDjbqp5Lm_GyMcHzl84pei7SKb1NE0UL-hqWRiAS4IsO41aR6_DK-ms5s5BfhG52Uu0JOOAeq4h_Ca1K1fLQxvM1_bt3d-ZvEu4gaNpWdxMjT-6ryQBCWX838kKIdymVYTqh1M0erPuKm-pyjQyvOLRINIcplFFK4mwPaOwyiUeIcwPCMebKY0uHFvjrCEfqp5mFjXm6wASju4GC5wPgBAOQBgGgBk2AB66xi84CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQIAKA5gLAcgLAYAMAbAT8fWrEcgTmqzA3gPQEwDYEwrYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM%26sig%3DAOD64_1glGDAf_IfXWd_xPnvluR-Gsorjg%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-B51URJTG6msbEt0s2n6b7xo9C1uBCaGxpF4Bewu8oafWh3t4jN7UmEB3ig8qKGjMoGII-CWnIwlJCpWUGB4xyFfdDFMIbiGWPqbBLclBY39tTzavPHdbl_7ayp-5afR_Pz_oG8wK5q1QqOBL_MWkzE0MFVzHEOZZYo_-y6r_RvdwQwEvo%26cry%3D1%26dbm_d%3DAKAmf-BtX9ZCAPEaqaATXhsCEoB3SuX-kzo7ZoG7Yq80s3aJteOG1R10LjLM1xkiKJZjasqVxWfncae3N7BBaNYHluveKBir3phsYcOZpXvsjRPu-6CWt0RV7-Pf-u8X1nv4gonBwBuV8OKfUd8HsVYf8Z79Sib7tTDwQzAJBZJqjP7yjrCHXlG79whOnbrvkfb4TJ941d_2j62OtPJDc1awScvSAzLu_knBM2ojYEQVIJxGEBb9SpFjCcX2MuOoZJs66YVLf50gF3aF85waPdN4UEyAPK4EUZCILY6rLoC-BHGOwJI84_Aj4p3lHpTrImSUdaluNVuwiPy9IDCboxz6NRBCj-v0dw9EBWt1W7f5uJ40SOnAwpFTKRXhsU5beSK_P5pQmKRlYLRrFERhk9VNKD-oDhPbK95C39LB5FxY991qCdLlkizKFGtMPqNVG5RUSEzoT6XlI_pfb1ytnyjeVH3ZsY4XcFkf-OFpFgKcrRpGakDCnsSx0j5xHsO8zQDZozkirXS5Pvj2LesDTX7bN7OUnQIVMrPBLai9AN-77TIdMkOALU0%26adurl%3Dhttps%3a%2f%2fwww.adtrek.co%2fadserver%2fclick%3fcc%3d678d19d1-9bf6-4282-b96d-5173d5d41281&ord=1670543724890345
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 58dde54f34d363e7e96cdc4e5e58b2e74378d6055706bf278e8764d38762ab9a

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:28 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: ZYV3Q962PBP8J2VA
ETag: "2c87bb4cf3065a352b350af25e112030"
x-amz-meta-info: polite loading image
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 8042
x-amz-id-2: 27aBbYnMESs68MK5mMLxHjySdUDC+/TZzCng47XA6rrocNlcmHvH1G+53NdPa9/v9MAkWsYUyyE=

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1E1B 22 KB
8 KB 270ms
270ms Document
text/html 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 138231
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 09:31:36 GMT
expires: Thu, 07 Dec 2023 09:31:36 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200 1102.json Show response
id5-sync.com/g/v2/ 462 B
1 KB 1189ms
394ms XHR
application/json 162.19.138.116
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/1102.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.116 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533567.ip-162-19-138.eu

Software

Resource Hash

5406ba1199c9dedc613404bb740696062edf3508968f69fe1ae81c02f26eedfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 08 Dec 2022 23:55:28 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="CAO PSA OUR"
access-control-allow-credentials: true

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 33BE 22 KB
8 KB 272ms
272ms Document
text/html 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 138231
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 09:31:36 GMT
expires: Thu, 07 Dec 2023 09:31:36 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK cGFzdGVsaW5rLm5ldA== Show response
tcheck.outbrainimg.com/tcheck/check/ Frame A578 15 B
462 B 730ms
235ms XHR
application/json 23.36.253.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tcheck.outbrainimg.com/tcheck/check/cGFzdGVsaW5rLm5ldA==
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.253.246 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-253-246.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 39d160e97e2bea07b0cf1c647259ffa4f0bd07069dba4e6c19a22d38b408510f

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:28 GMT
ETag: W/"f-ayLlCL3PuzXSThdu78iReSEjl6Y"
Access-Control-Max-Age: 43200
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=43112
Access-Control-Allow-Credentials: false
Connection: keep-alive
X-TraceId: 6ee6ddcd1d66475190712d50a953cf72
Content-Length: 15
Expires: Fri, 09 Dec 2022 11:54:00 GMT

GET
H2 200 px.gif
widget-pixels.outbrain.com/widget/detect/ Frame A578 43 B
341 B 237ms
236ms Image
image/gif 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:29 GMT
last-modified: Wed, 30 Sep 2020 14:22:29 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1601475749.911431"
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 43
expires: Sat, 07 Jan 2023 23:55:29 GMT

GET
H2 200 B9689862.280410797;dc_ver=92.271;sz=300x250;u_sd=1;dc_adk=1964084963;ord=uqrqco;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=!m... Show response
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/ Frame B80B 53 KB
26 KB 879ms
317ms Script
text/javascript 172.253.118.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280410797;dc_ver=92.271;sz=300x250;u_sd=1;dc_adk=1964084963;ord=uqrqco;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=!mYeGxi61V;stc=1;chaa=1;sttr=294;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v92.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f148.1e100.net

Software

cafe /

Resource Hash

736841655fbb23bb727cd85431c5cc82473ca2b32576a66787d12caee07ff57a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25949
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D1EE 0
20 B 274ms
274ms Image
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B55GAbnmSY8u_D8G89QOpgavIBwAAAAA4AeAEAg&bg=!BwSlBEDNAAYgquz3AKo7ACkAdvg8WmCkNijBL02lch2Ysf6Xw6xmbSesW9AALrhASih9434H8EO07QIAAABsUgAAAANoAQeZAuY60Z3ehxpo-hmROvSTLr0F_wMpb_K9PYgi9F4oRAqyfuEGXbQ2HxLhHx8rWfHhIHAZXAhZPq_VFgPVV9pXkMCRdABbMSTrpE4ImUrShaLAnMZw7kAwMHN4VdE-vpWXYMwA_-M7jRqkjVDXW-LoWyV1PlFrKNF7Nt8GcWwsTSoQQUNAIgtwH4X6O0hP-cRybCwdYEarKtM_y_sp2MpUT2oUutK0pm-qWWG_nuT7kb3JBt4rP4XswXhBS_y2joiqrsA7mDUduUxyJ9NDUp2qZwGz1rA0EIqDjS7xNXEBrFrK0kqKDjiIdZq0AlX_DIxGIAXCtCKM3EYWsjniAtYgebOvgw1p7XvqBo1HKl9SD1ZuvDtMx042J8jRmbpZBrNZEmlbuoQw_F0ytaD039qI4IJZpql9xCCIjvDwlmlqk6uCgxugJJBsN36vn-MdRnmRfYyu4H3ll8i7ABSAkyh1u07xuhgawP52GoZSJ-qr9r7qbhDbvq_GOr5j5xVQPagKZeekcEYde_oMgBmAalWQDx7ebSYlPexmpH4Mb4IcH7sdX-pRw2s-vnkpGWiOnFm0pB13QFkavaBZSKfV_QUKLA0EVpQ4xqnOX3ufLmW_jpjzWxG1IPZAOzjXRUQ5KEBerZkeyp9SbLmdrnnX2PEiTIkarjgnpyChyJpLXzYlBu-IPw_rNKHdNUheXfFAZ9gZmrReUAvj-wnEq2CD5J-AhGvx5xEzUxsWRj4tE5XMwTTMOJga8weSO02AmXFWQWD6GL_j7zKvqCLi-SUFoIsxkSmoD9srOUSOs1_YzyHqzR1571B0pTspH0j_IVNPfvETK8k5f1AdohU71aVVgo8t2kTiExQTnsgCgRJTJoIVkXwEwtZvN6zHe8Qq5ADoVZrxowklGSvr4jQtuc46h-MxVWZydEVe1alIhr1HQhHqyoJ02OQPbtfP31sdRR6_qEhJ2OhzGW0I-Wx7G2eIhdOgPZquKEGiJu46

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame 1E1B 36 KB
16 KB 272ms
272ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 124748
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 13:16:19 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2250 0
0 577ms
275ms Fetch
image/gif 74.125.24.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDMN9CA8ZCx9LSargE9of2Xdxi3PsmWUZh4slnZVCm31hXsdoFghvUu1QrXf6ugR5Kl85W_1KFI_LaqoxnQX_GHpOqxqZ-Ok5WQ46kfJaiDGCvoYX07h0sbDHXlRAft8lIOO9qIIqpr6STSHMLMO36S2_MfcUgJ8RDHnsLE4rBQyYceCv7A0E6tNXDu2y7DQ4B3VIUPpOB0xm2oNrfhpOKPe3YaK5Z_r1yo4gAUYGjyoDFaRO5yrcIOKJcor_LHzIuQdRJogXPtHb_IyOMmUlnGGqfEjEcyRwmUY6PMSJocT-_N1OwXyWxI9fXm5lIQi6-pYGYyDzQ138K2LLQ6fZ-Wz1RRR1lLucALcKSKH1o07xtH1-NmBFfHZ-fYgjnguZPjw8XsewkYeH7g4feBCNYs8IVK_Razqsqc5Jt28z95siytjGT9wvNI3a70VrX7ET1dQ7OwIsiI_MmimNI0lQ6F7dumSzHY3v27K742VCVp8jRjUiPGFx6ym0OLX8C0WGEtSz7MFE32ZOVH0cU8nE-tKke9HO9glNsmERr8GE0RKQ7KzZbwVLSJhLbozruXUyc1mAD3pgOBBVTwMgsKKHeud-lQHn8ARRv_I8lJm32Cg6ep6PDiC9xWa4MozTEQ6yVtfkOBqU0m6IwaGCr2iLgo3GpWcVyn0Y2jFExRIt8rRVElP9gWYfaFrzxnk7hBzbUgMNDnm-v2b5mAbUkSAxCFRyUZsODeI_OKHha0FU0Y8B8rhkmOJMGOjg7JKB4M5MbQSpMXFj79lWhA225kgbHMH7ETFFVQjAJlSdsc09Iq850zadDW9vr3-UQN6zRWUDram5A6OvQ_pAu_aAQ342seDhGJ-QV0Puu0geBPBAnCpWaTR3OWucIIV7VbR7jPfZGKUKXJdBAZDW2WJaBezpWApNfkyrT5P197gedKcWrJZZLCQXQh0DTM05cfE27_mHJ7PmMsNCDcGSMp1_5efbX_OaHChFWyyUTIvtnoouEmYU80KPLOoh1QakPz35m6MQyxmMjKBuec_m9HlwKvXEzafxY01Pc_2wWzCWQ8ecdiObMFqdc5hM0ZFnQJ8yzoMr5zNPK-slB6-_DtQPGmfO2i5XznY9OPR6VobAARjHcL7fXd9BiaOovMCxxjEd7CWta2gTa_PZGff5IRv1R1aqJqQUY95cjtaEGR44ZBhtq7ZbZcewTns7kDVxbqGzfFJ9aZ9GT8dWUl1OWgv2J8UrNO92PJUBZi6b7EV9eT0U8IpUlxzgt8sLoKb7j6W9m6MO0WXG9qjn_1gI&sai=AMfl-YRefPq52ruFFJNrZ3dY1nA-KtMcKu2BZvK0PGMt73HqUOe7BPmbaONCOmx7g4WIGCix3zoH-4QiX5HmLB-ZnxfDySc_RQxfOwdAj-vMxOSnCQ98BOzvBL6ce8yAjle73kn05Gx1DlqCUB9AjQR7lwdfuRAAF53xSyjY35-miJ4kDFnykyYbZompjbRnJTR4wqS-MO_vaCIZ3PEh5D0hiakBwtq2--cIaJ1e6GlsC6xKWa7h9lrd2_VdtJjYvtBfHRwgDwA3cT1F_e11NyTFo7gTyw8VU2yNGV40Nu4&sig=Cg0ArKJSzNgFLYqUFOhaEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1440&vt=11&dtpt=1439&dett=4&cstd=0&cisv=r20221206.70547&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 08 Dec 2022 23:55:28 GMT

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame 33BE 36 KB
16 KB 270ms
269ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 124748
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 13:16:19 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1EA2 13 KB
5 KB 271ms
269ms Document
text/html 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 330874
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Dec 2022 04:00:53 GMT
expires: Tue, 05 Dec 2023 04:00:53 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CDED 783 B
1 KB 818ms
276ms Document
text/html 142.251.12.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f99.1e100.net

Software

GSE /

Resource Hash

9f1d44948a7c90fb1cfe14f759c2f18e0d080ab0ae264bf5a3cc05b67ecc9e1a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5p0WTFKKE0gFqqqBjCo_JA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-5p0WTFKKE0gFqqqBjCo_JA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 23:55:28 GMT
expires: Thu, 08 Dec 2022 23:55:28 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 86FC 0
0 576ms
275ms Fetch
image/gif 74.125.24.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstF6n9oY8lJ6fhitoPKTpYzPCpwHrsSVrZJhwkLz6RAVsAokTD55zYe7z1000Vv3KKqrTdEpLKfBQIdpEeu3sZShVCptcz4ZmGpQQJM3T6BHzfTECRkU-odGLOcXvDWDgQ_PbiXlhb6mTvelXt_gII_Q2RPs77vCWxByfhQcmjEjEiGe0uCboQOSypcOEtmrHBht6-0aK1CJ6g8E8BcrwB-ahn9QY_v_pzqCiCVDO8Ukb4UWa-OBt8PqyasLcA2Z3FJyKQMB1RdKOlg1cWSvr-6j_o5lMAp9kI12XkyfFsenPe7B4WP43C3PBuzGue-AkTI74BZmc84zLhyo2NmpqGJ6KDaAIJ6z13QXTjO7rqpD9P0Gj3ZzU07oMmHT8C2jwOQi5JDwjyLiyrpOAJ4dsNGKC1LkgH3ni7RY-PHigVLrNjG31rQE_Aq6VrpdQi1gjmMYsyMvfJsg_31tmW0paFDN82TeuZVkjq9KH_vKy9J-ZkxknO0VG-HtXNgz4IUsREBDnRbIOHPzSmvTxVoNt-8bkE1uSXm8pHbxMhekIzGoZ0ZkPEnZu6VxRb_QeamXB6D1X2kYPIrYUK8x9f1rVSUR8j87QNS6KXAtji6T0Zc4y5Vx9VAWLSzSc6iroAVx-GzjHx5XEW-dRRvC-JQZakhsd0pS3SrllDoaET2TvL9MvT0QsnqBw3HZ6AVd8eOc7kCo_NRrto6LfqN5qfhfjbQ7o6WT5ETboFTRqQUm4sMLXQ5YlqMxUcWrOpWag5EX4ouRji8RpKPR_UGt6Rsko8Oy1UsJeVKJKuvsQS_efD7JmZQX1Z0UnESqISp4yletJPewkL9eZls3qUMNn6_AMQTHayJt9lVuVmtYFu_OGL81rbaCugEsX-tOkAmIWMoLlfCkBhbyllKiOsyFF8mfUZyJ1AXrqAkFsWX40zeAoT3AlAQgQMQtdAO-DAdpPo8r1_AAkuD6jBo1Nw-gQyX0q0kyJGFCn0lPr7WHVHyfdaHiVfo1FwSUWjynog7GMClznvY-HUpa-Ien-pA7IA0U9tbxrYBsVOwRUL8TYDBk6mGTRyBBh66QyZ6roNo0meDg3SR3ocI4GNnSFNC6TvbkIk0QCslnnIHyAUUuhVl_zJpUmttglsp8zDcriE0dS87va9TvInfacQWCUNAUsVIG5cOyGMXJulJ6Q49aJnEkt-j7nSaes2b7dCPR1BLQj8htxOAmGBG56Uv00WXjwalGtuEPjJ_Fh5tT4ZZXjN0ClJPD6MgvLNopVXl72_HK2d4Vhimy0ZTDwzSAcOlH75rO7zDUBkmKEBKdoVrvhTeeviLTeErteX9421e&sai=AMfl-YQNe0Q0kt_pROR5ToPh2gXsbcWExBtQuur6n7_0UoTr0_Vm5ekvomfgfttt1DDGPm3YPXf_d6Xf0ovNTSLlPPbjpyYrUF6cdAzpokYSn5ZL9ZwMJj48_nB0WGjFdyV58-XTx59W9E636YB5mwFb0Wp4sNBz3RMMEMxWT6364CwLzDI5WdHqmxDAYdfUOdwmo5QR7Jam406nAA5Bm4FAh5jbrkIDUPXwwsmcEIiOURONUWA8uuOx4kywsn2FwwsW0l0xdPzuFcYd75pFGeLdFQIPiNkKMaFRPAPUK8k&sig=Cg0ArKJSzEYpUicEHAsJEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1343&vt=11&dtpt=1342&dett=2&cstd=1&cisv=r20221206.56243&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 08 Dec 2022 23:55:28 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 12BC 724 B
720 B 2053ms
240ms Script
text/javascript 34.149.43.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=560&ttfrms=29&brid=3&brver=89.0.4389.72&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETar9EEADTbpTauTaufgebdacc3cd4dh5fafg74f57d2aa4257%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&srcurlD=0&aUrlD=0&ssl=https:&dfs=1566&ddur=835&uid=1670543727919183&jsCallback=dvCallback_1670543727919861&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=250&winw=300&wouh=1200&wouw=1600&scah=1200&scaw=1600&dvp_isOnHead=1&jsver=3317&tgjsver=3317&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2F78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&fcifrms=13&brh=2&sdf=2&dvp_epl=215&noc=4&nav_pltfrm=Win32&ctx=25578344&cmp=28858185&sid=5376014&plc=352032870&crt=182826581&btreg=543391863&btadsrv=doubleclick&adsrv=1&advid=11963564&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_sukv=24411406.558994118&dvp_tukv=689865327.5311006&dvp_uuid=249384427449.62964&dvp_strhd=0.2999992370605469&dvpx_strhd=0.2999992370605469&dvp_tuid=1495902730554&jurtd=577604241
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements3317.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.43.113 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 113.43.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 5b67b38a29ae09a7512716b25c739464e5c3e85a98596c570f21901db1b114bd

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:29 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: close
Expires: 12/07/2022 23:55:29

GET
H3 200 300x250.html Show response
s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/ Frame 4070 6 KB
2 KB 277ms
276ms Document
text/html 172.217.194.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/300x250.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f148.1e100.net

Software

sffe /

Resource Hash

3af9dd00f817facea898c826029f7cc0c0301c249da1adff3872671046d64b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 100900
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2270
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 19:53:48 GMT
expires: Thu, 07 Dec 2023 19:53:48 GMT
last-modified: Thu, 24 Nov 2022 04:54:21 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 86A2 0
0 425ms
284ms Fetch
image/gif 74.125.24.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvbv7Fz16Qi6oMZMnDCNuG9gKDeqzkkdvPjPIoXZOG2UJK3NMsEmSy5ktLxvywBF8Z4kakhsniXuM2yXlNhIJre33rB9T-N1__w2iMMgvB4EC9OwpVPxpiN58uW6aeVOjl5Jv_g9TnT0ca4xsYbKei3MSGdYjlc-FpzBPVyKyfZj1FaufwBZSUbn36TQz4VqQ1SqQVgKoCg1AYvyfy9ClAsuzhc2QsLfgTuKjlT9UxuwYcXra-LBpKfw9fT3qEG92D3sajqduFTADg0QHEe7Eca9AuyNg4e1g3w3Q5gJ2dprZfaVquZHp6JW-QpFy-8RLfMg5_p04HO2SE5FQXcsWUZoeXNpsrCzsKBMo6YWT2akQVKYzVH0vLJu4fZISvCyxy3vqXWedOxetFL9GMRRdyGRphuBBTKpPLS315cbR8_ATxyQGuGaHz0PMYFF_cUu_gHt0VP0-JyoHrGhzeDD_DewGY8d8Km0vxZEqI0envFwML1-m4_rabO3QZNiO67a-FF-5bdGEvPgH7FditVb4t7WN8OBjayykqFhETLOxlkHqTEFrpenFAG-warCQUPB9-Zh5TMLEHB5rbcZIFP4kWoRts3oJD6pW9UEwkGRY5vxlcfE_4gyNbvSCefQ76Cl53fQQ0_4tq4lEqGuN6dsDCWYSrvpGAOtZdE7cKcyWdAJNBB7GyHzG0qSjoqy1GT2J0pMOO8LMRvRHCi7G-twRmTjNqgi6DOpvpwQ8yEkF7-UzamTwz4rAt1XThUdXn8J5yr3G_mvggJNt--uSEkKSx9Br3imt-a2vMcS42UlVtF1r30d3_WUMIelmtKMRsdO-PC3Pk6Sdf5M8mXUc9rqfvW2uGjLAWzGNUsz-9Ds53W99ZuqIcmsWYXW-ibMP6VcWXrHmLvLFVQW5z5ws05cAxkYtxZ1xYpGccNiZk2L3neIptz7PcJA9o76X_crF-oLTX4m_0yC_BE2RpE4JWJa2iZH2dO1fyCCb2Q8ZG4SOXHHAPgPgE_dVEfAFE6ylU7c_oYfOnJ46liVQX1QtFEwDnxcibzAzerOrGc1LdnwrdDlbiF2bDR2js4e-x5_GNbYKYgjgO_Pjce7aRbnWEEDrw2tR5lTE7w0nAtIl258lHnlVMv3LP8wuQ5vNar3BdF29Tx2DVMxcl6ByCWVFIks2vdAhO8eqDXS839ACPmD1ACAnXdBs0_VDCWLLqjhd4rxiR7tXgm52MUbC5nyoccp3thJQi8xZ6UyRbb0fbIcsGKZXBBRV8Jg4VTN-dxGYZkFGrVvtIq_Nj4SVgN40GYxhBLMvEH82uV9Vw2qjIaAM4VZtU6yLA&sai=AMfl-YQ54od3l7bhj0JDDYfaxSHNiPP-z1DUE5zST8hYZkWuQPAL9lZJOj6q7SlkB1oxSRaLWGlJPXH95TqrJlWxMjUTXYD2mvUEP5kIHxCPWBelqbwJuMnsRclv-pFE0veQRL93zD3Xq2tXdinlwhZedJfK3aiKaBvDf-sqUf44-ElmqaJgJIJ9b6RemV4dXdaorV-mF9VNJQ25qUFuwnadSE6cHGXSfBoK9DPAPNJ4FDTc7dQEzyjVZ64R8MPSjyZ5hvRhS8mRXf0O5R6ps6H1CaNYWFiBMNouT80XRtc8aw&sig=Cg0ArKJSzBDMd32QbWNREAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1372&cbvp=1&cstd=1369&cisv=r20221206.00356&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 08 Dec 2022 23:55:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 08 Dec 2022 23:55:28 GMT

