pastelink.net Open in urlscan Pro
89.35.29.15 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/ssYW4ginkF
Effective URL:
https://pastelink.net/r3g0rpbb
Submission: On February 15 via manual (February 15th 2023, 9:28:02 pm UTC) from US — Scanned from DE

Summary HTTP 182 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 36 IPs in 8 countries across 24 domains to perform 182 HTTP transactions. The main IP is 89.35.29.15, located in London, United Kingdom and belongs to BANDWIDTH-AS, GB. The main domain is pastelink.net. The Cisco Umbrella rank of the primary domain is 121637.
TLS certificate: Issued by R3 on January 31st 2023. Valid for: 3 months.

This is the only time pastelink.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1 1	2606:4700:10:... 2606:4700:10::6814:8a41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	89.35.29.15 89.35.29.15	25369 (BANDWIDTH-AS) (BANDWIDTH-AS)
1	2a00:1450:400... 2a00:1450:400d:802::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:400d:80d::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:803::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:808::2003	15169 (GOOGLE) (GOOGLE)
1	193.234.225.88 193.234.225.88	34971 (PDDA-AS) (PDDA-AS)
6	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:80d::2001	15169 (GOOGLE) (GOOGLE)
39	2a00:1450:400... 2a00:1450:400d:80c::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:802::2002	15169 (GOOGLE) (GOOGLE)
8 10	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
4 8	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 5	185.89.211.84 185.89.211.84	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	34.253.25.36 34.253.25.36	16509 (AMAZON-02) (AMAZON-02)
32	2a00:1450:400... 2a00:1450:400d:808::2006	15169 (GOOGLE) (GOOGLE)
6	142.251.208.130 142.251.208.130	15169 (GOOGLE) (GOOGLE)
1	23.35.209.176 23.35.209.176	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2600:9000:21f... 2600:9000:21f3:9600:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
9	2600:1f13:800... 2600:1f13:800:7780:3b11:b4cd:137d:cd0a	16509 (AMAZON-02) (AMAZON-02)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	23.35.209.30 23.35.209.30	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:400d:808::200a	15169 (GOOGLE) (GOOGLE)
4	2600:9000:21f... 2600:9000:21f3:c200:15:6513:6d40:21	16509 (AMAZON-02) (AMAZON-02)
1	172.217.20.2 172.217.20.2	() ()
182	36

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:8a41 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 89.35.29.15 (London, United Kingdom)

ASN25369 (BANDWIDTH-AS, GB)
PTR: 15.29.35.89.baremetal.zare.com

pastelink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:802::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.adligature.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80d::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:803::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:808::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.234.225.88 (Milan, Italy)

ASN34971 (PDDA-AS, IT)
PTR: hex.psxhosting.is

pro.ip-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:80d::2001 (Ireland)

ASN15169 (GOOGLE, US)

1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:400d:80c::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:802::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.185.162 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.80.39.216 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.211.84 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.253.25.36 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-25-36.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:400d:808::2006 (Ireland)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.251.208.130 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s42-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.209.176 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-209-176.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:21f3:9600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:1f13:800:7780:3b11:b4cd:137d:cd0a (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.209.30 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-209-30.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:808::200a (Ireland)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:21f3:c200:15:6513:6d40:21 (United States)

ASN16509 (AMAZON-02, US)

d27rf63iunghx1.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.20.2 (None, )

ASN- ()

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	googlesyndication.com 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 111 tpc.googlesyndication.com — Cisco Umbrella Rank: 144 ade.googlesyndication.com	338 KB
32	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 293	548 KB
28	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 195 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net — Cisco Umbrella Rank: 224 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 330	286 KB
14	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 800 static.adsafeprotected.com — Cisco Umbrella Rank: 600 dt.adsafeprotected.com — Cisco Umbrella Rank: 547	100 KB
12	pastelink.net pastelink.net — Cisco Umbrella Rank: 121637	240 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 585	6 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 225	5 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 41 region1.google-analytics.com — Cisco Umbrella Rank: 2213	20 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	199 KB
4	cloudfront.net d27rf63iunghx1.cloudfront.net	703 KB
4	adligature.com cdn.adligature.com — Cisco Umbrella Rank: 83280	143 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 193	144 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 85	2 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1330	344 B
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 460	418 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 66	143 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 228	25 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 54 ajax.googleapis.com — Cisco Umbrella Rank: 345	7 KB
1	bluekai.com tags.bluekai.com — Cisco Umbrella Rank: 587	581 B
1	google.de adservice.google.de — Cisco Umbrella Rank: 7767	531 B
1	ip-api.com pro.ip-api.com — Cisco Umbrella Rank: 5376	208 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 756	30 KB
1	tinyurl.com 1 redirects tinyurl.com — Cisco Umbrella Rank: 16906	577 B
1	t.co t.co — Cisco Umbrella Rank: 519	559 B
182	24

