pastelink.net Open in urlscan Pro
89.35.29.15 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pastelink.net/v3774tc2
Submission: On January 17 via manual (January 17th 2023, 10:37:15 pm UTC) from JP — Scanned from NZ

Summary HTTP 305 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 58 IPs in 11 countries across 44 domains to perform 305 HTTP transactions. The main IP is 89.35.29.15, located in London, United Kingdom and belongs to BANDWIDTH-AS, GB. The main domain is pastelink.net. The Cisco Umbrella rank of the primary domain is 183014.
TLS certificate: Issued by R3 on December 2nd 2022. Valid for: 3 months.

This is the only time pastelink.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	89.35.29.15 89.35.29.15	25369 (BANDWIDTH-AS) (BANDWIDTH-AS)
4	142.250.4.95 142.250.4.95	15169 (GOOGLE) (GOOGLE)
1	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	172.67.202.177 172.67.202.177	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	74.125.24.97 74.125.24.97	15169 (GOOGLE) (GOOGLE)
7	142.250.4.94 142.250.4.94	15169 (GOOGLE) (GOOGLE)
15	74.125.200.157 74.125.200.157	15169 (GOOGLE) (GOOGLE)
3	13.33.79.24 13.33.79.24	16509 (AMAZON-02) (AMAZON-02)
5	172.217.194.101 172.217.194.101	15169 (GOOGLE) (GOOGLE)
1	13.33.30.231 13.33.30.231	16509 (AMAZON-02) (AMAZON-02)
1	172.217.194.157 172.217.194.157	15169 (GOOGLE) (GOOGLE)
1	142.251.12.155 142.251.12.155	15169 (GOOGLE) (GOOGLE)
46	142.250.4.157 142.250.4.157	15169 (GOOGLE) (GOOGLE)
12	142.250.4.132 142.250.4.132	15169 (GOOGLE) (GOOGLE)
1	13.33.88.45 13.33.88.45	16509 (AMAZON-02) (AMAZON-02)
1	104.22.52.86 104.22.52.86	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 13	209.54.182.161 209.54.182.161	16509 (AMAZON-02) (AMAZON-02)
9	172.217.194.155 172.217.194.155	15169 (GOOGLE) (GOOGLE)
38	172.217.194.132 172.217.194.132	15169 (GOOGLE) (GOOGLE)
3	142.250.4.156 142.250.4.156	15169 (GOOGLE) (GOOGLE)
4	42.99.128.145 42.99.128.145	4637 (ASN-TELST...) (ASN-TELSTRA-GLOBAL Telstra Global)
14 19	142.251.12.154 142.251.12.154	15169 (GOOGLE) (GOOGLE)
9 15	139.5.84.243 139.5.84.243	27381 (CASALE-MEDIA) (CASALE-MEDIA)
9 12	104.254.151.120 104.254.151.120	29990 (ASN-APPNEX) (ASN-APPNEX)
2	172.253.118.95 172.253.118.95	15169 (GOOGLE) (GOOGLE)
1	162.19.138.119 162.19.138.119	16276 (OVH) (OVH)
1	162.19.138.116 162.19.138.116	16276 (OVH) (OVH)
23	142.250.4.149 142.250.4.149	15169 (GOOGLE) (GOOGLE)
1	182.161.74.19 182.161.74.19	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	182.161.73.148 182.161.73.148	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
2 3	142.251.10.147 142.251.10.147	15169 (GOOGLE) (GOOGLE)
1	46.137.212.121 46.137.212.121	16509 (AMAZON-02) (AMAZON-02)
1 1	13.33.88.107 13.33.88.107	16509 (AMAZON-02) (AMAZON-02)
2 2	35.213.12.39 35.213.12.39	15169 (GOOGLE) (GOOGLE)
1 1	23.207.36.20 23.207.36.20	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	64.202.112.191 64.202.112.191	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 1	23.207.185.68 23.207.185.68	16625 (AKAMAI-AS) (AKAMAI-AS)
4 9	18.136.159.66 18.136.159.66	16509 (AMAZON-02) (AMAZON-02)
2	23.207.36.196 23.207.36.196	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.66.150.27 23.66.150.27	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	199.187.193.197 199.187.193.197	47043 (SMARTADSE...) (SMARTADSERVER)
9	182.161.73.129 182.161.73.129	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	182.161.73.132 182.161.73.132	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
2	142.250.181.99 142.250.181.99	15169 (GOOGLE) (GOOGLE)
8 8	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 1	104.254.151.68 104.254.151.68	29990 (ASN-APPNEX) (ASN-APPNEX)
1	67.199.150.81 67.199.150.81	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1	34.149.43.113 34.149.43.113	15169 (GOOGLE) (GOOGLE)
6	172.253.118.156 172.253.118.156	15169 (GOOGLE) (GOOGLE)
25	182.161.73.135 182.161.73.135	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	182.161.73.142 182.161.73.142	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1 1	74.125.24.101 74.125.24.101	15169 (GOOGLE) (GOOGLE)
2	74.125.152.105 74.125.152.105	15169 (GOOGLE) (GOOGLE)
5 9	69.173.158.64 69.173.158.64	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	185.84.60.30 185.84.60.30	198622 (ADFORM) (ADFORM)
1 1	103.229.206.240 103.229.206.240	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2	67.199.150.86 67.199.150.86	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 3	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
2 2	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
1 1	34.98.67.3 34.98.67.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	119.9.108.191 119.9.108.191	45187 (RACKSPACE...) (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong)
3	103.231.98.194 103.231.98.194	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	35.247.47.28 35.247.47.28	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	13.229.18.168 13.229.18.168	16509 (AMAZON-02) (AMAZON-02)
1 1	8.43.72.97 8.43.72.97	26667 (RUBICONPR...) (RUBICONPROJECT)
1	67.220.228.201 67.220.228.201	16509 (AMAZON-02) (AMAZON-02)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	74.125.68.149 74.125.68.149	15169 (GOOGLE) (GOOGLE)
1	67.199.150.85 67.199.150.85	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
305	58

12 89.35.29.15 (London, United Kingdom)

ASN25369 (BANDWIDTH-AS, GB)
PTR: 15.29.35.89.baremetal.zare.com

pastelink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.4.95 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.202.177 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.adligature.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.24.97 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.4.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 74.125.200.157 (United States)

ASN15169 (GOOGLE, US)
PTR: sa-in-f157.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.33.79.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-79-24.sin2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.194.101 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f101.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.30.231 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-30-231.sin2.r.cloudfront.net

aax-dtb-cf.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.194.157 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f157.1e100.net

adservice.google.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.12.155 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f155.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

46 142.250.4.157 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f157.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.4.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f132.1e100.net

e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.88.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-88-45.sin2.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.22.52.86 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 209.54.182.161 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.194.155 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f155.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 172.217.194.132 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f132.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.4.156 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f156.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 42.99.128.145 (Japan)

ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK)
PTR: ip-42-99-128-145.pacnet.net

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.251.12.154 (United States) 14 redirects

ASN15169 (GOOGLE, US)
PTR: se-in-f154.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 139.5.84.243 (Canada) 9 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.254.151.120 (Los Angeles, United States) 9 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.118.95 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f95.1e100.net

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.119 (France)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.116 (France)

ASN16276 (OVH, FR)
PTR: ns31533567.ip-162-19-138.eu

lbs.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 142.250.4.149 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f149.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.74.19 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

rtb.jp2.as.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.148 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

ads.as.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.10.147 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: sd-in-f147.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.137.212.121 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-46-137-212-121.ap-southeast-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.88.107 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-33-88-107.sin2.r.cloudfront.net

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.213.12.39 (Tokyo, Japan) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 39.12.213.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.207.36.20 (Jakarta, Indonesia) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-207-36-20.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.191 (United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.207.185.68 (Jakarta, Indonesia) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-207-185-68.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 18.136.159.66 (Singapore) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-136-159-66.ap-southeast-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.207.36.196 (Jakarta, Indonesia)

ASN16625 (AKAMAI-AS, US)
PTR: a23-207-36-196.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.66.150.27 (Tseung Kwan O, Hong Kong)

ASN16625 (AKAMAI-AS, US)
PTR: a23-66-150-27.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.187.193.197 (Canada) 1 redirects

ASN47043 (SMARTADSERVER, CA)

ssbsync-us.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 182.161.73.129 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.132 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

cat.sg1.as.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.117 (France)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fjr04s08-in-f3.1e100.net

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.33.220.150 (United States) 8 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.254.151.68 (Los Angeles, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 904.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.150.81 (Los Angeles, United States)

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.43.113 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 113.43.149.34.bc.googleusercontent.com

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.253.118.156 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f156.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 182.161.73.135 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

pix.as.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.142 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

csm.as.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.24.101 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: sf-in-f101.1e100.net

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.152.105 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s30-in-f9.1e100.net

r4---sn-ntq7yns7.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.173.158.64 (Singapore) 5 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.84.60.30 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.229.206.240 (Singapore) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.199.150.86 (Los Angeles, United States)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.60.146 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.254.65 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com

tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 119.9.108.191 (Hong Kong) 1 redirects

ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 103.231.98.194 (Japan)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.247.47.28 (The Dalles, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 28.47.247.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.229.18.168 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-13-229-18-168.ap-southeast-1.compute.amazonaws.com

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.43.72.97 (United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.220.228.201 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.68.149 (United States)

ASN15169 (GOOGLE, US)
PTR: sc-in-f149.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.150.85 (Los Angeles, United States)

ASN3257 (GTT-BACKBONE GTT, US)

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
87	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 156	636 KB
50	doubleclick.net 14 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 216 bid.g.doubleclick.net — Cisco Umbrella Rank: 699 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 321 ad.doubleclick.net — Cisco Umbrella Rank: 192	391 KB
35	criteo.net static.criteo.net — Cisco Umbrella Rank: 637 pix.as.criteo.net — Cisco Umbrella Rank: 15689 csm.as.criteo.net — Cisco Umbrella Rank: 14752	214 KB
26	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 280 gcdn.2mdn.net — Cisco Umbrella Rank: 1170 r4---sn-ntq7yns7.c.2mdn.net	2 MB
18	amazon-adsystem.com 2 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 293 aax-dtb-cf.amazon-adsystem.com — Cisco Umbrella Rank: 492 s.amazon-adsystem.com — Cisco Umbrella Rank: 279 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 960	60 KB
15	casalemedia.com 9 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 528	11 KB
13	adnxs.com 10 redirects ib.adnxs.com — Cisco Umbrella Rank: 207 secure.adnxs.com — Cisco Umbrella Rank: 413	14 KB
12	rubiconproject.com 6 redirects eus.rubiconproject.com — Cisco Umbrella Rank: 532 token.rubiconproject.com — Cisco Umbrella Rank: 551 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1031 pixel.rubiconproject.com — Cisco Umbrella Rank: 306	17 KB
12	pastelink.net pastelink.net — Cisco Umbrella Rank: 183014	220 KB
9	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 463 image6.pubmatic.com — Cisco Umbrella Rank: 702 simage2.pubmatic.com — Cisco Umbrella Rank: 654 image2.pubmatic.com — Cisco Umbrella Rank: 862 simage4.pubmatic.com — Cisco Umbrella Rank: 1186	25 KB
9	sharethrough.com 4 redirects match.sharethrough.com — Cisco Umbrella Rank: 507	3 KB
9	gstatic.com fonts.gstatic.com csi.gstatic.com	86 KB
8	adsrvr.org 8 redirects match.adsrvr.org — Cisco Umbrella Rank: 301	4 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 185	275 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35 imasdk.googleapis.com — Cisco Umbrella Rank: 427	138 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 387	110 KB
5	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 501 rtb0.doubleverify.com — Cisco Umbrella Rank: 697 tps.doubleverify.com Failed	172 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 22	20 KB
4	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	2 KB
4	adligature.com cdn.adligature.com — Cisco Umbrella Rank: 60824	144 KB
3	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 345	898 B
3	criteo.com rtb.jp2.as.criteo.com — Cisco Umbrella Rank: 18409 ads.as.criteo.com — Cisco Umbrella Rank: 14446 cat.sg1.as.criteo.com — Cisco Umbrella Rank: 15001	66 KB
2	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 417	1 KB
2	semasio.net 1 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1159	1 KB
2	pippio.com 2 redirects pippio.com — Cisco Umbrella Rank: 716	880 B
2	adform.net 1 redirects c1.adform.net — Cisco Umbrella Rank: 590	966 B
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 515	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 276	1 KB
2	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1057 lbs.eu-1-id5-sync.com — Cisco Umbrella Rank: 1305	681 B
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 938 id5-sync.com — Cisco Umbrella Rank: 393	18 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1039 bcp.crwdcntrl.net — Cisco Umbrella Rank: 904	10 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 41	146 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 199	6 KB
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 373	573 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 788	659 B
1	linksynergy.com 1 redirects tags.rd.linksynergy.com — Cisco Umbrella Rank: 4114	391 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 453	725 B
1	smartadserver.com 1 redirects ssbsync-us.smartadserver.com — Cisco Umbrella Rank: 4991	329 B
1	bluekai.com 1 redirects stags.bluekai.com — Cisco Umbrella Rank: 516	734 B
1	media.net 1 redirects cs.media.net — Cisco Umbrella Rank: 1323	665 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 679	530 B
1	google.co.nz adservice.google.co.nz — Cisco Umbrella Rank: 103494	792 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 672	31 KB
0	ip-api.com Failed pro.ip-api.com Failed
305	44

	Domain	Requested by
42	pagead2.googlesyndication.com	securepubads.g.doubleclick.net e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com pastelink.net ad.doubleclick.net
38	tpc.googlesyndication.com	e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com securepubads.g.doubleclick.net pastelink.net tpc.googlesyndication.com googleads.g.doubleclick.net imasdk.googleapis.com ad.doubleclick.net
25	pix.as.criteo.net	ads.as.criteo.com
23	s0.2mdn.net	pastelink.net s0.2mdn.net e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
19	cm.g.doubleclick.net	14 redirects googleads.g.doubleclick.net eus.rubiconproject.com
15	dsum-sec.casalemedia.com	9 redirects googleads.g.doubleclick.net
14	securepubads.g.doubleclick.net	cdn.adligature.com securepubads.g.doubleclick.net pastelink.net e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
13	s.amazon-adsystem.com	2 redirects c.amazon-adsystem.com s.amazon-adsystem.com match.sharethrough.com ads.pubmatic.com eus.rubiconproject.com
12	ib.adnxs.com	9 redirects googleads.g.doubleclick.net
12	pastelink.net	pastelink.net
9	static.criteo.net	ads.as.criteo.com
9	match.sharethrough.com	4 redirects s.amazon-adsystem.com match.sharethrough.com
9	googleads.g.doubleclick.net	e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com pagead2.googlesyndication.com pastelink.net
8	match.adsrvr.org	8 redirects
7	www.googletagservices.com	e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com cdn.doubleverify.com www.googletagservices.com
7	e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	fonts.gstatic.com	fonts.googleapis.com
6	googleads4.g.doubleclick.net	pastelink.net ad.doubleclick.net
5	token.rubiconproject.com	4 redirects eus.rubiconproject.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	pixel.rubiconproject.com	1 redirects eus.rubiconproject.com
4	cdn.doubleverify.com	e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com cdn.doubleverify.com pastelink.net
4	cdn.adligature.com	pastelink.net cdn.adligature.com
4	fonts.googleapis.com	pastelink.net e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com tpc.googlesyndication.com
3	image2.pubmatic.com	ads.pubmatic.com
3	idsync.rlcdn.com	2 redirects ads.pubmatic.com
3	www.google.com	2 redirects tpc.googlesyndication.com
3	c.amazon-adsystem.com	cdn.adligature.com c.amazon-adsystem.com
2	pr-bh.ybp.yahoo.com	1 redirects ads.pubmatic.com
2	uipglob.semasio.net	1 redirects ads.pubmatic.com
2	pippio.com	2 redirects
2	simage2.pubmatic.com	ads.pubmatic.com
2	c1.adform.net	1 redirects ads.pubmatic.com
2	r4---sn-ntq7yns7.c.2mdn.net
2	csi.gstatic.com	imasdk.googleapis.com
2	eus.rubiconproject.com	s.amazon-adsystem.com eus.rubiconproject.com
2	ads.pubmatic.com	s.amazon-adsystem.com ads.pubmatic.com
2	b1sync.zemanta.com	2 redirects
2	x.bidswitch.net	2 redirects
2	imasdk.googleapis.com	e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
2	www.googletagmanager.com	pastelink.net www.googletagmanager.com
2	cdnjs.cloudflare.com	pastelink.net ads.as.criteo.com
1	simage4.pubmatic.com	ads.pubmatic.com
1	ad.doubleclick.net	www.googletagservices.com
1	px.ads.linkedin.com	eus.rubiconproject.com
1	aax-eu.amazon-adsystem.com	eus.rubiconproject.com
1	pixel-us-east.rubiconproject.com	1 redirects
1	um.simpli.fi	1 redirects
1	tags.rd.linksynergy.com	1 redirects
1	sync.mathtag.com	1 redirects
1	gcdn.2mdn.net	1 redirects
1	csm.as.criteo.net	ads.as.criteo.com
1	rtb0.doubleverify.com	cdn.doubleverify.com
1	image6.pubmatic.com	ads.pubmatic.com
1	secure.adnxs.com	1 redirects
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	id5-sync.com	cdn.id5-sync.com
1	cat.sg1.as.criteo.com	ads.as.criteo.com
1	ssbsync-us.smartadserver.com	1 redirects
1	stags.bluekai.com	1 redirects
1	cs.media.net	1 redirects
1	s.ad.smaato.net	1 redirects
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	ads.as.criteo.com	e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
1	rtb.jp2.as.criteo.com	pastelink.net
1	lbs.eu-1-id5-sync.com	cdn.id5-sync.com
1	lb.eu-1-id5-sync.com	cdn.id5-sync.com
1	cdn.id5-sync.com	pastelink.net
1	tags.crwdcntrl.net	pastelink.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.co.nz	securepubads.g.doubleclick.net
1	aax-dtb-cf.amazon-adsystem.com	c.amazon-adsystem.com
1	code.jquery.com	pastelink.net
0	tps.doubleverify.com Failed	cdn.doubleverify.com
0	pro.ip-api.com Failed	cdn.adligature.com
305	76

This site contains links to these domains. Also see Links.

Domain
www.bloomberg.com
www.bbc.co.uk
www.facebook.com
twitter.com
t.me
api.whatsapp.com
www.reddit.com
www.pinterest.com
www.tumblr.com
www.blogger.com
profitquery.com
www.linkedin.com
share.flipboard.com
social-plugins.line.me
www.meneame.net
diasp.org

Subject Issuer	Validity	Valid
pastelink.net R3	`2022-12-02` - `2023-03-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon	`2022-06-15` - `2023-06-15`	a year	crt.sh
*.google.co.nz GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-21`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-07`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.eu-1-id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.jp2.as.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-24` - `2023-03-26`	3 months	crt.sh
*.as.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-20` - `2023-03-18`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.sharethrough.com Amazon	`2022-10-24` - `2023-11-21`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-17` - `2023-04-04`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-13` - `2023-04-15`	3 months	crt.sh
*.sg1.as.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-19` - `2023-03-21`	3 months	crt.sh
*.id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
*.as.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-12` - `2023-02-10`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-11-08` - `2023-05-03`	6 months	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2022-07-20` - `2023-07-19`	a year	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-01-03` - `2023-03-14`	2 months	crt.sh

This page contains 34 frames:

Primary Page: https://pastelink.net/v3774tc2
Frame ID: D1AB14D1B3B32E02E7C008948889C78C
Requests: 59 HTTP requests in this frame

Frame: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2908CF64DBF5F415F88F36EF66C8CD36
Requests: 1 HTTP requests in this frame

Frame: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: BBED96A9DF655AF8EB1DDC2F926BDF76
Requests: 19 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t
Frame ID: F8499121B3BFE1D95532FEB909896DBF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPuq0aYDEMqOxLEDGPuZqtgBMAE&v=APEucNWhYZ3ZedTW0rxYYjgn1Oy55LuscYehEzCsTdvH2wYqKLLgIyMi_0SaIseSoGYhpPCRnBdPSAHjqw4DqG9K8un8W12bng
Frame ID: 6DA9DFED070C690911ACDC079F0A1AF5
Requests: 5 HTTP requests in this frame

Frame: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: DE07A042B8D94F8978369618F6BE19AE
Requests: 19 HTTP requests in this frame

Frame: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 95F35D8E3B0EBED88254C4BB860D0953
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI32lQEQu9_vkAQYpu3m2gEwAQ&v=APEucNVlQXpy5QnRKMAW4hd95d8mCX4LikfXrTedSBA_5pINAgRZ58oBxjIa0ieRnZdzcnvuEEqnBSiT2yyYTa6Pj-Xs1M5DxA
Frame ID: CDC97380521966EB69E7D7EF2A9B0DE7
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYkLfgxgEwAQ&v=APEucNUc0QVD2STkUmgmBwK1Jm6RVWXcvTO7U6QwUv2z6vpICh6lF6R7iQfRXQ7w0R9zH-pDrI6H0wrRogsJy4aajG51sm4D0g
Frame ID: CEC362C51DA2569231E13515F2E2803D
Requests: 5 HTTP requests in this frame

Frame: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 6AA88F5D9B123716DC441F6DD9613B49
Requests: 17 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012301041800000/amp4ads-v0.mjs
Frame ID: F7A5186855CB228B9DE75495BB064CBD
Requests: 12 HTTP requests in this frame

Frame: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 9E73195F7162F751C554C1FB5F62928C
Requests: 8 HTTP requests in this frame

Frame: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4C7D345C8AAA7280864AECA48C8CFFCC
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html
Frame ID: FC2EBBED79D5ADC18F8713CF57AA210E
Requests: 13 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3
Frame ID: 7E6115980BBACFB581088EA195658732
Requests: 5 HTTP requests in this frame

Frame: https://ads.as.criteo.com/delivery/r/afr.php?z=Y8cjEwAMvWkKKxfJAAixPJgFQF5lKuFcYMr6Jw&u=%7CeBQC0XD3d3H9hYCXTjfTDiYYt6rajzQD%2FfwvQ43A93E%3D%7C&c1=jWCgqsKSUoXV4BApc600hDmuoLfpfMVBJoxIoA-qWR4GS8d0D9pqsgEM8_Ocsn1baLzoKXzHkrCOaa2kpLHF5e0SfaK6wpabVmtIyeQdKM4SVHXCp4B8uSYGxD8LrZiYMnqXNdosutII-vtC_wefvHtYhhOTpSWfATn2s2WDRGpmKKvaD1cOivpYUsgPlYRzXGSk6M1mV38cy7kK6DSMocU4L7XUqAEKwvUK3IDS7f2T14sB28WQCTMS5QhMKi10Sjl7lUnw6OvYyGgwOib760rhB8w7DDbQ6-bN6tQrIRlQFR3UsAR7pPZe-MPZifZMVh5PlBIi9wKKJR0nO6OenoV23uzC41ilAaSn4oBfWckYZRoADcJMikouTaRfTfRfzgsADqpNmrMoCrM2FWZhRKaz-oTfJ9xGweiJv5ooV1TBrYlJkDkT_0LbL7lY8k9esQNjNhVu8Yqgk9Q2SWVZbJotMu8N7molgOX2jiG8L5AGkg5UHV1lmbyF4tWWR0YujOgPX6aWSAezl9RiUZMqL0B0_hSMmJVo1VfP9YDLik0urz35X0Pv8yo6ldT0BalUz0zdV9PeGCe5yLq7rXZ3LHIiSxPJnXhLBnAQSVF0lZpmK6bnJZyjwdt68GZHv4hLuJlxqBjjzaI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCs4i6EyPHY-n6MsmvrAG84qLgBpj80bFcqoTM5IUBwI23ARABIABgq-yxheAYggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTTIAQmpAuV8jK-Wc6c-4AIAqAMBqgShAk_QwRXPJXzh6ZDGikMpoV-Cvf99CwtpG8vrgSqwjtffulv8ym8rbQPno5npbNIFEY7Xynok-wXk9s_kMQQEd5lP-g38rckUo7bFfsSw4M5Id0AuASTuxNUS7_qiJPrYo6Ww5SC9oBxFM_NtNRmAUfjbAl7iZ7KAupAwJaDs128t32KACiJBWf0I9r4JBQPr9iy3EQb9k71SDr50ytaEXjTa4EcsQFTTiUUCPd8lYsfAdrLhWb8DDo1478Obbp1YD0ZlcYEbWUo7991bT2PFIRztieqvYWY8mIGPv3RQe7REBUgm_FpCYP1Ne5mWaeEynCQu6IOmxUuL2zBdNo9Qr77xbBO4ux2XN8jFq5yeAenagOoJ8h7nEXRpB6biDxkNJGLgBAGABpiinNPtp57dI6AGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA0IgGEQATICigI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1UiiBbJdp6bPU8eTjkf6SqFNkIBQ%26client%3Dca-pub-1750856239204414%26adurl%3D
Frame ID: E8A829AD388AFDA314316B486DCC57EF
Requests: 38 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CB38872A95A8A9BF39C952C0F9353FAA
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DAC4EBD6BDFC1CB75B6E5B997C9D8921
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 1A8205A465B4F1687B6C6ACD3ABCA4A9
Requests: 2 HTTP requests in this frame

Frame: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Frame ID: 3F7AE49C920C7929A5561EB2C6561B72
Requests: 6 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Frame ID: 661097CD9CC54BA5AEDB0AB68E1591C1
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Frame ID: D98B1EA9BF950958F9E4851FFBBB8AA7
Requests: 12 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=7677500079211826446&gdpr=0&gdpr_consent=
Frame ID: A44DAA9EC45FBE3BC309889B04A5DD83
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 52451BC686EA5902A5100E330C662001
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B997DD3DFBCD565444AA02F9F91FDDEA
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 87054A80F662EA329199F76FA5E07AD4
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/publish.html
Frame ID: 0934ACBAD2F8062289E5CBE8749959AB
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
Frame ID: 49F7B599094E5055C6AEFF704737FDBA
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: DBE5B89578084E08F1DB7DBE378BD7FC
Requests: 3 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&gdpr=0&gdpr_consent=
Frame ID: AA74B05EC5F77BF32AA8EE65960E7DD7
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3c3263c7-2317-4f00-8c98-da650e59da04&gdpr=0&gdpr_consent=
Frame ID: 6E0AFB06034C58EA3B60B7A194D5D073
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UID1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A
Frame ID: 1A228AB549E757394EFD5D9632E39BD1
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements3414.js
Frame ID: E812186DA3C9AFD30743D064788C2C83
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8C0A10B65E93A513B1B0B2521F9CD5A4
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The reason why Sports Betting about Online is Best Option - Pastelink.net

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

305
Requests

87 %
HTTPS

0 %
IPv6

44
Domains

76
Subdomains

58
IPs

11
Countries

4853 kB
Transfer

9480 kB
Size

69
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bloomberg.com/search?query=www.sportstoto7.com
Title: https://www.bloomberg.com/search?query=www.sportstoto7.com

Search URL Search Domain Scan URL

URL: https://www.bbc.co.uk/search?q=Sports+Betting+Tips&page=1
Title: https://www.bbc.co.uk/search?q=Sports+Betting+Tips&page=1

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://pastelink.net/v3774tc2

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=%20https://pastelink.net/v3774tc2

Search URL Search Domain Scan URL

URL: https://t.me/share/url?url=%20%0Ahttps://pastelink.net/v3774tc2

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=%20https://pastelink.net/v3774tc2

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://https://pastelink.net/v3774tc2&title=%20

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/button/?url=https://pastelink.net/v3774tc2&description=%20&media=https://pastelink.net/assets/images/pastelink-logo-square.png

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share?v=3&u=https://pastelink.net/v3774tc2&t=%20&posttype=link

Search URL Search Domain Scan URL

URL: https://www.blogger.com/blog-this.g?u=https://pastelink.net/v3774tc2&n=%20

Search URL Search Domain Scan URL

URL: https://profitquery.com/add-to/livejournal/?url=https://pastelink.net/v3774tc2&title=%20

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://pastelink.net/v3774tc2

Search URL Search Domain Scan URL

URL: https://share.flipboard.com/bookmarklet/popout?v=2&title=%20&url=https://pastelink.net/v3774tc2

Search URL Search Domain Scan URL

URL: https://social-plugins.line.me/lineit/share?url=https://pastelink.net/v3774tc2&text=%20

Search URL Search Domain Scan URL

URL: https://www.meneame.net/submit?url=https://pastelink.net/v3774tc2

Search URL Search Domain Scan URL

URL: https://diasp.org/bookmarklet?url=https://pastelink.net/v3774tc2&title=%20&jump=doclose

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 53

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t

Request Chain 81

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJVZwPiTfftxEKl19eaC8VM&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJVZwPiTfftxEKl19eaC8VM&google_cver=1&C=1

Request Chain 82

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y8cjFTbTTHifU54FyY6nwQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1

Request Chain 83

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGcXPttgvQu8TxwuwxqvXWg&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGcXPttgvQu8TxwuwxqvXWg%26google_cver%3D1

Request Chain 84

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE1MjU1MTM4MzM3Mzc2NTAzOA%3D%3D

Request Chain 85

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJznbZPsiNxUWCs4BynwCA0&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJznbZPsiNxUWCs4BynwCA0&google_cver=1&C=1

Request Chain 86

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y8cjFbX4seoPM9tMegdqsQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1

Request Chain 87

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGcXPttgvQu8TxwuwxqvXWg&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGcXPttgvQu8TxwuwxqvXWg%26google_cver%3D1

Request Chain 88

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE1MjU1MTM4MzM3Mzc2NTAzOA%3D%3D

Request Chain 99

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1&C=1

Request Chain 100

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y8cjFSUr8tYso1cFKVuOPwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1

Request Chain 101

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEG8gDZgE2IbD9_-ziN1hL5s&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEG8gDZgE2IbD9_-ziN1hL5s%26google_cver%3D1

Request Chain 102

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODc0ODc2NTkxNDg1Mjg1MDc4Nw%3D%3D

Request Chain 150

https://s.ad.smaato.net/c/?adExInit=aps&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsmaato.com%26id%3D%24UID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=2b9fb977

Request Chain 151

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmediagrid.com%26id%3D%24%7BBSW_UUID%7D HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmediagrid.com%26id%3D%24%7BBSW_UUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=mediagrid.com&id=440c1f52-71d1-4e6a-9701-042a8f9ef24d

Request Chain 152

https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3169966297445546000V10

Request Chain 153

https://b1sync.zemanta.com/usersync/amazon_tam/?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Doutbrain.com%26id%3D__ZUID__ HTTP 302
https://stags.bluekai.com/site/23178?id=2fYQ_XzUZJgu-ju8gBCJ&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7MV4D233VORRHEYLJNYXGG33NEZSXQY3IMFXGOZJ5MFWWC6TPNZPXIYLNEZUWIPJSMZMVCX2YPJKVUSTHOUWWU5JYM5BEGSQ HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7MV4D233VORRHEYLJNYXGG33NEZSXQY3IMFXGOZJ5MFWWC6TPNZPXIYLNEZUWIPJSMZMVCX2YPJKVUSTHOUWWU5JYM5BEGSQ HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=outbrain.com&id=2fYQ_XzUZJgu-ju8gBCJ

Request Chain 157

https://ssbsync-us.smartadserver.com/api/sync?callerId=2 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=7677500079211826446&gdpr=0&gdpr_consent=

Request Chain 163

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 164

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 192

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=

Request Chain 193

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=bf9d9fef-8842-4778-8349-7de1bf44f5ee&gdpr=0&gdpr_consent=

Request Chain 194

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=

Request Chain 195

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4 HTTP 302
https://secure.adnxs.com/getuid?https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=$UID HTTP 302
https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=5319057607276055352

Request Chain 238

https://gcdn.2mdn.net/videoplayback/id/8f877c055b2c8c49/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1705531029/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/2BE6B5878DDFD0680AC3E91265F80292CB608092.769B23970B9872BC0DC2240B5DC90D389BEB7E8F/key/ck2/file/file.mp4 HTTP 302
https://r4---sn-ntq7yns7.c.2mdn.net/videoplayback/id/8f877c055b2c8c49/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1705531029/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/69C6C764CD8858805097BFE897C98A075F291882.6E3C0CA57C24F90508E9CB8E238E75A7F4F3234A/key/cms1/cms_redirect/yes/mh/lW/mip/116.90.74.215/mm/42/mn/sn-ntq7yns7/ms/onc/mt/1673994520/mv/m/mvi/4/pl/24/file/file.mp4

Request Chain 249

https://c1.adform.net/serving/cookie/match?party=14&cid=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&gdpr=0&gdpr_consent=

Request Chain 250

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3c3263c7-2317-4f00-8c98-da650e59da04&gdpr=0&gdpr_consent=

Request Chain 252

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Hb0vOJzjTGCtGPHkUP-nCg%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 253

https://idsync.rlcdn.com/420486.gif?partner_uid=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDFEQkQyRjM4LTlDRTMtNEM2MC1BRDE4LUYxRTQ1MEZGQTcwQRAAGg0IlsacngYSBQjoBxAAQgBKAA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=ea601962d7c346a260a4bd87d27c8ede9cb90b30879cb7c0f0b68ffa8380ef0f791426b5417dce21&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlBlYTYwMTk2MmQ3YzM0NmEyNjBhNGJkODdkMjdjOGVkZTljYjkwYjMwODc5Y2I3YzBmMGI2OGZmYTgzODBlZjBmNzkxNDI2YjU0MTdkY2UyMRAAGgwIl8acngYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlBlYTYwMTk2MmQ3YzM0NmEyNjBhNGJkODdkMjdjOGVkZTljYjkwYjMwODc5Y2I3YzBmMGI2OGZmYTgzODBlZjBmNzkxNDI2YjU0MTdkY2UyMRAAGgwIl8acngYSBAgCEABCAEoA&google_gid=CAESECIuznik2dd8koZhoGaK99Y&google_cver=1 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
https://idsync.rlcdn.com/458249.gif?partner_uid=7cd25031-426c-460b-8413-4eb8294357b1

Request Chain 254

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 255

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MURCRDJGMzgtOUNFMy00QzYwLUFEMTgtRjFFNDUwRkZBNzBB&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 256

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFLaJ_wTfGGc1gYrl_14VZA&google_cver=1

Request Chain 257

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:A2558544C17D4BE28CED2A5E3F3F1BE5

Request Chain 259

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=

Request Chain 279

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=LD0TF4I9-23-EMWL HTTP 302
https://s.amazon-adsystem.com/ecm3?id=LD0TF4I9-23-EMWL&ex=d-rubiconproject.com&status=ok

Request Chain 281

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMJKF_9gIl2zUW-BuxbNcwY&google_cver=1

Request Chain 283

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmIxMTY3NzI3ZTkxNGU4NDNjMjViZTk5N2UxOTQxZTEzYzJhYTgxMg

Request Chain 284

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=lB0mjE7iS9uku7VIWvXxBA&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=lB0mjE7iS9uku7VIWvXxBA

Request Chain 285

https://match.adsrvr.org/track/cmf/rubicon HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=&expires=30

Request Chain 286

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LD0TF4I9-23-EMWL

Request Chain 287

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/DAH0sBsN3Xxn81MGq0GwaMn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-OESqHzJE2oLQpdMgq1qr7_iynfd3hOezpkQ.kQ--~A

Request Chain 288

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEQwVEY0STktMjMtRU1XTA==

305 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request v3774tc2 Show response
pastelink.net/ 27 KB
8 KB 1251ms
452ms Document
text/html 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

d94f7d7a8997ae8207e39098bac6f08fab5815076ae9c765dd53ece4128d5a5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 17 Jan 2023 22:37:01 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: SAMEORIGIN

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 826ms
276ms Stylesheet
text/css 142.250.4.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f95.1e100.net

Software

ESF /

Resource Hash

ebfd96030683611d9ed054682f1ddf8b9098bc7d10105602b338605b0ae82a9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 17 Jan 2023 22:37:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 17 Jan 2023 22:37:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 17 Jan 2023 22:37:02 GMT

GET
H2 200 styles.css
pastelink.net/assets/css/ 121 KB
121 KB 395ms
394ms Stylesheet
text/css 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/css/styles.css?q=35