GET
H2 200 index.html Show response
cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/ Frame 0AC0 2 KB
2 KB 195ms
195ms Document
text/html 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/index.html?v=1&lat=-36.8507736&lng=174.7644675&moid=&sd=&bid=14955&pid9153&adid=9618&cid=1073&d4Filter=&cb=900108459

Requested by

Host: cdn3.d4.digital
URL: https://cdn3.d4.digital/libs/d4adlib.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

6d90ab61b81cb8ed6a500d8827709bbc6ac5709f0a0eb8a2076c2a075f8b8f11

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-headers: Content-Type
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=60
content-length: 2114
content-security-policy: upgrade-insecure-requests
content-type: text/html
date: Thu, 08 Dec 2022 23:55:27 GMT
etag: "a46726969aad91:0"
last-modified: Thu, 08 Dec 2022 00:18:24 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-azure-ref: 0cHmSYwAAAAA6CgGWPDTVS7utDJGKdDYfU1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_MISS
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 /
imp.d4.digital/ Frame 2250 91 B
334 B 986ms
692ms Image
image/gif 34.160.184.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imp.d4.digital/?bid=14955&pid=9153&adid=9618&cid=1073&details=%7B%22Environment%22%3A+%22LVE%22%2C+%22Play+Type%22%3A+%22Display%22%2C+%22Size%22%3A+%22300x250%22%7D&cb=900108459
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.184.46 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 46.184.160.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 45ce129878be0393d96908fd5428d942be80691c39ae7b3a6a3a53ee42b371ae

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:28 GMT
via: 1.1 google
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: Google Frontend
etag: "315532801.0-91-3208645606"
content-type: image/gif
x-cloud-trace-context: cdaf8f3bb4733ac97734a70b7e711e07
cache-control: no-cache
content-disposition: inline; filename=pixel.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91

GET
H3 200 T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js Show response
pagead2.googlesyndication.com/bg/ Frame 1EA2 36 KB
16 KB 270ms
269ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/T3BTWj-SqXOOtsP36vZJ1esojObpW8ivZm_viBadolo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

sffe /

Resource Hash

4f70535a3f92a9738eb6c3f7eaf649d5eb288ce6e95bc8af666fef88169da25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 14:54:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118831
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 21 Nov 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 14:54:57 GMT

GET
H/1.1 200
OK dwce_cheq_events Show response
log.outbrainimg.com/loggerServices/ Frame A578 4 B
325 B 1155ms
289ms XHR
application/json 66.225.223.127
NTTA-3946

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1670543728266&sessionId=311ff415-daef-56f9-c6f3-1f097899bd2e&url=pastelink.net&cheqSource=1&cheqEvent=3&responseTime=756
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 66.225.223.127 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS: sa.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:29 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 2921dc729377b5525f29d35873462db4
Content-Length: 4
Expires: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F730 42 B
64 B 276ms
276ms Fetch
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssEbs7XBpEFUIe84DrEIYijg6vVKmjT3isHptEgVw8BfQcS0FqOVh3eCMPkk5UqAtYrTYMXKrPeF6SfIB5gry3hEIHS-FkUQUDEwA4FRjo5JkYXCmkclFEQO_9yJQOU8ML-yBE&sai=AMfl-YR9DugFLYsPryybnOnvGKE6iQ86NXhIchhAcmBWM8LxRq29_xs4q3ui1jwrgJYcXb88ooxRW8fpjHukQvXZr4FDUVOdR7dE7HNZEAv6tTmC5gXlgipzXi1KNpGMySUTdCsk9Nw7X_kKXTSrbIc&sig=Cg0ArKJSzHgEMWfS-dTNEAE&cid=CAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM&id=lidar2&mcvt=1027&p=521,1071,1125,1231&mtos=0,1027,1027,1027,1027&tos=0,1027,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&app=0&itpl=20&adk=3854452215&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670543725413&rpt=1837&isd=0&lsd=0&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame 0AC0 4 KB
544 B 275ms
274ms Stylesheet
text/css 74.125.24.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Asap+Condensed:wght@400;500;600;700&display=swap

Requested by

Host: cdn3.d4.digital
URL: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/index.html?v=1&lat=-36.8507736&lng=174.7644675&moid=&sd=&bid=14955&pid9153&adid=9618&cid=1073&d4Filter=&cb=900108459

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f95.1e100.net

Software

ESF /

Resource Hash

0aa1608c3222c18f45e70ad085c325c53da71247501bfd34bcf8bcb2f3023d5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://cdn3.d4.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 08 Dec 2022 23:55:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 23:55:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 08 Dec 2022 23:55:28 GMT

GET
H2 200 index.0920183b.js Show response
cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/ Frame 0AC0 9 KB
9 KB 175ms
174ms Script
application/javascript 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/index.0920183b.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

afa920d0e213aec2fad7541098bc96f18bab9a1adb7683439c2937845d4f248f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

Referer: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/index.html?v=1&lat=-36.8507736&lng=174.7644675&moid=&sd=&bid=14955&pid9153&adid=9618&cid=1073&d4Filter=&cb=900108459
Origin: https://cdn3.d4.digital
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests
date: Thu, 08 Dec 2022 23:55:27 GMT
last-modified: Fri, 02 Dec 2022 02:23:50 GMT
etag: "4a71421df55d91:0"
x-azure-ref: 0cHmSYwAAAAC4ppMbGVM+S5Aj53QHcrPyU1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_MISS
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=60
accept-ranges: bytes
access-control-allow-headers: Content-Type
content-length: 9029
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 index.0b22d302.css
cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/ Frame 0AC0 5 KB
5 KB 174ms
173ms Stylesheet
text/css 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/index.0b22d302.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

0b22d30287556a13a94182f6b4643699530f27961f028534503654618bab863e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/index.html?v=1&lat=-36.8507736&lng=174.7644675&moid=&sd=&bid=14955&pid9153&adid=9618&cid=1073&d4Filter=&cb=900108459
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests
date: Thu, 08 Dec 2022 23:55:27 GMT
last-modified: Fri, 02 Dec 2022 02:23:50 GMT
etag: "17e6421df55d91:0"
x-azure-ref: 0cHmSYwAAAACpURYkSt03TaUWwsaG1+kjU1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_MISS
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=60
accept-ranges: bytes
access-control-allow-headers: Content-Type
content-length: 4918
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 4070 236 KB
63 KB 1100ms
370ms Script
text/javascript 42.99.140.170
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/300x250.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 42.99.140.170 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS: ip-42-99-140-170.pacnet.net
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:29 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Fri, 09 Dec 2022 00:10:29 GMT

GET
H3 200 300x250.js Show response
s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/ Frame 4070 141 KB
25 KB 272ms
272ms Script
application/x-javascript 172.217.194.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f148.1e100.net

Software

sffe /

Resource Hash

f41de8e3c6c5ecdfac87bed319c14734cbcef051c03afbe39f22463bf0dd22f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 19:53:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100898
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26056
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 04:54:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 19:53:50 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1E1B 0
20 B 275ms
274ms Image
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BgkqWbnmSY8CMD6-J3LUPmsaT2AEAAAAAOAHgBAI&bg=!5uWl5aHNAAYgquz3AKo7ACkAdvg8WlmEKtjlS5snQuXgHSkHKX6IiK9tOiNUNJsqXAYfNCAWzatW0wIAAADrUgAAAAJoAQeZAunpTSYUavAyalngR5PhwPZpcFxk0EUG5XVcNOSfYi8hpt0b0_jXsuWowlSdnLJq7PERD-Gbze4CnH48oXqMl7Bm3UA4SME7u2PyatM0Dv-g7xlV-KNpHABTsuhI0PWBq-1nj4lp8YuXc3X44-J84WiKIZAvzD8XxV4XJBnznpPu8xAimYTt4CbkgjFI9VD1Bk1ZxQ07A_J7AQCC_rQa4SFJu9UOVttAiBX2BcKDC9nHgMTJMXp_9KdwwTsaI203R2qNcyV6pW3gYPSZy8-Bpe15QHgKFZhLbhKSNBi1anTonjlW77a7Mg8whhZ_g8y9iDnrvU2YOp9JcVrJqJeRrScK052iwE1L_B4cOh89hix-EnXyi5SYSnYeHo_Zd1H9eO5BDX5OmL8V3IIzoSDDEiD-_HTJWxe7bSKqH0B7qYItmMbdo9hWfbOyv4onp2kmV_yNTmT2dAi0sSXNir-O4I53NDnkJ3A4D1GzowqCeshJhnM09YPAzDGWvZnZMVoF7--VBd2AKpnxD4X6GzECuh_suajIhOt-xczcOanvQeRAYOsdLn9hi2OtbmULVeS-sOSkggG_vWvECcZFImf92c2cgg_nWLxJKBHtPTsdj3jVwE6jNr2svvnwStD8P19oA51PYxiVRusSgTudSNKtygWRjY0D6pr_uyJS_dz2UMI7aM1m0V1ZFH19IXSwvUgDOb3P3nRs74hi6TKQQ7pKum9R6YyBsgitSnbwKn9m4b4IxLgVSPNE9pTJaVpQAdjjJKpmNpljLnBtD8X9AO1DohU5WECa7OVnDg-7ntwD8RqSmISMBAvL0l6mu8Y2YXx15AmZxCOWES4MeTXjb936fHiyuaizrdx73mfl3iqGcTy_1v0H_zjuSBAbY2hZeUsZG73Xtt530qtXmagG6MgJwmFs0MHYFosXppJ6NNb3BixS1TwjXkBqSCzZzZc02AyABfP9hIWJ-XGvs7c4RopEzZpg-mgTp2lPYB-f

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 272ms
271ms Ping
text/plain 142.251.10.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oebu0&_p=97116380&cid=937965645.1670543721&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAI&sid=1670543721&sct=1&seg=0&dl=https%3A%2F%2Fpastelink.net%2Fae55y2dx&dt=How%20to%20Bet%20in%20New%20Jersey%20-%20Pastelink.net&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.10.139 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sd-in-f139.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 33BE 0
20 B 274ms
274ms Image
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BEpiXbnmSY8L8Bu2u3LUPk5WdyAYAAAAAOAHgBAI&bg=!29il2JzNAAYgquz3AKo7ACkAdvg8WkS4Oi6w1dtl-928IeXo4hJMibwSixWvieDoGlmhrxSfygLWWQIAAAD8UgAAAAJoAQcKAALCeJkC7as9Dh4XJBzsDNfENvtN1fAA5aRBWSUbLY-YRdgXzlEzGeUXimAO3-wJ4tIo7szfXbW4ryeXZuOpB1IoSFaEJRoPKPIfDR1aFB-KcFwdKvglML0ZADieZb0TS0Inu4LdtwOUfLBTAmyb6tp7UcDZTtRcqmqxa4_bYAKHLYuMTVZV6X99ilGHhEJYucY59vFRvsWPU79qNjtyWi_pyncKI7KyuTL-jyoW0439u5suGhqAj7Do9OMfe_n92bp5mQbnI4MFyCza4aRJAxpMN4Lo8oKdOfjbnaEk2I3MPmCdcs8IYoI0tljNm4crVtEqk_xQbo-0O5Mw5uyR9aU4FOrvGOfSiynX5jP-xW9EgU4b6UCNBp4YNt5eM9xU_e8qTjexeeTCY5UqlP3JLw9JUm3OSmtY_W0pSndWTJKyYL9Ni7JGCGZGWk_rfAvi0Ria2FQgAoLDfMdicIBDm8CwSU1APqCftMeclxq9MTFJl0tH1cQGmWozJ2YaLR1Q8Dvt2tvxUayUxbUzq62gSEsEaehbzvB9fo_j2U5DmOAkxQpGPGO7hyMs2r5PSpynD9zRmyTTXi2o643NM6caPPloIksadsdG8LmL7Es74cQEMwDttYtODQyzKTug3jyoxqPlxZ5O9ogG1NEJyisyqYvWjt8EnJN60i13hDbMzPRpISOdVlYCcpdRHemPfN_J74gu6_PTU9Zp3PQchh1WFJ5EOvNhw52Lh1DFMRCof9ojsb9U8SK-TaCMuP4YiJ71pI5x9NYYBA5vhPO6dFi05OsCcRG1ReTgB5AshTu8PT1WwTO7ZN16A6Viddd-ySPckqApjtOgpDCSovIWTj_rpA2bMuhbQOGeDvuETVnIFHKMbCIPqTm0fh8PMNKsjAacsOCSXi03RvTHc1ovugVnh6bRJjnvtV6WNloz7_hxtcSnbT63LiMPgZix1TEY0v7ZB5__LvOcpWaALbe6sINocfVRtxFkyVBYh5iW4geCLnM4VBIM

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1EA2 0
10 B 270ms
270ms Image
text/plain 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?JkyRsw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.200.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sa-in-f132.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:28 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CDED 0
0 272ms
271ms Image
text/html 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120501&jk=2688815392968168&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sd-in-f154.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 background_thumbnails.8c081bb0.png
cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/ Frame 0AC0 1 MB
1 MB 472ms
472ms Image
image/png 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/background_thumbnails.8c081bb0.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8c081bb0e72c39454fd363bb55f4ccd657ee48472bdd4f49421f07edc9ef1763

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/index.html?v=1&lat=-36.8507736&lng=174.7644675&moid=&sd=&bid=14955&pid9153&adid=9618&cid=1073&d4Filter=&cb=900108459
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests
date: Thu, 08 Dec 2022 23:55:28 GMT
last-modified: Fri, 02 Dec 2022 02:23:50 GMT
etag: "ee4e401df55d91:0"
x-azure-ref: 0cHmSYwAAAAD2pcmCbwv/TrxBqKa2l4QDU1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_MISS
content-type: image/png
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=60
accept-ranges: bytes
access-control-allow-headers: Content-Type
content-length: 1477417
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 magCircle.5b1aeb56.png
cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/ Frame 0AC0 275 KB
275 KB 177ms
177ms Image
image/png 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/magCircle.5b1aeb56.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5b1aeb560f3cd2829a454a1613470bd6cada003af307a9635b69aea477d12a06

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/index.html?v=1&lat=-36.8507736&lng=174.7644675&moid=&sd=&bid=14955&pid9153&adid=9618&cid=1073&d4Filter=&cb=900108459
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests
date: Thu, 08 Dec 2022 23:55:27 GMT
last-modified: Fri, 02 Dec 2022 02:23:50 GMT
etag: "75bc441df55d91:0"
x-azure-ref: 0cHmSYwAAAADVEDgJqMNoT6uEUq+fHs+BU1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_MISS
content-type: image/png
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=60
accept-ranges: bytes
access-control-allow-headers: Content-Type
content-length: 281374
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 tvnzLogo.c2c189b9.png
cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/ Frame 0AC0 21 KB
22 KB 738ms
738ms Image
image/png 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/tvnzLogo.c2c189b9.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c2c189b988d07e74b53e5ae4f97f46f795b1df468dfabd0bdf4ec460557a781a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/index.html?v=1&lat=-36.8507736&lng=174.7644675&moid=&sd=&bid=14955&pid9153&adid=9618&cid=1073&d4Filter=&cb=900108459
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests
date: Thu, 08 Dec 2022 23:55:27 GMT
last-modified: Fri, 02 Dec 2022 02:23:50 GMT
etag: "f11a461df55d91:0"
x-azure-ref: 0cHmSYwAAAAB9bwBIwSrvRb77MgVVjBHcU1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_MISS
content-type: image/png
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=60
accept-ranges: bytes
access-control-allow-headers: Content-Type
content-length: 21859
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 airportTemplate.c60c81be.png
cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/ Frame 0AC0 4 KB
4 KB 172ms
172ms Image
image/png 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/airportTemplate.c60c81be.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c60c81be0c3b1eb837f6aee454809d689271d3e39a54d3adccd8e92d955c1613

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/index.html?v=1&lat=-36.8507736&lng=174.7644675&moid=&sd=&bid=14955&pid9153&adid=9618&cid=1073&d4Filter=&cb=900108459
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests
date: Thu, 08 Dec 2022 23:55:27 GMT
last-modified: Fri, 02 Dec 2022 02:23:49 GMT
etag: "58ee3e1df55d91:0"
x-azure-ref: 0cHmSYwAAAABq5UY7RBGWS4rzdJe8G07nU1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_MISS
content-type: image/png
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=60
accept-ranges: bytes
access-control-allow-headers: Content-Type
content-length: 4151
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 BlackSans-Bold.4b82a0a5.otf
cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/ Frame 0AC0 39 KB
39 KB 738ms
736ms Font
font/otf 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/BlackSans-Bold.4b82a0a5.otf

Requested by

Host: cdn3.d4.digital
URL: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/index.0b22d302.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4b82a0a52789236604665eee785bc8b028b396b5561cf0d026513c905f8368e1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

Referer: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/index.0b22d302.css
Origin: https://cdn3.d4.digital
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests
date: Thu, 08 Dec 2022 23:55:27 GMT
last-modified: Fri, 02 Dec 2022 02:23:50 GMT
etag: "8386411df55d91:0"
x-azure-ref: 0cHmSYwAAAAA2tWc8InSuT7APJjNglNW1U1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_MISS
content-type: font/otf
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=60
accept-ranges: bytes
access-control-allow-headers: Content-Type
content-length: 39928
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 BlackSans-CondensedMedium.14e6bd82.otf
cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/ Frame 0AC0 32 KB
32 KB 750ms
748ms Font
font/otf 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/BlackSans-CondensedMedium.14e6bd82.otf

Requested by

Host: cdn3.d4.digital
URL: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/index.0b22d302.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

14e6bd829a3d18b99a4078210615f636071b47a0ffb9948a4b78578f6c988e5b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

Referer: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/index.0b22d302.css
Origin: https://cdn3.d4.digital
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests
date: Thu, 08 Dec 2022 23:55:27 GMT
last-modified: Fri, 02 Dec 2022 02:23:50 GMT
etag: "2a25421df55d91:0"
x-azure-ref: 0cHmSYwAAAAA/amGzOPYUQLsxkVwQyg2hU1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_MISS
content-type: font/otf
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=60
accept-ranges: bytes
access-control-allow-headers: Content-Type
content-length: 32676
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 BlackSans-Black.24455615.otf
cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/ Frame 0AC0 39 KB
40 KB 752ms
749ms Font
font/otf 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/BlackSans-Black.24455615.otf

Requested by

Host: cdn3.d4.digital
URL: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/index.0b22d302.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

24455615c9b119f2fef5a4f0f4be07812eb832ff8cb2dddd62bd6e8c5d8b8b2b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

Referer: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/index.0b22d302.css
Origin: https://cdn3.d4.digital
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests
date: Thu, 08 Dec 2022 23:55:28 GMT
last-modified: Fri, 02 Dec 2022 02:23:50 GMT
etag: "98ea401df55d91:0"
x-azure-ref: 0cHmSYwAAAACPlo8pov9UQZKvT3UvK/+uU1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_MISS
content-type: font/otf
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=60
accept-ranges: bytes
access-control-allow-headers: Content-Type
content-length: 40380
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 Reckoner.aa8c6e63.ttf
cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/ Frame 0AC0 23 KB
23 KB 753ms
751ms Font
application/octet-stream 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/Reckoner.aa8c6e63.ttf

Requested by

Host: cdn3.d4.digital
URL: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/index.0b22d302.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

aa8c6e63b2c5bb1aab0bb6cbb8fe1d471f02cce5b3c9a3bd1ea1f2fce5433147

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

Referer: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/index.0b22d302.css
Origin: https://cdn3.d4.digital
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests
date: Thu, 08 Dec 2022 23:55:27 GMT
last-modified: Fri, 02 Dec 2022 02:23:50 GMT
etag: "fbce451df55d91:0"
x-azure-ref: 0cHmSYwAAAAD5qXhVU1KZSY1oFeN8l1v6U1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_MISS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=60
accept-ranges: bytes
access-control-allow-headers: Content-Type
content-length: 23584
x-ua-compatible: IE=Edge,chrome=1

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2250 0
20 B 272ms
272ms Ping
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2201967942611&version=m202209210101&ct=76&x=1&cor=3410982535188684300