	Domain	Requested by
39	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
32	s0.2mdn.net	t.co s0.2mdn.net 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
16	tpc.googlesyndication.com	1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net
12	pastelink.net	t.co pastelink.net
10	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net
9	dt.adsafeprotected.com	1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
6	googleads4.g.doubleclick.net	t.co
6	googleads.g.doubleclick.net	1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com pagead2.googlesyndication.com
6	securepubads.g.doubleclick.net	cdn.adligature.com securepubads.g.doubleclick.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	d27rf63iunghx1.cloudfront.net
4	1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	fonts.gstatic.com	fonts.googleapis.com
4	cdn.adligature.com	pastelink.net cdn.adligature.com
3	static.adsafeprotected.com	fw.adsafeprotected.com 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
3	www.googletagservices.com	1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	fw.adsafeprotected.com	1 redirects t.co
2	region1.google-analytics.com	www.googletagmanager.com
2	www.googletagmanager.com	pastelink.net www.googletagmanager.com
2	www.google.com	pastelink.net tpc.googlesyndication.com
2	cdnjs.cloudflare.com	pastelink.net s0.2mdn.net
1	ade.googlesyndication.com
1	ajax.googleapis.com	s0.2mdn.net
1	tags.bluekai.com	1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	pro.ip-api.com	cdn.adligature.com
1	www.gstatic.com	www.google.com
1	code.jquery.com	pastelink.net
1	fonts.googleapis.com	pastelink.net
1	tinyurl.com	1 redirects
1	t.co
182	36

This site contains links to these domains. Also see Links.

Domain
mez.ink
www.facebook.com
twitter.com
t.me
api.whatsapp.com
www.reddit.com
www.pinterest.com
www.tumblr.com
www.blogger.com
profitquery.com
www.linkedin.com
share.flipboard.com
social-plugins.line.me
www.meneame.net
diasp.org

Subject Issuer	Validity	Valid
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
pastelink.net R3	`2023-01-31` - `2023-05-01`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-25` - `2023-12-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-02-10` - `2023-05-27`	4 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
odc-pixel-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-08`	a year	crt.sh
static.adsafeprotected.com Amazon	`2022-08-06` - `2023-09-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-09` - `2023-12-03`	10 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-01-20` - `2023-04-20`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh

This page contains 18 frames:

Primary Page: https://pastelink.net/r3g0rpbb
Frame ID: 61E622AC7ECA2245095D7A484A2E2831
Requests: 47 HTTP requests in this frame

Frame: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C4B1C09CE100CA2F0AA3857548809DE3
Requests: 1 HTTP requests in this frame

Frame: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 81F7D31618B500CD7B856820E93C52E7
Requests: 32 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGLaEw-ABMAE&v=APEucNWKTuNZjjl0q9ZZOVRaAMuYv1js_uTavxAQ1JyUSduGrWfPuVMRkoqnbYIbrXrnYGRJvzDG9OOnmTGdA0AeU6dQUtv9DjgUh_RIR1DUCdn49gOVvqXbvedS4cO5rDIfHMioiDeACmChbXkRatevGBWVn8jFC2-qPKMF2oGoUD3QKyN_H5I
Frame ID: 9E91CFAB382AB6580ADDE6126A90CF5E
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 92EFF8C998788DC6E64FB84D064D2238
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 828D441267F422F29D1BD6C2360741FB
Requests: 2 HTTP requests in this frame

Frame: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7FAC650108B3DFFBB6FF95E9D6D42799
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIY_cLw0AEwAQ&v=APEucNWzkRu5HTj7BuhTldc07FAGqsLh_YlgyviLrrGkVGlZjea4qVMMe9pnD6YK7TAlg1wRxNVy9ib2vEd9DFxuOos2DXkpBTTgb041RnXLt32TUutcRtN0-72MFkq1XCIqb4oMt7P6LHY05SGlo1vCxPmAaC3qjspAeXOp3JCNRHeLdIkJJn0
Frame ID: D338DD494E4944DCC7E67D2D3072AEED
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 10C7D2C599973146BE1B80A651C81742
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/index.html
Frame ID: 4E092C436886142478FEE39C680D89D3
Requests: 8 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
Frame ID: AE407C20C559CC314C970FC4D240CFC5
Requests: 14 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: AEB63518F4307303E9C32BA3DDD798D1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9C8DEB60F405A5144D8B9AD3E7F96DEB
Requests: 3 HTTP requests in this frame