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

db2363029b4f54378ff6662b39bc15138122f515494fc54048fd89a70485fe55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/v3774tc2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 06 Jan 2023 14:09:07 GMT
server: nginx
etag: "63b82b83-1e279"
content-type: text/css
accept-ranges: bytes
content-length: 123513

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
31 KB 866ms
296ms Script
application/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/v3774tc2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:02 GMT
content-encoding: gzip
x-sp-metadata: HS256.CJ7inJ4GEogBCiRiMGYxYTNkMC0xOWQ5LTQyYzItYTViMS02ZmE0N2Q3MDc5ZTAQ+OiCoKvU+wIaBgiOxpyeBiINMTE2LjkwLjc0LjIxNSjenwIwAzgEQhZUTFNfQUVTXzEyOF9HQ01fU0hBMjU2WiAzZTliMjA2MTAwOThiNmM5YmZmOTUzODU2ZTU4MDE2YRosCAESJDgwYWIwNzFmLWNjMGYtNDI3YS1hOGZmLTVmM2I1ODQ2MmNmMxib8QEiGAgCEhRjZHMyNjcubGEzLmh3Y2RuLm5ldA==.Lq0BAUE9Dt7LQhy+KTDy27UtNcoqbIlL9TIIXmqkBPQ=
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
server: nginx
etag: W/"620cd6ff-15d9d"
vary: Accept-Encoding
x-hw: 1673995022.dop030.la3.t,1673995022.cds234.la3.hn,1673995022.cds267.la3.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 script.min.js Show response
pastelink.net/assets/js/ 41 KB
41 KB 395ms
394ms Script
application/javascript 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/js/script.min.js?q=35

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

190d542d8e593c755fd16e67ca62583e183957829dfb69cc2e00c7bf67df237d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/v3774tc2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 17 Nov 2022 12:00:15 GMT
server: nginx
etag: "6376224f-a225"
content-type: application/javascript
accept-ranges: bytes
content-length: 41509

GET
H2 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/ 2 KB
1 KB 369ms
128ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/js.cookie.min.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 8698094
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 772
last-modified: Mon, 04 May 2020 16:11:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec5-6d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4mkpp%2FLrCvrBL9edvdUuw6CKLpHEcoCzHFao4GauNhNvkZrSQ1ilszmOyTrhSGkaThpSjQy1Fmg8rMz9VZVvBHJGMtQcyfMWnPQj91eQ8pgnP8WPohsFAunwjt9iQP1%2BTM3p3Cb9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78b292b72d581c4e-AKL
expires: Sun, 07 Jan 2024 22:37:01 GMT

GET
H2 200 rules.js Show response
cdn.adligature.com/pl/prod/ 18 KB
5 KB 602ms
310ms Script
application/javascript 172.67.202.177
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/rules.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/v3774tc2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.202.177 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95b79ad7efde1e0051f941e69fa5dfbc0e6fbb86fc6dc40f9dc534a56f394371

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:02 GMT
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=30189
x-guploader-uploadid: ADPycduJTkcWj-mucqwxDwlnhF-4B5pem2rR8buSSrcfho5M6PlV2hdWabAffNM4pYFHnNt288vt1q7tTSeP9-6NrWgCyQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 11 Nov 2022 14:54:18 GMT
server: cloudflare
etag: W/"c1add06674d8ee3c323c3b5f066404f6"
vary: Accept-Encoding
x-goog-generation: 1668178458192164
content-type: application/javascript
x-goog-hash: crc32c=6DZcRA==, md5=wa3QZnTY7jwyPDtfBmQE9g==
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lydi9KuhJZYhcCJr3%2BBR%2FstJPU%2FtCWDegONTlfLs3G2TrTyPzaxOhdzgnYW1lf1sEDaC9sEgGwBfp9NKxGqGtULsK9OVUdA1Rf2ljHQWInL%2FQuTtPd73JmQRrbbEjfE4k751cEM%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 30189
cf-ray: 78b292b78969dfab-SYD
expires: Tue, 17 Jan 2023 22:47:02 GMT

GET
H2 200 css2
fonts.googleapis.com/ 759 B
438 B 826ms
277ms Stylesheet
text/css 142.250.4.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Average+Sans:wght@400&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f95.1e100.net

Software

ESF /

Resource Hash

27aae5005629397140d580696bab4b41d4f6a19c05a552523b328c918c368c82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 17 Jan 2023 22:37:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 17 Jan 2023 22:37:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 17 Jan 2023 22:37:02 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 193 KB
69 KB 828ms
279ms Script
application/javascript 74.125.24.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

86bcf8c0552f62658e86cf64181bcfb4ababa5b043b2a72d9e286faf030d1b2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 70289
x-xss-protection: 0
last-modified: Tue, 17 Jan 2023 22:05:23 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 17 Jan 2023 22:37:03 GMT

GET
H2 200 advally-5.0.0.js Show response
cdn.adligature.com/rules.js/ 104 KB
28 KB 169ms
169ms Script
application/javascript 172.67.202.177
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/rules.js/advally-5.0.0.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.202.177 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a29a65e75a48d9c432611eb70d0377c8610f1874474b65df01aa72fed0235e3

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2718
cf-polished: origSize=171037
x-guploader-uploadid: ADPycdvdAWAvvuQtlKRMSi2KJ-urgo-fqNWgyjU5AqjMDerQ9jppYNzdwtmtfbotaqP69jJhIqvoVucKaG-_E8DLNFzQV4avxRkz
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 07 Nov 2022 13:53:08 GMT
server: cloudflare
etag: W/"7b1394d4b04bfcbf82f0d4de7ba5a58d"
vary: Accept-Encoding
x-goog-generation: 1667829188108909
content-type: application/javascript
x-goog-hash: crc32c=/7AOYQ==, md5=exOU1LBL/L+C8NTee6WljQ==
cache-control: public, max-age=7200, s-maxage=7200, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SNDWNc5QH37thxljAGn%2BwLhGVZmbPkuettDsATiREwrPSnHkrGkpwFiF5RVBbCcqkFkwYzLdx%2BsUzTMuHHzED0pL57On3Ifo91ZkN90vRAJ%2FrViNMJNf1PL7F70K9fOOvo055q4%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 171037
cf-ray: 78b292bd387adfab-SYD
expires: Tue, 17 Jan 2023 23:37:46 GMT

GET
H2 200 rules.css
cdn.adligature.com/pl/prod/ 148 B
635 B 320ms
318ms Stylesheet
application/javascript 172.67.202.177
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/rules.css
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.202.177 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd8e217991e65be206db184ca55d6673115a4579c6673739203181999150547b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:03 GMT
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=294
x-guploader-uploadid: ADPycduCwKAVckGFAscW1QFf32Yh5nT-zKBlEwe23BUIWg9y3rfiVpiJx4jC-Z2plKig1zX3bH3kXZE2svDyKOz2OCPLQw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 11 Nov 2022 14:54:17 GMT
server: cloudflare
etag: W/"53b5e5bc4c7d7cf111b728f22d660fdd"
vary: Accept-Encoding
x-goog-generation: 1668178456885584
content-type: application/javascript
x-goog-hash: crc32c=F8i4jg==, md5=U7XlvEx9fPERtyjyLWYP3Q==
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RZmP8AVbrbX78g%2BPSCsTtfjmPtl0MX9tFKZhDgYEK5OyhgHyGwX7oilHZFChma5sHQUVnSJcF9HJtS9nd3lHCJOA7MIkW1gaRG8QCTaghsqfe1XwbGwefR7haXXWDWqKNwoCdT8%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 294
cf-ray: 78b292bd3878dfab-SYD
expires: Tue, 17 Jan 2023 22:47:03 GMT

GET
H2 200 debut_light.png
pastelink.net/assets/images/ 4 KB
4 KB 395ms
394ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/debut_light.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-10c8"
content-type: image/png
accept-ranges: bytes
content-length: 4296

GET
H2 200 pastelink-logo.svg
pastelink.net/assets/images/logo/ 3 KB
3 KB 395ms
394ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-d3d"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3389

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 arrow-down-blue.svg
pastelink.net/assets/images/ 239 B
409 B 398ms
395ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/arrow-down-blue.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-ef"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 239

GET
H2 200 moon.svg
pastelink.net/assets/images/ 2 KB
2 KB 398ms
395ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/moon.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-62e"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 1582

GET
H2 200 public-black.svg
pastelink.net/assets/images/ 578 B
749 B 397ms
394ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/public-black.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-242"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 578

GET
H2 200 social-spritesheet.png
pastelink.net/assets/images/ 28 KB
28 KB 397ms
393ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/social-spritesheet.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-70de"
content-type: image/png
accept-ranges: bytes
content-length: 28894

GET
H2 200 logo-bg-90-tl.svg
pastelink.net/assets/images/ 2 KB
2 KB 394ms
394ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-bg-90-tl.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-933"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2355

GET
H2 200 pastelink-logo-contrast.svg
pastelink.net/assets/images/logo/ 4 KB
4 KB 394ms
393ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo-contrast.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

3a73b36061944ebbb33696553917d393280f796e212afcd09057b441c1168606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-e31"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3633

GET
H2 200 logo-symbol-non-white-bg.svg
pastelink.net/assets/images/ 4 KB
5 KB 395ms
394ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-symbol-non-white-bg.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-11c0"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 4544

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 823ms
273ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Jan 2023 19:53:26 GMT
x-content-type-options: nosniff
age: 269017
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jan 2024 19:53:26 GMT

GET
H2 200 1Ptpg8fLXP2dlAXR-HlJJNJ_AtCb.woff2
fonts.gstatic.com/s/averagesans/v16/ 8 KB
8 KB 887ms
337ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/averagesans/v16/1Ptpg8fLXP2dlAXR-HlJJNJ_AtCb.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Average+Sans:wght@400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

09e6d69fa3dc6b4b7b79b79925826e0180b0e0622ddc2025d854f71121fa9eb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 10:08:30 GMT
x-content-type-options: nosniff
age: 131313
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8232
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:50:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Jan 2024 10:08:30 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 852ms
302ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 09:31:45 GMT
x-content-type-options: nosniff
age: 479118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Jan 2024 09:31:45 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 1098ms
550ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Jan 2023 02:36:03 GMT
x-content-type-options: nosniff
age: 331260
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jan 2024 02:36:03 GMT

GET /
pro.ip-api.com/json/ 0
0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
28 KB 828ms
277ms Script
text/javascript 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-5.0.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f157.1e100.net

Software

sffe /

Resource Hash

32d3612170c26791c895d818ff51ff3831a2433e862635931e3903a81dd97697

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27741
x-xss-protection: 0
server: sffe
etag: "1455 / 48 of 1000 / last-modified: 1673992315"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 17 Jan 2023 22:37:04 GMT

GET
H3 200 prebid.js Show response
cdn.adligature.com/pl/prod/ 350 KB
111 KB 172ms
172ms Script
application/javascript 172.67.202.177
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/prebid.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-5.0.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.202.177 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c5bdcb449fb1bfe6c2b49f5dfc6f627c599d795d41bc72cf194b55c619b2f13

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:04 GMT
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=359160
x-guploader-uploadid: ADPycducdmy-H1qwSdfJ1qoldp3doBAOO7i2DsWdgG66WK4KfRYmFPVa6bBQwPO8-Atsf3bHE4MiTzdhwA7nC1LJ8WVs9Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 11 Nov 2022 14:54:15 GMT
server: cloudflare
etag: W/"f97facbb0a8715dfd020c1c728e23c44"
vary: Accept-Encoding
x-goog-generation: 1668178455689352
content-type: application/javascript
x-goog-hash: crc32c=Dp8FQA==, md5=+X+suwqHFd/QIMHHKOI8RA==
cache-control: public, max-age=900, s-maxage=300, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zzLzPuzT9LIsDocf%2Ftv6jsZLJ%2BZxzsJgqkS6JyVkbtg46BSD8VmrJEuWfNKQlFA%2B8wRol8vaAwMsqYbU0RGJbtP64%2Fc5zi1AMifL9fSPXsVrraFDe56xPKc9UTzdp5SIHYioSGU%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 359160
cf-ray: 78b292c4cccea93d-SYD
expires: Tue, 17 Jan 2023 22:38:56 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 179 KB
45 KB 769ms
290ms Script
application/javascript 13.33.79.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-5.0.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.79.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-79-24.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c15904403ee1666afdcb0f4df49e8b219fb1e149dc05abcd415a37832551de54

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:33:38 GMT
content-encoding: gzip
via: 1.1 d4cace4cc5e331ffcb566a47ffd57416.cloudfront.net (CloudFront), 1.1 2da7d450deef501f4b6eb466e3a79f4a.cloudfront.net (CloudFront)
last-modified: Tue, 17 Jan 2023 22:31:26 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P2, SIN2-P2
age: 207
etag: W/"82ba66ad1a339d2375e1fbac8da251b3"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: wwklJeJdR48OfFSlTr6yiS-_7Gcxt62NZA6Zbom8LP_Fm_BOqgg-ew==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 822ms
273ms Script
text/javascript 172.217.194.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f101.1e100.net

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 17 Jan 2023 20:54:33 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6151
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Tue, 17 Jan 2023 22:54:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
77 KB 275ms
274ms Script
application/javascript 74.125.24.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

53246707bffca1cb2c727b6f2156ae8d1584a7b1ca09dee0c50abb5427060207

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78805
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 17 Jan 2023 22:37:04 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
169 B 383ms
369ms Ping
text/plain 172.217.194.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oe1a1&_p=867166287&cid=772704711.1673995025&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1673995024&sct=1&seg=0&dl=https%3A%2F%2Fpastelink.net%2Fv3774tc2&dt=The%20reason%20why%20Sports%20Betting%20about%20Online%20is%20Best%20Option%20-%20Pastelink.net&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.194.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: si-in-f101.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 706ms
235ms XHR
application/javascript 13.33.79.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.79.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-79-24.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 1R3b4YI9dI20q9Y7Gq1DHxVUnq3Fp2gn
content-encoding: gzip
via: 1.1 9f6f7c775068d68476f4af0ffa848d4a.cloudfront.net (CloudFront)
date: Tue, 17 Jan 2023 19:37:49 GMT
x-amz-cf-pop: SIN2-P2
age: 10757
x-cache: Hit from cloudfront
last-modified: Fri, 23 Dec 2022 01:05:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: V1XIKv_uXpz4Cj9fQwlwe_bR9J1nE79TpJussqPQR15FmXuTBO8Otw==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
91 B 275ms
274ms XHR
text/plain 172.217.194.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=867166287&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fv3774tc2&ul=en-us&de=UTF-8&dt=The%20reason%20why%20Sports%20Betting%20about%20Online%20is%20Best%20Option%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=202503969&gjid=819425952&cid=772704711.1673995025&tid=UA-55088947-2&_gid=1725036021.1673995025&_r=1&gtm=2wg1a155WHPWQ&z=1018081881

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f101.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2023011001.js Show response
securepubads.g.doubleclick.net/gpt/ 382 KB
129 KB 274ms
273ms Script
text/javascript 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f157.1e100.net

Software

sffe /

Resource Hash

ba08a3d19225206e1f616f14c7d6e4f214002374c7086834026cb977a09748fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 12:21:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36907
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132153
x-xss-protection: 0
last-modified: Tue, 10 Jan 2023 09:35:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 17 Jan 2024 12:21:58 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 73 B
84 B 821ms
275ms XHR
application/json 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f157.1e100.net

Software

cafe /

Resource Hash

c64cda3c1c7c935b57b27894caec3b370b98d70011c8e5ea2f31691be13c8fe7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60
x-xss-protection: 0
expires: Tue, 17 Jan 2023 22:37:05 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 274ms
273ms XHR
text/plain 172.217.194.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&aip=1&a=867166287&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fv3774tc2&ul=en-us&de=UTF-8&dt=The%20reason%20why%20Sports%20Betting%20about%20Online%20is%20Best%20Option%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABAAAAACAAI~&jid=1021754477&gjid=567415711&cid=772704711.1673995025&tid=UA-197326395-9&_gid=1725036021.1673995025&_r=1&_slc=1&z=719898667

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f101.1e100.net

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 1 KB
1 KB 235ms
235ms XHR
application/json 13.33.79.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fpastelink.net&pubid=7e29cf92-dbd2-479a-865a-9cb3658a40f8
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.79.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-79-24.sin2.r.cloudfront.net
Software: Server /
Resource Hash: 59b0485c1fec4f53ce71bbf2805f19215f6651cc406e6ff66548444594eebc7b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 17:23:14 GMT
via: 1.1 2da7d450deef501f4b6eb466e3a79f4a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: SIN2-P2
age: 18832
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1071
x-amz-cf-id: xm_Y4H4HJ_rkuySkuZVg8eMzBzzMKtI8ARQRyBttrLBn1FoZDSq7yw==

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa68e17fb13028f96c0d5b38fcf7006182894eb694625f9dedf5824d5066a5f0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 168 B
500 B 795ms
260ms XHR
text/javascript 13.33.30.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpastelink.net%2Fv3774tc2&pid=n4ODQjNl68yLy&cb=0&ws=1600x1200&v=23.112.1442&t=1500&slots=%5B%7B%22sd%22%3A%22advally-adhesion-slot%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FBottom_adhesion_banner%22%7D%2C%7B%22sd%22%3A%22Top_leaderboard%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FTop_leaderboard%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-1%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-2%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-3%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22AdvallyTag-pl-728x90-4%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FInline_banner%22%7D%2C%7B%22sd%22%3A%22Sidebar_MPU%22%2C%22s%22%3A%5B%22160x600%22%5D%2C%22sn%22%3A%22%2F22405481091%2Fpastelink.net%2FSidebar_MPU%22%7D%5D&schain=1.0%2C1!advally.com%2CP58S175%2C1%2C%2C%2C&pubid=7e29cf92-dbd2-479a-865a-9cb3658a40f8&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A2000%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.30.231 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-30-231.sin2.r.cloudfront.net
Software: Server /
Resource Hash: 178996f91fcc30fcab68d58ab30fdfd3820198e3f6bd9764a71e9c5259cb7f92

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:06 GMT
via: 1.1 a0111b438d5ff26611042379c81df136.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: SIN2-P1
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://pastelink.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 168
x-amz-cf-id: 9j0ookt3Xp5-T1SCGVhN7uY8U2Q260bO169dxySqa6xzpPqPHEjpMg==

GET
H2 200 integrator.js Show response
adservice.google.co.nz/adsid/ 107 B
792 B 829ms
275ms Script
application/javascript 172.217.194.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.nz/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f157.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 826ms
277ms Script
application/javascript 142.251.12.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f155.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
6 KB 472ms
471ms XHR
text/plain 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1998417916665560&correlator=2493775017905060&eid=31071523&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CBottom_adhesion_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=1&adks=759513158&sfv=1-0-40&prev_scp=rand_key%3D66&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673995026025&lmt=1673995026&dlt=1673995021639&idt=4277&adxs=436&adys=1105&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fv3774tc2&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=516&ohw=1600&ga_vid=772704711.1673995025&ga_sid=1673995026&ga_hid=867166287&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f157.1e100.net

Software

cafe /

Resource Hash

a1860bc4312ce427df736b0e03988ac6eccede45c569d682cb846177b4e7bae0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6596
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
6 KB 1047ms
1047ms XHR
text/plain 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1998417916665560&correlator=2493775017905060&eid=31071523&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CTop_leaderboard&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x250&fluid=height&ifi=2&adks=2603746535&sfv=1-0-40&prev_scp=rand_key%3D66&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673995026033&lmt=1673995026&dlt=1673995021639&idt=4277&adxs=310&adys=310&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fv3774tc2&frm=20&vis=1&psz=705x149&msz=705x0&fws=4&ohw=1600&ga_vid=772704711.1673995025&ga_sid=1673995026&ga_hid=867166287&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f157.1e100.net

Software

cafe /

Resource Hash

076eb204f90e565aed3db8135136c361e56e28c5f30943c2a0bbf75fa1e12159

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6490
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 50 KB
12 KB 1763ms
1762ms XHR
text/plain 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1998417916665560&correlator=2493775017905060&eid=31071523&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=3&adks=3770940712&sfv=1-0-40&prev_scp=rand_key%3D66&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673995026038&lmt=1673995026&dlt=1673995021639&idt=4277&adxs=513&adys=648&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fv3774tc2&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=772704711.1673995025&ga_sid=1673995026&ga_hid=867166287&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f157.1e100.net

Software

cafe /

Resource Hash

650a117118d4187f2e95b462115e8ee9eb32f03e816250e25c267605ae20dfa2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12000
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
9 KB 1222ms
1221ms XHR
text/plain 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1998417916665560&correlator=2493775017905060&eid=31071523&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=4&adks=3575723800&sfv=1-0-40&prev_scp=rand_key%3D66&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673995026043&lmt=1673995026&dlt=1673995021639&idt=4277&adxs=513&adys=1258&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fv3774tc2&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=772704711.1673995025&ga_sid=1673995026&ga_hid=867166287&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f157.1e100.net

Software

cafe /

Resource Hash

f5ae0f78b90b0d226429d6f9a04277a8ae97046daa3ba265b2c9adec0e0116c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9411
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 74 KB
23 KB 1443ms
1442ms XHR
text/plain 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1998417916665560&correlator=2493775017905060&eid=31071523&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=5&adks=375354995&sfv=1-0-40&prev_scp=rand_key%3D66&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673995026045&lmt=1673995026&dlt=1673995021639&idt=4277&adxs=513&adys=1853&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fv3774tc2&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=772704711.1673995025&ga_sid=1673995026&ga_hid=867166287&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f157.1e100.net

Software

cafe /

Resource Hash

4e6620cf095e3da42ddfd4b1bab089ab3c223f3bd70009a9cec2a6436871d0d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23582
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 2140ms
2139ms XHR
text/plain 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1998417916665560&correlator=2493775017905060&eid=31071523&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CInline_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=6&adks=3771912056&sfv=1-0-40&prev_scp=rand_key%3D66&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673995026052&lmt=1673995026&dlt=1673995021639&idt=4277&adxs=513&adys=2399&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fv3774tc2&frm=20&vis=1&psz=665x250&msz=300x-1&fws=4&ohw=1600&ga_vid=772704711.1673995025&ga_sid=1673995026&ga_hid=867166287&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f157.1e100.net

Software

cafe /

Resource Hash

d6796436898e303f36e232ae0d0efb1d77879a7ce8abbf219b19b81ffa26737b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10140
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 113 KB
41 KB 1939ms
1938ms XHR
text/plain 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1998417916665560&correlator=2493775017905060&eid=31071523&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CSidebar_MPU&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600&ifi=7&adks=3854452215&sfv=1-0-40&prev_scp=rand_key%3D66&eri=1&cust_params=refid%3D2%26amznbid%3D0%26amznp%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1673995026057&lmt=1673995026&dlt=1673995021639&idt=4277&adxs=1071&adys=521&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fv3774tc2&frm=20&vis=1&psz=168x607&msz=160x-1&fws=4&ohw=1600&ga_vid=772704711.1673995025&ga_sid=1673995026&ga_hid=867166287&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f157.1e100.net

Software

cafe /

Resource Hash

012c4fb01cf957c32182f714f26a0f7ebaf5200029e65bb30b59592885aa8513

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COXt6rfVz_wCFfS9SwUdlZ4PTQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/12535929144933595235/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COXt6rfVz_wCFfS9SwUdlZ4PTQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/12535929144933595235/index.html
date: Tue, 17 Jan 2023 22:37:07 GMT
x-content-type-options: nosniff
content-encoding: br
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42183
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
13 KB 830ms
278ms XHR
application/json 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023011001&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

5c6ac1310f16c30604473abebf50ab47ff0155b2143257611e93adc25fb167e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12508
x-xss-protection: 0

GET
H2 200 container.html Show response
e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2908 6 KB
3 KB 826ms
274ms Document
text/html 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:06 GMT
expires: Wed, 17 Jan 2024 22:37:06 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16576/ 32 KB
10 KB 821ms
262ms Script
text/javascript 13.33.88.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/v3774tc2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.88.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-88-45.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b9bc9c5d136e5e10a89c8902b5c6540cd738265af675ed3e3984e28c0c14f02

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:10:23 GMT
content-encoding: gzip
via: 1.1 73a569eafe77b39b17f3e8ef76c14c7c.cloudfront.net (CloudFront)
last-modified: Thu, 05 Jan 2023 20:07:47 GMT
server: AmazonS3
x-amz-cf-pop: SIN2-P2
age: 62849
x-amz-server-side-encryption: AES256
etag: W/"322a4a4dadec5839e9040f77edf9282d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age: 86400
x-amz-cf-id: E6t7o4ngRyG7h_z_2YSI0xHYxW0gugcZ02ZR43wq0cjt5E3lg6hQ8w==

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 57 KB
17 KB 437ms
149ms Script
text/javascript 104.22.52.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.52.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73d2000e916fd308b8e477bec14e2f1ac4308481915678247cac72feb5c773e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:08 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 17 Jan 2023 10:25:26 GMT
server: cloudflare
x-amz-request-id: 0BGTASZ5J0VAHJBS
age: 2381
etag: W/"244cb7309f480d4ad11552ca65bf5e1e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 78b292de8b17a961-SYD
x-amz-id-2: 2kOZqWTTyIuUCUaMhWKD34I6Z9MxPuN/sqgi1h7L76pSw6Va5d78SZrkxusFbihJZOa8flEZOh4=

GET
H2 200 container.html Show response
e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BBED 6 KB
3 KB 334ms
275ms Document
text/html 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:06 GMT
expires: Wed, 17 Jan 2024 22:37:06 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

iu3 Show response
s.amazon-adsystem.com/ Frame F849
Redirect Chain

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t

338 B
1 KB

354ms
353ms

Document
text/html

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

bf293c6ec64062426d963624d5727bf3ef92eb7c478399918c502635c0c69726

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 338
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 17 Jan 2023 22:37:08 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 5A6J4KX305QYX43QWMR3

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Tue, 17 Jan 2023 22:37:07 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 5W7T2QNAEWCVM91K368M

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6DA9 624 B
920 B 826ms
277ms Document
text/html 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPuq0aYDEMqOxLEDGPuZqtgBMAE&v=APEucNWhYZ3ZedTW0rxYYjgn1Oy55LuscYehEzCsTdvH2wYqKLLgIyMi_0SaIseSoGYhpPCRnBdPSAHjqw4DqG9K8un8W12bng

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:07 GMT
expires: Tue, 17 Jan 2023 22:37:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame BBED 76 KB
27 KB 952ms
405ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 17 Jan 2023 22:37:07 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BBED 42 B
63 B 822ms
275ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BAVKpKc447vEijDQaIi3TZV8Jk091-TjbIXloFd2iDWIwjQ6GbDayHqTzhRypcktKVIuImtEmikaD0H7_x7mrXi_7RYJyD2t2tQFycYG47RtyYcvE

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BBED 0
20 B 826ms
280ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3606121010059980595&x=1&ct=76

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/ Frame BBED 3 KB
1 KB 885ms
334ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/window_focus_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 19:50:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10026
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 19:50:01 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/ Frame BBED 18 KB
8 KB 823ms
272ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

fcb2a2d76154a28aee5a1e84fce890f1e5bd8ef41d5a7c8368f1db418409cc83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 11:54:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38535
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7536
x-xss-protection: 0
server: cafe
etag: 18409170587552385168
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 11:54:52 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BBED 157 KB
49 KB 1106ms
556ms Script
text/javascript 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

sffe /

Resource Hash

cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49309
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1673441803913192"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 22:37:07 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 277ms
277ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 22:37:08 GMT

GET
H2 200 container.html Show response
e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DE07 6 KB
3 KB 274ms
273ms Document
text/html 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:06 GMT
expires: Wed, 17 Jan 2024 22:37:06 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 95F3 6 KB
3 KB 273ms
273ms Document
text/html 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:06 GMT
expires: Wed, 17 Jan 2024 22:37:06 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CDC9 624 B
505 B 354ms
286ms Document
text/html 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CI32lQEQu9_vkAQYpu3m2gEwAQ&v=APEucNVlQXpy5QnRKMAW4hd95d8mCX4LikfXrTedSBA_5pINAgRZ58oBxjIa0ieRnZdzcnvuEEqnBSiT2yyYTa6Pj-Xs1M5DxA

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:07 GMT
expires: Tue, 17 Jan 2023 22:37:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame DE07 76 KB
27 KB 348ms
282ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 17 Jan 2023 22:37:07 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DE07 42 B
63 B 344ms
278ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D1lYZFlr-psvyu8Y58vlwbwM7GAyoKZWKKSInU4XYvm8BdFp-rlEV635_GCHswmqdqY4TxC7m8ltUYwVg5xNyLgVDus-hdKjQlofsbk1dqsfrlEpU

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DE07 0
20 B 346ms
281ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1813773839146741902&x=1&ct=76

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/ Frame DE07 3 KB
1 KB 418ms
348ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/window_focus_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 19:50:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10026
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 19:50:01 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/ Frame DE07 18 KB
7 KB 369ms
300ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

fcb2a2d76154a28aee5a1e84fce890f1e5bd8ef41d5a7c8368f1db418409cc83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 11:54:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38535
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7536
x-xss-protection: 0
server: cafe
etag: 18409170587552385168
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 11:54:52 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DE07 157 KB
48 KB 1221ms
1152ms Script
text/javascript 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

sffe /

Resource Hash

cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49309
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1673441803913192"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 22:37:07 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CEC3 624 B
504 B 278ms
276ms Document
text/html 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYkLfgxgEwAQ&v=APEucNUc0QVD2STkUmgmBwK1Jm6RVWXcvTO7U6QwUv2z6vpICh6lF6R7iQfRXQ7w0R9zH-pDrI6H0wrRogsJy4aajG51sm4D0g

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:07 GMT
expires: Tue, 17 Jan 2023 22:37:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 95F3 76 KB
27 KB 459ms
459ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 17 Jan 2023 22:37:07 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 95F3 42 B
63 B 610ms
609ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D7up8XQKG9CMZhcSWx6f4yoyrAxcQEP_Km5cK8_MjrC4FUf4LYXRBJAlMyZr5OghSe43MdViBhgfFZZmsAvAUS-yV2lIRgROtT1QHheNHmz-9RxZw

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 95F3 0
20 B 609ms
609ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17043908556182340378&x=1&ct=77

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 95F3 2 KB
3 KB 1547ms
502ms Script
application/javascript 42.99.128.145
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115843&plc=6419358&sid=18330&dvregion=0&unit=300x250&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hqcCz1Z4Rn6tG6rJO2QgFj&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=16740933992&DVP_DBM_4=416816016&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/v3774tc2&DVP_PP_BUNDLE_ID=
Requested by: Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 42.99.128.145 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS: ip-42-99-128-145.pacnet.net
Software: UploadServer /
Resource Hash: e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 17 Jan 2023 22:37:09 GMT
X-GUploader-UploadID: ADPycdvcwA5DQUsg-JL0awbqTuuCpZOq7E2sOGpwgDfdAZZV4frMTAP5i37VuKTVVY6hkuFA_MI9amnwSw_HWc8BDswu
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Connection: keep-alive
Content-Length: 1922
Last-Modified: Tue, 10 Jan 2023 11:02:09 GMT
Server: UploadServer
x-goog-meta-previous-generation-number: 1673253614982549
ETag: "87b6182d03ee779aa68e37632f67656e"
x-goog-generation: 1673348529482061
Content-Type: application/javascript
x-goog-hash: crc32c=lOOx4w==, md5=h7YYLQPud5qmjjdjL2dlbg==
Cache-Control: max-age=86400
x-goog-stored-content-length: 1922
Accept-Ranges: bytes
x-goog-meta-pipeline-id: 742670731
Expires: Wed, 18 Jan 2023 15:50:23 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 95F3 8 KB
4 KB 1547ms
502ms Script
application/javascript 42.99.128.145
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hqcCz1Z4Rn6tG6rJO2QgFj&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=16740933992&DVP_DBM_4=416816016&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/v3774tc2&DVP_PP_BUNDLE_ID=
Requested by: Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 42.99.128.145 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS: ip-42-99-128-145.pacnet.net
Software: Microsoft-IIS/10.0 /
Resource Hash: 593acdfeb9ef6a7c6f80c1918c52734d3b62e7c2319d54bb0f4ae8199f8fbea4

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 17 Jan 2023 22:37:09 GMT
Content-Encoding: gzip
Last-Modified: Sun, 15 Jan 2023 12:42:30 GMT
Server: Microsoft-IIS/10.0
ETag: "07fabd4de28d91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3337

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/ Frame 95F3 3 KB
1 KB 275ms
272ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/window_focus_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 19:50:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10027
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 19:50:01 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/ Frame 95F3 18 KB
7 KB 273ms
273ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

fcb2a2d76154a28aee5a1e84fce890f1e5bd8ef41d5a7c8368f1db418409cc83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 11:54:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38535
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7536
x-xss-protection: 0
server: cafe
etag: 18409170587552385168
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 11:54:52 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 95F3 157 KB
48 KB 796ms
796ms Script
text/javascript 142.250.4.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f156.1e100.net

Software

sffe /

Resource Hash

cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49309
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1673441803913192"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 22:37:07 GMT

GET
H2 200 container.html Show response
e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6AA8 6 KB
3 KB 273ms
273ms Document
text/html 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:06 GMT
expires: Wed, 17 Jan 2024 22:37:06 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6DA9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJVZwPiTfftxEKl19eaC8VM&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJVZwPiTfftxEKl19eaC8VM&google_cver=1&C=1

43 B
766 B

351ms
351ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJVZwPiTfftxEKl19eaC8VM&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPuq0aYDEMqOxLEDGPuZqtgBMAE&v=APEucNWhYZ3ZedTW0rxYYjgn1Oy55LuscYehEzCsTdvH2wYqKLLgIyMi_0SaIseSoGYhpPCRnBdPSAHjqw4DqG9K8un8W12bng
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:10 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEJVZwPiTfftxEKl19eaC8VM&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6DA9
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y8cjFTbTTHifU54FyY6nwQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1

43 B
632 B

353ms
351ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPuq0aYDEMqOxLEDGPuZqtgBMAE&v=APEucNWhYZ3ZedTW0rxYYjgn1Oy55LuscYehEzCsTdvH2wYqKLLgIyMi_0SaIseSoGYhpPCRnBdPSAHjqw4DqG9K8un8W12bng
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:10 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 6DA9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGcXPttgvQu8TxwuwxqvXWg&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGcXPttgvQu8TxwuwxqvXWg%26google_cver%3D1

43 B
1 KB

292ms
290ms

Image
image/gif

104.254.151.120
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGcXPttgvQu8TxwuwxqvXWg%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPuq0aYDEMqOxLEDGPuZqtgBMAE&v=APEucNWhYZ3ZedTW0rxYYjgn1Oy55LuscYehEzCsTdvH2wYqKLLgIyMi_0SaIseSoGYhpPCRnBdPSAHjqw4DqG9K8un8W12bng

Protocol

HTTP/1.1

Server

104.254.151.120 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:09 GMT
AN-X-Request-Uuid: d3d769f8-2be9-45a2-9d5e-4aab314a1678
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 116.90.74.215; 116.90.74.215; 908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:08 GMT
AN-X-Request-Uuid: 480b89b5-b272-40e9-bec3-689a720ac421
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGcXPttgvQu8TxwuwxqvXWg%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 116.90.74.215; 116.90.74.215; 908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 6DA9
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE1MjU1MTM4MzM3Mzc2NTAzOA%3D%3D

170 B
243 B

277ms
277ms

Image
image/png

142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE1MjU1MTM4MzM3Mzc2NTAzOA%3D%3D

Requested by

Protocol

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 17 Jan 2023 22:37:08 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 116.90.74.215; 116.90.74.215; 908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 317cd19b-5ee0-43c6-9863-a708962d462e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE1MjU1MTM4MzM3Mzc2NTAzOA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CDC9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJznbZPsiNxUWCs4BynwCA0&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJznbZPsiNxUWCs4BynwCA0&google_cver=1&C=1

43 B
766 B

352ms
351ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJznbZPsiNxUWCs4BynwCA0&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI32lQEQu9_vkAQYpu3m2gEwAQ&v=APEucNVlQXpy5QnRKMAW4hd95d8mCX4LikfXrTedSBA_5pINAgRZ58oBxjIa0ieRnZdzcnvuEEqnBSiT2yyYTa6Pj-Xs1M5DxA
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEJznbZPsiNxUWCs4BynwCA0&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CDC9
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y8cjFbX4seoPM9tMegdqsQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1