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame B80B 8 KB
3 KB 270ms
269ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280410797;dc_ver=92.271;sz=300x250;u_sd=1;dc_adk=1964084963;ord=uqrqco;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=!mYeGxi61V;stc=1;chaa=1;sttr=294;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 15:52:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28991
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 22 Dec 2022 15:52:17 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B80B 0
0 274ms
273ms Fetch
image/gif 74.125.24.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstJkIzciKEvZXrW2DW4U4EXAhfBDS9FhkIGFFQORjlsRXiM12na7luj2g3ehKgCWJxvD9XkhPyrv6x9-2yBTpAs3FmTWHTMXyE1C9Qgb7bLQWhKfmUAKMEyV_8xRWfVs5-HVK-8LJ2gZuv79K1ESzo2wTf4og&sai=AMfl-YSGYSkurSSyfL9q6EIGWv3_lHagJFxN3rcsLCMzPA5FIFi84c-jLIB4l97VRYCjmtggR3CRFR7Wvc_h-WTM-B2v7jvDrG1ZOdcZ9Nk6&sig=Cg0ArKJSzE_f2_frHqOWEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=1&cisv=r20221206.32421&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 08 Dec 2022 23:55:28 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B80B 41 KB
15 KB 271ms
269ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 03 Dec 2022 18:55:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 449974
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Dec 2023 18:55:54 GMT

GET
H3 200 1086063273831266137
s0.2mdn.net/simgad/ Frame B80B 133 KB
133 KB 271ms
270ms Image
image/png 172.217.194.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/1086063273831266137

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f148.1e100.net

Software

sffe /

Resource Hash

d802a52fed642b2c614590a802112b399631fec6f5ef7f1a0567de4813582609

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 23:39:49 GMT
x-content-type-options: nosniff
age: 173739
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136392
x-xss-protection: 0
last-modified: Tue, 29 Nov 2022 15:42:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Dec 2023 23:39:49 GMT

GET
H/1.1 200
OK dv-measurements3317.js Show response
cdn.doubleverify.com/ Frame A39C 552 KB
106 KB 258ms
257ms Script
application/javascript 23.52.171.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements3317.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.171.81 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-52-171-81.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: e71922ba9eed9d98158859ef8fd8c83fd817943005acddd4166cde52a04f5aa4

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:29 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Dec 2022 09:45:11 GMT
Server: Microsoft-IIS/10.0
ETag: "80ad389920ad91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 108147

GET
DATA 200
OK truncated
/ Frame B80B 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63e5d49162d544ca4476085543394d15f09ee4464402caa41b2cc312af3cb518

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 86FC 42 B
64 B 275ms
275ms Fetch
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvkI1yOXxlCKrZb2JKC8Op8hHscVF2B5FVuCjc0e-F8jDJu6BFZHnrCPefGdQ9zcE3WcZhecKOGvV2CU9N6Eg83_8y6A_WsQ2XobgHmAcw4ujO9lSA8zBH3i-Iehtn5LpBCQps&sai=AMfl-YRA-4nDKVHCelOtmEguQnBjfjFnPxdwQy-qqD2fx42f7wcCs__-bfPwwY8YqrI63FarHnSR6kh-h1zBiFmJBPHnHsypgb54GxEphJakn0o_HaKYx1QrQilCUsbRytoOSE5-CF18rRFLuavmCks&sig=Cg0ArKJSzMJrh4zqtr13EAE&cid=CAQSSwDq26N9umSZbRBwU6-yQlOuiTLxvr5-WZ31Refm4I08H_iwywdKUVU6obLUXs_aH6aHZwhfUK8iyoJAUead0txGvMtlUGnhHM4YdRgBIBM&id=lidar2&mcvt=1000&p=312,310,562,610&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2603746535&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670543724924&rpt=2907&isd=0&lsd=0&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 px.gif
widget-pixels.outbrain.com/widget/detect/ Frame C85F 43 B
341 B 237ms
236ms Image
image/gif 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:29 GMT
last-modified: Wed, 30 Sep 2020 14:22:29 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1601475749.911431"
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 43
expires: Sat, 07 Jan 2023 23:55:29 GMT

GET
H/1.1 200
OK cGFzdGVsaW5rLm5ldA== Show response
tcheck.outbrainimg.com/tcheck/check/ Frame C85F 15 B
462 B 235ms
234ms XHR
application/json 23.36.253.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tcheck.outbrainimg.com/tcheck/check/cGFzdGVsaW5rLm5ldA==
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.253.246 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-253-246.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 39d160e97e2bea07b0cf1c647259ffa4f0bd07069dba4e6c19a22d38b408510f

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:29 GMT
ETag: W/"f-ayLlCL3PuzXSThdu78iReSEjl6Y"
Access-Control-Max-Age: 43200
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=43111
Access-Control-Allow-Credentials: false
Connection: keep-alive
X-TraceId: 6ee6ddcd1d66475190712d50a953cf72
Content-Length: 15
Expires: Fri, 09 Dec 2022 11:54:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D235 22 KB
8 KB 271ms
270ms Document
text/html 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 138233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 09:31:36 GMT
expires: Thu, 07 Dec 2023 09:31:36 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 get Show response
odb.outbrain.com/utils/ Frame A578 21 KB
7 KB 1134ms
659ms Script
text/javascript 199.232.46.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://odb.outbrain.com/utils/get?url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&idx=0&rand=85155&key=NANOWDGT01&widgetJSId=AR_2&va=true&et=true&format=html&adblck=false&abwl=false&px=0&py=0&vpd=0&cw=728&activeTab=true&darkMode=false&ab=0&wl=0undefined&settings=true&recs=true&version=2000978&sig=3iPMISvE&apv=false&false&osLang=en-US&winW=728&winH=90&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=0&ccpaStat=0&iframe=true&ref=https%3A%2F%2Fpastelink.net%2Fae55y2dx&ogn=https%3A%2F%2Fpastelink.net%2Fae55y2dx
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.46.132 Singapore, Singapore, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c0b8d6a7b15d05ae56091f3b9b22019e5c386428718a4ae70c95e0302d902436

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Thu, 08 Dec 2022 23:55:30 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
traffic-path: SADC1, SJC, QPG, APAC1
x-cache: MISS, MISS
p3p: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
x-traceid: e5a78e422f53c7cc09f8cfb2a1df08aa
content-length: 6795
x-served-by: cache-sjc10025-SJC, cache-qpg1263-QPG
pragma: no-cache
x-timer: S1670543730.015772,VS0,VE425
vary: Accept-Encoding, User-Agent
content-type: text/javascript; charset=UTF-8
cache-control: no-cache
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK dwce_cheq_events Show response
log.outbrainimg.com/loggerServices/ Frame C85F 4 B
325 B 488ms
290ms XHR
application/json 66.225.223.127
NTTA-3946

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1670543729182&sessionId=a4e605eb-6f24-9091-a601-48d86bebafdc&url=pastelink.net&cheqSource=1&cheqEvent=3&responseTime=236
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 66.225.223.127 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS: sa.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:29 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 40d18d1770a75f0ca6d424b2716cdcbe
Content-Length: 4
Expires: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F730 0
20 B 272ms
271ms Ping
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2964824247944&version=m202209210101&ct=77&x=1&cor=7767304888226884000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame D235 36 KB
16 KB 272ms
271ms Script
text/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 124750
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Dec 2023 13:16:19 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame A39C 694 B
699 B 564ms
241ms Script
text/javascript 34.149.43.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=613&ttfrms=11&brid=3&brver=89.0.4389.72&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETar9EEADTbpTauTaufgebdacc3cd4dh5fafg74f57d2aa4257%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETau26ddJa5I&srcurlD=0&aUrlD=-1&ssl=https:&uid=1670543729411779&jsCallback=dvCallback_1670543729411451&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=250&winw=300&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=3317&tgjsver=3317&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2F78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&fcifrms=13&brh=2&sdf=2&dvp_epl=275&noc=4&nav_pltfrm=Win32&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://pastelink.net/ae55y2dx&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0gjW6ZdAyqMrMiMU1tH7Uir&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=16645325641&DVP_DBM_4=415087776&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=1028804643.4778852&dvp_tukv=40426212538.480446&dvp_uuid=1911905594.1425476&dvp_strhd=0.5&dvpx_strhd=0.5&dvp_tuid=1243360991176&jurtd=3876373145
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements3317.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.43.113 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 113.43.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 936d95b44616a64167f4ebb000e829a696d7d18b524bfb4459f50e0319342296

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:29 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: close
Expires: 12/07/2022 23:55:29

GET
H2 200 get Show response
odb.outbrain.com/utils/ Frame C85F 20 KB
7 KB 848ms
622ms Script
text/javascript 199.232.46.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://odb.outbrain.com/utils/get?url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&idx=0&rand=72919&key=NANOWDGT01&widgetJSId=AR_1&va=true&et=true&format=html&adblck=false&abwl=false&px=0&py=0&vpd=0&cw=300&activeTab=true&darkMode=false&ab=0&wl=0undefined&settings=true&recs=true&version=2000978&sig=3JHG9f9o&apv=false&false&osLang=en-US&winW=300&winH=250&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=0&ccpaStat=0&iframe=true&id5=ID5*fm_PYGIEWvkGiUTeDb0LLeqoQxIs5M1vfp98VoqfsREu6E-Oa_Vmz-UAJ01FQTN9&id5type=&ref=https%3A%2F%2Fpastelink.net%2Fae55y2dx&ogn=https%3A%2F%2Fpastelink.net%2Fae55y2dx
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.46.132 Singapore, Singapore, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 24b6ee152d9844956663f65ace7952a5cf61bcd189f00e0a66d0ee3c890640db

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Thu, 08 Dec 2022 23:55:30 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
traffic-path: SADC1, SJC, QPG, APAC1
x-cache: MISS, MISS
p3p: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
x-traceid: 5f29fcbd7096a3de40540fb2b95611a0
content-length: 6770
x-served-by: cache-sjc10057-SJC, cache-qpg1263-QPG
pragma: no-cache
x-timer: S1670543730.015763,VS0,VE388
vary: Accept-Encoding, User-Agent
content-type: text/javascript; charset=UTF-8
cache-control: no-cache
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B80B 0
0 275ms
274ms Fetch
image/gif 74.125.24.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstJkIzciKEvZXrW2DW4U4EXAhfBDS9FhkIGFFQORjlsRXiM12na7luj2g3ehKgCWJxvD9XkhPyrv6x9-2yBTpAs3FmTWHTMXyE1C9Qgb7bLQWhKfmUAKMEyV_8xRWfVs5-HVK-8LJ2gZuv79K1ESzo2wTf4og&sai=AMfl-YSGYSkurSSyfL9q6EIGWv3_lHagJFxN3rcsLCMzPA5FIFi84c-jLIB4l97VRYCjmtggR3CRFR7Wvc_h-WTM-B2v7jvDrG1ZOdcZ9Nk6&sig=Cg0ArKJSzE_f2_frHqOWEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=842&vt=11&dtpt=841&dett=2&cstd=1&cisv=r20221206.32421&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 08 Dec 2022 23:55:29 GMT

GET
H2 200 datafile.js Show response
cdn3.d4.digital/json/tvnz/ZFWR8Y/9HPR7R/scripts/ Frame 0AC0 233 B
498 B 191ms
191ms XHR
text/javascript 13.107.213.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.d4.digital/json/tvnz/ZFWR8Y/9HPR7R/scripts/datafile.js

Requested by

Host: cdn3.d4.digital
URL: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/assets/index.0920183b.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.213.59 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

14eaf58a907b68d6760b6194dffa1fefdd171dd13683952e6a45538d5cd6d1e6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://cdn3.d4.digital/json/published/tvnz/ZFWR8Y/9HPR7R/index.html?v=1&lat=-36.8507736&lng=174.7644675&moid=&sd=&bid=14955&pid9153&adid=9618&cid=1073&d4Filter=&cb=900108459
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ua-compatible: IE=Edge,chrome=1
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests
date: Thu, 08 Dec 2022 23:55:29 GMT
x-azure-ref: 0cXmSYwAAAABr1nroNp25ToCXe1X+BCKZU1lEMDNFREdFMTIxOAA4ZDJjN2M3Mi1mZWVkLTQ4ZTYtYTAwMy0wNmY5NzIxNzY5ZWQ=
x-cache: TCP_MISS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: public
access-control-allow-headers: Content-Type
content-length: 233
expires: Thu, 08 Dec 2022 23:56:29 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D235 0
20 B 273ms
272ms Image
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BFXWicHmSY77NEvbB4t4P3qGNuAUAAAAAOAHgBAI&bg=!lpWlldHNAAYgquz3AKo7ACkAdvg8Wh4JGg8tND0dGr8UkwJ6Lf-OVeo_Eil3cFwZmAKXmrK94TmBvgIAAACLUgAAAARoAQcKAA2HGGb9-CT5BpkEC3SimQLoBDBRlANrG_3TXJFNJT-XpjNwFwbdgl2tQQ-7UyTGuqUWilUD-z04f3DdS8x3C10nSpa0jxN9d4l3MDd7kjiVTGnF3iHHXaVuiOm75Ulpzt1xqsophuYjUW7J2W7Ore47NaScEtQd2KLTpNlg8_Gjr-iCH1jA6GI1TuMBc1NukLgd4T0NxRHepVhjpCP2OlT2YuLNvJyWmZiZzftpk5mGtvcI3VxzGfP_AgVu0qUZ2Otg3JGx9qdk0TBzyBlY81-A8PsnjW5pdGVN2lkIr6M6iZIIzfiw_GIOji7VgZOqNFq5r9fES2gBK-G6LI0VUgrlvegsKkTApkTw2kdXD4S6UB0BXIzJczPiopCNY4l1_D6q3nVCCexle0w5YRuS2TC0Hg-jejDklQRMleHupIJqxl4LWUX7__gQft_aTwl3CxsPG0hN7SRxk2jI51Mb33Bo2pvLNX95YOJI0Hw3P8L8kvHXEHUor6fEy7Wgg70G0Qx1jKqL5mirl_I26PmrD2iIgsD2COtPjS1qxLoDC-DKd2g5JWNVxvJp9leQgrn3Za0QigXe6gjpdfUPdiGUyvTx7wyr572svg83yhMe_UzRGW2j3USo4cyf1O2dU9p2vNGR6UvnIXnM8K9-pais5A6XlyfUCyetb3pIqvBlSEtbUnCAiHlVI4tQrTxzIifN26WLcVVJFTZgJ6gvH0dkisHAgY5Fauck0o5btcMxshP3-moecyxxDH5ybvYZOEQCU9zm3wZiVlLIhII3bAiVDAeVtirSMWlfobFoxk2R-HBuAyLmESSf9nLXW1jSfZ35Tl-eDRcvH9JqDaKcrBQdzxDmyiwylWQD5g8HvlA0ZymjQFs36xAdYjTNUKe1kAwPTYPJLJFTO8bTjX1aO7ZtV4IWGlq-QQ9_rxm6UGp25deLuPofVSLsWXQMphywjRX3EW-lTbFRKHMKkCTiZDWxYeHzK1_3uiAmqKu-IoSoHyqNHiJ66gWYDj3c

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 IMG01.jpg
s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/images/ Frame 4070 38 KB
38 KB 272ms
271ms Image
image/jpeg 172.217.194.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/images/IMG01.jpg?1669082116008

Requested by

Host: 78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f148.1e100.net

Software

sffe /

Resource Hash

74a5c1469b4127c8d09e3b26384fefa472be3df080d02daa81d54c559e8272c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 19:53:52 GMT
x-content-type-options: nosniff
age: 100897
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38852
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 04:54:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 19:53:52 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 86A2 0
0 274ms
274ms Fetch
image/gif 74.125.24.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvbv7Fz16Qi6oMZMnDCNuG9gKDeqzkkdvPjPIoXZOG2UJK3NMsEmSy5ktLxvywBF8Z4kakhsniXuM2yXlNhIJre33rB9T-N1__w2iMMgvB4EC9OwpVPxpiN58uW6aeVOjl5Jv_g9TnT0ca4xsYbKei3MSGdYjlc-FpzBPVyKyfZj1FaufwBZSUbn36TQz4VqQ1SqQVgKoCg1AYvyfy9ClAsuzhc2QsLfgTuKjlT9UxuwYcXra-LBpKfw9fT3qEG92D3sajqduFTADg0QHEe7Eca9AuyNg4e1g3w3Q5gJ2dprZfaVquZHp6JW-QpFy-8RLfMg5_p04HO2SE5FQXcsWUZoeXNpsrCzsKBMo6YWT2akQVKYzVH0vLJu4fZISvCyxy3vqXWedOxetFL9GMRRdyGRphuBBTKpPLS315cbR8_ATxyQGuGaHz0PMYFF_cUu_gHt0VP0-JyoHrGhzeDD_DewGY8d8Km0vxZEqI0envFwML1-m4_rabO3QZNiO67a-FF-5bdGEvPgH7FditVb4t7WN8OBjayykqFhETLOxlkHqTEFrpenFAG-warCQUPB9-Zh5TMLEHB5rbcZIFP4kWoRts3oJD6pW9UEwkGRY5vxlcfE_4gyNbvSCefQ76Cl53fQQ0_4tq4lEqGuN6dsDCWYSrvpGAOtZdE7cKcyWdAJNBB7GyHzG0qSjoqy1GT2J0pMOO8LMRvRHCi7G-twRmTjNqgi6DOpvpwQ8yEkF7-UzamTwz4rAt1XThUdXn8J5yr3G_mvggJNt--uSEkKSx9Br3imt-a2vMcS42UlVtF1r30d3_WUMIelmtKMRsdO-PC3Pk6Sdf5M8mXUc9rqfvW2uGjLAWzGNUsz-9Ds53W99ZuqIcmsWYXW-ibMP6VcWXrHmLvLFVQW5z5ws05cAxkYtxZ1xYpGccNiZk2L3neIptz7PcJA9o76X_crF-oLTX4m_0yC_BE2RpE4JWJa2iZH2dO1fyCCb2Q8ZG4SOXHHAPgPgE_dVEfAFE6ylU7c_oYfOnJ46liVQX1QtFEwDnxcibzAzerOrGc1LdnwrdDlbiF2bDR2js4e-x5_GNbYKYgjgO_Pjce7aRbnWEEDrw2tR5lTE7w0nAtIl258lHnlVMv3LP8wuQ5vNar3BdF29Tx2DVMxcl6ByCWVFIks2vdAhO8eqDXS839ACPmD1ACAnXdBs0_VDCWLLqjhd4rxiR7tXgm52MUbC5nyoccp3thJQi8xZ6UyRbb0fbIcsGKZXBBRV8Jg4VTN-dxGYZkFGrVvtIq_Nj4SVgN40GYxhBLMvEH82uV9Vw2qjIaAM4VZtU6yLA&sai=AMfl-YQ54od3l7bhj0JDDYfaxSHNiPP-z1DUE5zST8hYZkWuQPAL9lZJOj6q7SlkB1oxSRaLWGlJPXH95TqrJlWxMjUTXYD2mvUEP5kIHxCPWBelqbwJuMnsRclv-pFE0veQRL93zD3Xq2tXdinlwhZedJfK3aiKaBvDf-sqUf44-ElmqaJgJIJ9b6RemV4dXdaorV-mF9VNJQ25qUFuwnadSE6cHGXSfBoK9DPAPNJ4FDTc7dQEzyjVZ64R8MPSjyZ5hvRhS8mRXf0O5R6ps6H1CaNYWFiBMNouT80XRtc8aw&sig=Cg0ArKJSzBDMd32QbWNREAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3155&vt=11&dtpt=1783&dett=3&cstd=1369&cisv=r20221206.00356&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/ae55y2dx

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 08 Dec 2022 23:55:29 GMT

GET
H/1.1 200
OK ad-s.css
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 812 B
709 B 151ms
151ms Stylesheet
text/css 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ad-s.css
Requested by: Host: www.adtrek.co
URL: https://www.adtrek.co/adserver/frm?cc=678d19d1-9bf6-4282-b96d-5173d5d41281&clk=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCrTc7bHmSY-mrNs7cz7sPzIOziASivKfjbImF7Y3XDtnN2ZOSMBABIIabpJABYKvssYXgGKABus70sQHIAQmpAh4c6YtaZKU-qAMBqgSlAk_Q63ElvLBnpqN43rx6Ab5hpBsxp3Qq7exogehLps2GJ_34xQpA5bhR8QIxn1k5bSgo2uOSoBv0uS_4eDTlEBhGNCv-Hd0tJir7vgKhCRZaS1uuaMQhubjRL3MlcSbuR_3wmbsmLqrARy0R5K04ugmaDEBFeiv0akE1tUu5KvMNdgRrHTSDiJDMuo65qtYBPDjbqp5Lm_GyMcHzl84pei7SKb1NE0UL-hqWRiAS4IsO41aR6_DK-ms5s5BfhG52Uu0JOOAeq4h_Ca1K1fLQxvM1_bt3d-ZvEu4gaNpWdxMjT-6ryQBCWX838kKIdymVYTqh1M0erPuKm-pyjQyvOLRINIcplFFK4mwPaOwyiUeIcwPCMebKY0uHFvjrCEfqp5mFjXm6wASju4GC5wPgBAOQBgGgBk2AB66xi84CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQIAKA5gLAcgLAYAMAbAT8fWrEcgTmqzA3gPQEwDYEwrYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM%26sig%3DAOD64_1glGDAf_IfXWd_xPnvluR-Gsorjg%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-B51URJTG6msbEt0s2n6b7xo9C1uBCaGxpF4Bewu8oafWh3t4jN7UmEB3ig8qKGjMoGII-CWnIwlJCpWUGB4xyFfdDFMIbiGWPqbBLclBY39tTzavPHdbl_7ayp-5afR_Pz_oG8wK5q1QqOBL_MWkzE0MFVzHEOZZYo_-y6r_RvdwQwEvo%26cry%3D1%26dbm_d%3DAKAmf-BtX9ZCAPEaqaATXhsCEoB3SuX-kzo7ZoG7Yq80s3aJteOG1R10LjLM1xkiKJZjasqVxWfncae3N7BBaNYHluveKBir3phsYcOZpXvsjRPu-6CWt0RV7-Pf-u8X1nv4gonBwBuV8OKfUd8HsVYf8Z79Sib7tTDwQzAJBZJqjP7yjrCHXlG79whOnbrvkfb4TJ941d_2j62OtPJDc1awScvSAzLu_knBM2ojYEQVIJxGEBb9SpFjCcX2MuOoZJs66YVLf50gF3aF85waPdN4UEyAPK4EUZCILY6rLoC-BHGOwJI84_Aj4p3lHpTrImSUdaluNVuwiPy9IDCboxz6NRBCj-v0dw9EBWt1W7f5uJ40SOnAwpFTKRXhsU5beSK_P5pQmKRlYLRrFERhk9VNKD-oDhPbK95C39LB5FxY991qCdLlkizKFGtMPqNVG5RUSEzoT6XlI_pfb1ytnyjeVH3ZsY4XcFkf-OFpFgKcrRpGakDCnsSx0j5xHsO8zQDZozkirXS5Pvj2LesDTX7bN7OUnQIVMrPBLai9AN-77TIdMkOALU0%26adurl%3Dhttps%3a%2f%2fwww.adtrek.co%2fadserver%2fclick%3fcc%3d678d19d1-9bf6-4282-b96d-5173d5d41281&ord=1670543724890345
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4bac33f94c61c5876cb609344c1e90c052de8895752b95457ab41e5cae50b8dc