Frame: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 40A62842BD665987D23DC8D21DD10F83
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY1-v4xgEwAQ&v=APEucNWf6JCyr9I3CPjBBOpVQ8062WIwhfed_zxL06beZ3tC1bp869KsR7E6ZuKeg3XMo99-fiHcwN7EJx2uV0OshE9X1xEV2ucOqa3V0T4sDtJbZZb-9LyHXRv6rLnTx6hKzsLXyvrhVAzCURSFKuYphpaMPmol9MPHcVmt0jGEYh4UWiCpOi4
Frame ID: 587E7E72B93B9007FF7104DDA8B16B8F
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6576122382381761588/index.html?e=69&leftOffset=0&topOffset=0&c=sZvETkQcdQ&t=1&renderingType=2&ev=01_247
Frame ID: ED6F3733F36E1CE44350CA23E3D4AE5D
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D0705656E24D0D69E516A14189A24ABB
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js
Frame ID: 66A67319D820A1E134D69F90D1059908
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Grub wa 18+ & stream no vpn - Pastelink.net

Page URL History Show full URLs

https://t.co/ssYW4ginkF Page URL
https://tinyurl.com/Grubwabkppart1dan2 HTTP 301
https://pastelink.net/r3g0rpbb Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

182
Requests

94 %
HTTPS

67 %
IPv6

24
Domains

36
Subdomains

36
IPs

8
Countries

2934 kB
Transfer

5986 kB
Size

21
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://mez.ink/guajejewoi01
Title: https://mez.ink/guajejewoi01

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://pastelink.net/r3g0rpbb

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=%20https://pastelink.net/r3g0rpbb

Search URL Search Domain Scan URL

URL: https://t.me/share/url?url=%20%0Ahttps://pastelink.net/r3g0rpbb

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=%20https://pastelink.net/r3g0rpbb

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://https://pastelink.net/r3g0rpbb&title=%20

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/button/?url=https://pastelink.net/r3g0rpbb&description=%20&media=https://pastelink.net/assets/images/pastelink-logo-square.png

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share?v=3&u=https://pastelink.net/r3g0rpbb&t=%20&posttype=link

Search URL Search Domain Scan URL

URL: https://www.blogger.com/blog-this.g?u=https://pastelink.net/r3g0rpbb&n=%20

Search URL Search Domain Scan URL

URL: https://profitquery.com/add-to/livejournal/?url=https://pastelink.net/r3g0rpbb&title=%20

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://pastelink.net/r3g0rpbb

Search URL Search Domain Scan URL

URL: https://share.flipboard.com/bookmarklet/popout?v=2&title=%20&url=https://pastelink.net/r3g0rpbb

Search URL Search Domain Scan URL

URL: https://social-plugins.line.me/lineit/share?url=https://pastelink.net/r3g0rpbb&text=%20

Search URL Search Domain Scan URL

URL: https://www.meneame.net/submit?url=https://pastelink.net/r3g0rpbb

Search URL Search Domain Scan URL

URL: https://diasp.org/bookmarklet?url=https://pastelink.net/r3g0rpbb&title=%20&jump=doclose

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/ssYW4ginkF Page URL
https://tinyurl.com/Grubwabkppart1dan2 HTTP 301
https://pastelink.net/r3g0rpbb Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 53

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1&C=1

Request Chain 54

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.1OWKHe9-HbgIr4zN5KLQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1&google_hm=2

Request Chain 55

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPkxvOmbnia7YfMxic9gM5E&google_cver=1

Request Chain 56

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDU5ODk0MzM1MjIzODg1ODk5OQ%3D%3D

Request Chain 77

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1

Request Chain 78

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.1OWKHe9-HbgIr4zN5KLQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1&google_hm=2

Request Chain 79

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPkxvOmbnia7YfMxic9gM5E&google_cver=1

Request Chain 80

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDU5ODk0MzM1MjIzODg1ODk5OQ%3D%3D