43 B
766 B

340ms
337ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI32lQEQu9_vkAQYpu3m2gEwAQ&v=APEucNVlQXpy5QnRKMAW4hd95d8mCX4LikfXrTedSBA_5pINAgRZ58oBxjIa0ieRnZdzcnvuEEqnBSiT2yyYTa6Pj-Xs1M5DxA
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:10 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame CDC9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGcXPttgvQu8TxwuwxqvXWg&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGcXPttgvQu8TxwuwxqvXWg%26google_cver%3D1

43 B
1 KB

306ms
292ms

Image
image/gif

104.254.151.120
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGcXPttgvQu8TxwuwxqvXWg%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI32lQEQu9_vkAQYpu3m2gEwAQ&v=APEucNVlQXpy5QnRKMAW4hd95d8mCX4LikfXrTedSBA_5pINAgRZ58oBxjIa0ieRnZdzcnvuEEqnBSiT2yyYTa6Pj-Xs1M5DxA

Protocol

HTTP/1.1

Server

104.254.151.120 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:09 GMT
AN-X-Request-Uuid: ff15ab8f-9e04-43aa-a90f-042050b9d13a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 116.90.74.215; 116.90.74.215; 908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:08 GMT
AN-X-Request-Uuid: 50118c8d-b15f-403d-b405-097e44089849
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGcXPttgvQu8TxwuwxqvXWg%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 116.90.74.215; 116.90.74.215; 908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame CDC9
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE1MjU1MTM4MzM3Mzc2NTAzOA%3D%3D

170 B
232 B

293ms
276ms

Image
image/png

142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE1MjU1MTM4MzM3Mzc2NTAzOA%3D%3D

Requested by

Protocol

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 17 Jan 2023 22:37:09 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 116.90.74.215; 116.90.74.215; 908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 7d7655ee-c4ba-41f8-81dc-d310137c693f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE1MjU1MTM4MzM3Mzc2NTAzOA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012301041800000/ Frame F7A5 221 KB
61 KB 831ms
273ms Script
text/javascript 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012301041800000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

d4e7f21914210e4d6da2b44cc05a554cdd1e538ee43e1d4dc5d6e6a1f1ee1282

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 17 Jan 2023 18:07:14 GMT
age: 16194
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61740
x-xss-protection: 0
server: sffe
etag: "8e9029bac2b10828"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 17 Jan 2024 18:07:14 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012301041800000/v0/ Frame F7A5 15 KB
5 KB 273ms
273ms Script
text/javascript 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012301041800000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

885cb07503e088de00e0b1502940db47d59817caf2a3e35e1f92432d48d6f8fe

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 17 Jan 2023 18:07:14 GMT
age: 16195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5230
x-xss-protection: 0
server: sffe
etag: "98e8559bf0300638"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 17 Jan 2024 18:07:14 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012301041800000/v0/ Frame F7A5 94 KB
28 KB 290ms
289ms Script
text/javascript 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012301041800000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

c6629584f62feeb6b024b50fae7e99ed6bec9942ce434c8163e2d627f1253dbb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 17 Jan 2023 18:07:14 GMT
age: 16195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28829
x-xss-protection: 0
server: sffe
etag: "80143a542ab189b2"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 17 Jan 2024 18:07:14 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012301041800000/v0/ Frame F7A5 5 KB
2 KB 288ms
285ms Script
text/javascript 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012301041800000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

a9ed6c0cdb54ddeb561369fa2f9748cd0dcba457ba2cd0cb1955cf48387bcf2a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 17 Jan 2023 18:07:14 GMT
age: 16195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1904
x-xss-protection: 0
server: sffe
etag: "c26873ae23a2dfcc"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 17 Jan 2024 18:07:14 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012301041800000/v0/ Frame F7A5 40 KB
13 KB 296ms
294ms Script
text/javascript 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012301041800000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

f239f3f5ba2fe8def7ffc52c0268cfb1cbd362214823676459daa279370a9cfa

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 17 Jan 2023 18:07:15 GMT
age: 16194
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12956
x-xss-protection: 0
server: sffe
etag: "a53f7d5e2894160e"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 17 Jan 2024 18:07:15 GMT

GET
DATA 200
OK truncated
/ Frame F7A5 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff787fb1dde61fc5474f0df5ce5a91c6808ccf677b48398f98eda0d9e79b5ab3

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 18417994194344526499
tpc.googlesyndication.com/simgad/ Frame F7A5 78 KB
78 KB 292ms
291ms Image
image/gif 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18417994194344526499

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

26a72a1e60cbf9e62b281d71225f3476e34dfb675f7dd1385c49f205eca5afb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 11:56:06 GMT
x-content-type-options: nosniff
age: 384062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 79628
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 20:02:31 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 13 Jan 2024 11:56:06 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F7A5 3 KB
3 KB 276ms
275ms Image
image/png 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/en.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:28:43 GMT
x-content-type-options: nosniff
server: cafe
age: 61705
etag: 15880770647744369592
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2982
x-xss-protection: 0
expires: Wed, 18 Jan 2023 05:28:43 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F7A5 344 B
474 B 274ms
273ms Image
image/png 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 00:01:17 GMT
x-content-type-options: nosniff
server: cafe
age: 81351
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Wed, 18 Jan 2023 00:01:17 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F7A5 0
0 284ms
282ms Image
text/html 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Ccn00EyPHY__uFMyNrAHRoInYBZmU1K9t-Nrk58QQmKW2lYsDEAEgiYvEUGCr7LGF4BigAennmPMDyAEDqQKS7TFl5ZOlPuACAKgDAcgDCKoEigJP0JQ2o9bewUGWuQrqunoRNoN1eydhcv8tVDCQOmK8J4ua5GZ7qvH1Ky6zPNJOU8FbZBU91kZngNmEGs6FifAKQt7-iKZsUoNNsTaMO7SCCdG6-Ro-_7_n13pGIRBYv_TuTF01dEQVO32eFGFMmUbFYqjoxiAe57rLdPrh3kH8LeM6VMQve2aVPWACE1bJfs_G57f3CDA20Lgc8vG4QsH4ZmWTc0TX86nCPDGUTF6ZwU-0vvw0UH1OIf9gdQTd0hCWGwJhV82uBbKxo42vHpk4yuxhGCQeG8Xbdm3DDOfspszHXYJs_BHKpj-OKERFA_SUQFTSPHk4MRpq6GzzVaTI3x9l05ucyR_OkcAEl8TcspIE4AQBoAYDgAf_l-cMqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ6OYD0ggPCIBhEAEYHTICigI6AoBAgAoByAsB2BMD0BUBgBcBshceChwIABIUcHViLTE3NTA4NTYyMzkyMDQ0MTQY-t58&sigh=GJJcR_XPHlc&uach_m=[UACH]&cid=CAQSTADq26N9cZ8RvRQD-sZQtcyfc7vO_RKtNII6keo7iV7vWqUQNVR8jrjLQOL4XcTWubhEJRc_o49u27ec86fO794NQXTMGi6zTcqf_B4YASAT
Requested by: Host: pastelink.net
URL: https://pastelink.net/v3774tc2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.200.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sa-in-f157.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CEC3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1&C=1

43 B
766 B

337ms
337ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYkLfgxgEwAQ&v=APEucNUc0QVD2STkUmgmBwK1Jm6RVWXcvTO7U6QwUv2z6vpICh6lF6R7iQfRXQ7w0R9zH-pDrI6H0wrRogsJy4aajG51sm4D0g
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CEC3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y8cjFSUr8tYso1cFKVuOPwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1

43 B
632 B

353ms
352ms

Image
image/gif

139.5.84.243
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYkLfgxgEwAQ&v=APEucNUc0QVD2STkUmgmBwK1Jm6RVWXcvTO7U6QwUv2z6vpICh6lF6R7iQfRXQ7w0R9zH-pDrI6H0wrRogsJy4aajG51sm4D0g
Protocol: HTTP/1.1
Server: 139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:10 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHqmSQIWC4RUrMtYEYFf4Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame CEC3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEG8gDZgE2IbD9_-ziN1hL5s&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEG8gDZgE2IbD9_-ziN1hL5s%26google_cver%3D1

43 B
1 KB

495ms
278ms

Image
image/gif

104.254.151.120
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEG8gDZgE2IbD9_-ziN1hL5s%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIYkLfgxgEwAQ&v=APEucNUc0QVD2STkUmgmBwK1Jm6RVWXcvTO7U6QwUv2z6vpICh6lF6R7iQfRXQ7w0R9zH-pDrI6H0wrRogsJy4aajG51sm4D0g

Protocol

HTTP/1.1

Server

104.254.151.120 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:09 GMT
AN-X-Request-Uuid: f9cc47d7-d681-4ad5-be6a-e4c2d2c28b58
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 116.90.74.215; 116.90.74.215; 908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:08 GMT
AN-X-Request-Uuid: d2ee1236-1635-4af7-b627-bc26f0077f48
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEG8gDZgE2IbD9_-ziN1hL5s%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 116.90.74.215; 116.90.74.215; 908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame CEC3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODc0ODc2NTkxNDg1Mjg1MDc4Nw%3D%3D

170 B
232 B

294ms
277ms

Image
image/png

142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODc0ODc2NTkxNDg1Mjg1MDc4Nw%3D%3D

Requested by

Protocol

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 17 Jan 2023 22:37:09 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 116.90.74.215; 116.90.74.215; 908.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: ac8e1b63-cc62-4f13-9300-823d304b7e56
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODc0ODc2NTkxNDg1Mjg1MDc4Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/ Frame 6AA8 22 KB
9 KB 610ms
609ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/abg_lite_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

c5418bee2b5eb509379e5146161267420c90f21ef5824f64ca9f7396a8f51dba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 19:56:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9651
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8889
x-xss-protection: 0
server: cafe
etag: 3049769697470197148
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 19:56:17 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 6AA8 8 KB
812 B 279ms
277ms Stylesheet
text/css 142.250.4.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f95.1e100.net

Software

ESF /

Resource Hash

684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 17 Jan 2023 22:37:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 17 Jan 2023 21:15:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 17 Jan 2023 22:37:08 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230111_RC00/ Frame 6AA8 14 KB
3 KB 825ms
272ms Stylesheet
text/css 172.253.118.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230111_RC00/outstream.min.css

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f95.1e100.net

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 13:36:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 550809
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Wed, 11 Jan 2023 11:45:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Jan 2024 13:36:59 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230111_RC00/ Frame 6AA8 391 KB
132 KB 826ms
274ms Script
text/javascript 172.253.118.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230111_RC00/outstream.min.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f95.1e100.net

Software

sffe /

Resource Hash

5ba3de99116648e15b945f844918e44b4c409a558d28e20119538bea2eab41c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 13:36:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 550809
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135245
x-xss-protection: 0
last-modified: Wed, 11 Jan 2023 11:45:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Jan 2024 13:36:59 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/ Frame 6AA8 18 KB
7 KB 643ms
642ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

fcb2a2d76154a28aee5a1e84fce890f1e5bd8ef41d5a7c8368f1db418409cc83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 11:54:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38536
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7536
x-xss-protection: 0
server: cafe
etag: 18409170587552385168
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 11:54:52 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DE07 0
20 B 275ms
274ms Ping
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5526476542713&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DE07 0
20 B 275ms
275ms Ping
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5526476542713&version=m202209210101&ct=76&x=1&cor=1813773839146742000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DE07 81 KB
34 KB 299ms
298ms Script
text/javascript 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AbXysY3LBnSa8Moye_uVmn8U-fHkuCfjnbDmjjwXFz-EKgV79k5Ec_M1CdKKsUfdP3-PutJJanOPgP2F4KShHCTymxNQ&cry=1&dbm_d=AKAmf-B8Kg_RoqvrsRysHz4PTU8Vj2PcnqHeWhp1u6RXnep7JAglyvgkxjOcIO_sVkvSGjNeRfcazmY0gczGy-iOIXdkWabykdeskKWmun6UrTq42SvhAOwuNs3jTtjt5IEmvYtBagsxhgnwdyWPlvUXTDunRCFEH42R_k817WRutVfFwNsxl9uq6DqV8DY1Smln9hIfiSxBZNYUY5bhnANtVR0I0S-qkZqbL-p60hzSIhaQF1DWNXDjw6uaC3e6S6qB0lX-V-55ub8LftxT2ZgTk8DTdWpYAYcTPsVQeZAHEFCH6fTbNQeAOVrRXU09H9iPtrACPVRHRiExRT--dxC4KBxLerIsMqN99pNY71AlCy4coEbnyJO4LYNs279oZRYI1bL_28bwn6OJ2CnlunbJA6MIYNofgwoX_mq6LVt_BCaHGYkHqYtUsR-Rp1Xu42L_cMq8OE7QzmoJgoGa_CcOf7T0CQmmDLNyva7kKiSqm24C46gpu2qa3HiENAqker9Z5ONZPkN_KNzyNzRec_j-87erHMXSItIPAQ0IjxkKRJc9yx2rZ9YPqlvweNIxGDDPBFRdheOjwsf3yMs4Bp-iiBbKoS9B08p9IpUVwhPZ2M4S5VNqFFuGLQPWuKgc5tFyFHe7_-XYxnFM3E4Ie4ByG1cXU0TIo2sUqG18sXfg4K34SLDCSfipVITn9emvNhVpUiYVSdm-EO3xErijw0qd3KABj1w-joeqxjfj50GTlLV82ge1Viej2V_gzu_SfGZs3ZDWdO8rxNkicJj0HnnsGN-ZUQP-1szouF_pIVwIX9xtDG1fbsdT9cSrmOcYUq7BYkGkmukECeJYwsm1bRA6n4PxI1_TGF5IvfUQD1gIM1f7IyZm433tSkIZVDMPkyrwXMmbGvij_t-UF8Owk9OR0YvgjDpBiSUbc-d-3jyAChUaSwbc9eLhIzXZykULKtcBj_O3PxgFi3wu5m-QsoQT11gGruW7yseh6vDEcDuyDT7eB28tUYmVaAu2rR48VQUFeiBL5vntG1emJS1i4PBQX0dOi_V7XLqPzKZY-hueYfD14pX9r0XA_MK0dOqH9O5TB8EC9VsGL6e9IR1ff2ZGs2yqfFsbg_aDer9a-HVmrB2WBF2vd_vClYA8S0SBqZFRvyKbTkDu6kcFBxQuFfhVLr5KTlDzO6zdVDPecyZVbegX8Y_Z7PsyiI0-CcQC8sCYeQNtAwTaB24bESsvEnDMwqLfXlW1w0gP0UAus9ecANCnAyH4pGK8GQnJaNOty3p9EBm0251u3W7lSCeYe2wIG7DKJyEIlpRemOimlnxlsFGS1taKRPzUAE1trxDLCvNrQ-0zjRLW2NKAHwA-ln08MBmRS67oanPbePqvpPspq1mIVypGljHfW7buiQKz4jIZY2P44O7Sejy9mg58SaXyzb1k8I4IfSMlUnRePMipNplv4Adi4xtZnw-TmNaRIUB0msgEg2vKN6rMe06RTQKZv5RH370ICIxAE6xl2mheccw0A9xEsUC7TGp6iTzwiiVyu9PIr87RD2P4X3hg4wTaBq0Y91Zh7UfLU5Yf55XdcIV-NsuqN3Wm05-ORockeUhVfVtKiK8DxPNG7wBSe-bi0VJ5mDORYHLEwJ5iCNXYklp2L8AegfybqCwJdc8w_sGAdSrByl0Ff-4RB3ey885WQL0YqVitkcbFRDlOhj7jrXL0x9YPOcBmE-6FooQvFJV6YUD_x-JkpDTRrhz9aSTBU8y9Xq_yFhp66FEjP4tkM-NkvOahOk33O56hb1Q7dAaaQkLJ_Tf3iIjyVCNU8qbOLj2ob3g2jOdY2vDMuidVgq5zNRceSJnUB_CughZW0APqk4kdKSBkVoYBGk8l78jf83bDg2finxRPL-XxzBS7ZSqRlDHHty9-3Pmncrak1Xs7cEVEaDQBCMHqRmkrCW2Iz1B-0Ry9FDPwHpQLa1NryDRNidpCIc5bSXiu-tSJDkDr0mTEpRJhagoBQVL1tZ5j6CxcKV4vAPqq62wx2MWquQQB0Rqa-1gvBVeulXr3g9sF6_Se3qQQ_LL4WrUEiV5bdc3znj6IReSB4oDdLuHsb2gDEb-RPiixV7MKPPiR03s5pwYoCndcdElgv988NrK7ujh04PxL-Fs-6YOGmBvapWaRTHTwr6VGFIdTxOXfLlt0qVvwz5B5QlYnVmObt3OKAoBQQZZhW8--7SdyuxMeJp9x5bQVoh7eIWpcHvj2R4CnjWXL6G6chZMyEzIRHnnsLvL2UQdEJ0-GKKuQI4E2nVdTYMur027V2VX-uJurjHe-vMvbDUWBQakdApijclxlqmN3XKoU__E-T3D-_v4G3NsrBfFjfj2bZBmVxdGbCiO0x0XfH2LQZozp1mNpfbu_6iil7e2ZB5Lm8738Do5PAcwmV2_6Ti4uDcj86TPdbI96K9B0E9qx9QZ_XF34uVYcg71m2BojmzR3kw8682NMIpTkFM5bHO0VGIPBHdmryIVoJEw1cP2xfum7jSrYms8128TJFydaeQrbXTnX3UjovTJicP-xjZeNVUQmmLwcXOuil1uZ8SjiGKdX0GlpvpqpQCwiN0O3ul9aIzFO-zNuMI3u3qC1Mq7ZkwQShZSgKf1amlEeE6s5q3OoltDm1xnl5d3x7pQDaFwSTFen0TqlIwFEw8_86V_ZOxk1665DwXFieDUgYUG4BJRumwyQmpmUCnvHEftpq7ATHuvDcLV65-cZ5nmcAwNQkeL9lRqIwrRCejONz2O5qE_Tr4WDX8dhNG27BgWLYWc9bIH7dluuoXQ248IzbaEfGwb5ht-sJpOwc5tpEPLdqRCpOXj6ctPdS7iBjfl9yXfneLn6Ct-bTuN1e9MiTogEWiy92WVb-Sn5ax_10AXeSzdAvaU1adpDYrf101dT2UvScFwze7QggiqeeKZoJS86scAjxUoo7yzOAvjni-NIlrev8lyr_zxwHE7g34SGuNcyRnsTwIgdMzKz5ORFYUDkCJMrVq7hB3vzj_Owwjzo8TloCzI2YWI2Dako1Y8B0OMxqUGSC_vAj9fljFsKZhqkYU3U8wjITiQ-8XdKZu3-BmlYfMYz0zFQDtdu--QMus0qDz0_js_-z2lAXUmBHjw4zqa-UlzA1vUZxA_KN9kww4NG6Awsex2OMZ5KRqwFiHNtnaOh-_Vhny78vxEdaFX41wjjfraiPNzYgr8EqtmWDMZur6mAGGgBGx2MgZcz3ChlndUIE09tQ-MtNSr6AQdjRe4Q8EmXnme2j5WUVtgpZfrXAqqsR_MrKcRVcaQQnO-tgIhdmRaOIGKgH3kMj8I6cc-RxX2wMTSpTDBYSmgwtRlUiUM4OVDfOZTrf2ofy0vzA2qZeJA05S4yLs00CnqPNRR-r8KOkt97rk85xdwL&cid=CAQSTADq26N9pCxxyx8rhTAtRTz_vT-pgngRag0zIBjhCAfxOfmtOmgGie_mkDwNs_236N-AWGaOqUF5TyB6Wa5GDJnncuH0uW-3_s6ykFkYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=1813773839146742000&adk=250412560&idt=609&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

7f8113d101d088066b4573920037cabe963155664a7bd02e1dae3be37dd479c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34771
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BBED 0
20 B 275ms
275ms Ping
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=554067352689&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BBED 0
20 B 275ms
275ms Ping
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=554067352689&version=m202209210101&ct=76&x=1&cor=3606121010059981000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BBED 81 KB
34 KB 429ms
428ms Script
text/javascript 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BDVlS_0_gcg7PQBQKJV-k-I0T9qewVBhppMiv330KGBnENhJj1V_CJ8S-MlwWq4yeFgfqcFuDpzRy74zT-LvH6z_q9kg&cry=1&dbm_d=AKAmf-BeKwcaA6mYsAacFmNtSXD2c3qnt9UI1r2reBq_etNaEMQghL4IqpOdjsy0FFPHPTZi0aWepKwT2lW4yX5kp5rSM4O5Vc_ouLPaKklbCwkw0Ks4Is2I0bzlZ4OtR0wqL8ppTRjRR2vST9zeFNJ3QBxq3E3Lf_fdcEol38PaANNj7eXr3vdjxNdt8-Glb69T1mMAvkmr5XLv9PVppzEREMmBRervy_X21xgYcklF1gABUH85BxevlZ9irXEcNbSmcbQeyz-spEsxk9egwg-eTb2Cdq5mGs9Ii3dKmkBE92AGOFkKCWSWCalXJiav5Pu492gvaH0Qr8IYUDl0ip57mjATSk3WoWyu7IYXfw68E5KXylGvZMVvzPK7qcFYlPbHs9jDklmMaJ2v4ZZhS5zlvo8VPWsVO3H5s5jpC-UDnT5GGmT-unyVgHmmuulJj5HK6090xVb7vXG-yZofAjn7WCie6VPdWFyINHqHbprMKpiTM0PeUD7CUeuO-sMvNGVSOH1IJLaKYYkrANTxGjq7fq62hFgPcODLNZTwQ6NMk5VsUQS7V1ejmtCMM2mGpGg5XBRR5etrJXT0lyV6U6-6uU9XtiJ16CxIWDeR7bGCSCvCpBsNpDCMYvydqqGCa6Ci1xNxKN_iZ2dYep5Ykv_83tOgYr2H70YOPc2v7jbgv2NlcbPlx7LThR26TMUC_FinNOe6rLTsRrCMPmxSFUhRRs7phiGsd-gFDvJcW_6i8SzjfMcqf_jlWe-XBWqmC_Pgpsk7gug96nRf7xThjMrwtcmf2O9n3EkFWl2dy2JyeOVpblQHAMPidhNLV9Qr21FUPpy2mjzg8pd6KhhF4-hZcDrM_OO6JXthlSzgSZb0XTzy5ESq6wmmQASFKxURpXpwVzx2xPCRQpAPjCrLe9OAzPB48gFcjUgIjnwhl2IZnSpJ8uf5JDHfYkHII88qsF2_Gs_FxieMVGZNwYyk5BbTcV-HjIJjU0KfYqlOStYNqC2dh5AHlVx5P0Bn8Z3EmeBt1BN_QP7eERzuatapJkkToEg6GKIkBI7eIqX-JcvLyDxmL7lztyBfd7lt38rYgriZzBEg9ZtoU2motNnk4u20QTtor8ug8ZtPzzEQCZvS-qHcZq0zEII0o7RvjKZlKtJvBioxx9oVRnuOv9evMxVRI3xwQxBi-ary3yln7JSz1UYmaBxT8CFRbdnDOT4uJx9mGQqvhlmm5FQz1Q4C4qWJqQHxvuh5ex2H1v0JIY36OIRQIGu4oqhRIa2aCQJQGA51ArpnxZ-PDFlfk1z7cYRvMH5NldkT7cvakhrhlfhoVpCdizaL9MSBHSOCSCno8xcBrgEJgX13iFuHLVp035Ht0cAo2A6Kuxx8oRtjOmAitfig4YqfSpVY8zze7K_mnCKiSAKh8NARXE5_w0nEO8iFg3sYAo-XZSPYc4MuVS_rQmOLQeIi3kapQVMpyvmRoqYU1xBf6OlYaxi_PXbytsAsKMt7_QQo8hkTAhw5fC8h4wrsKUz47WiCvdLjqkgrZT_jm_A2MwYZxomOYSo0OVVTGe_rKBU7twClt3ByLkhOZ1RjsrUH7shr1rJHNUFH0Sdfk-hr21cPQQpjFsQBef1lJkrtG2AN3qorg6PYNhGFJcfKEICYqzAx4riB6-BY5WYjUgtkHcGxo_BXpwcdms1ut3xfYALjkiVQJUVuNXkT3licKogCAksD9s-7W-uTVMjk47y674to5l3GUd0e7so4EP5WcL7bEMRweZ3SJNoMzMr7iqoMUZ4avogsC29BNiyRfv_A1p-KFp4UeFadIT1w5M1ILT4XHMWzlUWMi89z6irJH33_4Gq1arpp351OagNJk5qCwSXzcaeHvd0U6tNWnkPyaNcXPgmWkt0gZ5Tq5zhvjN4Klq7o2JWanAEFL780smLgABDLAAzvlxsq6AJ9gyV5OVaAvT3G9_9G4VfYvYTInFOUs-Bcd0wj-xV8mgjo47GuQ40_m6Hsm5hjkmAkAbWbKxv0yAFXTDySTx879L083AVa96G7mV0c2wU9p4dWsW8aWrDsyFl-61t77UFrtZ7iOfQW7NSJXufxwUlXyuKlhB_H4DMdp5HQA05Cf5_eavuRCWsc4I_dcNyaStWbW2SgpjN3TdH5C_zwyZEOdFPL33quEZ6bs4nAOPksd-QIOMcY_Q4BNLOlO-WY76NASP5Q7tHndhMfWvK2YwbRZJ63vARFc-BUtq9M9-pZM4qRI6_rCXu3koWchLl7IUMWcrV0nCQJv70fibtiPZjrzwfsTRzTTQwWyK8nJJTLHVXKeU-T-naLZziaewTTdWQq0TA6iLdJGq-Tm32cYejToequf_xfnOPPBKQmDFvkrvlQOsJZaNRT0esphy50lSU9EwkYEWfN14_Aw_nwqeRPfuuSu5cqxtMSsMo4K_vvyW6LH8EFO-ZTPliX1tmahXINwz3YeQCIBj4KZ3iV3iW0jdLysX0fBoVguLgjZ3oh54phjiA0LP2SRrl3TNfD9WMKEnGiP66jxmjVGaZloluHd2o_z2DCN-zAkS99FfkYy16DBQHG43Ls_8Q2HxSbBSnDgevGL4lm1CjXvMQnaVFNHTns8V1Wm3xCnjCMYRShW-SDfMnmz-NBaOkmG1-p9CaJQX_sMZhMWYqnHGSVn4j0UhZ-h0JO19WR_AncttZwhARZ-gzEViXBOU4Fbh7vxDQhG6PcOOk-AI1Q5pW50_AWTHw0oPiEUmCi3rzaGHpKDSISSAFkyy1TuXyas7_90YG5Z6dg1zmIZLKyFLBKwQIezMD50ir2mm63hpfhz3IRi1ZirO_KXRWC_mOLvZ-KHRZ_y917GJylX4wopz6zZ2hCB6xy0O3kCNFiyQ6_afX4gRMHh5vSRP0jxYizKUjNRiwu9JSa0WCFue7QLPhXipSdAegjY5_63K7-oR8yobv1Pycl6JZBV5-X6JA4oc6sn-NjPH33Bi9ALjVH7qEOCkV_dYbv1K_YQxf-0Acj2ThxHXJei3TO1mNP4naaMDVn4rnqDsqQkZi27wUrtOyVqTtFJBD50Jd6s3eGZ0Dek8l0jbJie0UjG44jmcukeKuCgOkzj20-di9JWKrHcyKQkvKpFRdQHhuA1lzvXxVtPXyjVx80XXgEmON4B4W0VjmZpWp9jxZq_BkewCTn3e0Ng0bfFo6cVOg2fxldPXri97hqbS9ClDym3eD3-9cgd231FooEv8u_CDEF2nphG_5KKuRLOpTo58lF0P9ShhyGu0fHFmXq2WIAWh0ohwOX-VgwQ2sve0cj9Zt-VHATxeth8ANPBhd3fxB2_8pi0C6kNnw6DnqROzWmfsiTARSziUt15aHrIdd087SM9GgCZuXTbnqjt2sywhALTAE&cid=CAQSTADq26N9oGo_jjlzf0L5pON9aN29Fn_OoPSBB0ixdxvxx3Rn6YDSW3NM-W-78Cs1cDkeaAnf7TwQHXeC2UmRUN4qgQmbte_fOoPWttYYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=3606121010059981000&adk=356101037&idt=1149&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

b113103b746caa642ef00a44817e675f2c75d2817dc36ee4b06298877c1658d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34865
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9E73 6 KB
3 KB 274ms
273ms Document
text/html 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:06 GMT
expires: Wed, 17 Jan 2024 22:37:06 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 95F3 0
20 B 276ms
275ms Ping
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5330218475614&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 95F3 0
20 B 276ms
276ms Ping
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5330218475614&version=m202209210101&ct=77&x=1&cor=17043908556182340000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 95F3 15 KB
11 KB 501ms
501ms Script
text/javascript 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AUV-jTXKhs4_Mne2JNwZbEYUCilRCdmXWad6cm0XMmcfKRH4xoxrSiCmHys5dCjRyMTC4ACjlo9DkzAeUaFbvq5dMP796Qc_zJM-oKqgC6C3fJDe3BKZBUChDWUJtUXmlSx_l1W7QB6G7mXU3wxpLGxVW97xetCaIWumBmLgk2COZKuhE&cry=1&dbm_d=AKAmf-Dqeq8OqrC7azkHrXQUvHRLXhyLxI_cTK_r6cphd3TUDWgOCr6_tMK595juqWQe_AxMgM7pNLEny1j4kgYL-mk7t0dHJIEB0qARPWyttu_MXUWu377ct5cm5zuBn6BNsq2Z-aJwEb7G_OGzsMohpds9qwg3f5zkD7MJGkhWapvs_kLVCaZ9L9B1oN7EJA-RB2EjajpZJrj0CETFv6pzp5lZF6TyBbIwPLTNDFLnoHPVUNXHJHZYSkDTTzeWiRHNlM6FABqI1G_hBAGc1IbrjZm4Z3hBAPlICDAfEQ0txjYM2MEumHZVM4Ym7nQ6dGi5EfgHPVDJStMIUPhItpwMk-MkHYIQpIqIsezl64zzZTeyW5hYKWhNnzJsdY5iXHO4n8M8EteV3Qz9dUmxCcguqAwF265S8-Xn-QQ-6LPEbWyeXhTmj12JDR5qcqifEeHlk_gq1cPMhVIYT3kmXz9q5wTt1Tw6jKiOHTokKXVNCRpwcSj_FOBkrnooUejgcVDO3ZrfMguwgsXJXPPFtPUr10P5cOts2jdLlBbz_IQoOn4E7PEWX-kG0MVAbVuPnzTNzfzEguZyrvRd9UdD_bbb1AzUWSJKxDCS6lzC2mVfVt5gvEcaqIK883ufE3xnWU3YOyI4y6dC8BSKw5ERWffBX1M6D-Aq9mm2e3Ij-WcrQXo3j-srZI73rpEtzNn0w6vKRxeODoQFxUgDow4CKfXEBksxTxhw2cNUTZeJd8Rz5BqZJZQ6QYKjta2NnmuAHySimnJgasBA81Dwwt6BoN9LsKwcvQb--yYH9SP8MNgSSh2J2w5mk3odsLRhmQdzaYtgKsb9xaJUUtGPDe_V_12j7-Qa8RcPV6Ya0rsdd6S9DdYpZUBy4_VPIw071GVmpEbCdVLglF5Kycc4KY76DI8yAvH5etIvuH2Q0KWazdbzaAM0P9jgjPLR8Ke88bFchk01UHKn7yWKhv_jZfGLXMbF8-uAR-3YJRRhkAnCTURdSzFnyV7H5CpV_46JJL7R8pZw2Y1E6RZNLgsaaiZTR6hEh68bECXPjEYxnu84_WLvc-A8fnSwM6iKB0UQDHpPiOxZ3nl6vhy0aDeCGDK2vYcTsz0NV1XRtM32lHmB6IQsm_AzDLl0UNsbkXZR3ro-W0lkMxwmyopCtckxBoI3ZBti__bew3-qmJgW97VMPmxk4s07JEZsVdiRgLPeygp9gxXm_ciGBonoy6ArIlRvu5bOPJgxMwwu817tSrV8aaYrzESt5_lfFC38XtPcv5C6b01jerD9Cv0Q4EAHnXsPnpl3E2lvLw7Wg9XmRCXuTJZ_bQVliBkGxGNt_zsC8qGwakNE3BbfueLXT2-ZmsGJvmbADj9RkunhyXY04BtPVFcOiXBsw6a4xskbZFGWNoG2pdQLM_g2sRWn0EZ5avchMp2HkC9G8eUcOfZkrb0AmOArm34drLXB_hrvI3XO4QlFj4rbnytv_CDo5EeePjlBpWIy5_uMMpojOlGksbXw3B-VS8mCQwCKFfGdZ-uUuy2wkoxJP_X5IBzd6I0w2awv51w1CjNNNOLX5W1fn-bKb933Y4eLQWqUm2M3ejQE5xNGNZLw9eLkjdxqvB4MiMVnTYNhT9j-5YVCy0xwPig3gDS3e3ciCrRouWMdxXItdaL2_LD3dkE0iulmjgENMmua-oRY8rCCbEHdVN85W5exXKXxfOd1pjcwQnjDXjpJvq1KRfu0wwzemEWqmjkWD4JApwcKfPu7wq3rGBF5Qgfc1sjOEzwJ3afxN4frAXwv10Fa32IGAI7FGolY0brBAHB_bKKYdNeiR21g-6EKjKZyBlKNiMUKMZnWbOmk-gWxv84tpmVmEwdroWArnl82UyF7ZQuoNEYhH1kFEeAE1f6oSxZy3z73qvUNdomzv1hhJGO5w_ZweU8kYeX8alfHFrqVHgHmGRRvTLETZZT7yebC4yVbz2ixn491-w81m2P8gN4dS3RReEn34ihkqlTe3psY4oyYPP5QwgQT9v3YD20JSl94Ibp8TI5ZT4EM4sB5Ggd-ShI6KBLboH-7k-FRfxQ3d9jTeq8H2SU_Decj6Hwlum_TURijZQyYiFCrkGf2EMEwRjvyqCy67Be-2emMZdF8VIuOnICk5PCcQT5UlX3KINmT2UUWDDLByzFcPvaxHnkyjDXLjFjd1sibOf6tMEHVapmcIAzJC9kF91SZlgPAISJRFL6aXjUkEyvuD5lQovXZ0bZMtgRV606WIcmVCHYK3uxFpwmI48IE8Qs2KJQcaZqPfzNvXGUC91hc2ClKEQtuY9yeUBZrjKPFyKKpF72VHSsK7IFCeO2Cl34Sd6kA3Jz4Za_pqTb_VmQvZp17mh1y8jTnX-nfPLv3Z4BHjuOWazrfAmpfle2OpSfARB2TgsZEQDJeBZfYaiGWqShqWy3WyEm6nIuOhjabyIDTqyLIR_F3OwJG_Gpzu295o3yJio11zyeJz0qG_Vrx5zUA2qnI1SLSrLvfQxNZ2wavdPCFbKyGugzK9q2qBm1JI6PT2-gFXkAcaPJU518R4zU-WNq1aWVeBLPvN9jbdYrRzZ0GSIZ1nhm7XT2fCSwZtEJJa2drnow1OGlv9R-TWxwi7_JHwKhkXTpDZWQJHdOvOluZfOUHg0eW9n6CIROCg-bKM6KIYcvaL8Nx4vo6YBYjB37-OI1Bgx7DIpzDw4TWCRcTeQrOlPeqMYzsPJ0F-oweL4_-pY8wRKgP_q4zTC9aZekkN1MaDJymQqRx1yXULnnzIW0_SLEtDbJkeFwO04DxcG1veVwQ3AcyGmmNtofEOV6AU5DsVs6Mdw87unYcBmBeyueV8mmXi2hEQxqAmr0FRk_RAZFCoIQHY7VZH5hGagN8h30IFvwXbF33pw_FydsPSPJHilyigHrOev_9zJXSif36o8vmA4mizftPOjYWfJhTtx5XEQnM4_hvYO9vb_E3UoK97UjzfqhfagfATyPJfCxjFXE9z8uwd0I8oCQONqbWZtq0Hh6dt7--pibTJQP3quYi0jVkTcdwlf3H_HEcYV_x6Z_n3g0P0sPzdemwFFlN8cleWDLJFWIOGfSaksoSHb7vKebZE35ejGMdWGMnP740d__y8fhJPv13Td6YmNYEYitbzPpkO_Y2ILDO64Bj5fBSL65qvVcbqlS5Df02i3LrAbMXeOQKnk9cWkUFNd15Dlp-8BNTqis-g37G8rI42S_aL-NOO8_8uY2D3UROOmBTMYikr-P8HWGHscLhn--m7PyVVN6fKmEgV_6sfX-4WwzMezbXsnv0KkhNAzZ9f27jJKjTeW4o9so_dZm5teDDXdcqnJQiuzHOYcJUECvdpRyWAOHgkH8Fj6Iu6ierf3pXTit0Z4JrLnk&cid=CAQSSwDq26N9fgNLJZwNTUN_y9oC6JM54KDRZNIGulRBvrKfzOFnW1_eX3PMEQJTQCPCf79pGT22muxnAj2UxNeeT1Xr3QqJPBsotUDoTxgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=17043908556182340000&adk=1964084972&idt=611&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

c6ac6d4e30501763e35c3e2430343fe12329026ffb6ccd1a477ee8e1a7ecc9ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11315
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4C7D 6 KB
3 KB 274ms
273ms Document
text/html 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:06 GMT
expires: Wed, 17 Jan 2024 22:37:06 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
400 B 1196ms
399ms XHR
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

b83f136b77634a61af12f8fa37f82a97da118ccb4100ead65527b45b784a4a67

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://pastelink.net
date: Tue, 17 Jan 2023 22:37:08 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK v1 Show response
lbs.eu-1-id5-sync.com/lbs/ 34 B
281 B 1195ms
397ms XHR
application/json 162.19.138.116
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lbs.eu-1-id5-sync.com/lbs/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.116 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533567.ip-162-19-138.eu