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:19 GMT
Server: AmazonS3
x-amz-request-id: 6HSZ34V6FEX3SC8V
ETag: "09af1d1f72b01256b62200238fd2ac88"
x-amz-meta-info: inline html5 ForScript
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 289
x-amz-id-2: OrdwjtfMGTndrEuP+jqmNDVyCYmkcqvodIv+a4NxFUonGtbeJ4hiCuPKcpe5+MvdIKHeVtAiHbc=

GET
H/1.1 200
OK hype_generated_script.js Show response
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 45 KB
9 KB 307ms
156ms Script
application/x-javascript 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/hype_generated_script.js?497
Requested by: Host: www.adtrek.co
URL: https://www.adtrek.co/adserver/frm?cc=678d19d1-9bf6-4282-b96d-5173d5d41281&clk=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCrTc7bHmSY-mrNs7cz7sPzIOziASivKfjbImF7Y3XDtnN2ZOSMBABIIabpJABYKvssYXgGKABus70sQHIAQmpAh4c6YtaZKU-qAMBqgSlAk_Q63ElvLBnpqN43rx6Ab5hpBsxp3Qq7exogehLps2GJ_34xQpA5bhR8QIxn1k5bSgo2uOSoBv0uS_4eDTlEBhGNCv-Hd0tJir7vgKhCRZaS1uuaMQhubjRL3MlcSbuR_3wmbsmLqrARy0R5K04ugmaDEBFeiv0akE1tUu5KvMNdgRrHTSDiJDMuo65qtYBPDjbqp5Lm_GyMcHzl84pei7SKb1NE0UL-hqWRiAS4IsO41aR6_DK-ms5s5BfhG52Uu0JOOAeq4h_Ca1K1fLQxvM1_bt3d-ZvEu4gaNpWdxMjT-6ryQBCWX838kKIdymVYTqh1M0erPuKm-pyjQyvOLRINIcplFFK4mwPaOwyiUeIcwPCMebKY0uHFvjrCEfqp5mFjXm6wASju4GC5wPgBAOQBgGgBk2AB66xi84CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQIAKA5gLAcgLAYAMAbAT8fWrEcgTmqzA3gPQEwDYEwrYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM%26sig%3DAOD64_1glGDAf_IfXWd_xPnvluR-Gsorjg%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-B51URJTG6msbEt0s2n6b7xo9C1uBCaGxpF4Bewu8oafWh3t4jN7UmEB3ig8qKGjMoGII-CWnIwlJCpWUGB4xyFfdDFMIbiGWPqbBLclBY39tTzavPHdbl_7ayp-5afR_Pz_oG8wK5q1QqOBL_MWkzE0MFVzHEOZZYo_-y6r_RvdwQwEvo%26cry%3D1%26dbm_d%3DAKAmf-BtX9ZCAPEaqaATXhsCEoB3SuX-kzo7ZoG7Yq80s3aJteOG1R10LjLM1xkiKJZjasqVxWfncae3N7BBaNYHluveKBir3phsYcOZpXvsjRPu-6CWt0RV7-Pf-u8X1nv4gonBwBuV8OKfUd8HsVYf8Z79Sib7tTDwQzAJBZJqjP7yjrCHXlG79whOnbrvkfb4TJ941d_2j62OtPJDc1awScvSAzLu_knBM2ojYEQVIJxGEBb9SpFjCcX2MuOoZJs66YVLf50gF3aF85waPdN4UEyAPK4EUZCILY6rLoC-BHGOwJI84_Aj4p3lHpTrImSUdaluNVuwiPy9IDCboxz6NRBCj-v0dw9EBWt1W7f5uJ40SOnAwpFTKRXhsU5beSK_P5pQmKRlYLRrFERhk9VNKD-oDhPbK95C39LB5FxY991qCdLlkizKFGtMPqNVG5RUSEzoT6XlI_pfb1ytnyjeVH3ZsY4XcFkf-OFpFgKcrRpGakDCnsSx0j5xHsO8zQDZozkirXS5Pvj2LesDTX7bN7OUnQIVMrPBLai9AN-77TIdMkOALU0%26adurl%3Dhttps%3a%2f%2fwww.adtrek.co%2fadserver%2fclick%3fcc%3d678d19d1-9bf6-4282-b96d-5173d5d41281&ord=1670543724890345
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 432e9498605a3f0e1972a866e180cbc8b89211ea2c35cf4ad92e90d476b046b3

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: 6HSVJZHMD9M6MHFA
ETag: "e32f4f59b24329f4db238b3e0ae5b2e4"
x-amz-meta-info: main HYPE file
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Length: 8686
x-amz-id-2: HwZaKDF06b3cUg01NAxLnTKA9xNKI3dsqHW5kxikfpWqgCAxF/mL8ZI8BXQj3zZpgrNE/n8Vhms=

GET
H3 200 IMG02.jpg
s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/images/ Frame 4070 20 KB
20 KB 271ms
271ms Image
image/jpeg 172.217.194.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/images/IMG02.jpg?1669082116008

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f148.1e100.net

Software

sffe /

Resource Hash

1b0e33610d1d3e3abab61780d3c2cbd7780b37bc9647701196e5e64cad720d55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 05:56:49 GMT
x-content-type-options: nosniff
age: 410321
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20663
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 04:54:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 04 Dec 2023 05:56:49 GMT

GET
H/1.1 200
OK HYPE-728.full.min.js Show response
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 91 KB
39 KB 159ms
158ms Script
application/x-javascript 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/HYPE-728.full.min.js
Requested by: Host: s3-ap-southeast-2.amazonaws.com
URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/hype_generated_script.js?497
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: d43961a00bf62a8722060ce4710c2bf694e6113349cc076829ac6c71bb342a30

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: 6HSGPKP1QVGBS7YQ
ETag: "8fe4329d3f6dff51630a5975111c4bc8"
x-amz-meta-info: HYPE file
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Length: 39815
x-amz-id-2: s75J1zU70l94BqPXGoIEyJzKQQVloSXnozNsLppTzlCYHukpNe6LKOZvWQ7OMdKoGbwzl1w9iIQ=

GET
H3 200 IMG03.jpg
s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/images/ Frame 4070 3 KB
3 KB 271ms
271ms Image
image/jpeg 172.217.194.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/images/IMG03.jpg?1669082116008

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f148.1e100.net

Software

sffe /

Resource Hash

70e9b79a3e04b8822cfa269d4051a6510bb6aaebaa666324caf19fa6e7e3d1c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15302181881486891745/LFA0010-PL-AO-HTML5D-CVP-DebtCon-300x250-Desktop/300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 19:53:53 GMT
x-content-type-options: nosniff
age: 100897
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2967
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 04:54:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Dec 2023 19:53:53 GMT

GET
H2 200 test.html Show response
widgets.outbrain.com/nanoWidget/externals/obUserFrame/ Frame 58B8 2 KB
1004 B 236ms
236ms Document
text/html 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=9f2b6c7b-aa78-4a0f-b030-25fba43c62ed
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 45f0f27fb78191006375051ee3046fae3105b652d11680432511cba61b32c330

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 686
content-type: text/html
date: Thu, 08 Dec 2022 23:55:30 GMT
etag: "1e015194a0e596827cb8971f884eb43c:1670488262.678806"
expires: Thu, 15 Dec 2022 23:55:30 GMT
last-modified: Thu, 08 Dec 2022 07:55:53 GMT
server: AkamaiNetStorage
timing-allow-origin: * *
vary: Accept-Encoding

GET
H2 200 put.html Show response
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame 2E6E 416 B
714 B 236ms
236ms Document
text/html 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 416
content-type: text/html
date: Thu, 08 Dec 2022 23:55:30 GMT
etag: "c0311cf15c21ddda054005e92fad3f9e:1670488259.591047"
expires: Thu, 15 Dec 2022 23:55:30 GMT
last-modified: Thu, 08 Dec 2022 07:55:53 GMT
server: AkamaiNetStorage
timing-allow-origin: * *

GET
H2 200 ob_logo_67x12.png
widgets.outbrain.com/images/widgetIcons/ Frame C85F 2 KB
3 KB 239ms
238ms Image
image/png 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/ob_logo_67x12.png
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:30 GMT
last-modified: Mon, 12 Sep 2022 07:37:47 GMT
server: AkamaiNetStorage
etag: "c52b07e749f7a09fa7b97b7e195e06ce:1662969049.940408"
access-control-allow-methods: GET,POST
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 2326
expires: Sat, 07 Jan 2023 23:55:30 GMT

GET
H2 200 achoice.svg
widgets.outbrain.com/images/widgetIcons/ Frame C85F 3 KB
3 KB 243ms
243ms Image
image/svg+xml 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:30 GMT
last-modified: Mon, 12 Sep 2022 07:37:47 GMT
server: AkamaiNetStorage
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1662969032.874716"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 2735
expires: Sat, 07 Jan 2023 23:55:30 GMT

GET
H/1.1 200
OK l Show response
mcdp-sadc1.outbrain.com/ Frame C85F 4 B
332 B 1153ms
289ms Fetch
text/plain 66.225.223.127
NTTA-3946

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-sadc1.outbrain.com/l?token=3b023fc1ed91e9cc4df502b89a003d32_113125_1670543730308&tm=1595&eT=0&widgetWidth=300&widgetHeight=250&widgetX=0&widgetY=0&wRV=2000978&pVis=1&lsd=9f2b6c7b-aa78-4a0f-b030-25fba43c62ed&eIdx=&cheq=0&rtt=1105&oo=false&lo=3847&odbreq=4338&odbres=5443&cet=4g&to=1670543725091&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 66.225.223.127 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS: sa.outbrain.com
Software: /
Resource Hash: c48b5b1a9776c84602de2306d7903a7241158a5077e7a8519af75c33441b8334

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 08 Dec 2022 23:55:31 GMT
Access-Control-Expose-Headers: content-range
X-TraceId: b9cdd746348d56064ed3c7aa228ee062
Content-Length: 4
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain; charset=UTF-8

GET
H2 200 placement_invocation Show response
rock.defybrick.com/ Frame C85F 48 KB
18 KB 761ms
282ms Script
text/javascript 13.33.33.29

General

Check archive.org

Show headers Download Go to

Full URL: https://rock.defybrick.com/placement_invocation?id=65349&idx=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.33.29 -, , ASN (),
Reverse DNS
Software: Caddy /
Resource Hash: 620bae4f435d4ccd1c611f602c0790871f65d6bf668f6ff2ac716b89285cdc4a

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 13:10:44 GMT
content-encoding: gzip
via: 1.1 242a08df1383db0d18e5cf8b76b259ce.cloudfront.net (CloudFront)
server: Caddy
x-amz-cf-pop: SIN2-P1
age: 38688
etag: "bf8f-sbLSqLgrhMmD0M6HbtAQ/QtX6WE"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=43200
content-length: 18460
x-amz-cf-id: zotl86THwNk0VTzbCstYHY5hbPbyV5vHCCKB1IK12s6xKdMXaaZgGA==
expires: Fri, 09 Dec 2022 01:10:44 GMT

GET
H2 200 obUserSync.html Show response
widgets.outbrain.com/widgetOBUserSync/ Frame 86BA 18 KB
6 KB 247ms
247ms Document
text/html 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4866af459743edbc357c225821368d9b4d370c771e955ea5ee313403adb0a4a5

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 5938
content-type: text/html
date: Thu, 08 Dec 2022 23:55:30 GMT
etag: "3d588be7f01fe5a6448a8ef1aeb70463:1669278724.034982"
expires: Thu, 15 Dec 2022 23:55:30 GMT
last-modified: Thu, 24 Nov 2022 08:27:03 GMT
server: AkamaiNetStorage
timing-allow-origin: * *
vary: Accept-Encoding

GET
H2 200 eyJpdSI6ImE3OTFlMzIzZTRjMzk0MGI5ODA4YWNkOTQ3NWVhYzEzYThiMTY0ZTBlYjVjNWU2NDQzM2ViMGNmNWJmNWNjNzQiLCJ3Ijo0ODAsImgiOjI0MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ Frame C85F 37 KB
37 KB 720ms
245ms Image
image/webp 23.36.253.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImE3OTFlMzIzZTRjMzk0MGI5ODA4YWNkOTQ3NWVhYzEzYThiMTY0ZTBlYjVjNWU2NDQzM2ViMGNmNWJmNWNjNzQiLCJ3Ijo0ODAsImgiOjI0MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.253.246 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-253-246.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d31b3fdb550591152fc77a45b61eab381c4b6f9f93262895e4047f1442f785d9

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:32 GMT
last-modified: Thu, 01 Dec 2022 03:56:23 GMT
access-control-allow-methods: GET,POST
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2202362
access-control-allow-credentials: false
x-traceid: c956341341b6a3e9f5ae27710d30d48b
timing-allow-origin: *, *
content-length: 38054

GET
H2 200 test.html Show response
widgets.outbrain.com/nanoWidget/externals/obUserFrame/ Frame 3F99 2 KB
1004 B 236ms
235ms Document
text/html 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=bb2e0e40-0f4c-4704-9a03-1a29f8f8b6c1
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 45f0f27fb78191006375051ee3046fae3105b652d11680432511cba61b32c330

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 686
content-type: text/html
date: Thu, 08 Dec 2022 23:55:30 GMT
etag: "1e015194a0e596827cb8971f884eb43c:1670488262.678806"
expires: Thu, 15 Dec 2022 23:55:30 GMT
last-modified: Thu, 08 Dec 2022 07:55:53 GMT
server: AkamaiNetStorage
timing-allow-origin: * *
vary: Accept-Encoding

GET
H2 200 put.html Show response
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame 7924 416 B
714 B 236ms
236ms Document
text/html 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 416
content-type: text/html
date: Thu, 08 Dec 2022 23:55:30 GMT
etag: "c0311cf15c21ddda054005e92fad3f9e:1670488259.591047"
expires: Thu, 15 Dec 2022 23:55:30 GMT
last-modified: Thu, 08 Dec 2022 07:55:53 GMT
server: AkamaiNetStorage
timing-allow-origin: * *

GET
H2 200 ob_logo_67x12.png
widgets.outbrain.com/images/widgetIcons/ Frame A578 2 KB
3 KB 245ms
244ms Image
image/png 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/ob_logo_67x12.png
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:30 GMT
last-modified: Mon, 12 Sep 2022 07:37:47 GMT
server: AkamaiNetStorage
etag: "c52b07e749f7a09fa7b97b7e195e06ce:1662969049.940408"
access-control-allow-methods: GET,POST
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 2326
expires: Sat, 07 Jan 2023 23:55:30 GMT

GET
H2 200 achoice.svg
widgets.outbrain.com/images/widgetIcons/ Frame A578 3 KB
3 KB 245ms
245ms Image
image/svg+xml 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:30 GMT
last-modified: Mon, 12 Sep 2022 07:37:47 GMT
server: AkamaiNetStorage
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1662969032.874716"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 2735
expires: Sat, 07 Jan 2023 23:55:30 GMT

GET
H/1.1 200
OK l Show response
mcdp-sadc1.outbrain.com/ Frame A578 4 B
332 B 1150ms
288ms Fetch
text/plain 66.225.223.127
NTTA-3946

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-sadc1.outbrain.com/l?token=1a43a690155bcc8cf35c16d1dcbdf1ac_113125_1670543730341&tm=3071&eT=0&widgetWidth=728&widgetHeight=90&widgetX=0&widgetY=0&wRV=2000978&pVis=1&lsd=bb2e0e40-0f4c-4704-9a03-1a29f8f8b6c1&eIdx=&cheq=0&rtt=1396&oo=false&lo=3934&odbreq=5633&odbres=7028&cet=4g&to=1670543723546&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 66.225.223.127 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS: sa.outbrain.com
Software: /
Resource Hash: c48b5b1a9776c84602de2306d7903a7241158a5077e7a8519af75c33441b8334

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 08 Dec 2022 23:55:31 GMT
Access-Control-Expose-Headers: content-range
X-TraceId: 4991171a56488c26be728de224bb8638
Content-Length: 4
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain; charset=UTF-8

GET
H2 200 placement_invocation Show response
rock.defybrick.com/ Frame A578 48 KB
18 KB 921ms
480ms Script
text/javascript 13.33.33.29

General

Check archive.org

Show headers Download Go to

Full URL: https://rock.defybrick.com/placement_invocation?id=65349&idx=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.33.29 -, , ASN (),
Reverse DNS
Software: Caddy /
Resource Hash: 620bae4f435d4ccd1c611f602c0790871f65d6bf668f6ff2ac716b89285cdc4a

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 13:10:44 GMT
content-encoding: gzip
via: 1.1 242a08df1383db0d18e5cf8b76b259ce.cloudfront.net (CloudFront)
server: Caddy
x-amz-cf-pop: SIN2-P1
age: 38688
etag: "bf8f-sbLSqLgrhMmD0M6HbtAQ/QtX6WE"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=43200
content-length: 18460
x-amz-cf-id: HcVbioJh2gx-POpiWt_du464vIWkhJZIUbh0qo57l9oS67ectttV-g==
expires: Fri, 09 Dec 2022 01:10:44 GMT

GET
H2 200 obUserSync.html Show response
widgets.outbrain.com/widgetOBUserSync/ Frame 97C3 18 KB
6 KB 250ms
250ms Document
text/html 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4866af459743edbc357c225821368d9b4d370c771e955ea5ee313403adb0a4a5

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 5938
content-type: text/html
date: Thu, 08 Dec 2022 23:55:30 GMT
etag: "3d588be7f01fe5a6448a8ef1aeb70463:1669278724.034982"
expires: Thu, 15 Dec 2022 23:55:30 GMT
last-modified: Thu, 24 Nov 2022 08:27:03 GMT
server: AkamaiNetStorage
timing-allow-origin: * *
vary: Accept-Encoding

GET
H2 200 eyJpdSI6ImYwOGMzMjYwYzc4Njc5NzcyMjBhMzlhNTVhZDJlMzAzMGQwMjA4ZTRmMjk2OTk3MGI2OWVlZDE4ODUxYmI2NTYiLCJ3IjozMDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ Frame A578 9 KB
10 KB 674ms
238ms Image
image/webp 23.36.253.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImYwOGMzMjYwYzc4Njc5NzcyMjBhMzlhNTVhZDJlMzAzMGQwMjA4ZTRmMjk2OTk3MGI2OWVlZDE4ODUxYmI2NTYiLCJ3IjozMDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: pastelink.net
URL: https://pastelink.net/ae55y2dx
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.253.246 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-253-246.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 664d350eb37fa9dacb107de6ffe430fe42f25a15f8b01ff89123b391f8a6a4bc

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:55:32 GMT
last-modified: Thu, 01 Dec 2022 04:02:52 GMT
access-control-allow-methods: GET,POST
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=1885299
access-control-allow-credentials: false
x-traceid: 0f127b76653c734f6e190af46fd87a9b
timing-allow-origin: *, *
content-length: 9496

GET
H/1.1 200
OK widgetGlobalEvent Show response
log.outbrainimg.com/loggerServices/ Frame A578 4 B
325 B 288ms
287ms Fetch
application/json 66.225.223.127
NTTA-3946

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=1a43a690155bcc8cf35c16d1dcbdf1ac&pvId=1a43a690155bcc8cf35c16d1dcbdf1ac&sid=8304254&pid=113125&idx=0&wId=101&pad=1&org=0&tm=3082&eT=3&wRV=2000978&pVis=1&lsd=bb2e0e40-0f4c-4704-9a03-1a29f8f8b6c1&eIdx=0&oo=false&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 66.225.223.127 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS: sa.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:30 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: d2c278574148dfdb858e990eb7a34505
Content-Length: 4
Expires: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 275ms
273ms Image
text/html 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120501&jk=2688815392968168&bg=!-vml-b3NAAa7eOFIm3g7ACkAdvg8WkcF_HyP8t6T_hud4-1zA9vhvdUI1EEFbY51NxPT_ElMomHoRwIAAAB6UgAAAARoAQcKAJZQ8tNRF2sqbwVCbZZOX0AlggHFRHgUWCoDunP-qNH-39CKD0u3v6taYsVymcBVii5GDBOPe1XAT71vXZvyCvpTjdT9k7T4lctSZ73HOMwTs3c8WSroEz0HG1c2oZcXb9DJ3arLniIQigoL9eaaBXjvdTCJohmSMc-3Tw2Q_G-GvG2MuzhaEl20F-giPKbSsndxtj_8r42ZApleuRYLzeNppsQX79UHIRCJVD1qYOQARFfiH41NOVXtG_gx1D4kBVG0qI7xlUKTCKEnm0FX6_dwVKE3Q5f5c1Co54gV5or1daNE8d8EoGdXjfX8AClmOGMOmU95xgMYPpvBx5XZKrbVfrO6mXLAhykDf6nCKeR4AxovWnHNp5NMuhc184KBuRW6citWXcGXLHcE3rUNhtmzb6y94ejK9qnhsHD_QntmXOQvYDiIcYDKJoAaqRuPF46jj7y-87fUCLJJjjsTocFHbS9rGL3hhZ_VwfuqVTbIJjnI32AYdbZJ9crk35CpACgp1qXTkIfZItqW4HcyUsNmu2A_HyKytAodXr3qIRJOCqsJ3dH2jJXDJ4oA6zF0yQXGrfxW3spyS6GcV3Z1e98CckNnenP6YTe10qPUWfbbF1qVuiEIBSJ-FCNCg6QQpIhXaZAAmYdwo5Rn3RD77uGgkEQbDTKzoYDUZMJggdloe1fv2tNhbZOGY0-7ldKpWyfYKdrEZTe8ktZ47qalrAvbrji0XOdYyGmbhu5CmQVPpDvJVthVbzvuNhL9FC4JMHllV6l60VrPRB6GwwJQYNZKnTbBvygaLuWklVXayOyzRsUw0N5zjLvqyEXsCRrp_ty6kC1J8od0ZZl2T5xQal9UNrxDlXpkhjlNpV34-_yijdf6ZDjnBNeAREUCp43Vvsyj7s0W_QHKGCU-Kqcgz9mdMWNrfNMxseqR40Ec8_51g3xORIIWD-F0uH7J1PVnUY94aPi1kIRE9DecfzOh3SKAzoZdTV0PRgVvS1Lo_StlDANu5iZem-HSxUZbdkdhmjScOYH7bZSZ4cJ2Gqv7LH1VU_4r9S_WemBI6Fn3d8Wd2QxqwMmtVHK_6uEXBHIOjh4ecg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sd-in-f154.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 css
fonts.googleapis.com/ Frame 03AC 3 KB
630 B 274ms
274ms Stylesheet
text/css 74.125.24.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans&subset=latin