Request Chain 100

https://fw.adsafeprotected.com/rfw/st/1350098/69352127/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010458973&ias_pubId=pub-9602519502618262&ias_chanId=1&ias_placementId=19651070878&bidurl=https://pastelink.net/r3g0rpbb&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iLNwHJfmGVfoYJ0cy6Xnhn&adsafe_url=https%3A%2F%2Fpastelink.net&adsafe_type=y&adsafe_url=https%3A%2F%2Fpastelink.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:23738251-31cd-9d69-1dd0-1c1e5de02302,c:4klSvi,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-experiment-primary-946ffb567-md8gn,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:115,mot:0,app:0,maw:0,fm:tvYclsE+11%7C12*.1350098-69352127%7C121%7C1221%7C123%7C13%7C14%7C151%7C152,idMap:12*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:128,oid:9a79a505-ad77-11ed-b1e1-32d39bdb8767,v:19.8.394,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js?bundleId=${BUNDLE_ID}

Request Chain 137

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECk3c-zZ3Enh0xV2au45bkM&google_cver=1

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEOnyq1SDz5FS8B-MzWiNQOY&google_cver=1

182 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 ssYW4ginkF
t.co/ 269 B
559 B 151ms
123ms Document
text/html 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/ssYW4ginkF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 187
content-type: text/html; charset=utf-8
date: Wed, 15 Feb 2023 21:27:50 GMT
expires: Wed, 15 Feb 2023 21:32:50 GMT
perf: 7626143928
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 9ccff34caed4672e5e8f4f7c1d95409b0d5031e54e0bdfbc6b4d45cee6749ece
x-response-time: 116
x-transaction-id: 125f1dbfeb22845e
x-xss-protection: 0

GET
H2

200

Primary Request r3g0rpbb Show response
pastelink.net/
Redirect Chain

https://tinyurl.com/Grubwabkppart1dan2
https://pastelink.net/r3g0rpbb

22 KB
6 KB

125ms
58ms

Document
text/html

89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/r3g0rpbb

Requested by

Host: t.co
URL: https://t.co/ssYW4ginkF

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

608a57d9316756bcffb9ef7e5bdd0a923f6c911b9d52058e493775a0ad7827ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://t.co/ssYW4ginkF
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 15 Feb 2023 21:27:50 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: SAMEORIGIN

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, public, s-max-age=900, stale-if-error: 86400
cf-cache-status: DYNAMIC
cf-ray: 79a1213bbca3bb43-FRA
content-type: text/html; charset=UTF-8
date: Wed, 15 Feb 2023 21:27:50 GMT
location: https://pastelink.net/r3g0rpbb
referrer-policy: unsafe-url
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-tinyurl-redirect: eyJpdiI6IlFnd21NWHlxZTBkRHRHRVF2dFdlVGc9PSIsInZhbHVlIjoiemVqWG5VUm1SbktybG5aNzB1V3ZDVFpTR2cyQ3JFeXVsREQwUkIrK1hmSnlxTjhsUUFCZGFPbXpVek80NXY5bUNWUjMyMmo4QlVzWU1XcTZwYk1mK1E9PSIsIm1hYyI6ImU1ODkxYWQxZDg1MTE5YjI5ODg3NWFmNDg5ZDBiNWQyNmEzNDM5YThmM2Q2YzY1MzdiYWU1NWU2ODA5NmY4ZTYiLCJ0YWciOiIifQ==
x-xss-protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 138ms
54ms Stylesheet
text/css 2a00:1450:400d:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/r3g0rpbb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ebfd96030683611d9ed054682f1ddf8b9098bc7d10105602b338605b0ae82a9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 21:27:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Feb 2023 21:27:51 GMT

GET
H2 200 styles.css
pastelink.net/assets/css/ 121 KB
121 KB 43ms
42ms Stylesheet
text/css 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/css/styles.css?q=35

Requested by

Host: pastelink.net
URL: https://pastelink.net/r3g0rpbb

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

db2363029b4f54378ff6662b39bc15138122f515494fc54048fd89a70485fe55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/r3g0rpbb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 06 Jan 2023 14:09:07 GMT
server: nginx
etag: "63b82b83-1e279"
content-type: text/css
accept-ranges: bytes
content-length: 123513

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 39ms
11ms Script
application/javascript 2001:4de0:ac18::1:a:3b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/r3g0rpbb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:50 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d9d"
vary: Accept-Encoding
x-hw: 1676496470.dop155.fr8.t,1676496470.cds261.fr8.hn,1676496470.cds144.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 script.min.js Show response
pastelink.net/assets/js/ 41 KB
41 KB 22ms
22ms Script
application/javascript 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/js/script.min.js?q=35