Software

Resource Hash

e88df0aa360fa5b8e823b996e391e9581f5f591a01c4bc474e9eb59e1de0df62

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://pastelink.net
date: Tue, 17 Jan 2023 22:37:09 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 34
vary: Origin
content-type: application/json

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/ Frame FC2E 16 KB
4 KB 292ms
292ms Document
text/html 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

adaa66fd25cf3b97003e9daec3f86da7374abb9919d6cf8020efb0cfc76f3acc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:08 GMT
expires: Wed, 17 Jan 2024 22:37:08 GMT
last-modified: Wed, 03 Mar 2021 21:56:49 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9E73 0
0 286ms
285ms Fetch
text/html 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CVKsjEyPHY6WYKPT7rtoPlb2-6ASBnp_WW-GBrtD_DGQQASCGm6SQAWCr7LGF4BigAen73foCyAEJqQJn2QSGCo6lPuACAKgDAcgDSKoEnAJP0MBcvXKGthV8uWNAKtV2J6ulgwP0msURi9VbfWAXJxh0Xfg0aMd0q7TMHFIkEydOcfma_J7wiTrYzstmw0ivHarDKoyl3y5bhn17aaBXBo07BRSiHopozIe2x43I-L15zhscSOtwbMVsCb4S7LYgqcRWqKUIzd4py9oi33mRjfHuMpfo24zQE_R2UsoSw43g42CQ8R6lVCDVorS_DkLPR8rJyZ1tGIcqlXBiZ3uR4j1OMqU8krdOptijtC4tjA6hPBvnHMt66KyJ5y1oZ3lLSucr56JTJqB6Vdam3vG4fDBHPcNjHAqIbsVXFL-w_xHBP1aulpD3LfCaJccwkxLljVzyrQofNpb9yyctvXyafQLImJLwBxWJy4zwY8AE3tLO1tsB4AQBkgUECAQYAZIFBAgFGASgBi6AB_-DooUBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQifUC0ggPCIBhEAEYHTICigI6AoBAgAoDyAsB2BMNiBQB0BUBmBYBgBcBshceChwIABIUcHViLTk2MDI1MTk1MDI2MTgyNjIY-t58&sigh=SYLWTzLyoJA&uach_m=[UACH]&cid=CAQSSwDq26N9XVoNd-Pvk1dJkpfRc25uec3dySyuaErqP1NI3sHT3gHFYpDyZooO_2Ba3ymiivvLfJdby_ERJ_2OcVrpaaw1kikqio3zIRgBIBM&template_id=419
Requested by: Host: pastelink.net
URL: https://pastelink.net/v3774tc2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.200.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sa-in-f157.1e100.net
Software: /
Resource Hash

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/ Frame 9E73 22 KB
9 KB 272ms
272ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/abg_lite_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

c5418bee2b5eb509379e5146161267420c90f21ef5824f64ca9f7396a8f51dba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 19:56:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9651
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8889
x-xss-protection: 0
server: cafe
etag: 3049769697470197148
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 19:56:17 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame DE07 106 KB
38 KB 827ms
274ms Script
text/javascript 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Origin: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 00:54:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78143
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 18 Jan 2023 00:54:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230112/r20110914/elements/html/ Frame DE07 8 KB
3 KB 274ms
273ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230112/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AbXysY3LBnSa8Moye_uVmn8U-fHkuCfjnbDmjjwXFz-EKgV79k5Ec_M1CdKKsUfdP3-PutJJanOPgP2F4KShHCTymxNQ&cry=1&dbm_d=AKAmf-B8Kg_RoqvrsRysHz4PTU8Vj2PcnqHeWhp1u6RXnep7JAglyvgkxjOcIO_sVkvSGjNeRfcazmY0gczGy-iOIXdkWabykdeskKWmun6UrTq42SvhAOwuNs3jTtjt5IEmvYtBagsxhgnwdyWPlvUXTDunRCFEH42R_k817WRutVfFwNsxl9uq6DqV8DY1Smln9hIfiSxBZNYUY5bhnANtVR0I0S-qkZqbL-p60hzSIhaQF1DWNXDjw6uaC3e6S6qB0lX-V-55ub8LftxT2ZgTk8DTdWpYAYcTPsVQeZAHEFCH6fTbNQeAOVrRXU09H9iPtrACPVRHRiExRT--dxC4KBxLerIsMqN99pNY71AlCy4coEbnyJO4LYNs279oZRYI1bL_28bwn6OJ2CnlunbJA6MIYNofgwoX_mq6LVt_BCaHGYkHqYtUsR-Rp1Xu42L_cMq8OE7QzmoJgoGa_CcOf7T0CQmmDLNyva7kKiSqm24C46gpu2qa3HiENAqker9Z5ONZPkN_KNzyNzRec_j-87erHMXSItIPAQ0IjxkKRJc9yx2rZ9YPqlvweNIxGDDPBFRdheOjwsf3yMs4Bp-iiBbKoS9B08p9IpUVwhPZ2M4S5VNqFFuGLQPWuKgc5tFyFHe7_-XYxnFM3E4Ie4ByG1cXU0TIo2sUqG18sXfg4K34SLDCSfipVITn9emvNhVpUiYVSdm-EO3xErijw0qd3KABj1w-joeqxjfj50GTlLV82ge1Viej2V_gzu_SfGZs3ZDWdO8rxNkicJj0HnnsGN-ZUQP-1szouF_pIVwIX9xtDG1fbsdT9cSrmOcYUq7BYkGkmukECeJYwsm1bRA6n4PxI1_TGF5IvfUQD1gIM1f7IyZm433tSkIZVDMPkyrwXMmbGvij_t-UF8Owk9OR0YvgjDpBiSUbc-d-3jyAChUaSwbc9eLhIzXZykULKtcBj_O3PxgFi3wu5m-QsoQT11gGruW7yseh6vDEcDuyDT7eB28tUYmVaAu2rR48VQUFeiBL5vntG1emJS1i4PBQX0dOi_V7XLqPzKZY-hueYfD14pX9r0XA_MK0dOqH9O5TB8EC9VsGL6e9IR1ff2ZGs2yqfFsbg_aDer9a-HVmrB2WBF2vd_vClYA8S0SBqZFRvyKbTkDu6kcFBxQuFfhVLr5KTlDzO6zdVDPecyZVbegX8Y_Z7PsyiI0-CcQC8sCYeQNtAwTaB24bESsvEnDMwqLfXlW1w0gP0UAus9ecANCnAyH4pGK8GQnJaNOty3p9EBm0251u3W7lSCeYe2wIG7DKJyEIlpRemOimlnxlsFGS1taKRPzUAE1trxDLCvNrQ-0zjRLW2NKAHwA-ln08MBmRS67oanPbePqvpPspq1mIVypGljHfW7buiQKz4jIZY2P44O7Sejy9mg58SaXyzb1k8I4IfSMlUnRePMipNplv4Adi4xtZnw-TmNaRIUB0msgEg2vKN6rMe06RTQKZv5RH370ICIxAE6xl2mheccw0A9xEsUC7TGp6iTzwiiVyu9PIr87RD2P4X3hg4wTaBq0Y91Zh7UfLU5Yf55XdcIV-NsuqN3Wm05-ORockeUhVfVtKiK8DxPNG7wBSe-bi0VJ5mDORYHLEwJ5iCNXYklp2L8AegfybqCwJdc8w_sGAdSrByl0Ff-4RB3ey885WQL0YqVitkcbFRDlOhj7jrXL0x9YPOcBmE-6FooQvFJV6YUD_x-JkpDTRrhz9aSTBU8y9Xq_yFhp66FEjP4tkM-NkvOahOk33O56hb1Q7dAaaQkLJ_Tf3iIjyVCNU8qbOLj2ob3g2jOdY2vDMuidVgq5zNRceSJnUB_CughZW0APqk4kdKSBkVoYBGk8l78jf83bDg2finxRPL-XxzBS7ZSqRlDHHty9-3Pmncrak1Xs7cEVEaDQBCMHqRmkrCW2Iz1B-0Ry9FDPwHpQLa1NryDRNidpCIc5bSXiu-tSJDkDr0mTEpRJhagoBQVL1tZ5j6CxcKV4vAPqq62wx2MWquQQB0Rqa-1gvBVeulXr3g9sF6_Se3qQQ_LL4WrUEiV5bdc3znj6IReSB4oDdLuHsb2gDEb-RPiixV7MKPPiR03s5pwYoCndcdElgv988NrK7ujh04PxL-Fs-6YOGmBvapWaRTHTwr6VGFIdTxOXfLlt0qVvwz5B5QlYnVmObt3OKAoBQQZZhW8--7SdyuxMeJp9x5bQVoh7eIWpcHvj2R4CnjWXL6G6chZMyEzIRHnnsLvL2UQdEJ0-GKKuQI4E2nVdTYMur027V2VX-uJurjHe-vMvbDUWBQakdApijclxlqmN3XKoU__E-T3D-_v4G3NsrBfFjfj2bZBmVxdGbCiO0x0XfH2LQZozp1mNpfbu_6iil7e2ZB5Lm8738Do5PAcwmV2_6Ti4uDcj86TPdbI96K9B0E9qx9QZ_XF34uVYcg71m2BojmzR3kw8682NMIpTkFM5bHO0VGIPBHdmryIVoJEw1cP2xfum7jSrYms8128TJFydaeQrbXTnX3UjovTJicP-xjZeNVUQmmLwcXOuil1uZ8SjiGKdX0GlpvpqpQCwiN0O3ul9aIzFO-zNuMI3u3qC1Mq7ZkwQShZSgKf1amlEeE6s5q3OoltDm1xnl5d3x7pQDaFwSTFen0TqlIwFEw8_86V_ZOxk1665DwXFieDUgYUG4BJRumwyQmpmUCnvHEftpq7ATHuvDcLV65-cZ5nmcAwNQkeL9lRqIwrRCejONz2O5qE_Tr4WDX8dhNG27BgWLYWc9bIH7dluuoXQ248IzbaEfGwb5ht-sJpOwc5tpEPLdqRCpOXj6ctPdS7iBjfl9yXfneLn6Ct-bTuN1e9MiTogEWiy92WVb-Sn5ax_10AXeSzdAvaU1adpDYrf101dT2UvScFwze7QggiqeeKZoJS86scAjxUoo7yzOAvjni-NIlrev8lyr_zxwHE7g34SGuNcyRnsTwIgdMzKz5ORFYUDkCJMrVq7hB3vzj_Owwjzo8TloCzI2YWI2Dako1Y8B0OMxqUGSC_vAj9fljFsKZhqkYU3U8wjITiQ-8XdKZu3-BmlYfMYz0zFQDtdu--QMus0qDz0_js_-z2lAXUmBHjw4zqa-UlzA1vUZxA_KN9kww4NG6Awsex2OMZ5KRqwFiHNtnaOh-_Vhny78vxEdaFX41wjjfraiPNzYgr8EqtmWDMZur6mAGGgBGx2MgZcz3ChlndUIE09tQ-MtNSr6AQdjRe4Q8EmXnme2j5WUVtgpZfrXAqqsR_MrKcRVcaQQnO-tgIhdmRaOIGKgH3kMj8I6cc-RxX2wMTSpTDBYSmgwtRlUiUM4OVDfOZTrf2ofy0vzA2qZeJA05S4yLs00CnqPNRR-r8KOkt97rk85xdwL&cid=CAQSTADq26N9pCxxyx8rhTAtRTz_vT-pgngRag0zIBjhCAfxOfmtOmgGie_mkDwNs_236N-AWGaOqUF5TyB6Wa5GDJnncuH0uW-3_s6ykFkYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=1813773839146742000&adk=250412560&idt=609&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 19:41:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10517
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 19:41:51 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230112/r20110914/ Frame DE07 28 KB
11 KB 274ms
274ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230112/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

a800c59c07101ac9e787ae10eb5d6a7124dd006d97db2ceae985a85488062556

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 03:45:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67882
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 12554467027428251666
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 03:45:46 GMT

GET
H/1.1 200
OK pr Show response
s.amazon-adsystem.com/v3/ Frame 7E61 2 KB
2 KB 344ms
344ms Document
text/html 209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

98a6d1576bf675d1ba7e239a36f83061c3d332c1c57b971aa7583d7d780b2952

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&dcc=t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 1788
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 17 Jan 2023 22:37:08 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: N6YVY8Y7N5JWVT5JQ0BS

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4C7D 0
0 282ms
282ms Fetch
text/html 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Csm9SEyPHY-n6MsmvrAG84qLgBpj80bFcqoTM5IUBwI23ARABIABgq-yxheAYggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTTIAQmpAuV8jK-Wc6c-4AIAqAMBqgSeAk_QwRXPJXzh6ZDGikMpoV-Cvf99CwtpG8vrgSqwjtffulv8ym8rbQPno5npbNIFEY7Xynok-wXk9s_kMQQEd5lP-g38rckUo7bFfsSw4M5Id0AuASTuxNUS7_qiJPrYo6Ww5SC9oBxFM_NtNRmAUfjbAl7iZ7KAupAwJaDs128t32KACiJBWf0I9r4JBQPr9iy3EQb9k71SDr50ytaEXjTa4EcsQFTTiUUCPd8lYsfAdrLhWb8DDo1478Obbp1YD0ZlcYEbWUo7991bT2PFIRztieqvYWY8mIGPv3RQe7REBUgm_FpCYP1Ne5mWaeEynCQu6IOmxUuLmTJ8pGqeJsAO5WImUEsN9OHRoQuUL_EyCBlfaNdZD1hx4E1zcebgBAGABpiinNPtp57dI6AGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA0IgGEQATICigI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTE3NTA4NTYyMzkyMDQ0MTQY-t58&sigh=2Em4s70MQjE&uach_m=[UACH]&cid=CAQSTADq26N9lb6K5Psi_v9PDd14VBKPgNrOKR1j9AC6fv4UHfZDbqmJp7lX4zXtpy9I085MoHMzDJvBJVzYeDYcu1eR_vSXi51E8wZqFNQYASAT
Requested by: Host: pastelink.net
URL: https://pastelink.net/v3774tc2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.200.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sa-in-f157.1e100.net
Software: /
Resource Hash

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.jp2.as.criteo.com/google/auction/ Frame 4C7D 0
0 959ms
325ms Fetch 182.161.74.19
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.jp2.as.criteo.com/google/auction/notify?profile=14&payload=kI3fEaOzWawC-gFi-C0SAgAAABhMXkAqKIAjEBMjx2PAAmQ8P4UCRdRmAAASAAA&wp=Y8cjEwAMvWkKKxfJAAixPJgFQF5lKuFcYMr6Jw

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.19 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:09 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 147517
content-length: 0

GET
H2 200 afr.php Show response
ads.as.criteo.com/delivery/r/ Frame E8A8 291 KB
65 KB 952ms
477ms Document
text/html 182.161.73.148
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.as.criteo.com/delivery/r/afr.php?z=Y8cjEwAMvWkKKxfJAAixPJgFQF5lKuFcYMr6Jw&u=%7CeBQC0XD3d3H9hYCXTjfTDiYYt6rajzQD%2FfwvQ43A93E%3D%7C&c1=jWCgqsKSUoXV4BApc600hDmuoLfpfMVBJoxIoA-qWR4GS8d0D9pqsgEM8_Ocsn1baLzoKXzHkrCOaa2kpLHF5e0SfaK6wpabVmtIyeQdKM4SVHXCp4B8uSYGxD8LrZiYMnqXNdosutII-vtC_wefvHtYhhOTpSWfATn2s2WDRGpmKKvaD1cOivpYUsgPlYRzXGSk6M1mV38cy7kK6DSMocU4L7XUqAEKwvUK3IDS7f2T14sB28WQCTMS5QhMKi10Sjl7lUnw6OvYyGgwOib760rhB8w7DDbQ6-bN6tQrIRlQFR3UsAR7pPZe-MPZifZMVh5PlBIi9wKKJR0nO6OenoV23uzC41ilAaSn4oBfWckYZRoADcJMikouTaRfTfRfzgsADqpNmrMoCrM2FWZhRKaz-oTfJ9xGweiJv5ooV1TBrYlJkDkT_0LbL7lY8k9esQNjNhVu8Yqgk9Q2SWVZbJotMu8N7molgOX2jiG8L5AGkg5UHV1lmbyF4tWWR0YujOgPX6aWSAezl9RiUZMqL0B0_hSMmJVo1VfP9YDLik0urz35X0Pv8yo6ldT0BalUz0zdV9PeGCe5yLq7rXZ3LHIiSxPJnXhLBnAQSVF0lZpmK6bnJZyjwdt68GZHv4hLuJlxqBjjzaI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCs4i6EyPHY-n6MsmvrAG84qLgBpj80bFcqoTM5IUBwI23ARABIABgq-yxheAYggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTTIAQmpAuV8jK-Wc6c-4AIAqAMBqgShAk_QwRXPJXzh6ZDGikMpoV-Cvf99CwtpG8vrgSqwjtffulv8ym8rbQPno5npbNIFEY7Xynok-wXk9s_kMQQEd5lP-g38rckUo7bFfsSw4M5Id0AuASTuxNUS7_qiJPrYo6Ww5SC9oBxFM_NtNRmAUfjbAl7iZ7KAupAwJaDs128t32KACiJBWf0I9r4JBQPr9iy3EQb9k71SDr50ytaEXjTa4EcsQFTTiUUCPd8lYsfAdrLhWb8DDo1478Obbp1YD0ZlcYEbWUo7991bT2PFIRztieqvYWY8mIGPv3RQe7REBUgm_FpCYP1Ne5mWaeEynCQu6IOmxUuL2zBdNo9Qr77xbBO4ux2XN8jFq5yeAenagOoJ8h7nEXRpB6biDxkNJGLgBAGABpiinNPtp57dI6AGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA0IgGEQATICigI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1UiiBbJdp6bPU8eTjkf6SqFNkIBQ%26client%3Dca-pub-1750856239204414%26adurl%3D

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.148 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

a4eacca7891293f7453a33cbd244b28486bb1885a0e0350ebddb587e073e267c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:09 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.as.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.as.criteo.net/heavyad?cppv=3&cpp=oFm62J_4V_gHt7m5qRMAZ26LdKd6SS5u0fMOrY6LGeWWpoA6SB9bg8aPC_yLe5NnEiDXoBZCWmCpidjnPymdsWSjgV7skg4NBiJlTwsT0A2vx6TbxAFpysg5TvrYJHc_cfKCM751K7vjkz4KzkaS5Lf8IuB74A_S-7-NKixsvxK26bEqtym0cZpheO5zWG_LMNf8E9SR252uokzQaligZkSSbd1jPZYXR2YbUcz0ajj_5YfrlrnPA7excaO6HhpiN19Lrw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 96249711
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/ Frame 4C7D 3 KB
1 KB 424ms
422ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/window_focus_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 19:50:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10027
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 19:50:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/ Frame 4C7D 18 KB
7 KB 307ms
305ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

fcb2a2d76154a28aee5a1e84fce890f1e5bd8ef41d5a7c8368f1db418409cc83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 11:54:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38536
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7536
x-xss-protection: 0
server: cafe
etag: 18409170587552385168
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 11:54:52 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 4C7D 24 KB
6 KB 378ms
377ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Jan 2023 11:40:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 298571
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 14 Jan 2024 11:40:57 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4C7D 157 KB
48 KB 275ms
274ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

sffe /

Resource Hash

cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49309
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1673441803913192"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 22:37:08 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CB38 13 KB
5 KB 282ms
281ms Document
text/html 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 451450
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 17:12:58 GMT
expires: Fri, 12 Jan 2024 17:12:58 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DAC4 783 B
970 B 828ms
277ms Document
text/html 142.251.10.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f147.1e100.net

Software

GSE /

Resource Hash

d7b1fa3276b723364667cf0671c7b3d53265c1c7c986da5bb8c953ae2fd16220

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rRNWQ285i0sGphCIEpkVpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-rRNWQ285i0sGphCIEpkVpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:09 GMT
expires: Tue, 17 Jan 2023 22:37:09 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 154 B
608 B 736ms
260ms XHR
application/json 46.137.212.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.137.212.121 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-137-212-121.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 38521c8aef10c9d422186a1bf8c92b8d01ca63c104d04512fa629bfe794dc05d

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:09 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://pastelink.net
cache-control: no-cache
x-server: 10.42.3.218
access-control-allow-credentials: true
content-length: 154
expires: 0

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame BBED 106 KB
37 KB 925ms
592ms Script
text/javascript 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Origin: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 00:54:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78143
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 18 Jan 2023 00:54:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230112/r20110914/elements/html/ Frame BBED 8 KB
3 KB 273ms
273ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230112/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BDVlS_0_gcg7PQBQKJV-k-I0T9qewVBhppMiv330KGBnENhJj1V_CJ8S-MlwWq4yeFgfqcFuDpzRy74zT-LvH6z_q9kg&cry=1&dbm_d=AKAmf-BeKwcaA6mYsAacFmNtSXD2c3qnt9UI1r2reBq_etNaEMQghL4IqpOdjsy0FFPHPTZi0aWepKwT2lW4yX5kp5rSM4O5Vc_ouLPaKklbCwkw0Ks4Is2I0bzlZ4OtR0wqL8ppTRjRR2vST9zeFNJ3QBxq3E3Lf_fdcEol38PaANNj7eXr3vdjxNdt8-Glb69T1mMAvkmr5XLv9PVppzEREMmBRervy_X21xgYcklF1gABUH85BxevlZ9irXEcNbSmcbQeyz-spEsxk9egwg-eTb2Cdq5mGs9Ii3dKmkBE92AGOFkKCWSWCalXJiav5Pu492gvaH0Qr8IYUDl0ip57mjATSk3WoWyu7IYXfw68E5KXylGvZMVvzPK7qcFYlPbHs9jDklmMaJ2v4ZZhS5zlvo8VPWsVO3H5s5jpC-UDnT5GGmT-unyVgHmmuulJj5HK6090xVb7vXG-yZofAjn7WCie6VPdWFyINHqHbprMKpiTM0PeUD7CUeuO-sMvNGVSOH1IJLaKYYkrANTxGjq7fq62hFgPcODLNZTwQ6NMk5VsUQS7V1ejmtCMM2mGpGg5XBRR5etrJXT0lyV6U6-6uU9XtiJ16CxIWDeR7bGCSCvCpBsNpDCMYvydqqGCa6Ci1xNxKN_iZ2dYep5Ykv_83tOgYr2H70YOPc2v7jbgv2NlcbPlx7LThR26TMUC_FinNOe6rLTsRrCMPmxSFUhRRs7phiGsd-gFDvJcW_6i8SzjfMcqf_jlWe-XBWqmC_Pgpsk7gug96nRf7xThjMrwtcmf2O9n3EkFWl2dy2JyeOVpblQHAMPidhNLV9Qr21FUPpy2mjzg8pd6KhhF4-hZcDrM_OO6JXthlSzgSZb0XTzy5ESq6wmmQASFKxURpXpwVzx2xPCRQpAPjCrLe9OAzPB48gFcjUgIjnwhl2IZnSpJ8uf5JDHfYkHII88qsF2_Gs_FxieMVGZNwYyk5BbTcV-HjIJjU0KfYqlOStYNqC2dh5AHlVx5P0Bn8Z3EmeBt1BN_QP7eERzuatapJkkToEg6GKIkBI7eIqX-JcvLyDxmL7lztyBfd7lt38rYgriZzBEg9ZtoU2motNnk4u20QTtor8ug8ZtPzzEQCZvS-qHcZq0zEII0o7RvjKZlKtJvBioxx9oVRnuOv9evMxVRI3xwQxBi-ary3yln7JSz1UYmaBxT8CFRbdnDOT4uJx9mGQqvhlmm5FQz1Q4C4qWJqQHxvuh5ex2H1v0JIY36OIRQIGu4oqhRIa2aCQJQGA51ArpnxZ-PDFlfk1z7cYRvMH5NldkT7cvakhrhlfhoVpCdizaL9MSBHSOCSCno8xcBrgEJgX13iFuHLVp035Ht0cAo2A6Kuxx8oRtjOmAitfig4YqfSpVY8zze7K_mnCKiSAKh8NARXE5_w0nEO8iFg3sYAo-XZSPYc4MuVS_rQmOLQeIi3kapQVMpyvmRoqYU1xBf6OlYaxi_PXbytsAsKMt7_QQo8hkTAhw5fC8h4wrsKUz47WiCvdLjqkgrZT_jm_A2MwYZxomOYSo0OVVTGe_rKBU7twClt3ByLkhOZ1RjsrUH7shr1rJHNUFH0Sdfk-hr21cPQQpjFsQBef1lJkrtG2AN3qorg6PYNhGFJcfKEICYqzAx4riB6-BY5WYjUgtkHcGxo_BXpwcdms1ut3xfYALjkiVQJUVuNXkT3licKogCAksD9s-7W-uTVMjk47y674to5l3GUd0e7so4EP5WcL7bEMRweZ3SJNoMzMr7iqoMUZ4avogsC29BNiyRfv_A1p-KFp4UeFadIT1w5M1ILT4XHMWzlUWMi89z6irJH33_4Gq1arpp351OagNJk5qCwSXzcaeHvd0U6tNWnkPyaNcXPgmWkt0gZ5Tq5zhvjN4Klq7o2JWanAEFL780smLgABDLAAzvlxsq6AJ9gyV5OVaAvT3G9_9G4VfYvYTInFOUs-Bcd0wj-xV8mgjo47GuQ40_m6Hsm5hjkmAkAbWbKxv0yAFXTDySTx879L083AVa96G7mV0c2wU9p4dWsW8aWrDsyFl-61t77UFrtZ7iOfQW7NSJXufxwUlXyuKlhB_H4DMdp5HQA05Cf5_eavuRCWsc4I_dcNyaStWbW2SgpjN3TdH5C_zwyZEOdFPL33quEZ6bs4nAOPksd-QIOMcY_Q4BNLOlO-WY76NASP5Q7tHndhMfWvK2YwbRZJ63vARFc-BUtq9M9-pZM4qRI6_rCXu3koWchLl7IUMWcrV0nCQJv70fibtiPZjrzwfsTRzTTQwWyK8nJJTLHVXKeU-T-naLZziaewTTdWQq0TA6iLdJGq-Tm32cYejToequf_xfnOPPBKQmDFvkrvlQOsJZaNRT0esphy50lSU9EwkYEWfN14_Aw_nwqeRPfuuSu5cqxtMSsMo4K_vvyW6LH8EFO-ZTPliX1tmahXINwz3YeQCIBj4KZ3iV3iW0jdLysX0fBoVguLgjZ3oh54phjiA0LP2SRrl3TNfD9WMKEnGiP66jxmjVGaZloluHd2o_z2DCN-zAkS99FfkYy16DBQHG43Ls_8Q2HxSbBSnDgevGL4lm1CjXvMQnaVFNHTns8V1Wm3xCnjCMYRShW-SDfMnmz-NBaOkmG1-p9CaJQX_sMZhMWYqnHGSVn4j0UhZ-h0JO19WR_AncttZwhARZ-gzEViXBOU4Fbh7vxDQhG6PcOOk-AI1Q5pW50_AWTHw0oPiEUmCi3rzaGHpKDSISSAFkyy1TuXyas7_90YG5Z6dg1zmIZLKyFLBKwQIezMD50ir2mm63hpfhz3IRi1ZirO_KXRWC_mOLvZ-KHRZ_y917GJylX4wopz6zZ2hCB6xy0O3kCNFiyQ6_afX4gRMHh5vSRP0jxYizKUjNRiwu9JSa0WCFue7QLPhXipSdAegjY5_63K7-oR8yobv1Pycl6JZBV5-X6JA4oc6sn-NjPH33Bi9ALjVH7qEOCkV_dYbv1K_YQxf-0Acj2ThxHXJei3TO1mNP4naaMDVn4rnqDsqQkZi27wUrtOyVqTtFJBD50Jd6s3eGZ0Dek8l0jbJie0UjG44jmcukeKuCgOkzj20-di9JWKrHcyKQkvKpFRdQHhuA1lzvXxVtPXyjVx80XXgEmON4B4W0VjmZpWp9jxZq_BkewCTn3e0Ng0bfFo6cVOg2fxldPXri97hqbS9ClDym3eD3-9cgd231FooEv8u_CDEF2nphG_5KKuRLOpTo58lF0P9ShhyGu0fHFmXq2WIAWh0ohwOX-VgwQ2sve0cj9Zt-VHATxeth8ANPBhd3fxB2_8pi0C6kNnw6DnqROzWmfsiTARSziUt15aHrIdd087SM9GgCZuXTbnqjt2sywhALTAE&cid=CAQSTADq26N9oGo_jjlzf0L5pON9aN29Fn_OoPSBB0ixdxvxx3Rn6YDSW3NM-W-78Cs1cDkeaAnf7TwQHXeC2UmRUN4qgQmbte_fOoPWttYYASAT&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=3606121010059981000&adk=356101037&idt=1149&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 19:41:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10517
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 19:41:51 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230112/r20110914/ Frame BBED 28 KB
11 KB 275ms
274ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230112/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

a800c59c07101ac9e787ae10eb5d6a7124dd006d97db2ceae985a85488062556

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 03:45:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67882
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 12554467027428251666
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 03:45:46 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 95F3 41 KB
15 KB 305ms
304ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AUV-jTXKhs4_Mne2JNwZbEYUCilRCdmXWad6cm0XMmcfKRH4xoxrSiCmHys5dCjRyMTC4ACjlo9DkzAeUaFbvq5dMP796Qc_zJM-oKqgC6C3fJDe3BKZBUChDWUJtUXmlSx_l1W7QB6G7mXU3wxpLGxVW97xetCaIWumBmLgk2COZKuhE&cry=1&dbm_d=AKAmf-Dqeq8OqrC7azkHrXQUvHRLXhyLxI_cTK_r6cphd3TUDWgOCr6_tMK595juqWQe_AxMgM7pNLEny1j4kgYL-mk7t0dHJIEB0qARPWyttu_MXUWu377ct5cm5zuBn6BNsq2Z-aJwEb7G_OGzsMohpds9qwg3f5zkD7MJGkhWapvs_kLVCaZ9L9B1oN7EJA-RB2EjajpZJrj0CETFv6pzp5lZF6TyBbIwPLTNDFLnoHPVUNXHJHZYSkDTTzeWiRHNlM6FABqI1G_hBAGc1IbrjZm4Z3hBAPlICDAfEQ0txjYM2MEumHZVM4Ym7nQ6dGi5EfgHPVDJStMIUPhItpwMk-MkHYIQpIqIsezl64zzZTeyW5hYKWhNnzJsdY5iXHO4n8M8EteV3Qz9dUmxCcguqAwF265S8-Xn-QQ-6LPEbWyeXhTmj12JDR5qcqifEeHlk_gq1cPMhVIYT3kmXz9q5wTt1Tw6jKiOHTokKXVNCRpwcSj_FOBkrnooUejgcVDO3ZrfMguwgsXJXPPFtPUr10P5cOts2jdLlBbz_IQoOn4E7PEWX-kG0MVAbVuPnzTNzfzEguZyrvRd9UdD_bbb1AzUWSJKxDCS6lzC2mVfVt5gvEcaqIK883ufE3xnWU3YOyI4y6dC8BSKw5ERWffBX1M6D-Aq9mm2e3Ij-WcrQXo3j-srZI73rpEtzNn0w6vKRxeODoQFxUgDow4CKfXEBksxTxhw2cNUTZeJd8Rz5BqZJZQ6QYKjta2NnmuAHySimnJgasBA81Dwwt6BoN9LsKwcvQb--yYH9SP8MNgSSh2J2w5mk3odsLRhmQdzaYtgKsb9xaJUUtGPDe_V_12j7-Qa8RcPV6Ya0rsdd6S9DdYpZUBy4_VPIw071GVmpEbCdVLglF5Kycc4KY76DI8yAvH5etIvuH2Q0KWazdbzaAM0P9jgjPLR8Ke88bFchk01UHKn7yWKhv_jZfGLXMbF8-uAR-3YJRRhkAnCTURdSzFnyV7H5CpV_46JJL7R8pZw2Y1E6RZNLgsaaiZTR6hEh68bECXPjEYxnu84_WLvc-A8fnSwM6iKB0UQDHpPiOxZ3nl6vhy0aDeCGDK2vYcTsz0NV1XRtM32lHmB6IQsm_AzDLl0UNsbkXZR3ro-W0lkMxwmyopCtckxBoI3ZBti__bew3-qmJgW97VMPmxk4s07JEZsVdiRgLPeygp9gxXm_ciGBonoy6ArIlRvu5bOPJgxMwwu817tSrV8aaYrzESt5_lfFC38XtPcv5C6b01jerD9Cv0Q4EAHnXsPnpl3E2lvLw7Wg9XmRCXuTJZ_bQVliBkGxGNt_zsC8qGwakNE3BbfueLXT2-ZmsGJvmbADj9RkunhyXY04BtPVFcOiXBsw6a4xskbZFGWNoG2pdQLM_g2sRWn0EZ5avchMp2HkC9G8eUcOfZkrb0AmOArm34drLXB_hrvI3XO4QlFj4rbnytv_CDo5EeePjlBpWIy5_uMMpojOlGksbXw3B-VS8mCQwCKFfGdZ-uUuy2wkoxJP_X5IBzd6I0w2awv51w1CjNNNOLX5W1fn-bKb933Y4eLQWqUm2M3ejQE5xNGNZLw9eLkjdxqvB4MiMVnTYNhT9j-5YVCy0xwPig3gDS3e3ciCrRouWMdxXItdaL2_LD3dkE0iulmjgENMmua-oRY8rCCbEHdVN85W5exXKXxfOd1pjcwQnjDXjpJvq1KRfu0wwzemEWqmjkWD4JApwcKfPu7wq3rGBF5Qgfc1sjOEzwJ3afxN4frAXwv10Fa32IGAI7FGolY0brBAHB_bKKYdNeiR21g-6EKjKZyBlKNiMUKMZnWbOmk-gWxv84tpmVmEwdroWArnl82UyF7ZQuoNEYhH1kFEeAE1f6oSxZy3z73qvUNdomzv1hhJGO5w_ZweU8kYeX8alfHFrqVHgHmGRRvTLETZZT7yebC4yVbz2ixn491-w81m2P8gN4dS3RReEn34ihkqlTe3psY4oyYPP5QwgQT9v3YD20JSl94Ibp8TI5ZT4EM4sB5Ggd-ShI6KBLboH-7k-FRfxQ3d9jTeq8H2SU_Decj6Hwlum_TURijZQyYiFCrkGf2EMEwRjvyqCy67Be-2emMZdF8VIuOnICk5PCcQT5UlX3KINmT2UUWDDLByzFcPvaxHnkyjDXLjFjd1sibOf6tMEHVapmcIAzJC9kF91SZlgPAISJRFL6aXjUkEyvuD5lQovXZ0bZMtgRV606WIcmVCHYK3uxFpwmI48IE8Qs2KJQcaZqPfzNvXGUC91hc2ClKEQtuY9yeUBZrjKPFyKKpF72VHSsK7IFCeO2Cl34Sd6kA3Jz4Za_pqTb_VmQvZp17mh1y8jTnX-nfPLv3Z4BHjuOWazrfAmpfle2OpSfARB2TgsZEQDJeBZfYaiGWqShqWy3WyEm6nIuOhjabyIDTqyLIR_F3OwJG_Gpzu295o3yJio11zyeJz0qG_Vrx5zUA2qnI1SLSrLvfQxNZ2wavdPCFbKyGugzK9q2qBm1JI6PT2-gFXkAcaPJU518R4zU-WNq1aWVeBLPvN9jbdYrRzZ0GSIZ1nhm7XT2fCSwZtEJJa2drnow1OGlv9R-TWxwi7_JHwKhkXTpDZWQJHdOvOluZfOUHg0eW9n6CIROCg-bKM6KIYcvaL8Nx4vo6YBYjB37-OI1Bgx7DIpzDw4TWCRcTeQrOlPeqMYzsPJ0F-oweL4_-pY8wRKgP_q4zTC9aZekkN1MaDJymQqRx1yXULnnzIW0_SLEtDbJkeFwO04DxcG1veVwQ3AcyGmmNtofEOV6AU5DsVs6Mdw87unYcBmBeyueV8mmXi2hEQxqAmr0FRk_RAZFCoIQHY7VZH5hGagN8h30IFvwXbF33pw_FydsPSPJHilyigHrOev_9zJXSif36o8vmA4mizftPOjYWfJhTtx5XEQnM4_hvYO9vb_E3UoK97UjzfqhfagfATyPJfCxjFXE9z8uwd0I8oCQONqbWZtq0Hh6dt7--pibTJQP3quYi0jVkTcdwlf3H_HEcYV_x6Z_n3g0P0sPzdemwFFlN8cleWDLJFWIOGfSaksoSHb7vKebZE35ejGMdWGMnP740d__y8fhJPv13Td6YmNYEYitbzPpkO_Y2ILDO64Bj5fBSL65qvVcbqlS5Df02i3LrAbMXeOQKnk9cWkUFNd15Dlp-8BNTqis-g37G8rI42S_aL-NOO8_8uY2D3UROOmBTMYikr-P8HWGHscLhn--m7PyVVN6fKmEgV_6sfX-4WwzMezbXsnv0KkhNAzZ9f27jJKjTeW4o9so_dZm5teDDXdcqnJQiuzHOYcJUECvdpRyWAOHgkH8Fj6Iu6ierf3pXTit0Z4JrLnk&cid=CAQSSwDq26N9fgNLJZwNTUN_y9oC6JM54KDRZNIGulRBvrKfzOFnW1_eX3PMEQJTQCPCf79pGT22muxnAj2UxNeeT1Xr3QqJPBsotUDoTxgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=17043908556182340000&adk=1964084972&idt=611&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 21:35:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 176515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 Jan 2024 21:35:14 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame FC2E 6 KB
3 KB 273ms
273ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:06:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1826
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2551
x-xss-protection: 0
server: cafe
etag: 4618035238173732404
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 18 Jan 2023 22:06:42 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame FC2E 34 KB
13 KB 289ms
288ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 06:26:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58241
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 18 Jan 2023 06:26:27 GMT