Requested by

Host: s3-ap-southeast-2.amazonaws.com
URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/HYPE-728.full.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f95.1e100.net

Software

ESF /

Resource Hash

8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 08 Dec 2022 23:55:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 23:55:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 08 Dec 2022 23:55:30 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 03AC 3 KB
630 B 273ms
273ms Stylesheet
text/css 74.125.24.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:700&subset=latin

Requested by

Host: s3-ap-southeast-2.amazonaws.com
URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/HYPE-728.full.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f95.1e100.net

Software

ESF /

Resource Hash

2371736975be245bd56385816b25ee7daa9a3cd826911c4fe5f2202ca74e9ec4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 08 Dec 2022 23:55:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 23:55:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 08 Dec 2022 23:55:30 GMT

GET
H/1.1 200
OK __Arrow-Button.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 880 B
948 B 155ms
154ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/__Arrow-Button.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 48a9560e9dddf4834139c3b4abd37300dfc9879ac686d3fba921a1488ee4dfe2

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:19 GMT
Server: AmazonS3
x-amz-request-id: 6HST6PSH51MFCKKN
ETag: "7fb04916458ddfc35012cb9c7eb0bf06"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 531
x-amz-id-2: w8xXDtnZzYsWWmpOACmL+sJj6lEXS7OERUnRLc0sdYdRqvTvGiASXztJwWB3LKnGc+C4z2FmA2U=

GET
H/1.1 200
OK ARROW.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 464 B
718 B 157ms
156ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ARROW.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 86a519c094e4fc973de82c1785a176d4231447a0e520183968a74a67af91da01

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: 6HSRV72NG8KX8J80
ETag: "37f196530a348f1dee569fb754a15e58"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 301
x-amz-id-2: 8N8WaJcqBpSPZGZWlgHRa4whYHLH5O8B4Hc1iYcqB8BLcfnsgWia4tQ1441n3AfVCqpI1WahMKA=

GET
H/1.1 200
OK RedBox_TwoLines.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 398 B
667 B 154ms
153ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/RedBox_TwoLines.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6637296ad150cd9275d48c8bb905b615c3490fef74d6451307e11621c9488287

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: 6HSQCP695ZVT2R8Q
ETag: "f21d9b89fcef6157a61ba93e48e0e67c"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 250
x-amz-id-2: JUXktAdGQT1OV00Qc3JauBB4V0M++uuKyx8TgqAXGLrInhZk9Wm8Up+pU44cqJwIn4UhsljK0dQ=

GET
H/1.1 200
OK AlwaysCheapSTACKED.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 9 KB
3 KB 159ms
158ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/AlwaysCheapSTACKED.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6b42f1c4edc92297c1d0002640541a3a9646a489a23e4a889bf025c0b6379036

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: 6HSMAXK7GHK7V8DW
ETag: "3abcb61a86cd77cc1a54e9ead99be61e"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 2623
x-amz-id-2: ylPl0MI91ReGBnWFWAnNM4fVFyVZ36AqQMfDJ+nj5Z7kfGqyjuN+HNp+y/ixJL50HAlSxF5C2To=

GET
H/1.1 200
OK PriceBox.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 415 B
671 B 197ms
156ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/PriceBox.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 526fd4ac1cf5189bd5fbf866886315ee1c23bc2a4f6c42925ddbbd02bb318be8

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: X9DTAC24WD776WHX
ETag: "5448e44d1a5969abea305fc11aba0572"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 254
x-amz-id-2: qrW4c5bfQON7Rkq9I0hWDAkFDzfqzvxc+SQLNYNNATMbTFlaysXCQfVslLNqOc5LqibawfqiQJw=

GET
H/1.1 200
OK Logo.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 4 KB
2 KB 203ms
154ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/Logo.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 0d9775701bd8ab72d4d800639daa36b54c0ffdfcb2f5b8c48076716bae8b1adb

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: X9DXAE0FQZ5X6D3R
ETag: "7d9a4ff2ccd314adb69e0c97db289e31"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1472
x-amz-id-2: M+GPsoaKImnPwifnieBX2lLQJVxeHMj8j4KJ3onS495rj2Dkm0RARi1r4JjivqzhHyEuPt52xTM=

GET
H/1.1 200
OK WhiteBox.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 1 KB
928 B 353ms
154ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/WhiteBox.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: cc43a6fd1efe12bd432b6cf9bf5d26ad7cefdfde1a161127ea65831a55044adb

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: X9DK40WRNRDG8FWC
ETag: "a87eb1574de2ea51b175df41c9362730"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 511
x-amz-id-2: Dp9lPkf6RNnVbArlCZF8KV12xtL7zP4BYKJLejvHzGW2MDu5dKApoAdU8HC1/3vcsMyPpTi3Xjs=

GET
H/1.1 200
OK WhiteBox-1.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 805 B
870 B 357ms
152ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/WhiteBox-1.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 58f6d826baa81dfae4213ca526836de8f308075d2a5da7b0564224b452965bb7

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: X9DPMM2RZ0C5T7HM
ETag: "d9682bbeaeb1c75f0cdc8596b5c31506"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 453
x-amz-id-2: lYu7XgukM+5uUvl0MwhpEHuNOMLBPMHicsEVxjsH3HKLmRK7yeiZcZ/RGAR3k+ddSP5lGylaB28=

GET
H2 200 test.html Show response
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame 2E6E 610 B
907 B 240ms
239ms Document
text/html 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 6139e1fc0d3709eebbe2b18510cf24361b9f8a538c3529a73c282bafe6c78474

Request headers

Referer: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 610
content-type: text/html
date: Thu, 08 Dec 2022 23:55:30 GMT
etag: "48053d50141031b1511dbd30f9a31288:1670488260.337551"
expires: Thu, 15 Dec 2022 23:55:30 GMT
last-modified: Thu, 08 Dec 2022 07:55:53 GMT
server: AkamaiNetStorage
timing-allow-origin: * *

GET

rcs
tags.rd.linksynergy.com/ Frame 86BA
Redirect Chain

https://idsync.rlcdn.com/420046.gif?partner_uid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc
https://idsync.rlcdn.com/1000.gif?memo=CM7RGRJMCkgIARC-ngEaQFFUazNvcDZaVlRXWWtrNDIwLUVRSnJzZUhQNXhzZFVVYTRXZlRXdU55ME0tRXhEUEpfUUJ5WkxCNHZ2Q2cycGMQABoNCPPyyZwGEgUI6AcQAEIASgA
https://pippio.com/api/sync?pid=5324&it=1&iv=27e3319f695d8fae169c9ec1cd4fe3fde7af006e21f4db6162dd7e737c31d784791426b5417dce21&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlAyN2UzMzE5ZjY5NWQ4ZmFlMTY5YzllYzFjZDRmZTNmZGU3YWYwMDZlMjFmNGRiNjE2MmRkN2U3MzdjMzFkNzg0NzkxNDI2YjU...
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlAyN2UzMzE5ZjY5NWQ4ZmFlMTY5YzllYzFjZDRmZTNmZGU3YWYwMDZlMjFmNGRiNjE2MmRkN2U3MzdjMzFkNzg0NzkxNDI2YjU0MTdkY2UyMRAAGgwI9PLJnAYSBAgCEABCAEoA&goog...
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=

0
0

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/ Frame 86BA
Redirect Chain

https://b1sync.zemanta.com/usersync/outbrain/?puid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_consent=&us_privacy=1---
https://b1sync.zemanta.com/usersync/outbrain/?gdpr=0&gdpr_consent=&puid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&s=2&us_privacy=1---
https://sync.outbrain.com/cookie-sync?p=zemanta&uid=fJv4JTZQq_-QpZ_FV2Za&gdpr=0&us_privacy=1---

0
145 B

290ms
289ms

Image
text/plain

66.225.223.127
NTTA-3946

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=zemanta&uid=fJv4JTZQq_-QpZ_FV2Za&gdpr=0&us_privacy=1---
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol: HTTP/1.1
Server: 66.225.223.127 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS: sa.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Cache-Control: no-cache
X-TraceId: 87a95067d41469f019dcb4732607e121
Content-Length: 0

Redirect headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Type: text/html; charset=utf-8
Location: https://sync.outbrain.com/cookie-sync?p=zemanta&uid=fJv4JTZQq_-QpZ_FV2Za&gdpr=0&us_privacy=1---
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 130
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/ Frame 86BA
Redirect Chain

https://ib.adnxs.com/getuid?https://sync.outbrain.com/cookie-sync?p=appnexus&uid=$UID&obUid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_consent=&us_privacy=1---
https://sync.outbrain.com/cookie-sync?p=appnexus&uid=7259043930018617298&obUid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_consent=&us_privacy=1---

0
145 B

1154ms
290ms

Image
text/plain

66.225.223.127
NTTA-3946

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=appnexus&uid=7259043930018617298&obUid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol: HTTP/1.1
Server: 66.225.223.127 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS: sa.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Cache-Control: no-cache
X-TraceId: d628a653ae35fc6c8d035f1e9b00f253
Content-Length: 0

Redirect headers

Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:31 GMT
AN-X-Request-Uuid: 66fbeddb-8212-4217-9711-ffa9824429c1
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://sync.outbrain.com/cookie-sync?p=appnexus&uid=7259043930018617298&obUid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_consent=&us_privacy=1---
Connection: keep-alive
X-Proxy-Origin: 116.90.74.214; 116.90.74.214; 899.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 86BA
Redirect Chain

https://dpm.demdex.net/ibs:dpid=133726&dpuuid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_pd=1&gdpr_consent=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=133726&dpuuid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_pd=1&gdpr_consent=

42 B
942 B

302ms
300ms

Image
image/gif

52.35.83.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=133726&dpuuid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_pd=1&gdpr_consent=

Requested by

Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html

Protocol

HTTP/1.1

Server

52.35.83.72 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-83-72.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-usw2-2-v041-0ac0bc90f.edge-usw2.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 76t7zK0wRyk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-usw2-2-v041-00dffbeb9.edge-usw2.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: LjdVrI5bTSo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=133726&dpuuid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_pd=1&gdpr_consent=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 set
sync-jp.im-apps.net/imid/ Frame 86BA 43 B
194 B 738ms
243ms Image
image/gif 54.150.208.159
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-jp.im-apps.net/imid/set?cid=1000047&tid=obid&uid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.150.208.159 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-150-208-159.ap-northeast-1.compute.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 08 Dec 2022 23:55:31 GMT
cache-control: max-age=3000
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
content-length: 43
expires: Fri, 09 Dec 2022 00:45:31 GMT

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/ Frame 86BA
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=icco6m5&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=icco6m5&ttd_tpi=1
https://sync.outbrain.com/cookie-sync?p=ttd&uid=c5dc2253-485c-40c7-aa3f-d58e1ad4a3cd&gdpr=0&gdpr_consent=

0
145 B

1130ms
290ms

Image
text/plain

66.225.223.127
NTTA-3946

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=ttd&uid=c5dc2253-485c-40c7-aa3f-d58e1ad4a3cd&gdpr=0&gdpr_consent=
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol: HTTP/1.1
Server: 66.225.223.127 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS: sa.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Cache-Control: no-cache
X-TraceId: 32226f46c6fdd62f6d8309052ead9b14
Content-Length: 0

Redirect headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:31 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.outbrain.com/cookie-sync?p=ttd&uid=c5dc2253-485c-40c7-aa3f-d58e1ad4a3cd&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 241

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 86BA 0
339 B 910ms
300ms Image
text/plain 34.210.112.208
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=outbrain&partner_uid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.210.112.208 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-210-112-208.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-served-by: beacon-n014-pdx-prod.krxd.net
date: Thu, 08 Dec 2022 23:55:31 GMT
cache-control: private, no-cache, no-store
x-request-time: D=31 t=1670543731
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame 86BA 43 B
658 B 899ms
406ms Image
image/gif 18.155.68.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212295978&puid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.68.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-68-53.sin52.r.cloudfront.net
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:31 GMT
via: 1.1 dff3fc94ddb54b32b708edf2668b23d2.cloudfront.net (CloudFront)
server: AAWebServer
x-amz-cf-pop: SIN52-P1
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-cache: Miss from cloudfront
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
x-amz-cf-id: uLFWBrBjBPKszO2ZXrK8FuebdStAHpmt9p8bNmDxG8bWdHHJ_6jUVA==
expires: 0

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/ Frame 86BA
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=outbrain&ssp_user_id=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=outbrain&ssp_user_id=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc
https://sync.outbrain.com/cookie-sync?p=mediaforce&uid=934d75c5-dc65-4770-a772-655a19f2911a

0
145 B

290ms
289ms

Image
text/plain

66.225.223.127
NTTA-3946

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=mediaforce&uid=934d75c5-dc65-4770-a772-655a19f2911a
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol: HTTP/1.1
Server: 66.225.223.127 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS: sa.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:33 GMT
Cache-Control: no-cache
X-TraceId: 8b5b02264b0f6a6313f420b5bc01a2ad
Content-Length: 0

Redirect headers

Location: //sync.outbrain.com/cookie-sync?p=mediaforce&uid=934d75c5-dc65-4770-a772-655a19f2911a
Date: Thu, 08 Dec 2022 23:55:33 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET

img
sync.mathtag.com/sync/ Frame 86BA
Redirect Chain

https://x.bidswitch.net/sync?ssp=outbrain&user_id=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&us_privacy=1---&gdpr=0&gdpr_pd=1&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=outbrain&user_id=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&us_privacy=1---&gdpr=0&gdpr_pd=1&gdpr_consent=
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Doutbrain%26bsw_param%3D5ad34e60-4f40-4c1a-a55a-91570e8033...

0
0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 86BA 43 B
363 B 710ms
237ms Image
image/gif 182.161.73.146

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=74&p=126&cp=outbrain&cu=1&url=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcriteo%26obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26uid%3D%40%40CRITEO_USERID%40%40

Requested by

Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.146 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:32 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 282668
expires: Thu, 08 Dec 2022 00:00:00 GMT

GET

5ad34e60-4f40-4c1a-a55a-91570e8033fe
sync.1rx.io/usersync/bidswitch/ Frame 86BA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&google_dbm
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEOIVNXDBu78u6H3kDhNpBTU&google_cver=1
https://sync.1rx.io/usersync/bidswitch/5ad34e60-4f40-4c1a-a55a-91570e8033fe?gdpr=&gdpr_consent=

0
0

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/ Frame 86BA
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=25&gdpr=0&gdpr_consent=&us_privacy=1---
https://sync.outbrain.com/cookie-sync?p=activeagent&uid=7174930699781339284&gdpr=0&gdpr_consent=

0
145 B

294ms
293ms

Image
text/plain

66.225.223.127
NTTA-3946

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=activeagent&uid=7174930699781339284&gdpr=0&gdpr_consent=
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol: HTTP/1.1
Server: 66.225.223.127 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS: sa.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:33 GMT
Cache-Control: no-cache
X-TraceId: 935892865891110cd01b1407f2485204
Content-Length: 0

Redirect headers

Location: https://sync.outbrain.com/cookie-sync?p=activeagent&uid=7174930699781339284&gdpr=0&gdpr_consent=
Date: Thu, 08 Dec 2022 23:55:33 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET

pixel
cm.g.doubleclick.net/ Frame 86BA
Redirect Chain

https://ps.eyeota.net/match?bid=1mpn7m0&uid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc
https://ps.eyeota.net/match/bounce/?bid=1mpn7m0&uid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc
https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MmRxb2hJNDdESmZKNW9nZzI5Nk5nOU1KWnF2bWt1Rmwxc2FCRDAyN0ZjTFU&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&...

0
0

GET QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc
id.geistm.com/m/OB/ Frame 86BA 0
0

GET

cm-notify
creativecdn.com/ Frame 86BA
Redirect Chain

https://creativecdn.com/cm-notify?pi=outbrain&gdpr=0&gdpr_consent=&us_privacy=1---
https://creativecdn.com/cm-notify?pi=outbrain&gdpr=0&gdpr_consent=&us_privacy=1---&tc=1

0
0

GET sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 86BA 0
0

GET tpid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc
sync.crwdcntrl.net/map/c=14516/tp=OBRN/ Frame 86BA 0
0

GET usermatchredir
ssum-sec.casalemedia.com/ Frame 86BA 0
0

GET ImgSync
image8.pubmatic.com/AdServer/ Frame 86BA 0
0

GET cm
u.openx.net/w/1.0/ Frame 86BA 0
0

GET occ
ups.analytics.yahoo.com/ups/58523/ Frame 86BA 0
0

GET um
cs.emxdgt.com/ Frame 86BA 0
0

GET server_match
ice.360yield.com/ Frame 86BA 0
0

GET /
s.ad.smaato.net/c/ Frame 86BA 0
0

GET sync
ssbsync.smartadserver.com/api/ Frame 86BA 0
0

GET c.gif
c.bing.com/ Frame 86BA 0
0

GET services
sync.technoratimedia.com/ Frame 86BA 0
0

GET 711945.gif
id.rlcdn.com/ Frame 86BA 0
0

GET pixelSync
pixel-sync.sitescout.com/dmp/ Frame 86BA 0
0

GET p-cxanv6hYFn1kw.gif
cms.quantserve.com/pixel/ Frame 86BA 0
0

GET rtset
bh.contextweb.com/bh/ Frame 86BA 0
0

GET outbrain
trace.mediago.io/cs/ Frame 86BA 0
0

GET 9.gif
id5-sync.com/s/164/ Frame 86BA 0
0

GET sync
t.adx.opera.com/pub/ Frame 86BA 0
0

GET
H2 200 test.html Show response
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame 7924 610 B
907 B 236ms
236ms Document
text/html 23.72.45.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.45.76 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-45-76.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 6139e1fc0d3709eebbe2b18510cf24361b9f8a538c3529a73c282bafe6c78474

Request headers

Referer: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: max-age=604800
content-length: 610
content-type: text/html
date: Thu, 08 Dec 2022 23:55:30 GMT
etag: "48053d50141031b1511dbd30f9a31288:1670488260.337551"
expires: Thu, 15 Dec 2022 23:55:30 GMT
last-modified: Thu, 08 Dec 2022 07:55:53 GMT
server: AkamaiNetStorage
timing-allow-origin: * *

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86FC 0
20 B 272ms
271ms Ping
image/gif 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6308050731741&version=m202209210101&ct=76&x=1&cor=17161241058957156000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Dec 2022 23:55:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK WhiteBox-1.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 805 B
870 B 154ms
153ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/WhiteBox-1.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 58f6d826baa81dfae4213ca526836de8f308075d2a5da7b0564224b452965bb7

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: X9DKFCT5MPMTRG3D
ETag: "d9682bbeaeb1c75f0cdc8596b5c31506"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 453
x-amz-id-2: /WXyskgS8p2WDbwt7M09nF8Gm8lpEkbL5Vk7cE+H3cIp2NmvR69FLmkHIYmI2gi4XH3GqH02544=

GET
H/1.1 200
OK 224629-L-HI.jpg
s3-ap-southeast-2.amazonaws.com/adtrek/836c9ff2-fdf2-4683-9705-86329b33003e/ae668732-1919-4bc3-8516-17e67a6f61cb/ Frame 03AC 37 KB
36 KB 157ms
154ms Image
image/jpeg 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/836c9ff2-fdf2-4683-9705-86329b33003e/ae668732-1919-4bc3-8516-17e67a6f61cb/224629-L-HI.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 54b848ccc3501d43ad66afc17157fd625b9323acc687b1d4455c90c714a2d6df

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Dec 2022 23:54:30 GMT
Server: AmazonS3
x-amz-request-id: X9DK45AM57BJ2BVH
ETag: "e98164b5597ac170d0bfdcc4e943ba5f"
x-amz-meta-info: feed-image
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 36624
x-amz-id-2: mD+ivsOW2wn6iFAOLu3I+jiIyb+NlZkjykyHNwGVOJK3xplEDoRUytnCBFnpXHoJjufWUqOiEGQ=

GET
H/1.1 200
OK PriceBox.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 415 B
671 B 157ms
154ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/PriceBox.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 526fd4ac1cf5189bd5fbf866886315ee1c23bc2a4f6c42925ddbbd02bb318be8

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: X9DXJ0BGDECGNDTA
ETag: "5448e44d1a5969abea305fc11aba0572"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 254
x-amz-id-2: 7aOoDQrZBmBXZSJyDWxQrl7VsL6WS741NIo0H7iDzsVt++mxXNdhZ03U3xRhlHvb/E0FXmB5Scw=

GET
H/1.1 200
OK 160x600.jpg
s3-ap-southeast-2.amazonaws.com/adtrek/30cb2b84-2727-44d9-9e64-0dfd9c05ea14/615cff43-97e2-4c4d-b7b1-de134c013fe3/ Frame 03AC 42 KB
40 KB 155ms
153ms Image
image/jpeg 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/30cb2b84-2727-44d9-9e64-0dfd9c05ea14/615cff43-97e2-4c4d-b7b1-de134c013fe3/160x600.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 47ef9bd56a7806f0261c57c65c83ad387a3b77d1b8b1a1c4f4acef56a1d26d4e

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Dec 2022 02:18:55 GMT
Server: AmazonS3
x-amz-request-id: X9DMD47AXZJRYCC6
ETag: "2ae834d2109a8d806fe2895f610c7b94"
x-amz-meta-info: feed-image
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 40452
x-amz-id-2: 9G3CkvaP50jaoIWTjQxJBKwConv0cNbNI/k8zzxmj6wg7ggeQVwb0IvuWTeEDkVbRrwjv/4Sv4Q=

GET
H/1.1 200
OK 219981-L-HI.jpg
s3-ap-southeast-2.amazonaws.com/adtrek/836c9ff2-fdf2-4683-9705-86329b33003e/27e5e64c-af61-4ba1-a390-0b2d0e14abfb/ Frame 03AC 38 KB
37 KB 153ms
151ms Image
image/jpeg 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/836c9ff2-fdf2-4683-9705-86329b33003e/27e5e64c-af61-4ba1-a390-0b2d0e14abfb/219981-L-HI.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 22fd4613a307b0d351f501d9e506d5251014be658853bdf78aeb7f95df03a158

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Dec 2022 23:54:30 GMT
Server: AmazonS3
x-amz-request-id: X9DNKR5AA3ASQAH0
ETag: "3879db291aa5ad4a52388942107ec479"
x-amz-meta-info: feed-image
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 37647
x-amz-id-2: IQd/PzQwhJgdfr8D9390RuXCqdVlNPl8KSEbhqCwW/PMbnWcmqQNl/0+Up6vpdrgLU7d7r6Yq2I=

GET
H/1.1 200
OK 224019-L-HI.jpg
s3-ap-southeast-2.amazonaws.com/adtrek/836c9ff2-fdf2-4683-9705-86329b33003e/38ef99b0-d1e9-46b1-95ed-9cbcfc6baf1c/ Frame 03AC 47 KB
46 KB 158ms
155ms Image
image/jpeg 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/836c9ff2-fdf2-4683-9705-86329b33003e/38ef99b0-d1e9-46b1-95ed-9cbcfc6baf1c/224019-L-HI.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: d4764d9812584f629c4864aa32c2af6ba5c054ab824e716b7234cf210c02d86b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Dec 2022 23:54:30 GMT
Server: AmazonS3
x-amz-request-id: X9DP5SX2QT3HMJB4
ETag: "cabdc8c6fc75837dd452d77bab546906"
x-amz-meta-info: feed-image
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 46963
x-amz-id-2: SMVpRgPoYrKXCHc6ltEhYvoCT4SdTy2T68jKWGjtuTPPZXzO22yq34nPpbzWdiIaqIW2p5bMSMs=

GET
H/1.1 200
OK Logo.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 4 KB
2 KB 295ms
151ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/Logo.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 0d9775701bd8ab72d4d800639daa36b54c0ffdfcb2f5b8c48076716bae8b1adb

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: X9DWK07343CATAAH
ETag: "7d9a4ff2ccd314adb69e0c97db289e31"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1472
x-amz-id-2: PZZjYI7BSgULF3L4wIZBEE6aQOZ5rPmCQV0YwGYEDmROPY6MxTd3tDzyIkJdXxcJGOZxS+XPpM4=

GET
H/1.1 200
OK RedBox_TwoLines.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 398 B
667 B 307ms
157ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/RedBox_TwoLines.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6637296ad150cd9275d48c8bb905b615c3490fef74d6451307e11621c9488287

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: X9DVVX52XQVJR73W
ETag: "f21d9b89fcef6157a61ba93e48e0e67c"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 250
x-amz-id-2: pX9NYv+kNb9bSC/hERalU6lRl+xM9q+2QSLY02BDyxtnnzM0jiBLPae9ucj3ypPzDozH3/b8oxk=

GET
H/1.1 200
OK AlwaysCheapSTACKED.svg
s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ Frame 03AC 9 KB
3 KB 306ms
157ms Image
image/svg+xml 52.95.132.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/AlwaysCheapSTACKED.svg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.132.99 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-southeast-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6b42f1c4edc92297c1d0002640541a3a9646a489a23e4a889bf025c0b6379036

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 05:49:18 GMT
Server: AmazonS3
x-amz-request-id: X9DJDZ4FBMC8BAQ9
ETag: "3abcb61a86cd77cc1a54e9ead99be61e"
x-amz-meta-info: resource files
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 2623
x-amz-id-2: 5uVyhEeypjhKQhfZykQpJv1tI9747UxCNvdTpxLHpKJa4rLhexvAjA+Prwiby9qZgddKfZlnEeM=

GET
H3 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4gaVI.woff2
fonts.gstatic.com/s/opensans/v34/ Frame 03AC 16 KB
16 KB 273ms
270ms Font
font/woff2 74.125.24.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700&subset=latin

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f94.1e100.net

Software

sffe /

Resource Hash

d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.adtrek.co
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 15:38:08 GMT
x-content-type-options: nosniff
age: 202643
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16372
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:14:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Dec 2023 15:38:08 GMT

GET
H/1.1 200
OK jb.woff
www.adtrek.co/content/webkits/jb/ Frame 03AC 21 KB
21 KB 146ms
143ms Font
font/x-woff 52.63.31.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.adtrek.co/content/webkits/jb/jb.woff
Requested by: Host: s3-ap-southeast-2.amazonaws.com
URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ad-s.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.63.31.162 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-63-31-162.ap-southeast-2.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: bf1be6cfe189b22354b23a5651d53c29cd29d751257a844a87924737a4855467

Request headers

Referer: https://s3-ap-southeast-2.amazonaws.com/
Origin: https://www.adtrek.co
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:28 GMT
Last-Modified: Tue, 31 Aug 2021 22:52:26 GMT
Server: Microsoft-IIS/8.5
ETag: "07137deba9ed71:0"
X-Powered-By: ASP.NET
Content-Type: font/x-woff
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21308

GET
H3 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v34/ Frame 03AC 16 KB
16 KB 309ms
306ms Font
font/woff2 74.125.24.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans&subset=latin

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f94.1e100.net

Software

sffe /

Resource Hash

b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.adtrek.co
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 00:17:37 GMT
x-content-type-options: nosniff
age: 257874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16740
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Dec 2023 00:17:37 GMT

GET
H/1.1 200
OK ATDavison-Bold.otf
www.adtrek.co/content/webkits/ATDavison/ Frame 03AC 65 KB
65 KB 289ms
142ms Font
font/otf 52.63.31.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.adtrek.co/content/webkits/ATDavison/ATDavison-Bold.otf
Requested by: Host: s3-ap-southeast-2.amazonaws.com
URL: https://s3-ap-southeast-2.amazonaws.com/adtrek/eb8c9498-28e2-4adb-a4f3-0bec73675d82/ad-s.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.63.31.162 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-63-31-162.ap-southeast-2.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: d1870dc99c0b97e7ec097e59d14f34df98efb89ac786f8e07f1c0705f4f34f18

Request headers

Referer: https://s3-ap-southeast-2.amazonaws.com/
Origin: https://www.adtrek.co
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:29 GMT
Last-Modified: Tue, 31 Aug 2021 22:52:26 GMT
Server: Microsoft-IIS/8.5
ETag: "07137deba9ed71:0"
X-Powered-By: ASP.NET
Content-Type: font/otf
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 66544

GET
H/1.1 200
OK AstLd Show response
www.adtrek.co/adserver/ Frame 03AC 16 B
292 B 456ms
183ms XHR
application/json 52.63.31.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.adtrek.co/adserver/AstLd?cc=678d19d1-9bf6-4282-b96d-5173d5d41281
Requested by: Host: www.adtrek.co
URL: https://www.adtrek.co/adserver/frm?cc=678d19d1-9bf6-4282-b96d-5173d5d41281&clk=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCrTc7bHmSY-mrNs7cz7sPzIOziASivKfjbImF7Y3XDtnN2ZOSMBABIIabpJABYKvssYXgGKABus70sQHIAQmpAh4c6YtaZKU-qAMBqgSlAk_Q63ElvLBnpqN43rx6Ab5hpBsxp3Qq7exogehLps2GJ_34xQpA5bhR8QIxn1k5bSgo2uOSoBv0uS_4eDTlEBhGNCv-Hd0tJir7vgKhCRZaS1uuaMQhubjRL3MlcSbuR_3wmbsmLqrARy0R5K04ugmaDEBFeiv0akE1tUu5KvMNdgRrHTSDiJDMuo65qtYBPDjbqp5Lm_GyMcHzl84pei7SKb1NE0UL-hqWRiAS4IsO41aR6_DK-ms5s5BfhG52Uu0JOOAeq4h_Ca1K1fLQxvM1_bt3d-ZvEu4gaNpWdxMjT-6ryQBCWX838kKIdymVYTqh1M0erPuKm-pyjQyvOLRINIcplFFK4mwPaOwyiUeIcwPCMebKY0uHFvjrCEfqp5mFjXm6wASju4GC5wPgBAOQBgGgBk2AB66xi84CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQIAKA5gLAcgLAYAMAbAT8fWrEcgTmqzA3gPQEwDYEwrYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM%26sig%3DAOD64_1glGDAf_IfXWd_xPnvluR-Gsorjg%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-B51URJTG6msbEt0s2n6b7xo9C1uBCaGxpF4Bewu8oafWh3t4jN7UmEB3ig8qKGjMoGII-CWnIwlJCpWUGB4xyFfdDFMIbiGWPqbBLclBY39tTzavPHdbl_7ayp-5afR_Pz_oG8wK5q1QqOBL_MWkzE0MFVzHEOZZYo_-y6r_RvdwQwEvo%26cry%3D1%26dbm_d%3DAKAmf-BtX9ZCAPEaqaATXhsCEoB3SuX-kzo7ZoG7Yq80s3aJteOG1R10LjLM1xkiKJZjasqVxWfncae3N7BBaNYHluveKBir3phsYcOZpXvsjRPu-6CWt0RV7-Pf-u8X1nv4gonBwBuV8OKfUd8HsVYf8Z79Sib7tTDwQzAJBZJqjP7yjrCHXlG79whOnbrvkfb4TJ941d_2j62OtPJDc1awScvSAzLu_knBM2ojYEQVIJxGEBb9SpFjCcX2MuOoZJs66YVLf50gF3aF85waPdN4UEyAPK4EUZCILY6rLoC-BHGOwJI84_Aj4p3lHpTrImSUdaluNVuwiPy9IDCboxz6NRBCj-v0dw9EBWt1W7f5uJ40SOnAwpFTKRXhsU5beSK_P5pQmKRlYLRrFERhk9VNKD-oDhPbK95C39LB5FxY991qCdLlkizKFGtMPqNVG5RUSEzoT6XlI_pfb1ytnyjeVH3ZsY4XcFkf-OFpFgKcrRpGakDCnsSx0j5xHsO8zQDZozkirXS5Pvj2LesDTX7bN7OUnQIVMrPBLai9AN-77TIdMkOALU0%26adurl%3Dhttps%3a%2f%2fwww.adtrek.co%2fadserver%2fclick%3fcc%3d678d19d1-9bf6-4282-b96d-5173d5d41281&ord=1670543724890345
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.63.31.162 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-63-31-162.ap-southeast-2.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.adtrek.co/adserver/frm?cc=678d19d1-9bf6-4282-b96d-5173d5d41281&clk=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCrTc7bHmSY-mrNs7cz7sPzIOziASivKfjbImF7Y3XDtnN2ZOSMBABIIabpJABYKvssYXgGKABus70sQHIAQmpAh4c6YtaZKU-qAMBqgSlAk_Q63ElvLBnpqN43rx6Ab5hpBsxp3Qq7exogehLps2GJ_34xQpA5bhR8QIxn1k5bSgo2uOSoBv0uS_4eDTlEBhGNCv-Hd0tJir7vgKhCRZaS1uuaMQhubjRL3MlcSbuR_3wmbsmLqrARy0R5K04ugmaDEBFeiv0akE1tUu5KvMNdgRrHTSDiJDMuo65qtYBPDjbqp5Lm_GyMcHzl84pei7SKb1NE0UL-hqWRiAS4IsO41aR6_DK-ms5s5BfhG52Uu0JOOAeq4h_Ca1K1fLQxvM1_bt3d-ZvEu4gaNpWdxMjT-6ryQBCWX838kKIdymVYTqh1M0erPuKm-pyjQyvOLRINIcplFFK4mwPaOwyiUeIcwPCMebKY0uHFvjrCEfqp5mFjXm6wASju4GC5wPgBAOQBgGgBk2AB66xi84CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQIAKA5gLAcgLAYAMAbAT8fWrEcgTmqzA3gPQEwDYEwrYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Gc4jJzC9ODvtzXoQP4dihhG2eIyjRlcW7nroWQy8ush-U4iiYCwWlzv-jvhDtjQqFwcJ6rn9BN7hp9IS4KOfbO0aunHcjxgBIBM%26sig%3DAOD64_1glGDAf_IfXWd_xPnvluR-Gsorjg%26client%3Dca-pub-9602519502618262%26dbm_c%3DAKAmf-B51URJTG6msbEt0s2n6b7xo9C1uBCaGxpF4Bewu8oafWh3t4jN7UmEB3ig8qKGjMoGII-CWnIwlJCpWUGB4xyFfdDFMIbiGWPqbBLclBY39tTzavPHdbl_7ayp-5afR_Pz_oG8wK5q1QqOBL_MWkzE0MFVzHEOZZYo_-y6r_RvdwQwEvo%26cry%3D1%26dbm_d%3DAKAmf-BtX9ZCAPEaqaATXhsCEoB3SuX-kzo7ZoG7Yq80s3aJteOG1R10LjLM1xkiKJZjasqVxWfncae3N7BBaNYHluveKBir3phsYcOZpXvsjRPu-6CWt0RV7-Pf-u8X1nv4gonBwBuV8OKfUd8HsVYf8Z79Sib7tTDwQzAJBZJqjP7yjrCHXlG79whOnbrvkfb4TJ941d_2j62OtPJDc1awScvSAzLu_knBM2ojYEQVIJxGEBb9SpFjCcX2MuOoZJs66YVLf50gF3aF85waPdN4UEyAPK4EUZCILY6rLoC-BHGOwJI84_Aj4p3lHpTrImSUdaluNVuwiPy9IDCboxz6NRBCj-v0dw9EBWt1W7f5uJ40SOnAwpFTKRXhsU5beSK_P5pQmKRlYLRrFERhk9VNKD-oDhPbK95C39LB5FxY991qCdLlkizKFGtMPqNVG5RUSEzoT6XlI_pfb1ytnyjeVH3ZsY4XcFkf-OFpFgKcrRpGakDCnsSx0j5xHsO8zQDZozkirXS5Pvj2LesDTX7bN7OUnQIVMrPBLai9AN-77TIdMkOALU0%26adurl%3Dhttps%3a%2f%2fwww.adtrek.co%2fadserver%2fclick%3fcc%3d678d19d1-9bf6-4282-b96d-5173d5d41281&ord=1670543724890345
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Dec 2022 23:55:29 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: application/json; charset=utf-8
Cache-Control: private
Connection: keep-alive
Content-Length: 16

GET
H2 200 show_pla
flint.defybrick.com/ Frame C85F 2 KB
1 KB 1046ms
363ms Script
text/javascript 52.45.196.192

General

Check archive.org

Show headers Download Go to

Full URL: https://flint.defybrick.com/show_pla?id=65349&url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&sf=0&k=&idx=0&ch=&ext=&np=win32&nv=google%20inc.&rand=04871116796127065988507602822252041682300667117409680781751208621601&nc=0&tsf=0&tsfmi=&pv=0&cb=1670543732818&ref=&pit=1&hl=2&op=0&fs=300x250&ss=1600x1200&pre=0&jsonp=OBR.extern.onCheqResponse&mr=&ag=2826626440&at=&bid=e30%3D&di=W1siZWYiLDgzODRdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbDJcIixcInZcIjpcImludGVsIGluYy5c%0D%0AIixcInJcIjpcImludGVsIGlyaXMgb3BlbmdsIGVuZ2luZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNs%0D%0AIGVzIDMuMDAgKG9wZW5nbCBlcyBnbHNsIGVzIDMuMCBjaHJvbWl1bSlcIixcImd2ZXJcIjpcIndl%0D%0AYmdsIDIuMCAob3BlbmdsIGVzIDMuMCBjaHJvbWl1bSlcIixcImd2ZW5cIjpcIndlYmtpdFwiLFwi%0D%0AYmVuXCI6NixcIndnbFwiOjEsXCJncmVuXCI6XCJ3ZWJraXQgd2ViZ2xcIixcInNlZlwiOjEwNTE2%0D%0AOTQwODksXCJzZWNcIjpcIlwifSJdLFszNywiWzMzMTYyMjQwNDksZnVuY3Rpb24obmV3VmFsdWUp%0D%0AIHtcbiAgICAgICAgICAgICAgYWRkQ29udGVudFdpbmRvd1Byb3h5KHRoaXMpXG4gICAgICAgICAg%0D%0AICAgIC8vIFJlc2V0IHByb3BlcnR5LCB0aGUgaG9vayBpcyBvbmx5IG5lZWRlZCBvbmNlXG4gICAg%0D%0AICAgICAgICAgIE9iamVjdC5kZWZpbmVQcm9wZXJ0eShpZnJhbWUsICdzcmNkb2MnLCB7XG4gICAg%0D%0AICAgICAgICAgICAgY29uZmlndXJhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB3cml0YWJs%0D%0AZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgdmFsdWU6IF9zcmNkb2NcbiAgICAgICAgICAgICAg%0D%0AfSlcbiAgICAgICAgICAgICAgX2lmcmFtZS5zcmNkb2MgPSBuZXdWYWx1ZVxuICAgICAgICAgICAg%0D%0AfV0iXSxbLTEsIi0iXSxbLTIsIjUsZVlHOVgxL1gxdFpsUzIyZDUxeDhZTlk5TXhKUUVNQ2RVQkhK%0D%0ATDg2TDIzQUNHVWhCSXdJU1NFRUFjSUpmUmVBZ1FJRUZvSW5kQ3h3UVhqaG8yNzE5Nm1Nak92L3I4%0D%0ANzB1eHFGeCJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwibWhqZmJtZGdjZmpiYnBh%0D%0AZW9qb2ZvaG9lZmdpZWhqYWlcIixcImludGVybmFsLW5hY2wtcGx1Z2luXCJdIl0sWy00LCItIl0s%0D%0AWy01LCItIl0sWy02LCItIl0sWy03LCItIl0sWy04LCItIl0sWy05LCIrIl0sWy0xMCwiLSJdLFst%0D%0AMTEsIntcInRcIjpcIlwiLFwibVwiOltcIm9nOnRpdGxlXCIsXCJkZXNjcmlwdGlvblwiLFwib2c6%0D%0AZGVzY3JpcHRpb25cIl19Il0sWy0xMiwibnVsbCJdLFstMTMsIi0iXSxbLTE0LCJ7XCJvXCI6MC41%0D%0AODMzMzMzMzMzMzMzMzM0fSJdLFstMTUsIi0iXSxbLTE2LCIwIl0sWy0xNywiNCJdLFstMTgsIlsw%0D%0ALDAsMCwxXSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDE2MDAsMTIwMCwxNjAw%0D%0ALDEyMDAsMTYwMCwxMjAwLDMwMCwyNTAsMCwwLDAsMCxcIi1cIixcIi1cIl0iXSxbLTIwLCI5Mzc5%0D%0ANjU2NDUuMTY3MDU0MzcyMSJdLFstMjEsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yMywi%0D%0AKyJdLFstMjQsIltdIl0sWy0yNSwiLSJdLFstMjYsIntcInRqaHNcIjo0MjEwMDAwMCxcInVqaHNc%0D%0AIjozMzEwMDAwMCxcImpoc2xcIjozNzYwMDAwMDAwfSJdLFstMjcsIlswLDkuNSwwLFwiNGdcIixu%0D%0AdWxsXSJdLFstMjgsImVuLVVTLGVuIl0sWy0yOSwie1widlwiOlsyLDIsMiwyLDAsMCwwLDIsMCwy%0D%0ALDAsMiwwLDAsMiwyLDIsMiwwXX0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMxLCJmYWxzZSJdLFst%0D%0AMzIsIi0iXSxbLTMzLCItIl0sWy0zNCwiLSJdLFstMzUsIlsxNjcwNTQzNzMyODAyLDBdIl0sWy0z%0D%0ANiwiW1wiNC8zXCIsXCI0LzNcIl0iXSxbLTM3LCItMTA5LTY2LTcwLSJdLFstMzgsImksLTEsLTEs%0D%0ALTE2NzA1NDM3MjUwOTEsMCwwLDAsMCwwLDE2NzA1NDM3MjUwOTcsMCwwLDIxNDIuNiwyMTQyLjYs%0D%0ANzcxMiw3NzEzIl0sWy0zOSwiW1wiMjAwMzAxMDdcIiw0LFwiR2Vja29cIixcIk5ldHNjYXBlXCIs%0D%0AXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRydWUsOCxmYWxzZSxudWxsLDNdIl0sWy00MCwiMzMiXSxb%0D%0ALTQxLCItIl0sWy00MiwiMTcyNDI5NzY1MyJdLFstNDMsIjAwMDAwMDAxMDEwMDAwMDEwMDExMTAx%0D%0AMTAwIl0sWy00NCwiMCwwLDAsNSJdLFstNDUsIi0iXSxbLTQ2LCIwIl0sWy00NywiRXRjL1Vua25v%0D%0Ad24sZW4tVVMsbGF0bixncmVnb3J5Il0sWy00OCwiMCwwIl0sWy00OSwiLSJdLFsiYm5jaCIsMzM5%0D%0AXV0%3D&tsfu=&fst=1600x1200&dep=1&cpos=%5B%7B%22x%22%3A0%2C%22y%22%3A0%2C%22w%22%3A300%2C%22h%22%3A250%7D%2C%7B%22w%22%3A300%2C%22h%22%3A250%7D%2C%7B%22x%22%3A512%2C%22y%22%3A2616%2C%22w%22%3A300%2C%22h%22%3A250%7D%2C%7B%22w%22%3A1600%2C%22h%22%3A1200%7D%5D&ver=41&cri=e40VJybqnJ&sdd=%7B%7D&pto=7730&ao=https%3A%2F%2Fpastelink.net&aol=1
Requested by: Host: rock.defybrick.com
URL: https://rock.defybrick.com/placement_invocation?id=65349&idx=0
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 52.45.196.192 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/javascript
pragma: no-cache
date: Thu, 08 Dec 2022 23:55:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 1426
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST log-viewability
log.outbrainimg.com/api/loggerBatch/ Frame A578 0
0