GET
H3 200 cd6d26049a15855b9e3f36bcc4d9bfc0.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/ Frame FC2E 78 KB
19 KB 412ms
411ms Script
application/x-javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/cd6d26049a15855b9e3f36bcc4d9bfc0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

9aab0d90b389259050813251f1ce9f1c23938afe97928ae5e603d785fc8bb9be

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 17 Jan 2023 22:37:09 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 03 Mar 2021 21:56:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 17 Jan 2024 22:37:09 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DE07 41 KB
15 KB 483ms
482ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 21:35:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 176514
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 Jan 2024 21:35:14 GMT

GET
DATA 200
OK truncated
/ Frame DE07 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 22c7f201d77259bf599a7e2041edb830999b94b341d5ea4d9e0ad5200a910a1a

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1A82 143 B
166 B 274ms
273ms Document
text/html 172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

age: 1252
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:16:17 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/ Frame 9E73 3 KB
1 KB 462ms
461ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/window_focus_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 19:50:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10028
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 19:50:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/ Frame 9E73 18 KB
7 KB 296ms
295ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230112/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

cafe /

Resource Hash

fcb2a2d76154a28aee5a1e84fce890f1e5bd8ef41d5a7c8368f1db418409cc83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 11:54:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7536
x-xss-protection: 0
server: cafe
etag: 18409170587552385168
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 11:54:52 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 7E61
Redirect Chain

https://s.ad.smaato.net/c/?adExInit=aps&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsmaato.com%26id%3D%24UID
https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=2b9fb977

43 B
479 B

349ms
349ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=2b9fb977

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:09 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 7HCQ15JPZQV17PQ43MNA
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Tue, 17 Jan 2023 22:37:09 GMT
via: 1.1 31d603b763553e4238110d07f30c186e.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: SIN2-P2
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=2b9fb977
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: vDQcDS4A_Q_fVxxlF78PvqdwEifoyR-oVeoBB7NOKBlzl1vtlz2wNg==

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 7E61
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmediagrid.com%26id%3D%24%7BBSW_UUID%7D
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmediagrid.com%26id%3D%24%7BBSW_UUID%7D
https://s.amazon-adsystem.com/ecm3?ex=mediagrid.com&id=440c1f52-71d1-4e6a-9701-042a8f9ef24d

43 B
479 B

343ms
343ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=mediagrid.com&id=440c1f52-71d1-4e6a-9701-042a8f9ef24d

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:10 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 26ZT5BP0PGWGW8D13E36
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=mediagrid.com&id=440c1f52-71d1-4e6a-9701-042a8f9ef24d
Date: Tue, 17 Jan 2023 22:37:09 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 7E61
Redirect Chain

https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3169966297445546000V10

43 B
479 B

615ms
340ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3169966297445546000V10

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:10 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: ZZXRXGSQMABMR0H79RZ2
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:09 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3169966297445546000V10
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 154
X-MNET-HL2: E
Expires: Tue, 17 Jan 2023 22:37:09 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 7E61
Redirect Chain

https://b1sync.zemanta.com/usersync/amazon_tam/?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Doutbrain.com%26id%3D__ZUID__
https://stags.bluekai.com/site/23178?id=2fYQ_XzUZJgu-ju8gBCJ&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7MV4D233VORRHEYLJNYXGG33NEZSXQY3IMFXGOZJ5MFWWC6TPNZPXIYLNEZUWIPJSMZMVCX2YPJKVUSTHOUWWU...
https://s.amazon-adsystem.com/ecm3?ex=outbrain.com&id=2fYQ_XzUZJgu-ju8gBCJ

43 B
479 B

343ms
343ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=outbrain.com&id=2fYQ_XzUZJgu-ju8gBCJ

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:12 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: BJQHWNR2V8BA73J5J777
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:12 GMT
Content-Type: text/html; charset=utf-8
Location: https://s.amazon-adsystem.com/ecm3?ex=outbrain.com&id=2fYQ_XzUZJgu-ju8gBCJ
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 101
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 / Show response
match.sharethrough.com/jwumXNuB/v1/ Frame 3F7A 427 B
612 B 729ms
236ms Document
text/html 18.136.159.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.136.159.66 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-136-159-66.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 4fee67922ddb4a37e6f33f89f2beb311d8cb2c20f6dfb4597d5763bf5975c491

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

content-length: 427
date: Tue, 17 Jan 2023 22:37:09 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 6610 16 KB
6 KB 760ms
250ms Document
text/html 23.207.36.196
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.207.36.196 Jakarta, Indonesia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-207-36-196.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=78898
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Tue, 17 Jan 2023 22:37:09 GMT
expires: Wed, 18 Jan 2023 20:32:07 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame D98B 281 B
554 B 827ms
270ms Document
text/html 23.66.150.27
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.66.150.27 Tseung Kwan O, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-66-150-27.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 17 Jan 2023 22:37:09 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame A44D
Redirect Chain

https://ssbsync-us.smartadserver.com/api/sync?callerId=2
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=7677500079211826446&gdpr=0&gdpr_consent=

43 B
479 B

517ms
344ms

Document
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=7677500079211826446&gdpr=0&gdpr_consent=

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-mediagrid_n-sharethrough_pm-db5_rbd_n-MediaNet_smrt_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 17 Jan 2023 22:37:10 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: HXSC07JDYZ5N6M5GA9P7

Redirect headers

content-length: 0
date: Tue, 17 Jan 2023 22:37:09 GMT
location: https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=7677500079211826446&gdpr=0&gdpr_consent=

GET
H3 200 KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js Show response
pagead2.googlesyndication.com/bg/ Frame CB38 36 KB
16 KB 274ms
273ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

sffe /

Resource Hash

289788d2c332a3543a9a384333d98a7234b622a46df79735c080ea2f2b1f7743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 08:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 395278
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16068
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 13 Jan 2024 08:49:11 GMT

GET
DATA 200
OK truncated
/ Frame 4C7D 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50c2c57022add98067c22c6ff2a48c1b7b411f3cd4ed21eeceef2137ee52a4f9

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BBED 41 KB
15 KB 297ms
297ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 21:35:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 176515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 Jan 2024 21:35:14 GMT

GET
DATA 200
OK truncated
/ Frame BBED 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d10094b4a870d74a16077c8dd5fc752df8a6c0275f370f4690c781f0241117a

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK dvbs_src_internal117.js Show response
cdn.doubleverify.com/ Frame 95F3 57 KB
58 KB 540ms
540ms Script
application/javascript 42.99.128.145
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115843&plc=6419358&sid=18330&dvregion=0&unit=300x250&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hqcCz1Z4Rn6tG6rJO2QgFj&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=16740933992&DVP_DBM_4=416816016&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&turl=https://pastelink.net/v3774tc2&DVP_PP_BUNDLE_ID=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 42.99.128.145 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS: ip-42-99-128-145.pacnet.net
Software: UploadServer /
Resource Hash: c74d4c8be63fda641c0e0255ad3c7416862f17e31442a1a0ddd7645bc2d69d3c

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 17 Jan 2023 22:37:09 GMT
X-GUploader-UploadID: ADPycdsYJ9xGaeFXC_zbLM1PM6kyjn1UE8ZIFEwMEoOfMqnua9IG-GzHx-ELKy2k0mvCUHNiCY3Pkpu2FHX-JJWXa8LTUQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Connection: keep-alive
Content-Length: 58517
Last-Modified: Tue, 10 Jan 2023 11:02:11 GMT
Server: UploadServer
ETag: "d07704704b2ea7cfd4b9f2d78f0c7dbb"
x-goog-generation: 1673348531386362
Content-Type: application/javascript
x-goog-hash: crc32c=ojk8ug==, md5=0HcEcEsup8/UufLXjwx9uw==
Cache-Control: max-age=946080000
x-goog-stored-content-length: 58517
Accept-Ranges: bytes
x-goog-meta-pipeline-id: 742670731
Expires: Wed, 17 Jan 2024 14:02:36 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1A82
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

1419ms
1419ms

Document
text/html

172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f155.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:10 GMT
expires: Tue, 17 Jan 2023 22:37:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:09 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame F7A5
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

1068ms
1068ms

Image
text/html

172.217.194.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: pastelink.net
URL: https://pastelink.net/v3774tc2
Protocol: H3
Server: 172.217.194.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: si-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Tue, 17 Jan 2023 22:37:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9E73 157 KB
48 KB 276ms
276ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

sffe /

Resource Hash

cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49309
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1673441803913192"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 22:37:09 GMT

GET
DATA 200
OK truncated
/ Frame 9E73 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c52070e703709e90ca9453a4283a79040f07212051c3d94ff4c1b6f9a61bdf63

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame FC2E 672 B
360 B 277ms
276ms Stylesheet
text/css 142.250.4.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/cd6d26049a15855b9e3f36bcc4d9bfc0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f95.1e100.net

Software

ESF /

Resource Hash

54c7f9dacbd3be07256357be812bd7edf74ac6938ab155493b599a39136e81d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 17 Jan 2023 22:37:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 17 Jan 2023 22:37:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 17 Jan 2023 22:37:09 GMT

GET
H3 200 edc37c740ef8a5c22bf5847234123141.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/media/ Frame FC2E 14 KB
14 KB 280ms
277ms Image
image/jpeg 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/media/edc37c740ef8a5c22bf5847234123141.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

c400e1caa2a107789fb43ba31f6fe51ce61cfbe48c3095a4f01adc67db5a6652

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 17 Jan 2023 22:37:09 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14428
x-xss-protection: 0
last-modified: Wed, 03 Mar 2021 21:56:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 17 Jan 2024 22:37:09 GMT

GET
H3 200 d129006952938d51e87feebc92f32372.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/media/ Frame FC2E 14 KB
14 KB 305ms
293ms Image
image/jpeg 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/media/d129006952938d51e87feebc92f32372.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

ffdca46c79c37b5256ac2e778083d1e83467eccfe1b2c2f80ca9bf2d33192600

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 17 Jan 2023 22:37:09 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13981
x-xss-protection: 0
last-modified: Wed, 03 Mar 2021 21:56:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 17 Jan 2024 22:37:09 GMT

GET
H3 200 922e9788b6f4f4a7a45df46961a745e8.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/media/ Frame FC2E 14 KB
14 KB 378ms
361ms Image
image/jpeg 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/media/922e9788b6f4f4a7a45df46961a745e8.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

192f85b97fa563b7acbd1549cef8ddb49b0970612a416e072ff437862b9aceca

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 17 Jan 2023 22:37:09 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14027
x-xss-protection: 0
last-modified: Wed, 03 Mar 2021 21:56:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 17 Jan 2024 22:37:09 GMT

GET
H3 200 0d8cb58619d9e87fca0b61af5097eea1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/media/ Frame FC2E 14 KB
14 KB 348ms
331ms Image
image/jpeg 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/media/0d8cb58619d9e87fca0b61af5097eea1.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

8e14aaace409c9bccfb0d324f5edc33f6dc67faf4e9cad61e5a9739f8811500e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 17 Jan 2023 22:37:09 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13958
x-xss-protection: 0
last-modified: Wed, 03 Mar 2021 21:56:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 17 Jan 2024 22:37:09 GMT

GET
H3 200 d52f9e99d21caabcb1bace54ae3b26a1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/media/ Frame FC2E 5 KB
5 KB 371ms
354ms Image
image/png 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/media/d52f9e99d21caabcb1bace54ae3b26a1.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12535929144933595235/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

d50874f1a6e23ac5bbbf080f3dcb9ede912288ecb01ccb8b582308909524bbee

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 17 Jan 2023 22:37:09 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4788
x-xss-protection: 0
last-modified: Wed, 03 Mar 2021 21:56:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 17 Jan 2024 22:37:09 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5245 22 KB
8 KB 278ms
277ms Document
text/html 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 282038
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 14 Jan 2023 16:16:31 GMT
expires: Sun, 14 Jan 2024 16:16:31 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B997 22 KB
8 KB 278ms
276ms Document
text/html 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 282038
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 14 Jan 2023 16:16:31 GMT
expires: Sun, 14 Jan 2024 16:16:31 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8705 22 KB
8 KB 274ms
274ms Document
text/html 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 282038
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 14 Jan 2023 16:16:31 GMT
expires: Sun, 14 Jan 2024 16:16:31 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DAC4 0
0 274ms
274ms Image
text/html 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023011001&jk=1998417916665560&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.4.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sm-in-f157.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame E8A8 2 KB
1 KB 718ms
237ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.as.criteo.com
URL: https://ads.as.criteo.com/delivery/r/afr.php?z=Y8cjEwAMvWkKKxfJAAixPJgFQF5lKuFcYMr6Jw&u=%7CeBQC0XD3d3H9hYCXTjfTDiYYt6rajzQD%2FfwvQ43A93E%3D%7C&c1=jWCgqsKSUoXV4BApc600hDmuoLfpfMVBJoxIoA-qWR4GS8d0D9pqsgEM8_Ocsn1baLzoKXzHkrCOaa2kpLHF5e0SfaK6wpabVmtIyeQdKM4SVHXCp4B8uSYGxD8LrZiYMnqXNdosutII-vtC_wefvHtYhhOTpSWfATn2s2WDRGpmKKvaD1cOivpYUsgPlYRzXGSk6M1mV38cy7kK6DSMocU4L7XUqAEKwvUK3IDS7f2T14sB28WQCTMS5QhMKi10Sjl7lUnw6OvYyGgwOib760rhB8w7DDbQ6-bN6tQrIRlQFR3UsAR7pPZe-MPZifZMVh5PlBIi9wKKJR0nO6OenoV23uzC41ilAaSn4oBfWckYZRoADcJMikouTaRfTfRfzgsADqpNmrMoCrM2FWZhRKaz-oTfJ9xGweiJv5ooV1TBrYlJkDkT_0LbL7lY8k9esQNjNhVu8Yqgk9Q2SWVZbJotMu8N7molgOX2jiG8L5AGkg5UHV1lmbyF4tWWR0YujOgPX6aWSAezl9RiUZMqL0B0_hSMmJVo1VfP9YDLik0urz35X0Pv8yo6ldT0BalUz0zdV9PeGCe5yLq7rXZ3LHIiSxPJnXhLBnAQSVF0lZpmK6bnJZyjwdt68GZHv4hLuJlxqBjjzaI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCs4i6EyPHY-n6MsmvrAG84qLgBpj80bFcqoTM5IUBwI23ARABIABgq-yxheAYggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTTIAQmpAuV8jK-Wc6c-4AIAqAMBqgShAk_QwRXPJXzh6ZDGikMpoV-Cvf99CwtpG8vrgSqwjtffulv8ym8rbQPno5npbNIFEY7Xynok-wXk9s_kMQQEd5lP-g38rckUo7bFfsSw4M5Id0AuASTuxNUS7_qiJPrYo6Ww5SC9oBxFM_NtNRmAUfjbAl7iZ7KAupAwJaDs128t32KACiJBWf0I9r4JBQPr9iy3EQb9k71SDr50ytaEXjTa4EcsQFTTiUUCPd8lYsfAdrLhWb8DDo1478Obbp1YD0ZlcYEbWUo7991bT2PFIRztieqvYWY8mIGPv3RQe7REBUgm_FpCYP1Ne5mWaeEynCQu6IOmxUuL2zBdNo9Qr77xbBO4ux2XN8jFq5yeAenagOoJ8h7nEXRpB6biDxkNJGLgBAGABpiinNPtp57dI6AGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA0IgGEQATICigI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1UiiBbJdp6bPU8eTjkf6SqFNkIBQ%26client%3Dca-pub-1750856239204414%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 Jan 2024 22:37:10 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame E8A8 2 KB
1 KB 720ms
239ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 Jan 2024 22:37:10 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame E8A8 308 B
636 B 715ms
238ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 12 Jan 2024 22:37:10 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame E8A8 293 B
622 B 712ms
235ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Fri, 12 Jan 2024 22:37:10 GMT

GET
H2 200 lg.php
cat.sg1.as.criteo.com/delivery/ Frame E8A8 43 B
348 B 717ms
240ms Image
image/gif 182.161.73.132
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.sg1.as.criteo.com/delivery/lg.php?cppv=3&cpp=KX2Wss3YrVVOOrneEEBNO0Nksm8xLmfx4ZjCvHcJWqaIQ9oHw4hD9bilNU4HZc34Q8BhYGbakW5hELgXmDxoSvI_c6EymxgzK3OXlkKzXpvhHdv_hZp14N2EWaQK_tIsmnD0XSxYvezOipBb6jhfl_iL3Rw8ydeJdNMc5qmNqA6X815KCQUen-tpLB1no7_mCOewiBkjdpUNzt3yzXmVbuKbO7-DZ5m03NB0V-NhCgRnJ02HWcduAPsp6RcJ_RTk1ECM5PoKhohTdFPGHYCPs-JLj0oQy_26VbcYSNWxbV6RQ52SA2cPQgiQhPSgTSPNFlpNAuqPHAHzJng9mHljKwEXk_mv74iifYpuC_pgtWoNAMBaRNrYlv3evNCQnY-x7_8PcT5fVMH-l7lguUj_VGzx-F7A7h8fOgEICdMRiM-Ru9Nr

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.132 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:09 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1880369
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200 1102.json Show response
id5-sync.com/g/v2/ 462 B
1 KB 1190ms
396ms XHR
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/1102.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

b95e9b0307ca3dc7db1d65c112e817e0f88f767e0cb6af83444e35fc6a030f94

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 Jan 2023 22:37:09 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="CAO PSA OUR"
access-control-allow-credentials: true

POST
H2 204 csi
csi.gstatic.com/ Frame 6AA8 0
327 B 1785ms
633ms Ping
image/gif 142.250.181.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~ld0tf3ga&c=3325467068083&slotId=1662733534041.5&qqid=CM6XyrfVz_wCFYUGKwodfEIFRQ&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230111_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.181.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fjr04s08-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 6AA8 15 KB
16 KB 274ms
273ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 06:38:18 GMT
x-content-type-options: nosniff
age: 489531
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Jan 2024 06:38:18 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 6AA8 15 KB
15 KB 325ms
324ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 09:18:08 GMT
x-content-type-options: nosniff
age: 566341
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Jan 2024 09:18:08 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6AA8 0
20 B 275ms
275ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CKKUvEyPHY47CB4WNrAH8hJWoBMDqwpVuhaDRg-0Qt8uivcABEAEgiYvEUGCr7LGF4BigAYPe1pIByAEFqQI78E8zSI-lPqgDAcgDmwSqBIwCT9DWS_62w55v1Fh_siB2sIOxIz3ejDpuIeg8dfn4ct0uBwfiGzLU6EAf8TqDehSDzbu5ZAng6omuEofuoPy7uoEYaoPOghKccoeNhZGXh3GASiRcl23Hefi0yiN9N2KngSbeSjPgXQKScwA7qh22pJ-uXWUBpUmrMOHoxqoZHZ8hhKz1VMJ4uY-WuM4IunSXhSigmPtxImQK87PnvZqQjCGw28wMiHsnQ6WuHP-si0Ci5s3bedUlAp1ED5YasH6RLkv-AQXfoVvHWY39b6_au4tATkHpJwyKaTbCWxcGHV_FuugEgnK9Gr3T4lOsoqfdHOuZ4LpuYzAEu9CFley1lnPwuFOs544IK4up38AE8tWFzp8E4AQDkAYBoAZ2gAfloantAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgGEQARgdMgKKAjoCgECACgHICwHgCwGADAGwE-aI2xHIE4qG0-ED0BMA2BMKiBQU2BQB0BUB-BYBgBcB&eventType=clickstring&clientTime=1673995029575&ai=CKKUvEyPHY47CB4WNrAH8hJWoBMDqwpVuhaDRg-0Qt8uivcABEAEgiYvEUGCr7LGF4BigAYPe1pIByAEFqQI78E8zSI-lPqgDAcgDmwSqBIwCT9DWS_62w55v1Fh_siB2sIOxIz3ejDpuIeg8dfn4ct0uBwfiGzLU6EAf8TqDehSDzbu5ZAng6omuEofuoPy7uoEYaoPOghKccoeNhZGXh3GASiRcl23Hefi0yiN9N2KngSbeSjPgXQKScwA7qh22pJ-uXWUBpUmrMOHoxqoZHZ8hhKz1VMJ4uY-WuM4IunSXhSigmPtxImQK87PnvZqQjCGw28wMiHsnQ6WuHP-si0Ci5s3bedUlAp1ED5YasH6RLkv-AQXfoVvHWY39b6_au4tATkHpJwyKaTbCWxcGHV_FuugEgnK9Gr3T4lOsoqfdHOuZ4LpuYzAEu9CFley1lnPwuFOs544IK4up38AE8tWFzp8E4AQDkAYBoAZ2gAfloantAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgGEQARgdMgKKAjoCgECACgHICwHgCwGADAGwE-aI2xHIE4qG0-ED0BMA2BMKiBQU2BQB0BUB-BYBgBcB

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 6AA8 31 KB
16 KB 302ms
298ms XHR
text/xml 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-BtznmD9Ba16JXecEX-LTFuxLXMRXuODHg6xfw6cSBUGrP4rhEhS121N7E5O8-t6olhQOsi4Wj0EIrxjaT9ed-P7uBVTw&cry=1&dbm_d=AKAmf-AjyZW0-VsA0CUARiWzGBD5XaOpZLoKBWbsYnjDCXIIoIg3TY65yAe_1BKIIB5SbOmO7NOfMsCttD-CXRZMA3NQRmCbrQyuEBgOt8N6xdayVSRBZcrRTV2vmCr65ZOgG7Mj54Ei7xR6d_Ju4DqXiuJQnSYE_ayJPs9xeUp6v6K52KLaoHj79jrBisq6xSV3MYgDO_3FQ_hYHwsJDlBL-FZgzBe0iUJOz_xkHR5G15-bgaeex4vPmaFWqfELu9K6g7REVdlgAOFMpVcS3Xx6iJecL57JA8i4LYGmgTfJl-rmn5xxuScGBpVljn43X5TF1LLDYfG1iFqG0SfCYilQ7YdaHXmh9p1A0EAZtFcL__M-D0yB7ijX0chFLzTq_g-brpAA-suR8mAceEa9PuCkeJgHITyW-LYt4nHBVe95-hbOnCnDH44rKPHF10PstNgCqMZdYQ2v3-D3UjOD16U6_wbP9OkbW-CGkL2wClscEh9u6heWv7hURdDhx3ju2OECCAG-zx80PveOxL9h_CRh0AKWpyruAuLI2CwnHl_I03k_9n1jvUhrvkk1055D3HYWsD__EgkcKuEXH5foDzfFwHEAxgMeWnVKx_sdXyfZwYjmssY5ZzYMivxD93019nDqTpO9KvnE9lD7I2vez_VJey4MfbgBdKOvC1-v6xI3EOf_rqC5jat3q2dk4oh_nFWma2qGRU36FZEpRyMlCUzYPC4_3Lh0qHdDfEZBEqhaJDRDAI8jQ68BmOoDW4k2Qw1iWRf0mA4-yUSnGQIimVXUrX7g5YLmWa0JM2hFs7Prx_Iz0hDgXjm2OKCxi7f-8ukle0RSllhudwd3WV-U8I2cEPgb2wdK69ap5J5X2X3KdH3ZGnI0YGpIvE8R6ngvsxrjBGoJKW1aT27HJZXe6miOgBRkX4YZ78kSqFb6a6zemV40DsNzpq-d8EsTr9wmbx-T9bqg2wdcT0wPXak9BjI2vEBXTL7BBC8Nyag0C78PgC6-8jxfHqgRvWj8GPu9Ku6st8ytzRg_1EU87mEigpXtsr0pbCAVGYAYlTOpwRAzNzH0weoqStOZ9KNnrl9SsajjbyIFDHPRNvNjnZcTh2mfcItq3OxekI9aaUbSJIkuUl-5e_-NSKYl-r8cxM8qgP2_6ANNlDc7jL4hhPF5e-AZAvFtfhTsKZSxw_dppXjDUODqRCvVv1-ttFdViT3tndarUSiZ1Hv_fjQRHl7J57bVtIEtxEUKCynMZF0WC-KogHePjVNBbBP7HOAx42dWkzXBp-YPswqLioLGQtqo8KZUwdYHsY4EN3uHUek84c8f0ByVmzyR_vo_6dvugV4rRkT-g_uLAqpKbGIqWrrGHZ0_aR6ry3JXvNE1Cl19pKB7XBQ3nEvMZE3oWI6A5hTAlsZ8loLaEyNGkp-PqQEVJZweiGtMHE4NA_gbQ8rgVRVfu_P0vPCV9V0uy9HzZZKGBt8z0cOArdA7yLwOEP9kHd-Wf2SpGtlZnhalGO4CITvQ_HPjQZ_RnOKeSvFNT8ggsfQjB-Age5mu8_tTghYkMzTh4vBFOqRrQvr3HzVm2dMhDyQZF4KTiQh7IJeWDtb5uABhTeVyq-wAfCJ487QlPB2oyf5T8LtOLtDj68R9NRvh1ATEHWhLyg7M-Um7WW6-IAhKlxbi9xPQGGk4ZD0BAYK229jInEt6x6N-zq1pVd9XmcHLIEO6hF7B5DgqdCjYOfXy7epW4Ll0VnicXoeYYe1bCJoW9Cd2WGNbcNl35JM9H23CR-oPHJ59HjyncsIA1P8fschd0_CwiIkg8LVOShN_66MngTk15C2vbEF6c0wJfVfzxcA5vFgKxwlcvBaZ13ORMHCZSXrqWbi5I_TG3TTDH2mCkJShPqUH66gDuLq05Do-Sqnzn1Hr2TWwXGWgraxVrXEJwvEPu55DoDe7Xj7q1GUUFGv35lCkQEvQfeRAqPLdXA35s552A11J3bedH8j8HVdpOFNT5TNpkTx5Tr92F35iGpb_-4l1rcrEkMSf950R21NQTtXeNietFzLxFsZA2SGBol-AXcFsicpATzE-19WcPgGvE-rVt7jRGWVoSZxStWqV3vj796pnnHske_XurQZJTQpDapiIjqbmh325hajbLSwD5jEBSGY6rMOc9jbuJG1lUIodNSIsd3AXkom1btkD3AUxQu62JM5jPBx-TGxnEH0iEwEH3ePrQjRPtMjyF7tAmgaja5wXHtvbbaEXSfvAAaXsZBOZqxE_pgLHImNwiD8oGmahyZlcJvVXbXD2TqejegOEDZSsd8CShwW180eb1PB_KsTJlCK21Zf5gOQbOy-AKsmxKCc6LgYigx0HJMZyo3wrXCHG_w3mTtMrCVVlwOgBX2EZM4GfBmCdd9GYEqxJcvsKEbFwea5DFsWx8x35jFzcEVq-GLdKz5TEJpUtAi5MnClU9-2Ax5mujEAWD2k_Soe7mJY2HMYAO7TwnJY7LOkVHjSkMkZ_VhtFKVYJhVxrdhh2dy9BZfDkrKwXqc4xbyFqaAeldqJ6JyGbDs0bAxECkbSO09AN-5vcwlEL8-fTwnOpgoX9-LNsa5FNJwN4Ewn8tousXebxVFH9hU_gWp1QTv783RXfuf98kDeSArXzQ0CaNv_DVbx6z1JQLEvy6Ids0WM_a080_YCJT4AfIN5ZnLPrzgdXYAx23-NYRWizM5eO89PygqocRcq1bHIdpWLg_cOsG1b4KwlDUkBgc7mVGPpnS5dcB_YVS6B4OParPxRowDa9n561gGweZS_uayzR3n1d03OY1LkGACPSJvNut23PZp_MX_9JXnVJg1a0WqRUS0SS3Kh7Tkq0uBaS8AuRsCtRQcFF0up3Ajo_ksfldl-s9zRCcMdQsn9BxVunvmimXLbKZc3F6q37txiuWstvVDq3V3qvxOG8LQY30kaPOsZnO3E_nuWXFdCE52dmcXnblp8WFhkjKg7EKjchcYUJ6WeOCGadNu19jg-HibKRU74AjZjeubhq3ttRDONdIRBnob4dzsfkNfWaBKyM5juF4pXHxDE5L2bPVOyV-0ICBCWA4ldFUN5cO9bMXG1WxG9_orHAhR83BVAf53znC_XlPvyDkvHMRBPm8teP6Jh6cQkTkc8wtw056ZdxNCEXFwCpn_2185K11Dd_j4EcZwjzv5JW_vXME3AhdH9-M3gwTXT4o2tRTLJZxidQ3hPgUdWYfF7zcfq1oZWftBUS5sMW7UQoXxph-_77cyJ7yokX9VJBKNfARKm0xHWXKlCRpiz5kyEd8zhVi8Y0qBLG-1Rpy0KctkPTl9G6KZR-ASxiqH09pY_sAQPtRTzRejmgLLV10MYWLv3wYU9NdXlbQpmKUPyNpGb54eBpqdDpCTPGyQ8FdLo95l6az8PegWFI-FNKqEa2otin_F_aN50K7Dz5d-x-WFTf1DJNuZ5pTuIuHyvHDyueHiMIRAGKcxKgelROhQdXzy-gzo6OeGVXMg_62fmA1_bo2k1PHVePPCM4r-g2UWMGE__OZk9f80TAGUqPdxCVqqF-6_3xvejfb4nfdQUXo7KfdZyCw0_AOGAXEv-FXM8_sZRgKJasZphUsSxJqhEe0QrKvHejwVITTGVybTreK1QPAC4eNzwzXtgdGzEbGEKJpkZxh5aMmozCcq0-wnmrwRWfaB4D7DsIAw&cid=CAQSSwDq26N9GLtVgRbeSaVcxPKEAeYotpAfMv6jmyuHYmIoKEmA9ENdKursx2oPdkF0M-DnqLgDoO421bT3EyPX-oDHExF6t22TSCvamhgBIBM&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230111_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f157.1e100.net

Software

cafe /

Resource Hash

35e88c8252e2b569e9f68b8d9dcd7cb732d89dc956b12976d938699ecbe63c1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16338
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6AA8 0
0 279ms
279ms Fetch
text/html 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CCmg1EyPHY47CB4WNrAH8hJWoBMDqwpVuhaDRg-0Qt8uivcABEAEgiYvEUGCr7LGF4BigAYPe1pIByAEFqQI78E8zSI-lPqgDAaoEiQJP0NZL_rbDnm_UWH-yIHawg7EjPd6MOm4h6Dx1-fhy3S4HB-IbMtToQB_xOoN6FIPNu7lkCeDqia4Sh-6g_Lu6gRhqg86CEpxyh42FkZeHcYBKJFyXbcd5-LTKI303YqeBJt5KM-BdApJzADuqHbakn65dZQGlSasw4ejGqhkdnyGErPVUwni5j5a4zgi6dJeFKKCY-3EiZArzs-e9mpCMIbDbzAyIeydDpa4c_6yLQKLmzdt51SUCnUQPlhqwfpEuS_4BBd-hW8dZjf1vr9rjitq70nthnjG4wryi42PrxLx2c09y5fbqAuDBWUSojsWMORarStu4GSqjcmwWlXkvqNmUSxUDYnbSwATy1YXOnwTgBAOIBe_c5qhIkgULCCIQARgBSOTN4QGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBnaAB-Whqe0CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwoQqKkHGL3YwdQB0ggPCIBhEAEYHTICigI6AoBAgAoByAsBsBPmiNsRyBOKhtPhA9ATANgTCogUFNgUAdAVAYAXAbIXHgocCAASFHB1Yi0xNzUwODU2MjM5MjA0NDE0GPrefA&sigh=V-p4pAYZgGk&uach_m=[UACH]&cid=CAQSSwDq26N9GLtVgRbeSaVcxPKEAeYotpAfMv6jmyuHYmIoKEmA9ENdKursx2oPdkF0M-DnqLgDoO421bT3EyPX-oDHExF6t22TSCvamhgBIBM&vt=10
Requested by: Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.200.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sa-in-f157.1e100.net
Software: /
Resource Hash

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 6AA8 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d4113f744b5684c84b5a4a4adeec19aee5b1cdd3ee330bb6afc7cb2ab9ffb10

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 b4338c429b884dd1a41cf5d47720754c_gotham-regular.woff
static.criteo.net/design/dt/ Frame E8A8 31 KB
31 KB 727ms
253ms Font
application/octet-stream 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/b4338c429b884dd1a41cf5d47720754c_gotham-regular.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

af4b954cf45e99d5eccbea113dc2b66799cf8db96c3e8dfc33d145398743727b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.as.criteo.com/
Origin: https://ads.as.criteo.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 30 Oct 2017 21:00:07 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"59f792d7-7a00"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 Jan 2024 22:37:10 GMT

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame 3F7A 43 B
479 B 348ms
347ms Image
image/gif 209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=sharethrough.com&id=9f118953-c5e5-43d2-9aac-e2fd73a17ad4