GET
H2 200 show_pla Show response
flint.defybrick.com/ Frame A578 2 KB
2 KB 986ms
360ms Script
text/javascript 52.45.196.192

General

Check archive.org

Show headers Download Go to

Full URL: https://flint.defybrick.com/show_pla?id=65349&url=https%3A%2F%2Fpastelink.net%2Fae55y2dx&sf=0&k=&idx=0&ch=&ext=&np=win32&nv=google%20inc.&rand=64186700660699808878115961951227232200329702955311620010681656895076&nc=0&tsf=0&tsfmi=&pv=0&cb=1670543732877&ref=&pit=1&hl=2&op=0&fs=728x90&ss=1600x1200&pre=0&jsonp=OBR.extern.onCheqResponse&mr=&ag=2826626440&at=&bid=e30%3D&di=W1siZWYiLDk3MjFdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbDJcIixcInZcIjpcImludGVsIGluYy5c%0D%0AIixcInJcIjpcImludGVsIGlyaXMgb3BlbmdsIGVuZ2luZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNs%0D%0AIGVzIDMuMDAgKG9wZW5nbCBlcyBnbHNsIGVzIDMuMCBjaHJvbWl1bSlcIixcImd2ZXJcIjpcIndl%0D%0AYmdsIDIuMCAob3BlbmdsIGVzIDMuMCBjaHJvbWl1bSlcIixcImd2ZW5cIjpcIndlYmtpdFwiLFwi%0D%0AYmVuXCI6NixcIndnbFwiOjEsXCJncmVuXCI6XCJ3ZWJraXQgd2ViZ2xcIixcInNlZlwiOjEwNTE2%0D%0AOTQwODksXCJzZWNcIjpcIlwifSJdLFszNywiWzMzMTYyMjQwNDksZnVuY3Rpb24obmV3VmFsdWUp%0D%0AIHtcbiAgICAgICAgICAgICAgYWRkQ29udGVudFdpbmRvd1Byb3h5KHRoaXMpXG4gICAgICAgICAg%0D%0AICAgIC8vIFJlc2V0IHByb3BlcnR5LCB0aGUgaG9vayBpcyBvbmx5IG5lZWRlZCBvbmNlXG4gICAg%0D%0AICAgICAgICAgIE9iamVjdC5kZWZpbmVQcm9wZXJ0eShpZnJhbWUsICdzcmNkb2MnLCB7XG4gICAg%0D%0AICAgICAgICAgICAgY29uZmlndXJhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB3cml0YWJs%0D%0AZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgdmFsdWU6IF9zcmNkb2NcbiAgICAgICAgICAgICAg%0D%0AfSlcbiAgICAgICAgICAgICAgX2lmcmFtZS5zcmNkb2MgPSBuZXdWYWx1ZVxuICAgICAgICAgICAg%0D%0AfV0iXSxbLTEsIi0iXSxbLTIsIjMsZVlHOVgxL1gxdFpsUzIyZDUxeDhZTlk5TXhKUUVNQ2RVQkhK%0D%0ATDg2TDIzQUNHVWhCSXdJU1NFRUFjSUpmUmVBZ1FJRUZvSW5kQ3h3UVhqaG8yNzE5Nm1Nak92L3I4%0D%0ANzB1eHFGeCJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwibWhqZmJtZGdjZmpiYnBh%0D%0AZW9qb2ZvaG9lZmdpZWhqYWlcIixcImludGVybmFsLW5hY2wtcGx1Z2luXCJdIl0sWy00LCItIl0s%0D%0AWy01LCItIl0sWy02LCItIl0sWy03LCItIl0sWy04LCItIl0sWy05LCIrIl0sWy0xMCwiLSJdLFst%0D%0AMTEsIntcInRcIjpcIlwiLFwibVwiOltcIm9nOnRpdGxlXCIsXCJkZXNjcmlwdGlvblwiLFwib2c6%0D%0AZGVzY3JpcHRpb25cIl19Il0sWy0xMiwibnVsbCJdLFstMTMsIi0iXSxbLTE0LCJ7XCJvXCI6MC41%0D%0AODMzMzMzMzMzMzMzMzM0fSJdLFstMTUsIi0iXSxbLTE2LCIwIl0sWy0xNywiNCJdLFstMTgsIlsw%0D%0ALDAsMCwxXSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDE2MDAsMTIwMCwxNjAw%0D%0ALDEyMDAsMTYwMCwxMjAwLDcyOCw5MCwwLDAsMCwwLFwiLVwiLFwiLVwiXSJdLFstMjAsIjkzNzk2%0D%0ANTY0NS4xNjcwNTQzNzIxIl0sWy0yMSwiLSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTIzLCIr%0D%0AIl0sWy0yNCwiW10iXSxbLTI1LCItIl0sWy0yNiwie1widGpoc1wiOjQyMTAwMDAwLFwidWpoc1wi%0D%0AOjMzMTAwMDAwLFwiamhzbFwiOjM3NjAwMDAwMDB9Il0sWy0yNywiWzAsOS41LDAsXCI0Z1wiLG51%0D%0AbGxdIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTI5LCJ7XCJ2XCI6WzIsMiwyLDIsMCwwLDAsMiwwLDIs%0D%0AMCwyLDAsMCwyLDIsMiwyLDBdfSJdLFstMzAsIltcInZcIiwwXSJdLFstMzEsImZhbHNlIl0sWy0z%0D%0AMiwiLSJdLFstMzMsIi0iXSxbLTM0LCItIl0sWy0zNSwiWzE2NzA1NDM3MzI4NzEsMF0iXSxbLTM2%0D%0ALCJbXCI0LzNcIixcIjQvM1wiXSJdLFstMzcsIi0xMDktNjYtNzAtIl0sWy0zOCwiaSwtMSwtMSwt%0D%0AMTY3MDU0MzcyMzU0NiwwLDAsMCwwLDAsMTY3MDU0MzcyMzU1MSwwLDAsMTI2Ny41LDEyNjcuNSw5%0D%0AMzI3LDkzMjciXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDQsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixc%0D%0AIk1vemlsbGFcIixudWxsLG51bGwsdHJ1ZSw4LGZhbHNlLG51bGwsM10iXSxbLTQwLCIzMyJdLFst%0D%0ANDEsIi0iXSxbLTQyLCIxNzI0Mjk3NjUzIl0sWy00MywiMDAwMDAwMDEwMTAwMDAwMTAwMTExMDEx%0D%0AMDAiXSxbLTQ0LCIwLDAsMCw1Il0sWy00NSwiLSJdLFstNDYsIjAiXSxbLTQ3LCJFdGMvVW5rbm93%0D%0Abixlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTQ4LCIwLDAiXSxbLTQ5LCItIl0sWyJibmNoIiwzMF1d&tsfu=&fst=1600x1200&dep=1&cpos=%5B%7B%22x%22%3A0%2C%22y%22%3A0%2C%22w%22%3A728%2C%22h%22%3A90%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%7D%2C%7B%22x%22%3A436%2C%22y%22%3A1105%2C%22w%22%3A728%2C%22h%22%3A90%7D%2C%7B%22w%22%3A1600%2C%22h%22%3A1200%7D%5D&ver=41&cri=JfggE3HCBL&sdd=%7B%7D&pto=9333&ao=https%3A%2F%2Fpastelink.net&aol=1
Requested by: Host: rock.defybrick.com
URL: https://rock.defybrick.com/placement_invocation?id=65349&idx=0
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 52.45.196.192 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8efc22e9ab0795fa036a09039d90f23c1c1d47b0aed39eaefbd7cdf72c9e890f

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/javascript
pragma: no-cache
date: Thu, 08 Dec 2022 23:55:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 1425
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content event.png
tpsc-ae1.doubleverify.com/ Frame 12BC 0
229 B 523ms
236ms Ping
text/plain 34.149.43.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpsc-ae1.doubleverify.com/event.png?impid=3f7a84312b334c22bdf7e07c92cb87a7&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=2054&eoid=14&msrjs=3317&sdf=67108866&vit=2&isvelg=1&rmi=16&tltms=835&tetms=8&msltms=537&vltms=2054&sei=290&vetms=6&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=456&msrcannum=3&ismms=38&isumms=37&nvr=6&elmtp=6&isbxdms=4138&b0=248&b11=4111&adhgt=250&adwdth=300&norwdth=300&norhgt=250&vsos=4&dvp_vsosnmr=16&lftb=4359&sftb=4359&msrdp=8&naral=192&vct=512&vphgt=1200&vpwdth=1600&chgt=250&cwdth=300&invcs=false&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&isiabvms=1138&isuiabvms=1138&ispmxpms=1138&engalms=36&engscrlms=275&dvp_pageEng=true&dvp_dpr=1&ee_dp_cvcmeeid=1&ee_dp_cvcmetp=1&metp=1&meeid=1&ttfurm=5087&cbust=1670543732979223
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements3317.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.43.113 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 113.43.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:33 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Connection: close
Expires: 12/07/2022 23:55:33

POST
H/1.1 204
No Content event.png
tpsc-ae1.doubleverify.com/ Frame A39C 0
229 B 520ms
235ms Ping
text/plain 34.149.43.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpsc-ae1.doubleverify.com/event.png?impid=3e818be2235f4ffe8998cd35437245f1&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=565&eoid=14&msrjs=3317&sdf=67108866&vit=2&isvelg=1&rmi=16&tltms=0&tetms=9&msltms=585&vltms=565&sei=289&vetms=15&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=15&isumms=15&nvr=2&isgmmims=15&isgmv4mims=15&elmtp=6&isbxdms=2615&b0=2785&adhgt=250&adwdth=300&norwdth=300&norhgt=250&dvp_vsosnmr=1&lftb=2785&sftb=2785&msrdp=4&naral=128&vct=512&vphgt=1200&vpwdth=1600&chgt=250&cwdth=300&invcs=false&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=14&dvp_dpr=1&ee_dp_cvcmeeid=1&ee_dp_cvcmetp=1&metp=1&meeid=1&ttfurm=3591&cbust=1670543732992345
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements3317.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.43.113 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 113.43.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Pragma: no-cache
Date: Thu, 08 Dec 2022 23:55:33 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Connection: close
Expires: 12/07/2022 23:55:33

POST all
csm.as.criteo.net/ Frame ECFC 0
0

GET imp.gif
flint.defybrick.com/tracker/ Frame A578 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pro.ip-api.com
URL: https://pro.ip-api.com/json/?key=ZxSSLwZtxrKxQbv&fields=status,countryCode,region

Domain: aax-dtb-cf.amazon-adsystem.com
URL: https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpastelink.net%2Fae55y2dx&pid=guZHJvDXthV7n&cb=0&ws=1600x1200&v=22.1201.834&t=1500&slots=%5B%7B%22sd%22%3A%22advally-adhesion-slot%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FBottom_adhesion_banner%22%7D%2C%7B%22sd%22%3A%22Top_leaderboard%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FTop_leaderboard%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-1%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-2%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-3%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-4%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-5%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-6%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22Sidebar_MPU%22%2C%22s%22%3A%5B%22160x600%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FSidebar_MPU%22%7D%5D&schain=1.0%2C1!advally.com%2CP58S175%2C1%2C%2C%2C&pubid=7e29cf92-dbd2-479a-865a-9cb3658a40f8&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A2000%7D

Domain: tags.rd.linksynergy.com
URL: https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=

Domain: sync.mathtag.com
URL: https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Doutbrain%26bsw_param%3D5ad34e60-4f40-4c1a-a55a-91570e8033fe&gdpr=0&gdpr_consent=

Domain: sync.1rx.io
URL: https://sync.1rx.io/usersync/bidswitch/5ad34e60-4f40-4c1a-a55a-91570e8033fe?gdpr=&gdpr_consent=

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MmRxb2hJNDdESmZKNW9nZzI5Nk5nOU1KWnF2bWt1Rmwxc2FCRDAyN0ZjTFU&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=1mpn7m0&

Domain: id.geistm.com
URL: https://id.geistm.com/m/OB/QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc

Domain: creativecdn.com
URL: https://creativecdn.com/cm-notify?pi=outbrain&gdpr=0&gdpr_consent=&us_privacy=1---&tc=1

Domain: pixel-us-east.rubiconproject.com
URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=15268&gdpr=0&gdpr_consent=&us_privacy=1---

Domain: sync.crwdcntrl.net
URL: https://sync.crwdcntrl.net/map/c=14516/tp=OBRN/tpid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatchredir?s=193091&cb=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dindxexcg%26uid%3D%24%7BUSER%7D%26obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---

Domain: image8.pubmatic.com
URL: https://image8.pubmatic.com/AdServer/ImgSync?p=160065&gdpr=PM_GDPR&gdpr_consent=PM_CONSENT&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160065%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.outbrain.com%252Fcookie-sync%253Fp%253Dpubmatic%2526obUid%253DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%2526gdpr%253D0%2526gdpr_consent%253D%2526us_privacy%253D1---%2526uid%253D%2523PMUID

Domain: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=00df9f64-6f67-4cae-aeb2-d951da52047c&r=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dopenx%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%26uid%3D

Domain: ups.analytics.yahoo.com
URL: https://ups.analytics.yahoo.com/ups/58523/occ?gdpr=0&gdpr_consent=&us_privacy=1---&redir=true

Domain: cs.emxdgt.com
URL: https://cs.emxdgt.com/um?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Demx%26uid%3D%24UID%26obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---

Domain: ice.360yield.com
URL: https://ice.360yield.com/server_match?partner_id=1863&r=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dimprove_digital%26uid%3D%7BPUB_USER_ID%7D%26obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---

Domain: s.ad.smaato.net
URL: https://s.ad.smaato.net/c/?adExInit=o&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dsmaato%26uid%3D%24UID%26obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---

Domain: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=30&gdpr=0&gdpr_consent=&redirectUri=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dsmart%26uid%3D%5Bssb_sync_pid%5D%26obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---

Domain: c.bing.com
URL: https://c.bing.com/c.gif?red3=MSOB_pd&uid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc

Domain: sync.technoratimedia.com
URL: https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dsynacor%26uid%3D%5BUSER_ID%5D%26obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%26us_privacy%3D1---

Domain: id.rlcdn.com
URL: https://id.rlcdn.com/711945.gif?cparams=obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc

Domain: pixel-sync.sitescout.com
URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=127&gdpr=0&gdpr_consent=&us_privacy=1---&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcentro%26uid%3D%7BuserId%7D%26obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---

Domain: cms.quantserve.com
URL: https://cms.quantserve.com/pixel/p-cxanv6hYFn1kw.gif?idmatch=0&obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_consent=&us_privacy=1---

Domain: bh.contextweb.com
URL: https://bh.contextweb.com/bh/rtset?pid=562709&ev=1&us_privacy=${us_privacy}&rurl=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpulsepoint%26uid%3D%7BuserId%7D%26obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---

Domain: trace.mediago.io
URL: https://trace.mediago.io/cs/outbrain?cb=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dbaidu%26uid%3D%7Buserid%7D%26obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---

Domain: id5-sync.com
URL: https://id5-sync.com/s/164/9.gif?puid=QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc&gdpr=0&gdpr_consent=&us_privacy=1---

Domain: t.adx.opera.com
URL: https://t.adx.opera.com/pub/sync?pubid=pub8006743166848&redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dopera%26uid%3D%2524%257BOPERA_UID%257D%26obUid%3DQTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---

Domain: log.outbrainimg.com
URL: https://log.outbrainimg.com/api/loggerBatch/log-viewability

Domain: csm.as.criteo.net
URL: https://csm.as.criteo.net/all?cppv=3&cpp=Tb8Bd7E3czVVZltg3dDnlz_mFeo19ywDMLnjNEJlGo0cvbPDYta33RFl7hAnINn_VNJE9UbpEGgHW4fpICnvZ45X2--ZYjaMaQTxLDPBEIxl6c97NaQJCz9gNiX6_pwtmlL3c-MRV-QPsrec-aFhSg0j2pSs8D1amLYXGmhjUIQ_jgcndp1sxyHpxfnmBNFo-jCWBcI71P1SBkkche37yUIC3DS-aCwNyobzDqUAA7L4oOL_D3OujO5nAJ20bMV-cda3jQ&sds=2&rev=83862.2&sendBeacon=true

Domain: flint.defybrick.com
URL: https://flint.defybrick.com/tracker/imp.gif?e=37dfbd8ee84e00136deec231e940899e9225c24f567d51c5c30f41b0254384cfa532ff1a285aa40e98d022e0b44dc87ea4a36fde4c1b8c682309094d0ba0bfea9475489e91da563e351aff717718956a8b70cd0130003f8101424d3f065cc3bf775d36fa26e877cb55e2cc7ce2586fb01f6f3903d053f054abd1c5d52fe87547ed62d2f1157f84163042775a90d61c63f16cade7d2f1515df80adaf568bf74842fd65a97787fe47459a545590132cb5936c186e2a038a83efd78b803f24e6f73b2c75020657c5d8e75c19b1de91444b8d3ed772a2f70addf6a3f8e835b002942611f70dfea511c6117f8a3122c9cdca07dcbbf42626e74e9f9f8c1877fb7c3de44ef5594512065cff8f9e4a065d285fd6e943410d2ffdb300a54a2207da2821135e9dcfd758f05f64ee0d749c04ec89979c63b30c09b208a369883baf1dce9f10538b36aefefe8234340c5b012e2c837c7581302d25b09d084809e95fbd0659c2bd3cbb3df79be7d2867d37f2ac69596497690a633bc11e9d315d665ac6c544c5ac73ab641d0c0b832bb806f9007b789c69b29ce5f432da50d5a136e4e7dd6a16ff41d8782c734abde3dc4c36295d1b9ab33dee0b311372fd3a711158ce0471556a6bfac7ba73c9ef641ece62eae61a631973ec80684ba36d5644df6b280342d35611f384e0d05a0e5907e9157f5031b015aa7f1119bc1465becb29bf8f939deffa7bc94f2afbc&cb=1670543733876&cri=JfggE3HCBL

Verdicts & Comments Add Verdict or Comment

171 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
widgets.outbrain.com/nanoWidget/externals/cookie	1970-01-20 08:02:27	Name: thirdparty Value: yes
pastelink.net/	1970-01-20 08:52:23	Name: PHPSESSID Value: 3tpgckon2sbnd37rcr009epb0i
.pastelink.net/	1970-01-20 10:11:59	Name: _gcl_au Value: 1.1.326318137.1670543720
.pastelink.net/	1970-01-20 17:38:23	Name: _ga Value: GA1.2.937965645.1670543721
.pastelink.net/	1970-01-20 08:03:50	Name: _gid Value: GA1.2.1409408087.1670543721
.pastelink.net/	1970-01-20 08:02:23	Name: _gat_UA-55088947-2 Value: 1
pastelink.net/	1970-01-20 08:03:50	Name: plTest Value: false
.pastelink.net/	1970-01-20 08:02:23	Name: _gat_advallyTrackerpl Value: 1
pastelink.net/	1970-01-20 08:45:35	Name: _pbjs_userid_consent_data Value: 3524755945110770
.doubleclick.net/	1970-01-20 17:38:23	Name: IDE Value: AHWqTUkUUJpvxRF_a_J3PhTdNzdOwCTZwt1r9y39w7XxthWPwsRng6g5prlqJukw-dc
.pastelink.net/	1970-01-20 17:38:23	Name: _ga_S3DKHVPF03 Value: GS1.1.1670543721.1.0.1670543725.0.0.0
.pastelink.net/	1970-01-20 17:23:59	Name: __gads Value: ID=baf35796bcc0308f:T=1670543722:S=ALNI_MYQzdFN2RlNPeaAlJ94s-eKQIttRA
.pastelink.net/	1970-01-20 17:23:59	Name: __gpi Value: UID=00000b8cae06c980:T=1670543722:RT=1670543722:S=ALNI_MYgY5Petw07Q-b6a81bbVF-k9hycA
.openx.net/	1970-01-20 16:47:59	Name: i Value: 034e5769-6a2a-4cd8-a46e-37eb74b1d438\|1670543726
.teads.tv/	1970-01-20 16:46:33	Name: tt_viewer Value: 079f3365-aa78-4b22-a5a4-c1feeb904593
.casalemedia.com/	1970-01-20 10:11:59	Name: CMPS Value: 4987
.adnxs.com/	1970-01-20 10:11:59	Name: uuid2 Value: 7259043930018617298
.adnxs.com/	1970-01-20 10:11:59	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?dq2aFy!]td=8i_iqf!oN/@E'zz<Z0Qk.OAx=Y=kdM.(Cun+W7j4ji9f+qs/X5-`CTD._*PlZ[C[-kX-?C`nf
.crwdcntrl.net/	1970-01-20 14:31:08	Name: _cc_dc Value: 2
.crwdcntrl.net/	1970-01-20 14:31:08	Name: _cc_id Value: ace27875801e7f4eaedac9af4fb5d742
.pastelink.net/	1970-01-20 14:31:11	Name: _cc_id Value: ace27875801e7f4eaedac9af4fb5d742
.pastelink.net/	1970-01-20 08:03:50	Name: panoramaId_expiry Value: 1670630127091
.casalemedia.com/	1970-01-20 16:47:59	Name: CMID Value: Y5J5bh-suFht0vCBkJ4N0QAA
.casalemedia.com/	1970-01-20 10:11:59	Name: CMTS Value: 4983
.casalemedia.com/	1970-01-20 10:11:59	Name: CMPRO Value: 4987
.spotxchange.com/	1970-01-20 08:42:42	Name: audience Value: ca2acff6-7753-11ed-aa9e-1e0b86f70407
gs.kraftonde.com/	1970-01-20 16:47:59	Name: session_id Value: 1ed7753c-a8df-6d04-ab7a-8aa1322e6295
gs.kraftonde.com/	1970-01-20 08:03:50	Name: session_id_2q78ew_impression Value: 1ed7753c-a8df-6d04-ab7a-8aa1322e6295
.id5-sync.com/	1970-01-20 10:11:59	Name: id5 Value: ebb8c250-4b24-73d9-9d00-8c665d87de85#1670543728360#1
.doubleclick.net/	1970-01-20 08:02:27	Name: DSID Value: NO_DATA
.outbrain.com/	1970-01-20 08:02:23	Name: recs_466964eb755a1508c80a3b40829712d2 Value: 0B4921401149ACD1
.outbrain.com/	1970-01-20 08:02:25	Name: obsessionid-p113125 Value: 7fd912ce-92cc-aebd-0000-0184f42a65e7\|0\|1
.outbrain.com/	1970-01-20 08:02:23	Name: recs_003546b6f174eaf9fcc741e149ddda43 Value: 0B4921412505ACD1
.outbrain.com/	1970-01-20 10:11:59	Name: obuid Value: bb2e0e40-0f4c-4704-9a03-1a29f8f8b6c1
.adsrvr.org/	1970-01-20 16:47:59	Name: TDID Value: c5dc2253-485c-40c7-aa3f-d58e1ad4a3cd
.adsrvr.org/	1970-01-20 16:47:59	Name: TDCPM Value: CAEYBSABKAIyCwj89uO5zeCsOxAFOAE.
.rlcdn.com/	1970-01-20 16:47:59	Name: rlas3 Value: OVHvt4kMpFejoZsKtQ5KsiuVbzGi4jc193KtBSTwV64=
.agkn.com/	1970-01-20 16:47:59	Name: ab Value: 0001%3ABnFhta5Q619pEcS3gtxUt9%2FnULk8%2FFIG
.krxd.net/	1970-01-20 12:21:35	Name: _kuid_ Value: PPxQF8H5
.demdex.net/	1970-01-20 12:21:35	Name: demdex Value: 58215861142156915191449071693963824195
.rlcdn.com/	1970-01-20 09:28:47	Name: pxrc Value: CPPyyZwGEgUI6AcQABIFCOhHEAA=
.zemanta.com/	1970-01-20 16:47:59	Name: zuid Value: fJv4JTZQq_-QpZ_FV2Za
.zemanta.com/	1970-01-20 16:47:59	Name: obuid Value: QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc
.dpm.demdex.net/	1970-01-20 12:21:35	Name: dpm Value: 58215861142156915191449071693963824195

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v92.js(Line 99) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/022211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://id.geistm.com/m/OB/QTk3op6ZVTWYkk420-EQJrseHP5xsdUUa4WfTWuNy0M-ExDPJ_QByZLB4vvCg2pc Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

78635244b45c59d7278fc7df5a22cadf.safeframe.googlesyndication.com
aa.agkn.com
aax-dtb-cf.amazon-adsystem.com
ad.doubleclick.net
ads.as.criteo.com
adservice.google.co.nz
adservice.google.com
b1sync.zemanta.com
bcp.crwdcntrl.net
beacon.krxd.net
bh.contextweb.com
c.amazon-adsystem.com
c.bing.com
cat.sg1.as.criteo.com
cdn.adligature.com
cdn.ampproject.org
cdn.doubleverify.com
cdn.id5-sync.com
cdn2.d4.digital
cdn3.d4.digital
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
code.createjs.com
code.jquery.com
creativecdn.com
cs.emxdgt.com
csm.as.criteo.net
dis.criteo.com
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
flint.defybrick.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gs.kraftonde.com
ib.adnxs.com
ice.360yield.com
id.geistm.com
id.rlcdn.com
id5-sync.com
image8.pubmatic.com
images.outbrainimg.com
imp.d4.digital
lb.eu-1-id5-sync.com
lbs.eu-1-id5-sync.com
log.outbrainimg.com
match.adsrvr.org
mcdp-sadc1.outbrain.com
odb.outbrain.com
pagead2.googlesyndication.com
partners.tremorhub.com
pastelink.net
pix.as.criteo.net
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pro.ip-api.com
rock.defybrick.com
rtb.jp2.as.criteo.com
rtb.mfadsrvr.com
rtb0.doubleverify.com
s.ad.smaato.net
s0.2mdn.net
s3-ap-southeast-2.amazonaws.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static.criteo.net
sync-jp.im-apps.net
sync.1rx.io
sync.crwdcntrl.net
sync.mathtag.com
sync.outbrain.com
sync.search.spotxchange.com
sync.teads.tv
sync.technoratimedia.com
t.adx.opera.com
tags.crwdcntrl.net
tags.rd.linksynergy.com
tcheck.outbrainimg.com
tpc.googlesyndication.com
tps.doubleverify.com
tpsc-ae1.doubleverify.com
trace.mediago.io
u.openx.net
ups.analytics.yahoo.com
us-u.openx.net
widget-pixels.outbrain.com
widgets.outbrain.com
www.adtrek.co
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
aax-dtb-cf.amazon-adsystem.com
bh.contextweb.com
c.bing.com
cm.g.doubleclick.net
cms.quantserve.com
creativecdn.com
cs.emxdgt.com
csm.as.criteo.net
flint.defybrick.com
ice.360yield.com
id.geistm.com
id.rlcdn.com
id5-sync.com
image8.pubmatic.com
log.outbrainimg.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pro.ip-api.com
s.ad.smaato.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
sync.1rx.io
sync.crwdcntrl.net
sync.mathtag.com
sync.technoratimedia.com
t.adx.opera.com
tags.rd.linksynergy.com
trace.mediago.io
u.openx.net
ups.analytics.yahoo.com
103.71.26.126
104.17.24.14
104.21.93.14
104.22.53.86
104.254.151.60
13.107.213.59
13.33.33.29
13.33.33.61
13.33.39.40
139.5.84.243
142.250.4.156
142.251.10.139
142.251.10.154
142.251.10.156
142.251.12.157
142.251.12.99
162.19.138.116
162.19.138.120
162.19.138.82
172.217.194.148
172.217.194.155
172.217.194.156
172.253.118.148
18.155.68.53
18.158.185.48
182.161.73.129
182.161.73.132
182.161.73.135
182.161.73.142
182.161.73.146
182.161.73.148
182.161.74.19
184.26.20.55
199.232.46.132
23.36.253.246
23.52.171.81
23.72.45.76
3.214.101.176
3.33.220.150
34.149.43.113
34.160.184.46
34.210.112.208
34.98.64.218
42.99.140.170
52.35.83.72
52.45.196.192
52.63.31.162
52.76.151.156
52.95.132.99
54.150.208.159
54.217.2.253
64.74.236.63
66.225.223.127
69.16.175.42
74.125.200.132
74.125.24.132
74.125.24.157
74.125.24.94
74.125.24.95
74.125.24.97
74.125.68.156
85.114.159.93
89.35.29.15
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0aa1608c3222c18f45e70ad085c325c53da71247501bfd34bcf8bcb2f3023d5a
0b22d30287556a13a94182f6b4643699530f27961f028534503654618bab863e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d9775701bd8ab72d4d800639daa36b54c0ffdfcb2f5b8c48076716bae8b1adb
108a843c89700026fe82ad9568a376c43fa4af57adc8987127ab581a0287090a
11bf5c7fcacc2dcf713e2764a9236712a04326335cdd0b1fd9d2ba91b0fe6dcb
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b
14e6bd829a3d18b99a4078210615f636071b47a0ffb9948a4b78578f6c988e5b
14eaf58a907b68d6760b6194dffa1fefdd171dd13683952e6a45538d5cd6d1e6
15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc
182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c
190d542d8e593c755fd16e67ca62583e183957829dfb69cc2e00c7bf67df237d
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
199215d9dd71297e200ab4e8ee4378b5bc09abebe014e5a6a27f2c50033a226c
1a12532324261fcc9e92664b32cea31bf3a14a1128cf6a7531cc6a9ce9197cb9
1a7fc0d7449c8f1215c2aca3bfc30b1aa12ef6aa60600c4d185f6cc5b6b36e1b
1b0e33610d1d3e3abab61780d3c2cbd7780b37bc9647701196e5e64cad720d55
1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0
1c1e1c3ae7f9b71951f0539bbea7738054c26fee2e896ebb54f253db765d4c84
1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf
22fd4613a307b0d351f501d9e506d5251014be658853bdf78aeb7f95df03a158
234b9bab83aa0c52e9e5192995427a2bc44876cf1a11545ed631f369b8dc6534
2371736975be245bd56385816b25ee7daa9a3cd826911c4fe5f2202ca74e9ec4
24455615c9b119f2fef5a4f0f4be07812eb832ff8cb2dddd62bd6e8c5d8b8b2b
24b6ee152d9844956663f65ace7952a5cf61bcd189f00e0a66d0ee3c890640db
28afd47b728bfa375ba5d36188c5e9e8684a48441b1b6be8fedf43558b452c53
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
2d54d98b7aadd5155567c320319c92983229bf9efc7388f5abee37784d0879e7
31154658c0f43551d13209857161e9d915b4e3b90fb2ef653462c34441e9fcda
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3198a617788e651c0621ab134c5ca0e7132226ad24c975dce4eb91c89f59820d
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
39b34907c2dcd4e10bcc46613f4f1e3a132cc94d045b18f15cc1024e6449dfdf
39d160e97e2bea07b0cf1c647259ffa4f0bd07069dba4e6c19a22d38b408510f
39fae3dc476aaaa594e2c963401633dd5d02eccb3c175eda03912cfe0f91c92e
3a73b36061944ebbb33696553917d393280f796e212afcd09057b441c1168606
3af9dd00f817facea898c826029f7cc0c0301c249da1adff3872671046d64b40
3c5bdcb449fb1bfe6c2b49f5dfc6f627c599d795d41bc72cf194b55c619b2f13
4057bba9a44fa0b4f97bfde3d7d3deb3db6cefb6d408b73d385104628ad46981
432e9498605a3f0e1972a866e180cbc8b89211ea2c35cf4ad92e90d476b046b3
44cdc43485f36e7061ef98f308888e4dff21054761f9939476bc137eca44ce20
45648453007fe78a5607a8fbfeee4c16c46c29532ce2cd9b7de665013d2e2e38
45ce129878be0393d96908fd5428d942be80691c39ae7b3a6a3a53ee42b371ae
45f0f27fb78191006375051ee3046fae3105b652d11680432511cba61b32c330
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47ef9bd56a7806f0261c57c65c83ad387a3b77d1b8b1a1c4f4acef56a1d26d4e
4866af459743edbc357c225821368d9b4d370c771e955ea5ee313403adb0a4a5
487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb
487b7fe2276a8020ccc561492b1026a2961a7eec82944fb0c758db06bb890ed6
48a9560e9dddf4834139c3b4abd37300dfc9879ac686d3fba921a1488ee4dfe2
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311
4b82a0a52789236604665eee785bc8b028b396b5561cf0d026513c905f8368e1
4bac33f94c61c5876cb609344c1e90c052de8895752b95457ab41e5cae50b8dc
4dddfe756111e83d6c726e981d0b57f7823a3d221fa2aecc81c59244fba56415
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc
4f70535a3f92a9738eb6c3f7eaf649d5eb288ce6e95bc8af666fef88169da25a
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
509bc156822de7a27d5a7c96cbfc5125a57927c1c9f2c30b850ecf6d19302835
50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc
526fd4ac1cf5189bd5fbf866886315ee1c23bc2a4f6c42925ddbbd02bb318be8
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
5406ba1199c9dedc613404bb740696062edf3508968f69fe1ae81c02f26eedfb
54219d2eded0fda428258661ac26895aaaf2f834a7f49c5e26e86fdf8aa81958
54b848ccc3501d43ad66afc17157fd625b9323acc687b1d4455c90c714a2d6df
54e51249021fabff65b4ca7eb728f0a56cff080a37d9b0b13d1c401d5b9e6184
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5653c74311fd551f5983ae64e616ebe69a3b9db4fe259f47e41703eda307a42d
56e4dad84e404c7a62ed7a448be974126af74c0f056156de65ab3ea96b462797
57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc
58dde54f34d363e7e96cdc4e5e58b2e74378d6055706bf278e8764d38762ab9a
58f6d826baa81dfae4213ca526836de8f308075d2a5da7b0564224b452965bb7
59b0485c1fec4f53ce71bbf2805f19215f6651cc406e6ff66548444594eebc7b
5b1aeb560f3cd2829a454a1613470bd6cada003af307a9635b69aea477d12a06
5b67b38a29ae09a7512716b25c739464e5c3e85a98596c570f21901db1b114bd
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
6139e1fc0d3709eebbe2b18510cf24361b9f8a538c3529a73c282bafe6c78474
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
620bae4f435d4ccd1c611f602c0790871f65d6bf668f6ff2ac716b89285cdc4a
63e5d49162d544ca4476085543394d15f09ee4464402caa41b2cc312af3cb518
6637296ad150cd9275d48c8bb905b615c3490fef74d6451307e11621c9488287
664d350eb37fa9dacb107de6ffe430fe42f25a15f8b01ff89123b391f8a6a4bc
67b14ff4bef013edded6afb8e588600170f53c281dec38bb5611c1b32569f87d
6b42f1c4edc92297c1d0002640541a3a9646a489a23e4a889bf025c0b6379036
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d90ab61b81cb8ed6a500d8827709bbc6ac5709f0a0eb8a2076c2a075f8b8f11
6da3cb53db5ef55d32d97f7b61072cd702434441d6830057a92ce33ee1e73e49
70e9b79a3e04b8822cfa269d4051a6510bb6aaebaa666324caf19fa6e7e3d1c9
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
736841655fbb23bb727cd85431c5cc82473ca2b32576a66787d12caee07ff57a
74a5c1469b4127c8d09e3b26384fefa472be3df080d02daa81d54c559e8272c3
7599e0a5ce1ba2a12f036e998e19e60b6e982178e4363d4630ab3a91ca73bf62
7690352336b82073858d0da56c003a4dd1ef59fb54e86aa4c0b629a178c4841b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
8072b9ebd73abea5647392ec9a7012a60e6a2d26607fcd2e4dcb7f421850f998
81c54121e3092c7ed30b3f60ad2989b474079e0a77601827a253b13f1b978a5b
832c9e581cf487c9d36ab27a59cc84d06493a972b85ce40e83f1b3b6e21f9cfd
859b0706792946076180c733c999b736b08559b15eb0b890efbb4d2e897056fd
85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1
863feef6ea41f14f5a7aa3e5e32abf22b34377a5a9f9a6a9a294db2a53e229f9
86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a
86a519c094e4fc973de82c1785a176d4231447a0e520183968a74a67af91da01
8acf96115cb55ad61bfdc24b7918a946d1b983ac14062a584dbbe8744021430a
8adfe9068b6f9cc594b1d0ce23e9185785920812b8c9ff3cb7524fc03a022def
8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7
8c081bb0e72c39454fd363bb55f4ccd657ee48472bdd4f49421f07edc9ef1763
8c88213cb28a59634a0ce9130a11d2b2ea19530d9b776eaafb08d36cb7accd5a
8d024a9be2e323b01e184c756658cd940451bb0f684ae2b2e107bec8a0136401
8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178
8efc22e9ab0795fa036a09039d90f23c1c1d47b0aed39eaefbd7cdf72c9e890f
92a052abc536e34d31135aa707d7491f841c88371ab68da4c0b95cb984ccc3d3
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
936d95b44616a64167f4ebb000e829a696d7d18b524bfb4459f50e0319342296
95b79ad7efde1e0051f941e69fa5dfbc0e6fbb86fc6dc40f9dc534a56f394371
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a29a65e75a48d9c432611eb70d0377c8610f1874474b65df01aa72fed0235e3
9f1d44948a7c90fb1cfe14f759c2f18e0d080ab0ae264bf5a3cc05b67ecc9e1a
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0043efcca7a674117e41cce050edd1e6598edb6ca5153cb3859a2808dbb5792
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2800087a33a3dcb0a30f243883a2a855837a6e01ef12f37d3d588b781910c82
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a3fea1f1d985b2d7aa994aeed04eb4b7046e46760b33dee0786a0b2ac3df1235
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4cd6d044563f8fc2c7fc87393b37140160a1c21a71645dbf135155b68bf9ec5
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
aa68e17fb13028f96c0d5b38fcf7006182894eb694625f9dedf5824d5066a5f0
aa8c6e63b2c5bb1aab0bb6cbb8fe1d471f02cce5b3c9a3bd1ea1f2fce5433147
afa920d0e213aec2fad7541098bc96f18bab9a1adb7683439c2937845d4f248f
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b57727a09f300e12cc61537b1ea29b12dfaba32b2c7e586360de741d92e8fffe
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
bd94dabab723d8e879aa3b0d1f40dc4258b5d03f2229c5fce36e8e75cb77a5bd
bf1be6cfe189b22354b23a5651d53c29cd29d751257a844a87924737a4855467
bf6ec42c97f86957a324a484a37dd528b568a9ff2570965be53e6ec4b0dfdae2
c0b8d6a7b15d05ae56091f3b9b22019e5c386428718a4ae70c95e0302d902436
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
c2c189b988d07e74b53e5ae4f97f46f795b1df468dfabd0bdf4ec460557a781a
c2da1bde386dc1e71e6f0cf3ddcce6650ba703109c5194f52c991f48755ad806
c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f
c43051f2c84570375cc3ebb41afe9788c957ce6ad2f5b1d93656b7ad98f9b0b4
c48b5b1a9776c84602de2306d7903a7241158a5077e7a8519af75c33441b8334
c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8
c60c81be0c3b1eb837f6aee454809d689271d3e39a54d3adccd8e92d955c1613
c64cda3c1c7c935b57b27894caec3b370b98d70011c8e5ea2f31691be13c8fe7
c75e119993b955efad2ddb9782ad8a8ac4e2615403b80bc83bebf1f3a7067ac6
c7ad2fb033696f6b193dc1e4ef7d353c1d9a4d4a39772bdd0b44175704986ef8
c9406a92f81fad251295cd64386a8bb62ee7503f589ae1b96893faae2f4fcb18
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca129c50afbcfdf529c11252f0cfe378b11653308791531b2b7ad66dec7e5b50
cc43a6fd1efe12bd432b6cf9bf5d26ad7cefdfde1a161127ea65831a55044adb
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cd8e217991e65be206db184ca55d6673115a4579c6673739203181999150547b
cdfb4b4fcca97deb8ce5bc747b42b71505c01c8548a4a798946940026028b585
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d1870dc99c0b97e7ec097e59d14f34df98efb89ac786f8e07f1c0705f4f34f18
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72
d31b3fdb550591152fc77a45b61eab381c4b6f9f93262895e4047f1442f785d9
d43961a00bf62a8722060ce4710c2bf694e6113349cc076829ac6c71bb342a30
d4764d9812584f629c4864aa32c2af6ba5c054ab824e716b7234cf210c02d86b
d802a52fed642b2c614590a802112b399631fec6f5ef7f1a0567de4813582609
d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd
dc30b5b9240b7386a1a099c1fb5d0839e30d1fab3fa12ef2c1cb69d6d54a6ed6
dce9f5afda30bc387f9f1090b155cbb90596e3c7c1374ea9e135b7184c8fc707
def1424f4f259a4cf927fe1f7ea7ec24bdc2fc78edca55fdb593cc0c293dbec5
df77217df3fca327084f7d9ff5e4ec54fcb578079abd1cc547580b5481f0ab6b
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e71922ba9eed9d98158859ef8fd8c83fd817943005acddd4166cde52a04f5aa4
ebfd96030683611d9ed054682f1ddf8b9098bc7d10105602b338605b0ae82a9a
ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f41de8e3c6c5ecdfac87bed319c14734cbcef051c03afbe39f22463bf0dd22f1
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f824af6240aaa57ba4104f1969365afa9b6904544545284db4a7469e6a94768a
fa35c84fadc3510259178567e3478a478e2ed08b89a18f8df03355a7c562cabd
fba166b69ce914e2dbba1acd7058eabad15cad553561a6c79be841dbc193cc78
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

pastelink.net Open in urlscan Pro 89.35.29.15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

351 Requests

84 %HTTPS

0 %IPv6

65 Domains

96 Subdomains

60 IPs

9 Countries

5644 kBTransfer

11003 kBSize

44 Cookies

15 Outgoing links

Redirected requests

351 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pastelink.net Open in urlscan Pro
89.35.29.15 Public Scan

Screenshot
Live screenshot

Full Image

351
Requests

84 %
HTTPS

0 %
IPv6

65
Domains

96
Subdomains

60
IPs

9
Countries

5644 kB
Transfer

11003 kB
Size

44
Cookies

351 HTTP transactions
11 data transactions