Requested by

Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:09 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: P7YQ0CCADQQNY1F8PZS4
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 3F7A
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=

68 B
279 B

237ms
235ms

Image
image/png

18.136.159.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 18.136.159.66 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-136-159-66.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 323

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 3F7A
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=bf9d9fef-8842-4778-8349-7de1bf44f5ee&gdpr=0&gdpr_consent=

68 B
279 B

238ms
236ms

Image
image/png

18.136.159.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=bf9d9fef-8842-4778-8349-7de1bf44f5ee&gdpr=0&gdpr_consent=
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 18.136.159.66 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-136-159-66.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=bf9d9fef-8842-4778-8349-7de1bf44f5ee&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 323

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 3F7A
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=

68 B
279 B

238ms
237ms

Image
image/png

18.136.159.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 18.136.159.66 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-136-159-66.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 323

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 3F7A
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4
https://secure.adnxs.com/getuid?https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=$UID
https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=5319057607276055352

68 B
279 B

236ms
236ms

Image
image/png

18.136.159.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=5319057607276055352
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 18.136.159.66 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-136-159-66.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

Date: Tue, 17 Jan 2023 22:37:10 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 116.90.74.215; 116.90.74.215; 904.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 7db01b5d-c7f1-4eaf-ab00-0585c8824eb4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=5319057607276055352
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js Show response
pagead2.googlesyndication.com/bg/ Frame 5245 36 KB
16 KB 273ms
273ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

sffe /

Resource Hash

289788d2c332a3543a9a384333d98a7234b622a46df79735c080ea2f2b1f7743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 08:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 395278
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16068
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 13 Jan 2024 08:49:11 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame E8A8 12 KB
5 KB 127ms
126ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2343991
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5qr4n130V%2FvUd1%2Bk2KWGsMEy3GHcHgP7M%2BDlBjrZavcVGmE1rq65FCunN22kPM8m3K5AFElyVATRAhKvScE5TXzlmfAFbVttjtaLy1TKen7Kkeg2jIOm6nels14%2BHggwV9SbVE0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78b292eb8d431c4e-AKL
expires: Sun, 07 Jan 2024 22:37:10 GMT

GET
H3 200 KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js Show response
pagead2.googlesyndication.com/bg/ Frame B997 36 KB
16 KB 280ms
279ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

sffe /

Resource Hash

289788d2c332a3543a9a384333d98a7234b622a46df79735c080ea2f2b1f7743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 08:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 395278
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16068
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 13 Jan 2024 08:49:11 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 6610 2 KB
2 KB 715ms
235ms Script
text/html 67.199.150.81
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=42592711&p=156011&s=165626&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.199.150.81 Los Angeles, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: a761e713f22a6223f5aa22233c5cbc60d6549135546b51fd6d633285ab039364

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 17 Jan 2023 22:37:10 GMT
content-length: 1650
content-type: text/html; charset=UTF-8

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ Frame FC2E 23 KB
23 KB 273ms
273ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 20:57:28 GMT
x-content-type-options: nosniff
age: 178781
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 Jan 2024 20:57:28 GMT

GET
DATA 200
OK truncated
/ Frame FC2E 255 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 836eb73ccf5cee9d68c1176ecd57313c0821d6c45ba10afb27233adbfd0737e2

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
H3 200 KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js Show response
pagead2.googlesyndication.com/bg/ Frame 8705 36 KB
16 KB 273ms
273ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

sffe /

Resource Hash

289788d2c332a3543a9a384333d98a7234b622a46df79735c080ea2f2b1f7743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 08:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 395278
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16068
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 13 Jan 2024 08:49:11 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame D98B 34 KB
10 KB 270ms
270ms Script
text/html 23.66.150.27
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.66.150.27 Tseung Kwan O, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-66-150-27.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: aa6f169ce03adf6dd5eb91661df0d0f5b2eaf227cd4bb586a8ffc25d78c1eea8

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 17 Jan 2023 22:37:09 GMT
Content-Encoding: gzip
Last-Modified: Tue, 17 Jan 2023 09:49:15 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=40284
Connection: keep-alive
Content-Length: 10036
Expires: Wed, 18 Jan 2023 09:48:33 GMT

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame 95F3 1 KB
903 B 1392ms
245ms Script
text/javascript 34.149.43.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_667886326165&jsTagObjCallback=__tagObject_callback_667886326165&num=6&ctx=1828362&cmp=115843&plc=6419358&sid=18330&advid=&adsrv=&unit=300x250&isdvvid=&uid=667886326165&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.40&dvpx_strhd=0.40&brid=3&brver=89&bridua=3&dup=null&turl=https://pastelink.net/v3774tc2&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0hqcCz1Z4Rn6tG6rJO2QgFj&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=16740933992&DVP_DBM_4=416816016&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=-1&m1=13&noc=4&fcifrms=11&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETar9EEADTbpTauTau6ddeeffbbeh3%60afb463gh235bf5aha4e%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauGbffcE4a&dvp_exetime=7.20&callbackName=__verify_callback_667886326165
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.43.113 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 113.43.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 247868a5a2a47376a75941f1501e52bcb0d90c9771a402a869cc9c6fd3de2e89

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:11 GMT
Content-Encoding: br
X-DV-Response: 1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Expires: 01/16/2023 22:37:11

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DE07 42 B
174 B 280ms
277ms Fetch
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstU6yFAF0Bj6i9UDhH-pXEtHIt2TwvQ6nz6IyXx_ZjEOhXByKbXNrhqRwk9lfFxU_4Lh3duDB6vfMXgUXfIaDfpe5bqK0a2PEzA77p3MafiGoa7ib3pXk5cvQ&sai=AMfl-YRdaxKekdOh7rvFv6EY-Wfi84uJ8l2SRtNoFIfoBOL6DP0f6yDH0oQdCbGNTMaXQGm5rOBO0eCb_MP0E8OwNzGZHbkFHcwLhUHHnP5Uy7KG_dXs7CV2svRjQMh9ICWIgXEO3K8AX0SIyytsDY7f&sig=Cg0ArKJSzDQaSD1XPinGEAE&cid=CAQSTADq26N9pCxxyx8rhTAtRTz_vT-pgngRag0zIBjhCAfxOfmtOmgGie_mkDwNs_236N-AWGaOqUF5TyB6Wa5GDJnncuH0uW-3_s6ykFkYASAT&id=lidar2&mcvt=1000&p=310,310,560,610&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230111&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2603746535&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673995027114&rpt=1749&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 publish.html Show response
s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/ Frame 0934 6 KB
2 KB 831ms
283ms Document
text/html 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/publish.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

a60f80c68e37d5ba58a7434947a7b7c2963c5cdd2f19bb3c36da06a53a2384d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2387
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 22:37:10 GMT
expires: Wed, 17 Jan 2024 22:37:10 GMT
last-modified: Fri, 25 Nov 2022 00:57:20 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame DE07 0
0 834ms
284ms Fetch
image/gif 172.253.118.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssHcNbnLVBllwQCudWxdfVG_ucGQ2zGOYlgNGHrEgrGrRwFlBzeSphTGFqF29XJyV3VV9HTgDfnbv8HY4WA_EG4eiJwG25ayR_0WXu8itWcmJxl5nFWKbEa6nZcpHrRMPhLEA--_YQ0fzzI_WwWX9H8RoTxxzXz0Rs6EqCXO9vba3MAl9hzVEt8NInZUJfPfN7CLFnEKWTUsQsorcrke7QQQZm9kIpD3K8Evo6VZalFoR2Smal5Lr_RV2v2G2gjssQNA_h88hBxF_ECFaA2J-URKvDNWjvxt3e_xMPv9eWHJ-lMJ-QWT5LTlqlkGxL5OpzXfJvSjFjhXAMDK6L0Ol1CQy6p5OK60H2LZ1YFDE3qRgs1IAeZG2peJ8uA9gQm5jvqux9GOGe5kzZ7YiL8jeq5LuZyueRMw02vSrTyH7ycoKLpek_4MqNFX_lDaGlmisuyYRYweOgmG0aYOgI5VXDY5JRs9397BvOvAWHICb2akZnR4-GcJ3_Qcbynl-xQ2ZHY2UNO6kFkAGDdtQWxyXhOq1OXt2iwCaObWpRgi_m8qFAr4CjaOvn2cBjE1Pt8lk88-JODMrkZrJEp-MF_C2FuVdSgGm2cE3xeb56ndS1LODRD4-hu8c36U0JiVxmftyfnhn3sg7epkACLMTFcwzJxIaDkghAtMqhq8nXEWHmZPxbn8uFWKEIS6GbOP4X6__bWn41CAg9WKwEI_YvbPemdZFfjf_1DtmFGObPxpyQCOPUAuibgAJONq6WsU8OCakvFLhb0mD9tkywuH2MjO7JhFF9p9_zKmdXNVt4zbjdXGb7zfSSrLpckBNSYvNc5CRTpPPcFf00khwS4AT9Y0cvJLGkOIjPH-9sV3UWXg-IqOIBEQSsd_DCH4X1ERys233lED2hHM6UEbe-NqKHXWXNbIXQXcnamBKW9hU6BWjPzR5d_X1qY4IBo1XeZnAW_LeXrfMBdeYOi-Ve8J7UHdj1l04muD-3Eos2smwfZYTKG375ja-EDQVzO1r_mKHzvZ0K2ACAgEg9vVyYPEQJZJV6kUUkGgrTh2rTMxwCE0FBBOdzKAHZYNTYb-zg4RSSGEWvzNFgxArPyK72Aj97LQycTRCaQ_4gVcVKVVUe9gTXMFfvduhp1LF3u0PlsfV26jpLVVJ_GFtzR9iTaYj5_FmGXKEi30anJcaA0Rr_YJx-pQRLF1BkiTPp__i6JQP7oSnEpkCURz9ImY-Sc7lim-BG6t81jhe4&sai=AMfl-YTi6y92UXjeNc-mlxgP-qCPP2s8TDpx4pH6wFlvIdDLnlesrRx978AH-JpEbongf0ddOxJs2F08B3PsLuhlXu24tSByDRCS0CLxJMcut0RevkVPuyO3QVjDEij5XGdF9Qj7qYgbFBPQAsszq3DqhhGvApNCccp8hdyhuhuBlKHB10D3Dum9RnVVEOJCI1Ti-0A96rYJfw4M_V4TGammQMd8nVDxHkzzkZL67cQdD_Bqje8h8JiQPbYu8UHLSGLGW3U2uLyXhkqpVFjr4XfmkC5lFWqCCCxcGdX4eqAWmQ&sig=Cg0ArKJSzAauD0n5hc8hEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1346&cbvp=1&cstd=1343&cisv=r20230112.67497&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 17 Jan 2023 22:37:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 17 Jan 2023 22:37:10 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame E8A8 12 KB
6 KB 269ms
267ms Script
text/javascript 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 Jan 2024 22:37:10 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 4 KB
4 KB 708ms
235ms Image
image/png 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?h=76&m=0&partner=77429&q=80&r=0&u=http%3A%2F%2Fstatic.sg1.as.criteo.net%2Fdesign%2Fdt%2F3730%2F190603%2Fc8d3fc1df51e46ca8905832923f6d4ae_logo_n_vertical.png&v=3&w=596&s=oS_8RymyX6M4YzPLYaujSgxC

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

c6d353b971733ff4caa803f9808e44707f1cb062ccc149c33cad197431daf12c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=26979347
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3774
expires: Sun, 26 Nov 2023 04:52:58 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 9 KB
10 KB 942ms
468ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_597379_al&v=3&w=400&s=3vkF3F-O4pe0eDwijplBY-Ds&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

00bdce0462bdfe7d4610288f12647d24afca5624d40a76455a6297095ecd1b58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 9578
expires: Tue, 17 Jan 2023 22:37:10 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 8 KB
8 KB 1061ms
588ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_624913_al&v=3&w=400&s=GZqVrb-jVp-Nqvpl9enJJkws&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

b118be762d0b5635bb9025eb3e5032c77775da4811bb67a56f226c4b6d4c21ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8082
expires: Tue, 17 Jan 2023 22:37:10 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 7 KB
7 KB 835ms
492ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_162199_al&v=3&w=400&s=QoBmdwwp40OC3HucbSBeHqLa&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

bd7451a419f9294753ef73a17c3e428a5ff7657eb62e51c4371d1ffae82e87f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7344
expires: Tue, 17 Jan 2023 22:37:10 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 3 KB
4 KB 624ms
541ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_FM0FM04140YBR_C_0010_al&v=3&w=400&s=xBeNM6wnVHhGoSmBy2bbF0OM&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

7a6935d380371a1feda4312ca3e5564b039bb056c16e99ec3512e13df0782ea1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3486
expires: Tue, 17 Jan 2023 22:37:10 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 8 KB
8 KB 576ms
575ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_604075_al&v=3&w=400&s=0WJpcOUkxs71FyaDI8JS7UXn&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

3f80d143556aabf5d74e00d2c15685c648a9bc7caddeca26914916be166c797f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8200
expires: Tue, 17 Jan 2023 22:37:10 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 5 KB
5 KB 674ms
674ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_522991_al&v=3&w=400&s=CIGSxbbGlUG27PYnLI_PhqJZ&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

3a27b8ee78058e31a4f9075d4b43edc8d6420d10fa0e196e3015a66302e6cb4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 4902
expires: Tue, 17 Jan 2023 22:37:10 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 6 KB
6 KB 651ms
650ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_559289_al&v=3&w=400&s=TRZOIe70N9uYpZQbtO7n7nul&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

3e79abd56c1af1b499fe42a423b262bc9ce11f91c0b7e347e5fc84e5f4f86ad8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5956
expires: Tue, 17 Jan 2023 22:37:10 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 2 KB
2 KB 507ms
507ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_522992_al&v=3&w=400&s=F6zXSzDyFHeGPYbUxCAlgkKn&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

1ef068ae83f6f07f9c7fded6cb74b01bebd53ae0cf0b3474339b1cfa6a2494d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1860
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 5 KB
5 KB 296ms
296ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_557428_al&v=3&w=400&s=eIsL1tQDY2E41qAQChHlQD9Y&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

47147df6f319ecae40b0dc1420d32a8324dd3fa719bbaaee67515261969e93a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5160
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 11 KB
12 KB 278ms
278ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_481070_al&v=3&w=400&s=xq87td3jnCVSTbI40NMB1WV8&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

da7407cf1b8838bf9207a4ad506b2dfbb544239fb3b4cebdb76bb2fae87cad9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11596
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 7 KB
7 KB 303ms
302ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_550992_al&v=3&w=400&s=37tZCVLqFYcOmjklnGBwsy3I&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

0eff6ba89d2ae604b3ac289fa99740c8538b289e318d0481e72bbfdf3e1ac7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7308
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 4 KB
4 KB 274ms
274ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_570095_al&v=3&w=400&s=OVGZsxi3UAjR4mNRrX90ClH4&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

ca13ca91d87f0c03beca8653b71de8bf6b0c2961cbf92876cd1baf479fa1f55e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3732
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 6 KB
6 KB 258ms
257ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_553333_al&v=3&w=400&s=2GA03yCdx1zAjcy8Z4s9ux0H&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

6f3bbbe13d016732d5c62db5ac9abaeb39c405c6676ee97d4f4ea372f7b8b2e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6166
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 3 KB
3 KB 238ms
238ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_560907_al&v=3&w=400&s=EwZQlsSGdZiwcAaSauqr-f6L&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

e61d782d03fb324bc6a0febf49ba4f85e2933919e3ace06658e9accc9f418b74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2746
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 5 KB
6 KB 244ms
244ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_341771_al&v=3&w=400&s=se9Y8OHCTs7eO-7pMewDn67d&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

6f03690adf6beb98bafd3dc384ef3695de713b54509c7f306b2616eea54f0cfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5504
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 3 KB
3 KB 240ms
240ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_1202A341.100_C_0010_al&v=3&w=400&s=SHb3NnzYIvPZpMRBmMUJxYf-&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

d4cd91516efc85f24ce9e86b11c63e01d02f4dcda6107c33ce4b9ab8d9d5f56d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3066
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 6 KB
6 KB 244ms
244ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_IE1633_C_0001_al&v=3&w=400&s=eCfjFOcuVgvkZf21OXwKQDdP&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

e75d4b5769558456e4343d8e612eeb60a5ac25a4e94b0b345fbe528605af7694

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5750
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 4 KB
5 KB 238ms
238ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_CW2289-111_C_0010_al&v=3&w=400&s=aBmPBfiFUyXkeDS-pswjrgtW&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

861ac5de13be1df6507deb2ca4c095da09a32d471860535f3a569d524365e0a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 4478
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 8 KB
8 KB 248ms
248ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_HP3075_C_0041_al&v=3&w=400&s=Cp6ZAfwwTjeouuE6SiaWyfQx&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

c5815c8fa7abbf1cd9f24fe1bc0cf65f9360dfc232e25e56b3cf64abf8061070

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7902
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 9 KB
9 KB 248ms
247ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_DZ4402-001_C_0075_al&v=3&w=400&s=ZcopL-J1qyDzaXFANg8_y1cd&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

1c30128246d1dcae6fa42f6fd1605e131af0b9e25e1f8f82cd876a449b11eabf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 9154
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 6 KB
6 KB 243ms
242ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

9f61d10d066efc19dce204605e2f2cdc2d68490b2f5072d46ad963ef62f82834

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6172
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 5 KB
5 KB 243ms
243ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_43SMA0034407_C_0010_al&v=3&w=400&s=nUFHcQ_wih9db8QgnHgAZ-xk&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

4ba6dfa56b2783482a20290a643a97dcbef8a9d35c3af9af0842b9e1636aad1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5026
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 7 KB
7 KB 238ms
238ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_557430_al&v=3&w=400&s=C_nCRHKkuai1ojKHPHm08YGe&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

44d3c2a0727cf362749651a072d2cfa613cc8becbb121c518791fe972f4786a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7176
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 img
pix.as.criteo.net/img/ Frame E8A8 8 KB
8 KB 252ms
252ms Image
image/webp 182.161.73.135
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.as.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=77429&q=80&r=0&u=https%3A%2F%2Fi8.amplience.net%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_104502_al&v=3&w=400&s=-0y4tAkqQ6lQBkZC4vbHaHBC&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.135 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

ebf4a6cb8b6e019a4e6e0bff1bee58f9651f73732985fa6cb907507e637852cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8330
expires: Tue, 17 Jan 2023 22:37:11 GMT

POST
H2 200 all
csm.as.criteo.net/ Frame E8A8 0
128 B 707ms
234ms Ping
text/plain 182.161.73.142
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.as.criteo.net/all?cppv=3&cpp=oFm62J_4V_gHt7m5qRMAZ26LdKd6SS5u0fMOrY6LGeWWpoA6SB9bg8aPC_yLe5NnEiDXoBZCWmCpidjnPymdsWSjgV7skg4NBiJlTwsT0A2vx6TbxAFpysg5TvrYJHc_cfKCM751K7vjkz4KzkaS5Lf8IuB74A_S-7-NKixsvxK26bEqtym0cZpheO5zWG_LMNf8E9SR252uokzQaligZkSSbd1jPZYXR2YbUcz0ajj_5YfrlrnPA7excaO6HhpiN19Lrw&sds=2&rev=84230&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.142 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.as.criteo.com/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 Jan 2023 22:37:11 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame E8A8 2 KB
1 KB 236ms
235ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 Jan 2024 22:37:11 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame E8A8 2 KB
1 KB 235ms
235ms Image
image/svg+xml 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.as.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 Jan 2024 22:37:11 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 6AA8 41 KB
15 KB 275ms
275ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230111_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 21:53:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 520997
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Jan 2024 21:53:53 GMT

HEAD
H/1.1

200
OK

file.mp4
r4---sn-ntq7yns7.c.2mdn.net/videoplayback/id/8f877c055b2c8c49/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1705531029/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 6AA8
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/8f877c055b2c8c49/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1705531029/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signat...
https://r4---sn-ntq7yns7.c.2mdn.net/videoplayback/id/8f877c055b2c8c49/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1705531029/sparams/acao,ctier,expire,id,ip,ipbits,itag...

0
0

435ms
142ms

Fetch
video/mp4

74.125.152.105
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-ntq7yns7.c.2mdn.net/videoplayback/id/8f877c055b2c8c49/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1705531029/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/69C6C764CD8858805097BFE897C98A075F291882.6E3C0CA57C24F90508E9CB8E238E75A7F4F3234A/key/cms1/cms_redirect/yes/mh/lW/mip/116.90.74.215/mm/42/mn/sn-ntq7yns7/ms/onc/mt/1673994520/mv/m/mvi/4/pl/24/file/file.mp4

Protocol

HTTP/1.1

Server

74.125.152.105 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s30-in-f9.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 17 Jan 2023 22:37:11 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1637836
Last-Modified: Wed, 23 Mar 2022 20:50:13 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Tue, 17 Jan 2023 22:37:11 GMT

Redirect headers

date: Tue, 17 Jan 2023 22:37:10 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 642
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
location: https://r4---sn-ntq7yns7.c.2mdn.net/videoplayback/id/8f877c055b2c8c49/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1705531029/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/69C6C764CD8858805097BFE897C98A075F291882.6E3C0CA57C24F90508E9CB8E238E75A7F4F3234A/key/cms1/cms_redirect/yes/mh/lW/mip/116.90.74.215/mm/42/mn/sn-ntq7yns7/ms/onc/mt/1673994520/mv/m/mvi/4/pl/24/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 4 KB
1 KB 714ms
273ms Document
text/html 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

6c2c9865ad549b29295344ee2a0f57d10107dee03f683ad4997a0d394ac8170f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 32586
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1442
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Jan 2023 13:34:04 GMT
expires: Wed, 17 Jan 2024 13:34:04 GMT
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BBED 0
0 729ms
286ms Fetch
image/gif 172.253.118.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstyj7pRF2dptnoAHgNzOPOarZvAlujXL9zQ84SbpmBdnXA_OGwQ81LygFKNlWXIx20PLs-AjIpmTwThIYmAtkWQNUy0x_pUXGiR9u4pOkyHT8RuXReQMlN4Xz1D104u1aUjmpzCpIfXw9PbMpNqU1rv4MtuxRFTuHmN5Fc4iHw18rTZpmcKVd2WRIJ11lQZbxO7GFgGAJ3jzflxAsWReJY9kUhLOuMLhkvGK8vFGpgVNbUvkk0lh9FPkSUwze0FZ8zGCn0uxahqBB89V6lCxtMiBqpna7KDmI4Q0SI6xp-O4VGgdHSxopz2M67R_H2LgCvUyYbm5W4fAvsjpHUgWiYJ4jerTP3OhZYOgYVurN75Jt_uk4KU5H4kQ2H4KV2-v6jBlbbWGDgDOeQQGLb4Xl2t7CH1b7VwYLNY5KDl-lshoTiE_UbK7akmQGm7xPNdfFia0sVMxbpaT3qp989Qkim_gl7evOaGkoiBeYofR-WSZYSSedzzZ4pwmLeFYoPeWKsu2ePS5cvzVBzJm7544vZEqf4dcAvQH33QwzALNEn5s8rSsKGUBB8n0zK_e2a3AlpRh10Z5olU3Y0l4URq7osMCh5GC3XLLYBFvHkMyIEh5IuhwsFrAU5cy4OulnXjwfu5iP13cmWVCaFim3TU6qha_zcY2Y3kn3P-tJttkrtgQMqEjL3WXBA9hNvmrm2t6W0KRMFfD8T1rRwGvHZz_5Lh-Tssn4FGTExF9xLc9ntOrmN0zDSaxFvZP0LeevPTkQTtO3Tz_pHVMH1Btctstsgz0vyOg94A0vS2t5zlkbgPVBb6XDzaPzZsykx_vFGSD5wmFxysV3DgExwRskVbio_hi1bZ40PcMxpzA2ri91GEEF1IdWL1gm9oQ8S6zhPU7b2MBcqxzod4KBgGdxQUcEdQSJLkiSNBonLfrsyhlveJW-RusnUBNGlx2hDyw-3dBjYo4yObV3sAJuF2nBWpQu-1yoCwq_P5DUDOEbtOS5I1Xx06W1ZsIAVp-ShybAzj4wRRVwfg03kHRH_SZRk29e0uPJH6LJylZl6X2cWnyZ-AnjQ7lIIVR428wL12TPMhMRPpMNEgRsbQujVY2VR9iAjFssO7MJxrC9mkGKqcSMP-SHLe3aJkYkak_lZ3DY830Ajq4eCSlBi_BvipXyeAyvm65XvA2ZZZHxrYdQF-Fc4YdqkTVSE-dgJraJ-kpG8oOT-5bvwJUXFAQDc_2u1VxDzT7z3XwA&sai=AMfl-YRIN5kVhva-HJN79NoPkKRtJmQVE1zwLE_Boziov5iEWQ26IqrOLCyaNLHUTB6N4c3BwQnMhpg_f68Q3n4SaAfUMjZoXvinVitv3cXA1qvBfE5HujtGnQ4baUQPVKJQ7Y5MZLlN7U0QoMGqGi9uqGAS-tJeGFsC45uCPVH0e1lD6Uy4PUh9zJGsmKfpEbAetK1lyqwnKCIWVRRNhwqoDrmmy0e461Q3QTea6MANwS62uv9m5KNCRFp9i5Zkp4fUW-bFKa2Z-YoxaCq_gQpHJIfwkBVKB4JN2og38kputg&sig=Cg0ArKJSzA0YsJUZF7XYEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1235&cbvp=1&cstd=1233&cisv=r20230112.50851&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 17 Jan 2023 22:37:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 17 Jan 2023 22:37:10 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame D98B 284 B
934 B 948ms
237ms Image
image/jpg 69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 284
X-RPHost: 38ddff6a66d3988dfd0c6ea3be81c5f1
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BBED 42 B
108 B 276ms
276ms Fetch
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv8r0CMZ0kaxqYUzcIAnQIfGBNnfkdHYBJU1WdnoLqdYXrEj07C-ZE3NVvyuGLNbdrd9qrjQnTs1WphocFDnEyYpMbFvBTGxaPbC_tbkqk4vixS19rvLuSUooM0JH3heq8z9BA&sai=AMfl-YQOj2j2clqk-DWX3sUPqB3kiPneDs0Rlq1DQfNG7ScFroaf0TUgEabMoXP7vuKONniXur5TvsXjUp3wWT6rsurn2A_bXnu0hNH2uy9eSQFlZKh9EFVTZ4QLFOJLUhjQFZQddlo5KBvyJ4Z0chgL&sig=Cg0ArKJSzOZfNvEKVVp7EAE&cid=CAQSTADq26N9oGo_jjlzf0L5pON9aN29Fn_OoPSBB0ixdxvxx3Rn6YDSW3NM-W-78Cs1cDkeaAnf7TwQHXeC2UmRUN4qgQmbte_fOoPWttYYASAT&id=lidar2&mcvt=1050&p=1105,436,1195,1164&mtos=1050,1050,1050,1050,1050&tos=1050,0,0,0,0&v=20230111&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=759513158&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673995026560&rpt=2516&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js Show response
pagead2.googlesyndication.com/bg/ Frame FC2E 36 KB
16 KB 274ms
273ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

sffe /

Resource Hash

289788d2c332a3543a9a384333d98a7234b622a46df79735c080ea2f2b1f7743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 08:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 395279
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16068
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 13 Jan 2024 08:49:11 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame DBE5 23 KB
9 KB 273ms
272ms Document
text/html 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 287324
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8727
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 14 Jan 2023 14:48:26 GMT
expires: Sun, 14 Jan 2024 14:48:26 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5245 0
20 B 277ms
277ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BYyfkFCPHY4HNCZLa3LUPhLW-0AkAAAAAOAHgBAI&bg=!rq2lrenNAAYDMoyoIzI7ACkAdvg8WsCI3-OKUAW_9HAmM66FeyFR7460AbP5c0yrDt91LqEpr3vmhAIAAAEWUgAAAANoAQcKAH_lcRAOkUZXlQtgQUYDBTyuRHg9kiRZCDbdBTJcVWStahUZW0V5rKDj8vKfqnnAk7fZm5Nq4jsibFkrzUyypExV1Fg4U-uwSYpXAHLotiISesE8O4a5OZZtNWpCA5Poqh6LvyITTauhKol_urdl2IDvW58jsPpUF6TgPvLMP93CmQLq522gc-CqN9DUpMXkEWIVc6r55Ll9AtE90_RmAhZeUZsF7tuuz5Avcktf2cxy7fvYNnXtBgFQI9qxjunXSYZhBhNiT2T0qEbzBhDdCFoa-iF_PIV9R-LxZz-zWWd3Yc6OV8h5keHzvVpTTKd5IJTtGp8NeWHCLHUL47UX4A1UTMEH6a1ADO9gZ526rcn8fkp6zvWEa9vAkfJS9MnGRY8abVCiT8e46AI0ul6u5RmDCpvFlTW23rvNRICrcUa4XrNGFbp-v4lPhUYj7hhLsOtFwmkS_94MnED106JegsIWlUccJI0yZ8GMkVz0w-3GTPf9JIziEuNinrQfOejyxW_KigBF69MCTxrl1wgOU72xG0DDoqwZ5DCH4qkh0Qs-x3ydz-eDoLIJaEhZbfOGZGR3JCgn_FPQAmUYlhsC5ItabpDebprhDIVeTlK8A5tGvmImBxnfcRkgtvb9TA6tVq0GqVIPL7qlmU4kMaWI9qclky37eMzolHSX4Yzp2THa2n27kpu0LdtUyyiAyZEE-RT5iBcWzRouV_KllAv8LmYsNcHQzJvLGTx_prsU3VU_ToIz8BBM5PdDOAPQAiDxr8EWEO4XcZfA8IXS6xXI8pdG5aBzOS06Y9UG9HMFOrF11_vGX7T7BbdAYg_W917wlhRwb1wqhWmmJT95uDHMnqFuXm1IwDgQ32uC5rVNTFQjB5O4h-gXxGQdB8lpiDEMrKU9ldtgbmg1bes2BP1MB0wP1nv6_WNufgZ-iDBCZVFL0r91KjlElNAj7OH66i4W5CxO3VqigmCD4h8xyYqE7xaG-2_cmeU57tTKxiyzB3Aa4ms_kr7AT81q3YeK0BDTzx__2eqelJzTatOxSKwtB4Q9_emBuxPTjoLR_5ZsqqIeoFgdbRnZBkX8I_NY_ml1uIKLB98zIVH-W5h9OTNEZo9MEd2_vHPslTYM7df6tJ7F5FjASUiDfH6Lj3nguh78-nXpSN38ICBfcFr3l5s

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B997 0
20 B 279ms
277ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1lq9FCPHY-fRDJCmz7sPnreEqAUAAAAAOAHgBAI&bg=!WlmlWR3NAAYDMoyoIzI7ACkAdvg8WkZwLtJmnwWsaIE_CW1h4xDbwCxoEiZNJGPPpuceKhnGjFZZYAIAAAEOUgAAAAJoAQeZAu9Hlh8ThOjXuiH30lsmZbhpFpGAZG5paMmQYAn9lfLjgkj7TgWJbXIxemtO0Oan-3-y4OhskXyW7C6k7LcLXpKkGYdGOwhrryPyRtRLumSobiYr1XwK7oTjQ3I9eTDFJsUQ7l49bXU7S_Pc2Bd3rXx6dKvZ7xj5KTLBvhhGFqxmu9nzd-saKWUtxdV5gg7L018h7rZUZjVSH2yCpQPFh8bONCf8R0Dt1gucs9rroXp6-s_ev8-gL1qzB3LPGwjmd5SG71JLZZiqH5ZAwBltqTTtKSh152uid8bIS8BgMPvDEBgVKi-3nf2bavCs_X6yEaaEA6asRMJLRkSg4S-ddUDjk3ODX0XcdExT425X_Mp05bG6Qd_yMCn1KA8S0ztHWqyQXWnRBE4JoefRZd6rsK70Dx6s4db5QfVc63UwJzbH0kv2KTCZetizoDlc5kNrPXmW2zHhk8VR1v2KnyAXfQg9InumKpJWLc_J1ivV5z_yCv5hwQfAy24LExABvcDCvvwtoarr30iC2tU6Mh_Fvabvniv0A3qmMiNJS8jQKh7Xd8JQzUp2w4Znx_xeGBXGhsgP_sz7DsRuEDr9XrpmusiwezDpTArIBSlRXNGEb_nHZQp3XH6j7NTzfsdCvOb5Db119ksHgC26hVZV5vU44mkKx_koeATx1OhKtAUmkxCaOaFwdOIduHaqWhFmOIB5xxPwbTF5z9TmYpRp_UUDft5swXjaMP2-mXTWgYzFT8jgp-tjIrLEL0lT_Ffzo_RlN6ga08JvrHLBj5iAwrp8Xm1y-VikgQLncGFpxtmlTjBkbOnZ8G_9E53NqsHEqM9RdpOPcTIVmZy7yw256C0C3OVnqG7kAZ7FF0yNVOpoJhfqPAlKnPYUJjjBC_QlXXg3NqwU3-qHwZJpGvKML1E1qRLCyatpENWS5IC8PKLjbFL9WguTGGap219ErInThPinkzvA04jDGqxC_IWnR5f8xR2aDSb4XSTAgBIh63FBPUyt

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8705 0
20 B 277ms
277ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bx1LfFCPHY9f_Fs6W9fwPgIiHmAYAAAAAOAHgBAI&bg=!0NOl05fNAAYDMoyoIzI7ACkAdvg8WgoMqE9tyRoblrRTo1jcI3ksDHadHDOG_ePpfbipo7mN72QVPQIAAAD3UgAAAANoAQcKABRMS3eTzYmDzc8tJNVV3roZYvVDo5kC9HD3usD5MdlfYhknHhOdJzTpwoWV_9qLAfMraNC_4OFd6qnyKYMhut0UCWalrHN1SrXaiZjpmi3EycMnZlmMC5ChIv-PmFhwOPRW7-lrO7m89b0NEInCwCfsCamCs3HulXJcDuyeHjc2qpD-ZZfMfVmP7IQFcfsxPwMR1JXNqiyAkxgSkIy8zfV39UNCzaIHrs69Vji9KHxe3KAbzNluq3fuWCED7XYjobq0n2sS3bZ2K8sHaQ2zKR_i2C6RQ4TTI0Il-qhUxYPbmJnlYBGMAsgyTB6u45F9NphYfCg05RZXfYTWLtP32FJeRbP6wC9-rMy0bP5-Vp3FnDHP_7R7ZeRLIT61-_0MFTmI3togJbjz-D5tyAY_kAECLqIV-vaLAg-0uhzRQQLCP6KSsjZJPNg2UU6jtN6elBuUj7bYUPofjJccenWjE1N07nyUADMDaxxkM849UWRBEMjyhdsMqGYGcNhvyQieRHiXe1i6UECVaw6LrqDEN5AFAUCw8C62gWWYj2pgFRIXkgsXkDGHmMBXEuDlkXzXisR7ESyuRW6CCnHRPkLeQ73-tf7gQL1XYE7AflA04kCzepAZND0zjx_76R-IdFp6afPjV4FnF4uTLPSlKKPRMxqRtCjDAakfM1DmLg_7_1fq4kxAXYQM3DUnwQ38x977TEbjxWztCvfeFVYxjXPKmgzdlz4CoQC2y6zwOJsopQmIFgDVZaw_Yf_BEciqHeKipnGbRREo8RJPIGsO7La1mUiM0vWTBcsCl0y8XucD6_p8A08WeGtoghoNdjEr6TFCkFFxqzIex0Vu554hg9VIoebUeXoZNyRlKBu4ZCehGU7Rg3H2Q8Vlv-yMJEDUWsAB822h5Mu0wAAeRCH7fVEv7oS9tPhxIX8XaUyF83JZIOtUYHvEpN4q0F7qjIjJJxXZloUVM58-XMJh60ctuzkC5FS148RARIqwmBmy84da0t5_8UPRdicrkLv0uaBulzK2ggVl0yxALdgZvVKfAQ

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 19b6feaf7bb04307a5ed79d69ca28780_gotham-bold.woff
static.criteo.net/design/dt/ Frame E8A8 15 KB
15 KB 395ms
395ms Font
application/octet-stream 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/19b6feaf7bb04307a5ed79d69ca28780_gotham-bold.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

f9d374ef87ca2b8179870daa8739f8b060fc77446a4109ec87dc523bd8059ea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.as.criteo.com/
Origin: https://ads.as.criteo.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 01 Dec 2017 12:57:30 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5a2151ba-3b68"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 Jan 2024 22:37:10 GMT

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame AA74
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&gdpr=0&gdpr_consent=

35 B
468 B

264ms
264ms

Document
image/gif

185.84.60.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.84.60.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Tue, 17 Jan 2023 22:37:11 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
date: Tue, 17 Jan 2023 22:37:11 GMT
expires: -1
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&gdpr=0&gdpr_consent=
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 6E0A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3c3263c7-2317-4f00-8c98-da650e59da04&gdpr=0&gdpr_consent=

42 B
404 B

236ms
236ms

Document
image/gif

67.199.150.86
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3c3263c7-2317-4f00-8c98-da650e59da04&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 17 Jan 2023 22:37:09 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Tue, 17 Jan 2023 22:37:11 GMT
Expires: Tue, 17 Jan 2023 22:37:10 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 277 3f0ad7a master hkg-pixel-x21 config:1.0.0
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3c3263c7-2317-4f00-8c98-da650e59da04&gdpr=0&gdpr_consent=

GET
H/1.1 200
OK ecm3 Show response
s.amazon-adsystem.com/ Frame 1A22 43 B
479 B 349ms
347ms Document
image/gif 209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UID1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 17 Jan 2023 22:37:10 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: QB9HBFPE23YMXPWKRR0Y

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6610
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Hb0vOJzjTGCtGPHkUP-nCg%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

16 KB
16 KB

251ms
250ms

Image
text/html

23.207.36.196
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 23.207.36.196 Jakarta, Indonesia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-207-36-196.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=78897
accept-ranges: bytes
content-length: 5554
expires: Wed, 18 Jan 2023 20:32:07 GMT

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

458249.gif
idsync.rlcdn.com/ Frame 6610
Redirect Chain

https://idsync.rlcdn.com/420486.gif?partner_uid=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDFEQkQyRjM4LTlDRTMtNEM2MC1BRDE4LUYxRTQ1MEZGQTcwQRAAGg0IlsacngYSBQjoBxAAQgBKAA
https://pippio.com/api/sync?pid=5324&it=1&iv=ea601962d7c346a260a4bd87d27c8ede9cb90b30879cb7c0f0b68ffa8380ef0f791426b5417dce21&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlBlYTYwMTk2MmQ3YzM0NmEyNjBhNGJkODdkMjdjOGVkZTljYjkwYjMwODc5Y2I3YzBmMGI2OGZmYTgzODBlZjBmNzkxNDI2YjU...
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlBlYTYwMTk2MmQ3YzM0NmEyNjBhNGJkODdkMjdjOGVkZTljYjkwYjMwODc5Y2I3YzBmMGI2OGZmYTgzODBlZjBmNzkxNDI2YjU0MTdkY2UyMRAAGgwIl8acngYSBAgCEABCAEoA&goog...
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
https://idsync.rlcdn.com/458249.gif?partner_uid=7cd25031-426c-460b-8413-4eb8294357b1

42 B
60 B

319ms
319ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458249.gif?partner_uid=7cd25031-426c-460b-8413-4eb8294357b1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:13 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/458249.gif?partner_uid=7cd25031-426c-460b-8413-4eb8294357b1
date: Tue, 17 Jan 2023 22:37:12 GMT
via: 1.1 google
x-samesite: secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
content-type: text/html; charset=utf-8

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 6610
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&sInitiator=external&gdpr=0&gdpr_consent=

42 B
570 B

270ms
269ms

Image
image/gif

119.9.108.191
RACKSPACE-AP Rack...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: HTTP/1.1
Server: 119.9.108.191 , Hong Kong, ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:08 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 42
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:08 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 6610
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MURCRDJGMzgtOUNFMy00QzYwLUFEMTgtRjFFNDUwRkZBNzBB&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
245 B

718ms
235ms

Image
image/gif

103.231.98.194
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 103.231.98.194 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 17 Jan 2023 22:37:11 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 6610
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFLaJ_wTfGGc1gYrl_14VZA&google_cver=1

42 B
377 B

717ms
235ms

Image
image/gif

103.231.98.194
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFLaJ_wTfGGc1gYrl_14VZA&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 103.231.98.194 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 17 Jan 2023 22:37:11 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFLaJ_wTfGGc1gYrl_14VZA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 6610
Redirect Chain

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:A2558544C17D4BE28CED2A5E3F3F1BE5

42 B
210 B

235ms
234ms

Image
image/gif

103.231.98.194
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:A2558544C17D4BE28CED2A5E3F3F1BE5
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 103.231.98.194 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 17 Jan 2023 22:37:11 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date: Tue, 17 Jan 2023 22:37:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:A2558544C17D4BE28CED2A5E3F3F1BE5
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 16 Jan 2023 22:37:11 GMT

GET
H2 200 1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 6610 43 B
602 B 727ms
249ms Image
image/gif 13.229.18.168
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.229.18.168 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-229-18-168.ap-southeast-1.compute.amazonaws.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6610
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=

42 B
508 B

716ms
237ms

Image
image/gif

67.199.150.86
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 17 Jan 2023 22:37:11 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 355

GET
H3 200 KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js Show response
pagead2.googlesyndication.com/bg/ Frame DBE5 36 KB
16 KB 274ms
273ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

sffe /

Resource Hash

289788d2c332a3543a9a384333d98a7234b622a46df79735c080ea2f2b1f7743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 08:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 395279
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16068
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 13 Jan 2024 08:49:11 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9E73 42 B
64 B 281ms
280ms Fetch
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstsAYon9--IbnVIS3IPuAG7Dx57IrDxyHrpPgKCKhZEUIrMCSXReGtOwRoAu9OV7f3KpiD_yNy_59qd0yp363I9Q4txKY72A_P09PIsY16_xON0XMP6zNInJ7PooNxzwbSfFIM&sai=AMfl-YTBEUeIWsfhcD4RCTC1qxHqeqpZ-J5KrGCtHzeA_WGnqkyYPyiFA2hwZ7t6mrez2SPFtvG_TLzxRdH5f0DU4xCpAY_YvQNNIIJ6122IJ9Vuyj93wFsfI7p9hCTpdmPv-w7LABajtpGhxGjYgB4&sig=Cg0ArKJSzGfFZsnOWzPjEAE&cid=CAQSSwDq26N9XVoNd-Pvk1dJkpfRc25uec3dySyuaErqP1NI3sHT3gHFYpDyZooO_2Ba3ymiivvLfJdby_ERJ_2OcVrpaaw1kikqio3zIRgBIBM&id=lidar2&mcvt=1001&p=521,1071,1121,1231&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230111&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=3854452215&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673995028210&rpt=1436&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 998 B
420 B 274ms
273ms Stylesheet
text/css 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

b68ec96c8e5e89f04ea714566d8b8ff12a9380ac5950d320735cdc323ae7d9f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32584
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 391
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:06 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 3 KB
3 KB 277ms
277ms Image
image/png 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

fccd93be7bd1b9996bccf8d5c2d4ec8a947c042fa20031877559d95018026f8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:08 GMT
x-content-type-options: nosniff
age: 32582
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3312
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:08 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 2 KB
2 KB 290ms
288ms Image
image/png 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

2a55394419881ff757d80d08468ca926684f5a005388ee96e04771609856f8a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:08 GMT
x-content-type-options: nosniff
age: 32583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2161
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:08 GMT

GET
H3 200 logo_text1.png
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 1 KB
1 KB 297ms
295ms Image
image/png 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/logo_text1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

77edd1204395b8811e4338e812fec137240d0e6dd427e252c82796a7533728ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:08 GMT
x-content-type-options: nosniff
age: 32583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1178
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:08 GMT

GET
H3 200 logo_text2.png
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 975 B
1002 B 305ms
303ms Image
image/png 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/logo_text2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

4c31f970fecf4735079654320aadf670c051ad07701d3f45d5fef280f400b9b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:08 GMT
x-content-type-options: nosniff
age: 32583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 975
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:08 GMT

GET
H3 200 logo_text3.png
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 2 KB
2 KB 312ms
311ms Image
image/png 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/logo_text3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

146ad2d742acd0cc28b4d82f6bc99197f15c94e8da3c5a560a8b628a669d9209

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:08 GMT
x-content-type-options: nosniff
age: 32583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1602
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:08 GMT

GET
H3 200 logo_text4.png
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 1 KB
1 KB 333ms
332ms Image
image/png 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/logo_text4.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

ceb227a500bf74622fa9c149c05c436cc48dd576a6a3d8ffb7d0a264db9f78d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:08 GMT
x-content-type-options: nosniff
age: 32583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1379
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:08 GMT

GET
H3 200 text1.png
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 1 KB
1 KB 396ms
395ms Image
image/png 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/text1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

cdf81755e493d53622ff2617ebb23f40a4049536a0e11b10b3eb5185d612a911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:08 GMT
x-content-type-options: nosniff
age: 32583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1325
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:08 GMT

GET
H3 200 text2.png
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 1 KB
1 KB 318ms
317ms Image
image/png 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/text2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

8e76c52cf1515bc2a2d69c8c4463de579cbbe451f57b7e1be0303464b6a4dc9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:08 GMT
x-content-type-options: nosniff
age: 32583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1335
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:08 GMT

GET
H3 200 helmet.png
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 19 KB
19 KB 404ms
404ms Image
image/png 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/helmet.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

5c19d129d63ee4cd00c3eb6c191640be46e602449e25cec64b031c28ad4133fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:08 GMT
x-content-type-options: nosniff
age: 32583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19443
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:08 GMT

GET
H3 200 falcon.png
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 10 KB
10 KB 339ms
338ms Image
image/png 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/falcon.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

8f64c44f4fb549583ba1ee413ff4fce96e2aa4823e27fa75a890c5d4dce72260

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:08 GMT
x-content-type-options: nosniff
age: 32583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10045
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:08 GMT

GET
H3 200 sprite_small.png
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 52 KB
52 KB 479ms
479ms Image
image/png 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/sprite_small.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

cf66d9d61a6d9949ff6a7961affdb9a4fa4b8434d706090aaa5f624c2aafec8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:08 GMT
x-content-type-options: nosniff
age: 32583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53090
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:08 GMT

GET
H3 200 tweenmax_1.19.1_92cf05aba6ca4ea5cbc62b5a7cb924e3_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 49F7 110 KB
37 KB 726ms
725ms Script
text/javascript 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.19.1_92cf05aba6ca4ea5cbc62b5a7cb924e3_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

62b1cff44a5e34b9587ad49f7ca951160f1559c5c545bcf99e13574ccaa5425a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37930
x-xss-protection: 0
last-modified: Tue, 20 Jun 2017 21:14:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/4461530627331350447/728x90/ Frame 49F7 2 KB
623 B 681ms
680ms Script
application/x-javascript 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

44e09cc716e8d825f5c3920e4750a9f11846d5797f98afc53cea09461460c1b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4461530627331350447/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 13:34:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32585
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 594
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 20:38:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 13:34:06 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 0934 236 KB
63 KB 283ms
283ms Script
text/javascript 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/publish.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/publish.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 17 Jan 2023 22:37:10 GMT

GET
H3 200 publish.js Show response
s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/ Frame 0934 48 KB
10 KB 385ms
385ms Script
application/x-javascript 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/publish.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/publish.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

2bd8d7b8caebaafa4d7f1f1809d63994ad845d32cf67e172c8882706f67c6bff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/publish.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 00:57:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 22:37:10 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame F7A5 42 B
64 B 278ms
278ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss-U5nWBA9rAa-8WavmV9Xp5aOLV7Ai8mt4lIGmBXHpN-HfHJjuqGJ59kBxKAst8hdXGtJB0_zziISxx75v1Jc8DWLRGmd93yqNggA5NxiRvNeKbutEeXa_-d498e9CMNfpdPXi6wdn6aE2emm6U33it_deznDvhIhMzXipXWUgdsEokIi_L_UkT_oiGAhKIIkxG9Ojtwh_TilTjbF4BGh0b7jOhqwoS01pOJ40R0xYKUcnx9rojl9LpeaOBFi1tauRXrJFzFB32nB7_AzBmDb-bABVJWZ9xggoD6vUMQ11klUndTZ6DPNGX7cjkSy9AQocRxe3_Z4ehQcq4Hrpx1DSvITK0Re7YHMEl43UKUrhboYXLrd7iZ00tZ6m1ADO5a9FXj3p5uuwa8jWj1FpnVu6gPmUAMUZYoz5-M0gmn_3PQX1gxcQ9F0qVgRx8N9e3Y0KhNCIr0klUI7nwwEzrCtWMhd95CRFYnwzD62_4XRod9k8oyU658PndWTTLmUSUwFf1GP3hgsCrP84tl8j9p_L2dEnsrVW_iqM0HSEO5UTd4l3WTVazmySFqRqaex4OSUxlprs6PSlpTnZ9d8m5Yp_ZaWa0BdHcoGBbvU0O8CHuh4UWeEnDtBvMqZFndhaJIX01oq_bN493srJwKwW4tDhTfkiFo58wDUi2g9CnbGr5ThfsP6z9JmqZUiQw4bL5BY_GCEziB297Yr0CAsl5G1QMHOVVFqoaWXxGZd8FQ6FmRuYCXJRQBWTFEPKgt5Rlbn68DvGDxIggfdWMkI1tWk4_OwlbR5yfsc4EsU0r0eBJ8v-AbYimbSw-1QaJ7_Ltca6JaIBOUxQ__Z12Qva6bU4PbRJbnWDiKZO9piwWlzAMv5ES5Xw4ytxXzdHJPSqyuhwUtqdNNwMCDOoXYBX_gByhbEtZafpXQWRDeFjc5qDtPhAfZsffZSqD1hviszsv48cmNWxGUl1FNEVrnpX9_JgQJRpSWjfFNypIyu6J7CuPWBLwWbwt1UpI-hURnTj91uGPm7r2daFXyavStr84ti9mgG-fDUj5eIbC4M89MCbzD9HfmCbUe15zlLPvGrGfD5b&sai=AMfl-YT6ViHv7zGaVTRIxb3z7VUyJT4o42hVf0hSW9rT02UMXmjMRXHkq2TDEH9XES9Zo7s6Jzco6aYLK3Y3dmto7PTwth066XJ6l4Y6M2PJw9ZfTGzt5YKEk9IfYEABsDayXZgdDCAOJtjka4LJCZEbEvd_JlgaYjRvaGnD0A&sig=Cg0ArKJSzOAyT5_upW6oEAE&cid=CAQSTADq26N9cZ8RvRQD-sZQtcyfc7vO_RKtNII6keo7iV7vWqUQNVR8jrjLQOL4XcTWubhEJRc_o49u27ec86fO794NQXTMGi6zTcqf_B4YASAT&id=ampim&o=513,898&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=1977&tls=2977&g=100&h=100&tt=2977&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame D98B
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=LD0TF4I9-23-EMWL
https://s.amazon-adsystem.com/ecm3?id=LD0TF4I9-23-EMWL&ex=d-rubiconproject.com&status=ok

43 B
479 B

364ms
364ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=LD0TF4I9-23-EMWL&ex=d-rubiconproject.com&status=ok

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:13 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: APTNG7FQRDNE4MG6KCXE
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://s.amazon-adsystem.com/ecm3?id=LD0TF4I9-23-EMWL&ex=d-rubiconproject.com&status=ok
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: e1bf03b8e0c0366715a8d9abd31b9f35
Expires: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DBE5 0
20 B 277ms
277ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=B06I3FSPHY5GmLIudoQO6u7_wAwAAAAA4AeAEAg&bg=!lJell9PNAAYDMoyoIzI7ACkAdvg8WsX_YsT5E3M2DZcHmwUq_yXoWbarI4vt2o3jfAfM083UQFWNRAIAAAB3UgAAAAJoAQcKAKy5Ux4XtDNx9akPyeesublhyX_m54BXm6cKARH6h-_z6JBk3T1et5fdrGAroM2jxjsow2xdAOd-ewh5DkCo-iiditcEaMJzs2RnNM3njzMwAkF8C1QhlLPeTY0C85FOlewE-GGGeU9xP_RiExCWUyZq081PciDl1_alDYdY6Sq6_ui-IDvMnF-9k0U73JiWaabJu42-QQOCZwCtcw3sI-Bp63JGpGaUco6mMTHAmQLrF7e7yp4TC2hn16vEwQ-LJ6fJzLcZIwGg-Z9084a_tuFIblVod1sNeIgWEkRIyAb7_6mBP57ETn2j5tLN0y2za4TMVDYAVscy-OMguqR4IGmsLE7dej16526ONSZswvI2AlVCQAvP4DIN8x0ls3JMW5nLNIkfqiDKawDD1rfeth-yJgK16A40fINRyi6H2DNZK9uBkCDv2r98HiLbFXIA5rTp1FAVa2XBF1wrqnyateFS7Qq4ebEIgLsH-3hnqTyuq25hO_kwcX8pL2TuNp7k6lrmV_0UMpkxUmbde0afZxaCsOP54WYa1y0FAdS4oN3oc0W9Q-E9iduUtz_M9URlaiYeqdx4j74IN3hoXqfMKoOKL63tsjoNhm0pvS7Sk3_Xez79atiFiprS8unGapzhQRMvaESh1BZo7zZ6NR4hRHON6U5e7Jw9VG4ZkT0XD59dYrepoGPykNxd8L9RhLbeRFTCPbUNIlJxi0OZRqtomckxQXKJNiUjg7UEV2jVr7VJtDkM4ZtrGJcqSIPieG_9G3RxQk5jK4BoZP7UW92U6pWm84BRPpvJ75Q2wl9ZJPDePF51Khn9V6hdSFCVcO4YWv5crIsHrq4LDnWYFr4nASdmEcUSwqKW0-ida5Z0r8xpa98IXJQ4HW6XfuVO9Xnwc-jVF5B-_BsNK1lOS_kQ6BoueR88Rg0s-s1fXnwKyF16-xbbOTSul9Dwk0r8mXsxgDyB2R1vUAfu84gGxcnWX47ica9fyXu2_cRawes_W7bfr0y10gEwojjhV_RIbmhJsOvD-M93lfz-SCGz8ls1QFpUreAGQa1rzoGU2f7PqQ1EBggHFeh_-APSXTRencBfHa557zjhk-eQgfbqK72eCeTkRdhGPdV6R0kbYGk3WrTOdv4iW-k_ShNTDZTF9vkqtAgPdct5tfhmuvnHNfnv-esUFHXlYRb4KJmA8hsNM00QvZt8rB66M73wN2p1AtIpm9xv_O0N11u_7Nss

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame D98B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMJKF_9gIl2zUW-BuxbNcwY&google_cver=1

42 B
691 B

946ms
236ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMJKF_9gIl2zUW-BuxbNcwY&google_cver=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Server: 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: d264e84c9dc1a645a3048554992c5d82
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMJKF_9gIl2zUW-BuxbNcwY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dcm
aax-eu.amazon-adsystem.com/s/ Frame D98B 43 B
855 B 1719ms
484ms Image
image/gif 67.220.228.201
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

67.220.228.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:12 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 8VY8V9HJYTAXHNJAFMAZ
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D98B
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmIxMTY3NzI3ZTkxNGU4NDNjMjViZTk5N2UxOTQxZTEzYzJhYTgxMg

170 B
188 B

276ms
276ms

Image
image/png

142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmIxMTY3NzI3ZTkxNGU4NDNjMjViZTk5N2UxOTQxZTEzYzJhYTgxMg

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmIxMTY3NzI3ZTkxNGU4NDNjMjViZTk5N2UxOTQxZTEzYzJhYTgxMg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 030b4ddd4a4f3e9891a065664f20c4bb
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame D98B
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=lB0mjE7iS9uku7VIWvXxBA&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=lB0mjE7iS9uku7VIWvXxBA

43 B
479 B

344ms
343ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=lB0mjE7iS9uku7VIWvXxBA

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Jan 2023 22:37:12 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: DZFYY0N4H51QCNGQYN1G
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=lB0mjE7iS9uku7VIWvXxBA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: c80248407eff6cf595ce43a76c04e23f
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame D98B
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=&expires=30

42 B
691 B

945ms
237ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=&expires=30
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Server: 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: d264e84c9dc1a645a3048554992c5d82
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:11 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8aa8830a-79b7-4954-b161-a5fbd7277cef&gdpr=0&gdpr_consent=&expires=30
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 289

GET
H2

200

setuid
px.ads.linkedin.com/ Frame D98B
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LD0TF4I9-23-EMWL

0
573 B

720ms
425ms

Image
text/plain

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LD0TF4I9-23-EMWL
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: F2CAC2273E4A4D06B134EC9BC6E00166 Ref B: SYD03EDGE1018 Ref C: 2023-01-17T22:37:12Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXyfVc+o+zlQoGRzMYKog==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LD0TF4I9-23-EMWL
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 0ed95c36ed1932be3ba76fc523a6e179
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame D98B
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/DAH0sBsN3Xxn81MGq0GwaMn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-OESqHzJE2oLQpdMgq1qr7_iynfd3hOezpkQ.kQ--~A

42 B
691 B

359ms
236ms

Image
image/gif

69.173.158.64
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-OESqHzJE2oLQpdMgq1qr7_iynfd3hOezpkQ.kQ--~A
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Server: 69.173.158.64 , Singapore, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: dedf7fc216a5bbc739a54325e875a79f
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Tue, 17 Jan 2023 22:37:12 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-OESqHzJE2oLQpdMgq1qr7_iynfd3hOezpkQ.kQ--~A
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D98B
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEQwVEY0STktMjMtRU1XTA==

170 B
188 B

276ms
275ms

Image
image/png

142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEQwVEY0STktMjMtRU1XTA==

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEQwVEY0STktMjMtRU1XTA==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 808ed95536e7f55d8adbcb9fc76d309d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 206 file.mp4
r4---sn-ntq7yns7.c.2mdn.net/videoplayback/id/8f877c055b2c8c49/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1705531029/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 6AA8 2 MB
2 MB 286ms
142ms Media
video/mp4 74.125.152.105
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.152.105 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s30-in-f9.1e100.net

Software

gvs 1.0 /

Resource Hash

740fbc6abb0755022063bf4f6be72dfd2b759185dd277f1f0db909dfc225ae7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

expires: Tue, 17 Jan 2023 22:37:11 GMT
date: Tue, 17 Jan 2023 22:37:11 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-1637835/1637836
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1637836
last-modified: Wed, 23 Mar 2022 20:50:13 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
client-protocol: quic

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 95F3 27 KB
10 KB 273ms
273ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal117.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

sffe /

Resource Hash

f243a7adbeb642afda11bc1d3666a7bd21f92efe68668deeb00262bee100cf50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 21:57:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2352
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10558
x-xss-protection: 0
last-modified: Tue, 17 Jan 2023 19:31:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 Jan 2023 22:57:59 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 279ms
278ms Image
text/html 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023011001&jk=1998417916665560&bg=!ZmWlZSHNAAYDMoyoIzI7ACkAdvg8WssOlnjjvCJmvwOlGL9tZKgzqZoH8KfIEzGLm0hvGlj_YqdiqgIAAABsUgAAAANoAQcKACpQmzOTLnms6lNvfKq7bXLyyTjYwG_5sshh8XvknlWKf6G-a58NsmVe0E-ZAq9T-cZXh1nkK4LQps4ZfBmRWsYhxRJDNx36NfmAnQzPAX0W6qLVi293MUhvX2-rGe6R3nG15ydm3q5opDFpXEUvraESCkPVDBRBOXKA8DplUzh4tz9Zze1CVsdaeLY6gFBDh0Izg56n_5FRoelpWUpzMLGJ0L5xelfNl307cx2JPfhurgIe8kZH6OLF2xYA_5F3TFVQtFTI42DQT_meCr7gvWToT0jIURlIPNjDU5EZqKCrvyZPXfnr1IYHkscpXvqyO9c5NHVqzYoIBOFIrsclmQ28gGhzPzl1q_rI5ln4ulI8c8wAX63ZAOxkLt7xymFLUQvH-0y77MUOSOOWgd5DIiuFFvtU7qM74gd-8ZvoZum9_ruQOA0AC2a7s672ebXtqaieISFMYb6-SEIF8j8WdI3c8DjEK4OyfNq5O6sAbD_YPDZz1Lf6qGJsIJf-NXmKEfP2nATyDvY23l24Yj4CGBB4NewxxSbCcNS4R221Gu8ZTqSYrjNIlqBEVpdZdVZA0c4Mc9DQM2BBy7D5AXxnMzry5SICASNMb39-fg5rXQ_Pp8Chr5Uvdat6jfyO_dDNrX_DIAYIkBlIEsfhXnMZ3Hj0SFLMVsouPZucKX5haEH3c8qiYtAhsb6va_5Jn2UsYcCZA9fBUReeLJVmSr0Qj7jbp7TjxiHTZcgxbj5kwumum9moRUeyL3TpsvvowublgJqTPk99ypwWDtIO5JiHtbAp4W5Yoi1OAL8MkgpYK1RSq5gZSnMsfzfva9vMdKBfCVEePUsxB0m3FWFpd33bbHxVdPwCoxrz1oVof2C1gsDj1H1qSvNkafFci8E-dGU3fGXgbCCylyjJ6kGqjA_Ew14n7bUSuqf2YZcr5oBUPwdm1HAG-BlGdRy2iTSL08oDh0Sy0PWFclkxfvfSyNM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.4.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sm-in-f157.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 impl_v92.js Show response
www.googletagservices.com/dcm/ Frame 95F3 60 KB
23 KB 274ms
273ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v92.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

sffe /

Resource Hash

8acf96115cb55ad61bfdc24b7918a946d1b983ac14062a584dbbe8744021430a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 07:55:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225714
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23563
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 16:32:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 15 Jan 2024 07:55:17 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 273ms
273ms Ping
text/plain 172.217.194.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oe1a1&_p=867166287&cid=772704711.1673995025&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAI&sid=1673995024&sct=1&seg=0&dl=https%3A%2F%2Fpastelink.net%2Fv3774tc2&dt=The%20reason%20why%20Sports%20Betting%20about%20Online%20is%20Best%20Option%20-%20Pastelink.net&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.194.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: si-in-f101.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastelink.net/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 publish_atlas_P_1.png
s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/images/ Frame 0934 21 KB
21 KB 297ms
297ms Image
image/png 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/images/publish_atlas_P_1.png

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

a1ec37333093a86f435cd6b1a9c5f0781b4e50bd7c82d516b2212b46653dcec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/publish.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21229
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 00:57:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 22:37:11 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame DE07 0
0 280ms
277ms Fetch
image/gif 172.253.118.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssHcNbnLVBllwQCudWxdfVG_ucGQ2zGOYlgNGHrEgrGrRwFlBzeSphTGFqF29XJyV3VV9HTgDfnbv8HY4WA_EG4eiJwG25ayR_0WXu8itWcmJxl5nFWKbEa6nZcpHrRMPhLEA--_YQ0fzzI_WwWX9H8RoTxxzXz0Rs6EqCXO9vba3MAl9hzVEt8NInZUJfPfN7CLFnEKWTUsQsorcrke7QQQZm9kIpD3K8Evo6VZalFoR2Smal5Lr_RV2v2G2gjssQNA_h88hBxF_ECFaA2J-URKvDNWjvxt3e_xMPv9eWHJ-lMJ-QWT5LTlqlkGxL5OpzXfJvSjFjhXAMDK6L0Ol1CQy6p5OK60H2LZ1YFDE3qRgs1IAeZG2peJ8uA9gQm5jvqux9GOGe5kzZ7YiL8jeq5LuZyueRMw02vSrTyH7ycoKLpek_4MqNFX_lDaGlmisuyYRYweOgmG0aYOgI5VXDY5JRs9397BvOvAWHICb2akZnR4-GcJ3_Qcbynl-xQ2ZHY2UNO6kFkAGDdtQWxyXhOq1OXt2iwCaObWpRgi_m8qFAr4CjaOvn2cBjE1Pt8lk88-JODMrkZrJEp-MF_C2FuVdSgGm2cE3xeb56ndS1LODRD4-hu8c36U0JiVxmftyfnhn3sg7epkACLMTFcwzJxIaDkghAtMqhq8nXEWHmZPxbn8uFWKEIS6GbOP4X6__bWn41CAg9WKwEI_YvbPemdZFfjf_1DtmFGObPxpyQCOPUAuibgAJONq6WsU8OCakvFLhb0mD9tkywuH2MjO7JhFF9p9_zKmdXNVt4zbjdXGb7zfSSrLpckBNSYvNc5CRTpPPcFf00khwS4AT9Y0cvJLGkOIjPH-9sV3UWXg-IqOIBEQSsd_DCH4X1ERys233lED2hHM6UEbe-NqKHXWXNbIXQXcnamBKW9hU6BWjPzR5d_X1qY4IBo1XeZnAW_LeXrfMBdeYOi-Ve8J7UHdj1l04muD-3Eos2smwfZYTKG375ja-EDQVzO1r_mKHzvZ0K2ACAgEg9vVyYPEQJZJV6kUUkGgrTh2rTMxwCE0FBBOdzKAHZYNTYb-zg4RSSGEWvzNFgxArPyK72Aj97LQycTRCaQ_4gVcVKVVUe9gTXMFfvduhp1LF3u0PlsfV26jpLVVJ_GFtzR9iTaYj5_FmGXKEi30anJcaA0Rr_YJx-pQRLF1BkiTPp__i6JQP7oSnEpkCURz9ImY-Sc7lim-BG6t81jhe4&sai=AMfl-YTi6y92UXjeNc-mlxgP-qCPP2s8TDpx4pH6wFlvIdDLnlesrRx978AH-JpEbongf0ddOxJs2F08B3PsLuhlXu24tSByDRCS0CLxJMcut0RevkVPuyO3QVjDEij5XGdF9Qj7qYgbFBPQAsszq3DqhhGvApNCccp8hdyhuhuBlKHB10D3Dum9RnVVEOJCI1Ti-0A96rYJfw4M_V4TGammQMd8nVDxHkzzkZL67cQdD_Bqje8h8JiQPbYu8UHLSGLGW3U2uLyXhkqpVFjr4XfmkC5lFWqCCCxcGdX4eqAWmQ&sig=Cg0ArKJSzAauD0n5hc8hEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3130&vt=11&dtpt=1784&dett=3&cstd=1343&cisv=r20230112.67497&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 17 Jan 2023 22:37:11 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 6AA8 0
54 B 637ms
637ms Ping
image/gif 142.250.181.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~ld0tf3gp&c=3325467068083&slotId=1662733534041.5&qqid=CM6XyrfVz_wCFYUGKwodfEIFRQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=676&mt=video%2Fmp4&vs=854x480&ulv=1&cll=0&vast_v=2.0&vmfc=12&vhc=0&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=59&vsrc=web_video_ads&ape=1&ple=1&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230111_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.181.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fjr04s08-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:12 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BBED 0
0 277ms
277ms Fetch
image/gif 172.253.118.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstyj7pRF2dptnoAHgNzOPOarZvAlujXL9zQ84SbpmBdnXA_OGwQ81LygFKNlWXIx20PLs-AjIpmTwThIYmAtkWQNUy0x_pUXGiR9u4pOkyHT8RuXReQMlN4Xz1D104u1aUjmpzCpIfXw9PbMpNqU1rv4MtuxRFTuHmN5Fc4iHw18rTZpmcKVd2WRIJ11lQZbxO7GFgGAJ3jzflxAsWReJY9kUhLOuMLhkvGK8vFGpgVNbUvkk0lh9FPkSUwze0FZ8zGCn0uxahqBB89V6lCxtMiBqpna7KDmI4Q0SI6xp-O4VGgdHSxopz2M67R_H2LgCvUyYbm5W4fAvsjpHUgWiYJ4jerTP3OhZYOgYVurN75Jt_uk4KU5H4kQ2H4KV2-v6jBlbbWGDgDOeQQGLb4Xl2t7CH1b7VwYLNY5KDl-lshoTiE_UbK7akmQGm7xPNdfFia0sVMxbpaT3qp989Qkim_gl7evOaGkoiBeYofR-WSZYSSedzzZ4pwmLeFYoPeWKsu2ePS5cvzVBzJm7544vZEqf4dcAvQH33QwzALNEn5s8rSsKGUBB8n0zK_e2a3AlpRh10Z5olU3Y0l4URq7osMCh5GC3XLLYBFvHkMyIEh5IuhwsFrAU5cy4OulnXjwfu5iP13cmWVCaFim3TU6qha_zcY2Y3kn3P-tJttkrtgQMqEjL3WXBA9hNvmrm2t6W0KRMFfD8T1rRwGvHZz_5Lh-Tssn4FGTExF9xLc9ntOrmN0zDSaxFvZP0LeevPTkQTtO3Tz_pHVMH1Btctstsgz0vyOg94A0vS2t5zlkbgPVBb6XDzaPzZsykx_vFGSD5wmFxysV3DgExwRskVbio_hi1bZ40PcMxpzA2ri91GEEF1IdWL1gm9oQ8S6zhPU7b2MBcqxzod4KBgGdxQUcEdQSJLkiSNBonLfrsyhlveJW-RusnUBNGlx2hDyw-3dBjYo4yObV3sAJuF2nBWpQu-1yoCwq_P5DUDOEbtOS5I1Xx06W1ZsIAVp-ShybAzj4wRRVwfg03kHRH_SZRk29e0uPJH6LJylZl6X2cWnyZ-AnjQ7lIIVR428wL12TPMhMRPpMNEgRsbQujVY2VR9iAjFssO7MJxrC9mkGKqcSMP-SHLe3aJkYkak_lZ3DY830Ajq4eCSlBi_BvipXyeAyvm65XvA2ZZZHxrYdQF-Fc4YdqkTVSE-dgJraJ-kpG8oOT-5bvwJUXFAQDc_2u1VxDzT7z3XwA&sai=AMfl-YRIN5kVhva-HJN79NoPkKRtJmQVE1zwLE_Boziov5iEWQ26IqrOLCyaNLHUTB6N4c3BwQnMhpg_f68Q3n4SaAfUMjZoXvinVitv3cXA1qvBfE5HujtGnQ4baUQPVKJQ7Y5MZLlN7U0QoMGqGi9uqGAS-tJeGFsC45uCPVH0e1lD6Uy4PUh9zJGsmKfpEbAetK1lyqwnKCIWVRRNhwqoDrmmy0e461Q3QTea6MANwS62uv9m5KNCRFp9i5Zkp4fUW-bFKa2Z-YoxaCq_gQpHJIfwkBVKB4JN2og38kputg&sig=Cg0ArKJSzA0YsJUZF7XYEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3099&vt=11&dtpt=1864&dett=3&cstd=1233&cisv=r20230112.50851&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/v3774tc2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 17 Jan 2023 22:37:11 GMT

GET
H2 200 B9689862.280410797;dc_ver=92.272;dc_eid=40004001;sz=300x250;u_sd=1;dc_adk=3395800993;ord=02iu5p;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F... Show response
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/ Frame 95F3 54 KB
26 KB 854ms
304ms Script
text/javascript 74.125.68.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280410797;dc_ver=92.272;dc_eid=40004001;sz=300x250;u_sd=1;dc_adk=3395800993;ord=02iu5p;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=.Pj4zHGkgj;stc=1;chaa=1;sttr=322;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v92.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.68.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f149.1e100.net

Software

cafe /

Resource Hash

5b4787aea9211bc6661c4ea951f56725efeeb37fed9675331d054be6ec38922a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26127
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 publish_atlas_NP_1.jpg
s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/images/ Frame 0934 108 KB
108 KB 276ms
276ms Image
image/jpeg 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/images/publish_atlas_NP_1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

58e2d92d9f00632eb64197b1834ed5eae07bb1facb67c85a0e00f40ffc482add

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2056418256129463703/publish_shoreMariner_brandMessage1_300x250/publish.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:12 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111039
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 00:57:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 22:37:12 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 6610 0
260 B 713ms
236ms Script
text/plain 67.199.150.85
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156011&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.199.150.85 Los Angeles, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:13 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DE07 0
23 B 275ms
275ms Ping
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5526476542713&version=m202209210101&ct=76&x=1&cor=1813773839146742000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BBED 0
23 B 275ms
275ms Ping
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=554067352689&version=m202209210101&ct=76&x=1&cor=3606121010059981000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230112/r20110914/elements/html/ Frame 95F3 8 KB
3 KB 274ms
273ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230112/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280410797;dc_ver=92.272;dc_eid=40004001;sz=300x250;u_sd=1;dc_adk=3395800993;ord=02iu5p;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fpastelink.net%2F$0;xdt=1;crlt=.Pj4zHGkgj;stc=1;chaa=1;sttr=322;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 19:41:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10522
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 Jan 2023 19:41:51 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 95F3 0
0 278ms
277ms Fetch
image/gif 172.253.118.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstHmrGnS1AyOu9M2QSNyHPRwPdkyaKbFNFB9AS1Ab956HSGeHtgfBh_Spv7P_o0Di67Nc6edM0SiVNlenhx4pVIVHZxHGFgg_79nBOJXfjEUls8uxP4H-3e3I24Oc-JQvF-uw0m3wY50_DXQDK_0mftkJDCQQ&sai=AMfl-YSI6Wi3LmpDmfYqLbWLPqnuj4T8UXEhxTU4unSeMuH5VDA92krU-jUjftxyVpEKgZzfGHCf0nIXww7OMc8yd4dvANbFXWgHJ2Y7afe8&sig=Cg0ArKJSzN-7UyjVU7hQEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230112.75317&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 17 Jan 2023 22:37:13 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 95F3 41 KB
15 KB 274ms
273ms Script
text/javascript 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 21:35:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 176519
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 Jan 2024 21:35:14 GMT

GET
H3 200 2418735279377567735
s0.2mdn.net/simgad/ Frame 95F3 47 KB
47 KB 275ms
274ms Image
image/jpeg 142.250.4.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/2418735279377567735

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f149.1e100.net

Software

sffe /

Resource Hash

d22ae6bbaa3c79a6d31667177a7bf1b209536858fe3caf1a95a21af65d76f15b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 23:14:01 GMT
x-content-type-options: nosniff
age: 343392
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48252
x-xss-protection: 0
last-modified: Thu, 26 May 2022 20:28:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 13 Jan 2024 23:14:01 GMT

GET
H/1.1 200
OK dv-measurements3414.js Show response
cdn.doubleverify.com/ Frame E812 558 KB
107 KB 539ms
537ms Script
application/javascript 42.99.128.145
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements3414.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/v3774tc2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 42.99.128.145 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS: ip-42-99-128-145.pacnet.net
Software: Microsoft-IIS/10.0 /
Resource Hash: c5b6598bb3fd9be4f047ef800229bc4be9a8427eae76e3008d66a3a41d947c6b

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 17 Jan 2023 22:37:13 GMT
Content-Encoding: gzip
Last-Modified: Sun, 15 Jan 2023 10:41:13 GMT
Server: Microsoft-IIS/10.0
ETag: "806a3de3cd28d91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 109205

GET
DATA 200
OK truncated
/ Frame 95F3 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69955b0ac54e4c6e03af0e7f5ecd79ab3afdcf483fb8da58b6626db7722dd2dc

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8C0A 22 KB
8 KB 274ms
273ms Document
text/html 172.217.194.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 282042
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 14 Jan 2023 16:16:31 GMT
expires: Sun, 14 Jan 2024 16:16:31 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 95F3 0
0 278ms
277ms Fetch
image/gif 172.253.118.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstHmrGnS1AyOu9M2QSNyHPRwPdkyaKbFNFB9AS1Ab956HSGeHtgfBh_Spv7P_o0Di67Nc6edM0SiVNlenhx4pVIVHZxHGFgg_79nBOJXfjEUls8uxP4H-3e3I24Oc-JQvF-uw0m3wY50_DXQDK_0mftkJDCQQ&sai=AMfl-YSI6Wi3LmpDmfYqLbWLPqnuj4T8UXEhxTU4unSeMuH5VDA92krU-jUjftxyVpEKgZzfGHCf0nIXww7OMc8yd4dvANbFXWgHJ2Y7afe8&sig=Cg0ArKJSzN-7UyjVU7hQEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=313&vt=11&dtpt=312&dett=2&cstd=0&cisv=r20230112.75317&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 22:37:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 17 Jan 2023 22:37:13 GMT

GET
H3 200 KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js Show response
pagead2.googlesyndication.com/bg/ Frame 8C0A 36 KB
16 KB 274ms
273ms Script
text/javascript 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

sffe /

Resource Hash

289788d2c332a3543a9a384333d98a7234b622a46df79735c080ea2f2b1f7743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 08:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 395282
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16068
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 13 Jan 2024 08:49:11 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8C0A 0
26 B 279ms
279ms Image
image/gif 142.250.4.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BfpcrGCPHY_GXIenj3LUP1IqikAMAAAAAOAHgBAI&bg=!aWqlai7NAAYDMoyoIzI7ACkAdvg8WqhjekDKxA9VrJHsAultBTAxblYWFRMFdwdgJbnvEiNZtcBSAwIAAABpUgAAAAJoAQcKAAhUUvRMJ2rAuZkC8v0vxUlYuE_fEGxcxxmXyEGsBFhhxSKWgPaauajs7Pesqap4ph1EiAaA2QoPFgTiuUMR8aBEf7HYkJ9eDZIejV2R62q9H22SGei3Kgvv76uArm7NsjS-g1d5bHKDFPdkx0sJv8I1yMT_jBpQZjulC8InW3Q2DridC2oXP5-n-NmCXY6WrFPdOicpTnLgcYyQyROTmZP00rJlkYFptGPgMAzvksknNT8qijoBVmcnuz_UaKS0rsR_tIzebQ9dmoZjJ03UjhIwpLdTeFUKgyS48K_de8xAJHVGNGzdhP867DTad3JN856f9o5pysholZoaDZIn4UysBBH_EAgk5aEnamRg0VVjExn4WehBfdWhrEALB3Cmj9W3MXxCCezG70SgcVQTdEhPPICLBROZqmDo_-9i_J1cKYcfFhAc79AqJ_FJy20mVM2Y23PsimJOpWPwLEQgI-1p4XW2D9PNJnZawRnG36zvV4jaerXVhSfq5SvZ_b4FcnwuqZBqdMGAI-W3hJayIDT3vLmYr7hFJSLH-FGhBsOLz0kM4L8_P58erUfNz1M12HsZEDcqxHl-WUcoDX-1alJFRxQIqGoEHwtIeP0zlewWGAl2EmJkxL1JxtY3VFeGu53mKjnKmsD7S4L7rHOCthRy4ODBJdNFYPfxrWr-5NE6_ci8Vl6YGc5qaLMKLlI-X-mMELjp1xfRTP1gCkEj0XOmVpa7THrIBzceOxS6rTOmeseb4oA2gKeeHT9WJ1Wz1EfQxseRVxZonExp9t6cgD2Iu5zjDO0pRwMcj0sYtYiCwaPrEZLe-Yl_-4Ht8NKbzQuDOXavVCrFyQdVZjCCtZpaRq80nltB-gOCYOMP_5Ebx1HgeiR8HlUe68AsbeTBagjNc6AHXskiH2uyL6NDzuFLf3s-02Uzbq9WXYD_i-NSH694UfOY58IOJCK-yT_N5AXZH110bQCCbV6svEPMxAHO__sOoxg1WZiSkRolm3QLcO_EvrPD_PU1W2zfTWA

Requested by

Host: e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Jan 2023 22:37:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET visit.js
tps.doubleverify.com/ Frame E812 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pro.ip-api.com
URL: https://pro.ip-api.com/json/?key=ZxSSLwZtxrKxQbv&fields=status,countryCode,region

Domain: tps.doubleverify.com
URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=1352&ttfrms=28&brid=3&brver=89.0.4389.72&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETar9EEADTbpTauTau6ddeeffbbeh3%60afb463gh235bf5aha4e%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTauA2DE6%3D%3A%3F%3C%5D%3F6ETauGbffcE4a&srcurlD=0&aUrlD=-1&ssl=https:&uid=1673995034403102&jsCallback=dvCallback_1673995034403216&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=250&winw=300&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=3414&tgjsver=3414&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2Fe5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&fcifrms=10&brh=2&sdf=2&dvp_epl=277&noc=4&nav_pltfrm=Win32&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://pastelink.net/v3774tc2&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0hqcCz1Z4Rn6tG6rJO2QgFj&DVP_DBM_1=3060631&DVP_DBM_2=23009949&DVP_DBM_3=16740933992&DVP_DBM_4=416816016&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=201491245482&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=222328719.02248922&dvp_tukv=251678966774.69736&dvp_uuid=1540939333.47635&dvp_strhd=0.5&dvpx_strhd=0.5&dvp_tuid=1088633682296&jurtd=433111595

Verdicts & Comments Add Verdict or Comment

169 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

69 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
pastelink.net/	1970-01-20 09:49:55	Name: PHPSESSID Value: bt1benp07metbquk77umolalmf
.pastelink.net/	1970-01-20 11:09:31	Name: _gcl_au Value: 1.1.816898619.1673995024
.pastelink.net/	1970-01-20 18:35:55	Name: _ga Value: GA1.2.772704711.1673995025
.pastelink.net/	1970-01-20 09:01:21	Name: _gid Value: GA1.2.1725036021.1673995025
.pastelink.net/	1970-01-20 08:59:55	Name: _gat_UA-55088947-2 Value: 1
pastelink.net/	1970-01-20 09:01:21	Name: plTest Value: false
.pastelink.net/	1970-01-20 08:59:55	Name: _gat_advallyTrackerpl Value: 1
pastelink.net/	1970-01-20 09:43:07	Name: _pbjs_userid_consent_data Value: 3524755945110770
.doubleclick.net/	1970-01-20 18:35:55	Name: IDE Value: AHWqTUmW2L4WlYX5lh0baDJsrtmQuIRWN-7huTzpEPDalCNbtcrI5_YCBsza8QgI
.doubleclick.net/	1970-01-20 08:59:55	Name: test_cookie Value: CheckForPermission
.pastelink.net/	1970-01-20 18:35:55	Name: _ga_S3DKHVPF03 Value: GS1.1.1673995024.1.0.1673995028.0.0.0
.pastelink.net/	1970-01-20 18:21:31	Name: __gads Value: ID=c8c9cd0a57a3d12d:T=1673995026:S=ALNI_MZMe6J1icvqV6WJT1ZnPqeEe-HNyQ
.pastelink.net/	1970-01-20 18:21:31	Name: __gpi Value: UID=00000ba6569929ee:T=1673995026:RT=1673995026:S=ALNI_Mbux6YG3ZHOX5Vd6C9PTqyrojfROg
.amazon-adsystem.com/	1970-01-20 15:09:59	Name: ad-id Value: AxRef84B9048r6wB88yaZyI
.amazon-adsystem.com/	1970-01-20 18:35:55	Name: ad-privacy Value: 0
.crwdcntrl.net/	1970-01-20 15:28:41	Name: _cc_dc Value: 2
.crwdcntrl.net/	1970-01-20 15:28:41	Name: _cc_id Value: 454dc3d0a31aa7cc338371a76ec2554
.pastelink.net/	1970-01-20 15:28:43	Name: _cc_id Value: 454dc3d0a31aa7cc338371a76ec2554
.pastelink.net/	1970-01-20 09:01:21	Name: panoramaId_expiry Value: 1674081429310
.adnxs.com/	1970-01-20 11:09:31	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GUgFFP@[!@wnfH8K6pQK`!5=E<L5?%M</5JSum>=W(fn0$E`otpU3_4w@AGGJ!6Z4qObpRzqF1`b]r`)awem
.adnxs.com/	1970-01-20 11:09:31	Name: uuid2 Value: 5319057607276055352
.smaato.net/	1970-01-20 09:30:09	Name: SCM Value: 2b9fb977
.smaato.net/	1970-01-20 09:15:02	Name: SCMaps Value: 2b9fb977
.sharethrough.com/	1970-01-20 09:43:07	Name: stx_user_id Value: 9f118953-c5e5-43d2-9aac-e2fd73a17ad4
.media.net/	1970-01-20 17:45:31	Name: visitor-id Value: 3169966297445546000V10
.bidswitch.net/	1970-01-20 17:45:31	Name: tuuid Value: 440c1f52-71d1-4e6a-9701-042a8f9ef24d
.bidswitch.net/	1970-01-20 17:45:31	Name: c Value: 1673995029
.bidswitch.net/	1970-01-20 17:45:31	Name: tuuid_lu Value: 1673995029
.smartadserver.com/	1970-01-20 18:30:09	Name: pid Value: 7677500079211826446
.zemanta.com/	1970-01-20 17:45:31	Name: zuid Value: 2fYQ_XzUZJgu-ju8gBCJ
.casalemedia.com/	1970-01-20 17:45:31	Name: CMID Value: Y8cjFTbTTHifU54FyY6nwgAA
.casalemedia.com/	1970-01-20 11:09:31	Name: CMPS Value: 4685
.casalemedia.com/	1970-01-20 11:09:31	Name: CMPRO Value: 4685
.pubmatic.com/	1970-01-20 11:09:31	Name: KADUSERCOOKIE Value: 1DBD2F38-9CE3-4C60-AD18-F1E450FFA70A
.pubmatic.com/	1970-01-20 11:09:31	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 09:01:21	Name: pi Value: 156011:2
.pubmatic.com/	1970-01-20 11:09:31	Name: DPSync3 Value: 1675123200%3A201_197_226%7C1674518400%3A164
.pubmatic.com/	1970-01-20 11:09:31	Name: SyncRTB3 Value: 1675123200%3A13_71_7_54_220_21
.adsrvr.org/	1970-01-20 17:45:31	Name: TDID Value: 8aa8830a-79b7-4954-b161-a5fbd7277cef
.id5-sync.com/	1970-01-20 11:09:31	Name: id5 Value: a7284f4d-124b-78cc-aaf5-a452b5116f98#1673995030539#1
.doubleclick.net/	1970-01-20 08:59:58	Name: DSID Value: NO_DATA
.rubiconproject.com/	1970-01-20 17:45:31	Name: khaos Value: LD0TF4I9-23-EMWL
.yahoo.com/	1970-01-20 17:45:52	Name: A3 Value: d=AQABBBcjx2MCEKU8a0Z90pIrEVa8VjQGM3YFEgEBAQF0yGPRYwAAAAAA_eMAAA&S=AQAAAv2OHrDsb1OGMU4uPHaprPo
.mathtag.com/	1970-01-20 18:25:50	Name: uuid Value: 3c3263c7-2317-4f00-8c98-da650e59da04
.pubmatic.com/	1970-01-20 09:43:07	Name: KRTBCOOKIE_377 Value: 6810-8aa8830a-79b7-4954-b161-a5fbd7277cef&KRTB&22918-8aa8830a-79b7-4954-b161-a5fbd7277cef&KRTB&23031-8aa8830a-79b7-4954-b161-a5fbd7277cef
.adsrvr.org/	1970-01-20 17:45:31	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwjehYz4rLm8OxAFEhYKB3J1Ymljb24SCwie_ef-rLm8OxAFGAEgAigCMgsI3v2OpcO5vDsQBTgBWghwdWJtYXRpY2AC
.simpli.fi/	1970-01-20 17:46:57	Name: suid Value: A2558544C17D4BE28CED2A5E3F3F1BE5
.rlcdn.com/	1970-01-20 10:26:19	Name: pxrc Value: CJfGnJ4GEgUI6AcQABIFCOhHEAA=
.pubmatic.com/	1970-01-20 09:43:07	Name: KRTBCOOKIE_80 Value: 22987-CAESEFLaJ_wTfGGc1gYrl_14VZA&KRTB&16514-CAESEFLaJ_wTfGGc1gYrl_14VZA&KRTB&23025-CAESEFLaJ_wTfGGc1gYrl_14VZA&KRTB&23386-CAESEFLaJ_wTfGGc1gYrl_14VZA
.adform.net/	1970-01-20 09:44:33	Name: C Value: 1
.pubmatic.com/	1970-01-20 09:43:07	Name: KRTBCOOKIE_27 Value: 16735-uid:3c3263c7-2317-4f00-8c98-da650e59da04&KRTB&16736-uid:3c3263c7-2317-4f00-8c98-da650e59da04&KRTB&23019-uid:3c3263c7-2317-4f00-8c98-da650e59da04&KRTB&23114-uid:3c3263c7-2317-4f00-8c98-da650e59da04
.pubmatic.com/	1970-01-20 09:43:07	Name: KRTBCOOKIE_148 Value: 19421-uid:A2558544C17D4BE28CED2A5E3F3F1BE5
.pubmatic.com/	1970-01-20 09:43:07	Name: PugT Value: 1673995031
.adform.net/	1970-01-20 10:26:19	Name: uid Value: 3957578132738781495
.pippio.com/	1970-01-20 17:45:31	Name: did Value: oVOR4VKuOmEX2S_i
.pippio.com/	1970-01-20 17:45:31	Name: didts Value: 1673995031
.pippio.com/	1970-01-20 10:26:19	Name: nnls Value:
.bluekai.com/	1970-01-20 13:20:33	Name: bku Value: ikG99OzMhtwEfUW9
.bluekai.com/	1970-01-20 13:20:33	Name: bkpa Value: KJyWyWkpQM9D9mO4A2b3TTriab5EQxKAJAutJmduxSuVrgEez+O4ltXI5s1fOf8Rq2bb6hSIlmcEwALu8I7Nj23z5f8Tb5+ENtIdhdaFRw059En9TtJTlJFjLflP2fsKBqXlOMQBqEXXfQ6ewab72kJlenYog25MlPyR/mBTRMhxmTiEjPeWizt2JSDuM4s2xi+7MW2OGjaLx7rakOZwY0tgp/YA+S0V9UOKoPAVCtTFknBHhnAvvqzchhmJBAoJgYxSTlraP3H+TFR3oB/AVruujmPqzaoXPsPKhskoEnAuE38tRjx4dQz9Vg+ubx==
.semasio.net/	1970-01-20 17:45:31	Name: SEUNCY Value: C2C5E0D862607CDF
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 17:45:31	Name: bcookie Value: "v=2&cfed674d-3287-4c5a-80f6-ae9afc243681"
.linkedin.com/	1970-01-20 09:01:21	Name: lidc Value: "b=OGST07:s=O:r=O:a=O:p=O:g=2454:u=1:x=1:i=1673995032:t=1674081432:v=2:sig=AQEHv8xDc9tX1tgHjTgzYFz2cvjrRq2r"
.pippio.com/	1970-01-20 10:26:19	Name: pxrc Value: CJjGnJ4GEgQIAhAAEgYI7OsBEAA=
.rubiconproject.com/	1970-01-20 17:45:31	Name: audit Value: 1\|dAznWR+ygXXIQRyWpwib83b1+N2+YB7Am8BLnDRZ2Rt163fKDzeGgu59NY9vgjarTJmxbMX9dcPqFTrNE4+z9kqVaHlG5SlgpmvllXEtYN4=
.linksynergy.com/	1970-01-20 17:45:31	Name: rmuid Value: 7cd25031-426c-460b-8413-4eb8294357b1
.linksynergy.com/	1970-01-20 17:45:31	Name: icts Value: 2023-01-17T22:37:12Z
.pubmatic.com/	1970-01-20 09:43:07	Name: SPugT Value: 1673995033
.rlcdn.com/	1970-01-20 17:45:31	Name: rlas3 Value: fCFnVUWhZxHZeXmkmuJVAUy3HiGViHzYVO7TfUIY/7k=

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js(Line 9) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
other	warning	URL: https://e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012301041800000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v92.js(Line 99) Message: Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax-dtb-cf.amazon-adsystem.com
aax-eu.amazon-adsystem.com
ad.doubleclick.net
ads.as.criteo.com
ads.pubmatic.com
adservice.google.co.nz
adservice.google.com
b1sync.zemanta.com
bcp.crwdcntrl.net
bid.g.doubleclick.net
c.amazon-adsystem.com
c1.adform.net
cat.sg1.as.criteo.com
cdn.adligature.com
cdn.ampproject.org
cdn.doubleverify.com
cdn.id5-sync.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.jquery.com
cs.media.net
csi.gstatic.com
csm.as.criteo.net
dsum-sec.casalemedia.com
e5566773369b1273ceb89abd37d292c6.safeframe.googlesyndication.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
id5-sync.com
idsync.rlcdn.com
image2.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
lb.eu-1-id5-sync.com
lbs.eu-1-id5-sync.com
match.adsrvr.org
match.sharethrough.com
pagead2.googlesyndication.com
pastelink.net
pippio.com
pix.as.criteo.net
pixel-us-east.rubiconproject.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
pro.ip-api.com
px.ads.linkedin.com
r4---sn-ntq7yns7.c.2mdn.net
rtb.jp2.as.criteo.com
rtb0.doubleverify.com
s.ad.smaato.net
s.amazon-adsystem.com
s0.2mdn.net
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssbsync-us.smartadserver.com
stags.bluekai.com
static.criteo.net
sync.mathtag.com
tags.crwdcntrl.net
tags.rd.linksynergy.com
token.rubiconproject.com
tpc.googlesyndication.com
tps.doubleverify.com
uipglob.semasio.net
um.simpli.fi
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
pro.ip-api.com
tps.doubleverify.com
103.229.206.240
103.231.98.194
104.17.24.14
104.22.52.86
104.254.151.120
104.254.151.68
107.178.254.65
119.9.108.191
13.107.42.14
13.229.18.168
13.33.30.231
13.33.79.24
13.33.88.107
13.33.88.45
139.5.84.243
142.250.181.99
142.250.4.132
142.250.4.149
142.250.4.156
142.250.4.157
142.250.4.94
142.250.4.95
142.251.10.147
142.251.12.154
142.251.12.155
162.19.138.116
162.19.138.117
162.19.138.119
172.217.194.101
172.217.194.132
172.217.194.155
172.217.194.157
172.253.118.156
172.253.118.95
172.67.202.177
18.136.159.66
182.161.73.129
182.161.73.132
182.161.73.135
182.161.73.142
182.161.73.148
182.161.74.19
185.84.60.30
199.187.193.197
209.54.182.161
23.207.185.68
23.207.36.196
23.207.36.20
23.66.150.27
3.33.220.150
34.149.43.113
34.98.67.3
35.190.60.146
35.213.12.39
35.247.47.28
42.99.128.145
46.137.212.121
64.202.112.191
67.199.150.81
67.199.150.85
67.199.150.86
67.220.228.201
69.16.175.42
69.173.158.64
74.125.152.105
74.125.200.157
74.125.24.101
74.125.24.97
74.125.68.149
8.43.72.97
89.35.29.15
00bdce0462bdfe7d4610288f12647d24afca5624d40a76455a6297095ecd1b58
012c4fb01cf957c32182f714f26a0f7ebaf5200029e65bb30b59592885aa8513
01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
076eb204f90e565aed3db8135136c361e56e28c5f30943c2a0bbf75fa1e12159
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
09e6d69fa3dc6b4b7b79b79925826e0180b0e0622ddc2025d854f71121fa9eb5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d4113f744b5684c84b5a4a4adeec19aee5b1cdd3ee330bb6afc7cb2ab9ffb10
0eff6ba89d2ae604b3ac289fa99740c8538b289e318d0481e72bbfdf3e1ac7c4
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b
146ad2d742acd0cc28b4d82f6bc99197f15c94e8da3c5a560a8b628a669d9209
15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc
178996f91fcc30fcab68d58ab30fdfd3820198e3f6bd9764a71e9c5259cb7f92
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
190d542d8e593c755fd16e67ca62583e183957829dfb69cc2e00c7bf67df237d
192f85b97fa563b7acbd1549cef8ddb49b0970612a416e072ff437862b9aceca
1b9bc9c5d136e5e10a89c8902b5c6540cd738265af675ed3e3984e28c0c14f02
1c30128246d1dcae6fa42f6fd1605e131af0b9e25e1f8f82cd876a449b11eabf
1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1ef068ae83f6f07f9c7fded6cb74b01bebd53ae0cf0b3474339b1cfa6a2494d3
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
22c7f201d77259bf599a7e2041edb830999b94b341d5ea4d9e0ad5200a910a1a
247868a5a2a47376a75941f1501e52bcb0d90c9771a402a869cc9c6fd3de2e89
26a72a1e60cbf9e62b281d71225f3476e34dfb675f7dd1385c49f205eca5afb2
27aae5005629397140d580696bab4b41d4f6a19c05a552523b328c918c368c82
289788d2c332a3543a9a384333d98a7234b622a46df79735c080ea2f2b1f7743
2a55394419881ff757d80d08468ca926684f5a005388ee96e04771609856f8a0
2bd8d7b8caebaafa4d7f1f1809d63994ad845d32cf67e172c8882706f67c6bff
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32d3612170c26791c895d818ff51ff3831a2433e862635931e3903a81dd97697
35e88c8252e2b569e9f68b8d9dcd7cb732d89dc956b12976d938699ecbe63c1a
38521c8aef10c9d422186a1bf8c92b8d01ca63c104d04512fa629bfe794dc05d
3a27b8ee78058e31a4f9075d4b43edc8d6420d10fa0e196e3015a66302e6cb4c
3a73b36061944ebbb33696553917d393280f796e212afcd09057b441c1168606
3c5bdcb449fb1bfe6c2b49f5dfc6f627c599d795d41bc72cf194b55c619b2f13
3e79abd56c1af1b499fe42a423b262bc9ce11f91c0b7e347e5fc84e5f4f86ad8
3f80d143556aabf5d74e00d2c15685c648a9bc7caddeca26914916be166c797f
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
44d3c2a0727cf362749651a072d2cfa613cc8becbb121c518791fe972f4786a5
44e09cc716e8d825f5c3920e4750a9f11846d5797f98afc53cea09461460c1b1
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47147df6f319ecae40b0dc1420d32a8324dd3fa719bbaaee67515261969e93a6
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311
4ba6dfa56b2783482a20290a643a97dcbef8a9d35c3af9af0842b9e1636aad1e
4c31f970fecf4735079654320aadf670c051ad07701d3f45d5fef280f400b9b0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e6620cf095e3da42ddfd4b1bab089ab3c223f3bd70009a9cec2a6436871d0d2
4fee67922ddb4a37e6f33f89f2beb311d8cb2c20f6dfb4597d5763bf5975c491
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc
50c2c57022add98067c22c6ff2a48c1b7b411f3cd4ed21eeceef2137ee52a4f9
53246707bffca1cb2c727b6f2156ae8d1584a7b1ca09dee0c50abb5427060207
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
54c7f9dacbd3be07256357be812bd7edf74ac6938ab155493b599a39136e81d5
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc
58e2d92d9f00632eb64197b1834ed5eae07bb1facb67c85a0e00f40ffc482add
593acdfeb9ef6a7c6f80c1918c52734d3b62e7c2319d54bb0f4ae8199f8fbea4
59b0485c1fec4f53ce71bbf2805f19215f6651cc406e6ff66548444594eebc7b
5b4787aea9211bc6661c4ea951f56725efeeb37fed9675331d054be6ec38922a
5ba3de99116648e15b945f844918e44b4c409a558d28e20119538bea2eab41c5
5c19d129d63ee4cd00c3eb6c191640be46e602449e25cec64b031c28ad4133fd
5c6ac1310f16c30604473abebf50ab47ff0155b2143257611e93adc25fb167e7
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62b1cff44a5e34b9587ad49f7ca951160f1559c5c545bcf99e13574ccaa5425a
650a117118d4187f2e95b462115e8ee9eb32f03e816250e25c267605ae20dfa2
684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21
69955b0ac54e4c6e03af0e7f5ecd79ab3afdcf483fb8da58b6626db7722dd2dc
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c2c9865ad549b29295344ee2a0f57d10107dee03f683ad4997a0d394ac8170f
6f03690adf6beb98bafd3dc384ef3695de713b54509c7f306b2616eea54f0cfc
6f3bbbe13d016732d5c62db5ac9abaeb39c405c6676ee97d4f4ea372f7b8b2e5
6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
73d2000e916fd308b8e477bec14e2f1ac4308481915678247cac72feb5c773e1
740fbc6abb0755022063bf4f6be72dfd2b759185dd277f1f0db909dfc225ae7e
77edd1204395b8811e4338e812fec137240d0e6dd427e252c82796a7533728ab
7a6935d380371a1feda4312ca3e5564b039bb056c16e99ec3512e13df0782ea1
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7f8113d101d088066b4573920037cabe963155664a7bd02e1dae3be37dd479c0
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
836eb73ccf5cee9d68c1176ecd57313c0821d6c45ba10afb27233adbfd0737e2
85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1
861ac5de13be1df6507deb2ca4c095da09a32d471860535f3a569d524365e0a4
86bcf8c0552f62658e86cf64181bcfb4ababa5b043b2a72d9e286faf030d1b2d
885cb07503e088de00e0b1502940db47d59817caf2a3e35e1f92432d48d6f8fe
8acf96115cb55ad61bfdc24b7918a946d1b983ac14062a584dbbe8744021430a
8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7
8e14aaace409c9bccfb0d324f5edc33f6dc67faf4e9cad61e5a9739f8811500e
8e76c52cf1515bc2a2d69c8c4463de579cbbe451f57b7e1be0303464b6a4dc9c
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f64c44f4fb549583ba1ee413ff4fce96e2aa4823e27fa75a890c5d4dce72260
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
95b79ad7efde1e0051f941e69fa5dfbc0e6fbb86fc6dc40f9dc534a56f394371
98a6d1576bf675d1ba7e239a36f83061c3d332c1c57b971aa7583d7d780b2952
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a29a65e75a48d9c432611eb70d0377c8610f1874474b65df01aa72fed0235e3
9aab0d90b389259050813251f1ce9f1c23938afe97928ae5e603d785fc8bb9be
9d10094b4a870d74a16077c8dd5fc752df8a6c0275f370f4690c781f0241117a
9f61d10d066efc19dce204605e2f2cdc2d68490b2f5072d46ad963ef62f82834
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1860bc4312ce427df736b0e03988ac6eccede45c569d682cb846177b4e7bae0
a1ec37333093a86f435cd6b1a9c5f0781b4e50bd7c82d516b2212b46653dcec7
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4eacca7891293f7453a33cbd244b28486bb1885a0e0350ebddb587e073e267c
a60f80c68e37d5ba58a7434947a7b7c2963c5cdd2f19bb3c36da06a53a2384d2
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a761e713f22a6223f5aa22233c5cbc60d6549135546b51fd6d633285ab039364
a800c59c07101ac9e787ae10eb5d6a7124dd006d97db2ceae985a85488062556
a9ed6c0cdb54ddeb561369fa2f9748cd0dcba457ba2cd0cb1955cf48387bcf2a
aa68e17fb13028f96c0d5b38fcf7006182894eb694625f9dedf5824d5066a5f0
aa6f169ce03adf6dd5eb91661df0d0f5b2eaf227cd4bb586a8ffc25d78c1eea8
adaa66fd25cf3b97003e9daec3f86da7374abb9919d6cf8020efb0cfc76f3acc
af4b954cf45e99d5eccbea113dc2b66799cf8db96c3e8dfc33d145398743727b
b113103b746caa642ef00a44817e675f2c75d2817dc36ee4b06298877c1658d5
b118be762d0b5635bb9025eb3e5032c77775da4811bb67a56f226c4b6d4c21ab
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b68ec96c8e5e89f04ea714566d8b8ff12a9380ac5950d320735cdc323ae7d9f1
b83f136b77634a61af12f8fa37f82a97da118ccb4100ead65527b45b784a4a67
b95e9b0307ca3dc7db1d65c112e817e0f88f767e0cb6af83444e35fc6a030f94
ba08a3d19225206e1f616f14c7d6e4f214002374c7086834026cb977a09748fc
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f
bd7451a419f9294753ef73a17c3e428a5ff7657eb62e51c4371d1ffae82e87f6
bf293c6ec64062426d963624d5727bf3ef92eb7c478399918c502635c0c69726
c15904403ee1666afdcb0f4df49e8b219fb1e149dc05abcd415a37832551de54
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
c400e1caa2a107789fb43ba31f6fe51ce61cfbe48c3095a4f01adc67db5a6652
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c52070e703709e90ca9453a4283a79040f07212051c3d94ff4c1b6f9a61bdf63
c5418bee2b5eb509379e5146161267420c90f21ef5824f64ca9f7396a8f51dba
c5815c8fa7abbf1cd9f24fe1bc0cf65f9360dfc232e25e56b3cf64abf8061070
c5b6598bb3fd9be4f047ef800229bc4be9a8427eae76e3008d66a3a41d947c6b
c64cda3c1c7c935b57b27894caec3b370b98d70011c8e5ea2f31691be13c8fe7
c6629584f62feeb6b024b50fae7e99ed6bec9942ce434c8163e2d627f1253dbb
c6ac6d4e30501763e35c3e2430343fe12329026ffb6ccd1a477ee8e1a7ecc9ef
c6d353b971733ff4caa803f9808e44707f1cb062ccc149c33cad197431daf12c
c74d4c8be63fda641c0e0255ad3c7416862f17e31442a1a0ddd7645bc2d69d3c
ca13ca91d87f0c03beca8653b71de8bf6b0c2961cbf92876cd1baf479fa1f55e
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cd8e217991e65be206db184ca55d6673115a4579c6673739203181999150547b
cdf81755e493d53622ff2617ebb23f40a4049536a0e11b10b3eb5185d612a911
ceb227a500bf74622fa9c149c05c436cc48dd576a6a3d8ffb7d0a264db9f78d6
cf66d9d61a6d9949ff6a7961affdb9a4fa4b8434d706090aaa5f624c2aafec8c
cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c
d22ae6bbaa3c79a6d31667177a7bf1b209536858fe3caf1a95a21af65d76f15b
d4cd91516efc85f24ce9e86b11c63e01d02f4dcda6107c33ce4b9ab8d9d5f56d
d4e7f21914210e4d6da2b44cc05a554cdd1e538ee43e1d4dc5d6e6a1f1ee1282
d50874f1a6e23ac5bbbf080f3dcb9ede912288ecb01ccb8b582308909524bbee
d6796436898e303f36e232ae0d0efb1d77879a7ce8abbf219b19b81ffa26737b
d7b1fa3276b723364667cf0671c7b3d53265c1c7c986da5bb8c953ae2fd16220
d94f7d7a8997ae8207e39098bac6f08fab5815076ae9c765dd53ece4128d5a5b
da7407cf1b8838bf9207a4ad506b2dfbb544239fb3b4cebdb76bb2fae87cad9a
db2363029b4f54378ff6662b39bc15138122f515494fc54048fd89a70485fe55
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e61d782d03fb324bc6a0febf49ba4f85e2933919e3ace06658e9accc9f418b74
e75d4b5769558456e4343d8e612eeb60a5ac25a4e94b0b345fbe528605af7694
e88df0aa360fa5b8e823b996e391e9581f5f591a01c4bc474e9eb59e1de0df62
ebf4a6cb8b6e019a4e6e0bff1bee58f9651f73732985fa6cb907507e637852cb
ebfd96030683611d9ed054682f1ddf8b9098bc7d10105602b338605b0ae82a9a
ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f239f3f5ba2fe8def7ffc52c0268cfb1cbd362214823676459daa279370a9cfa
f243a7adbeb642afda11bc1d3666a7bd21f92efe68668deeb00262bee100cf50
f5ae0f78b90b0d226429d6f9a04277a8ae97046daa3ba265b2c9adec0e0116c7
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f9d374ef87ca2b8179870daa8739f8b060fc77446a4109ec87dc523bd8059ea4
fcb2a2d76154a28aee5a1e84fce890f1e5bd8ef41d5a7c8368f1db418409cc83
fccd93be7bd1b9996bccf8d5c2d4ec8a947c042fa20031877559d95018026f8f
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff787fb1dde61fc5474f0df5ce5a91c6808ccf677b48398f98eda0d9e79b5ab3
ffdca46c79c37b5256ac2e778083d1e83467eccfe1b2c2f80ca9bf2d33192600

pastelink.net Open in urlscan Pro 89.35.29.15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

305 Requests

87 %HTTPS

0 %IPv6

44 Domains

76 Subdomains

58 IPs

11 Countries

4853 kBTransfer

9480 kBSize

69 Cookies

16 Outgoing links

Redirected requests

305 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pastelink.net Open in urlscan Pro
89.35.29.15 Public Scan

Screenshot
Live screenshot

Full Image

305
Requests

87 %
HTTPS

0 %
IPv6

44
Domains

76
Subdomains

58
IPs

11
Countries

4853 kB
Transfer

9480 kB
Size

69
Cookies

305 HTTP transactions
10 data transactions