Requested by

Host: pastelink.net
URL: https://pastelink.net/r3g0rpbb

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

190d542d8e593c755fd16e67ca62583e183957829dfb69cc2e00c7bf67df237d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/r3g0rpbb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 17 Nov 2022 12:00:15 GMT
server: nginx
etag: "6376224f-a225"
content-type: application/javascript
accept-ranges: bytes
content-length: 41509

GET
H2 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/ 2 KB
1 KB 32ms
14ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/js.cookie.min.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/r3g0rpbb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1383853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 772
last-modified: Mon, 04 May 2020 16:11:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec5-6d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=70eEA1OVP9sFXhIzR2BQ0Grehb3gICypOytxWU%2F2DwFw91QlZOrw%2BkUp5HwoZngj4DRFw3uIc%2BxHe4i7npPiBAntPmlamPipsWP2s6%2BjixSb086iRjxNOvVkYu%2B%2FBFFuOgyN%2FykfIutHq1%2FcVOc34rtk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79a1213f8e99bb4d-FRA
expires: Mon, 05 Feb 2024 21:27:50 GMT

GET
H2 200 rules.js Show response
cdn.adligature.com/pl/prod/ 17 KB
5 KB 45ms
15ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/rules.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/r3g0rpbb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 670dc66bdd658139d240eedad1274df27975093212b087640ace94fdd41e2038

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
cf-polished: origSize=29547
x-guploader-uploadid: ADPycdtn5Jk0gBSDHZh5xU9ghTCTSvEfyJ5SsmjDLZrXPK3MGkkQx8eeHtOFdogQNKg2c6DgnnRLoW1GTLDvpg_ZT4h7qw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 09 Feb 2023 19:08:54 GMT
server: cloudflare
etag: W/"7543a866e92135abc861c11eeb7b8ee8"
vary: Accept-Encoding
x-goog-generation: 1675969734359872
content-type: application/javascript
x-goog-hash: crc32c=rHH5GQ==, md5=dUOoZukhNavIYcEe63uO6A==
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tP0WLcRCd6bD%2BeJkKnWtlw9LzGA%2BGGly5AEXsUA1SAslAy7Pl52DqlpmGsckdZdpbxm%2BAJfEhpNB5%2FysUMReaeujJjZwFVyAW1iSNN4Cs69soy%2FOesGkl7enGf3myuskFPDv8jPrK1mWYIvxaWd1po4%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 29547
cf-ray: 79a1213f9ddf368c-FRA
expires: Wed, 15 Feb 2023 21:34:45 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 906 B
888 B 136ms
53ms Script
text/javascript 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=captchaLoaded

Requested by

Host: pastelink.net
URL: https://pastelink.net/r3g0rpbb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bff328a532116b831b80682b654debb3d9a6352211378464f4dab046205535d6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 568
x-xss-protection: 1; mode=block
expires: Wed, 15 Feb 2023 21:27:51 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 186 KB
66 KB 85ms
29ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/r3g0rpbb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

29eb9fe99c14e2e2ea4b8051f2f9ac26735c6d4e46070b555caeabc4646e6aff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67432
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 15 Feb 2023 21:27:51 GMT

GET
H2 200 advally-5.6.0.js Show response
cdn.adligature.com/rules.js/ 109 KB
29 KB 18ms
17ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/rules.js/advally-5.6.0.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc512301255515966a31281192fd886494b8ff8a8ce75ecba79d13b1b50e2f96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2175
cf-polished: origSize=178816
x-guploader-uploadid: ADPycduJeWhrm52iwTyCzJn4D0cUgTsMxd9zdTGza9vSHNUGhYPH1v3xX0oAVW4FG57lpmLrpJBxivTWuFaEG-PjPAOUvW4H2jKI
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 14 Dec 2022 18:36:31 GMT
server: cloudflare
etag: W/"93d406c6937e7a8018d85789ad1193d5"
vary: Accept-Encoding
x-goog-generation: 1671042991645353
content-type: application/javascript
x-goog-hash: crc32c=n6grAA==, md5=k9QGxpN+eoAY2FeJrRGT1Q==
cache-control: public, max-age=7200, s-maxage=7200, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=beCnjmBBLZn8Ky4Za2dQTfWjJqlHQViX15qjEc8JJ63svZV6uqVMtTOfbbVpBoGvR92xsWsSfnsmwlgOCgmYrBEv2C6%2FDPJ3QTQtXCl32TWJ4mAS9C12IkKOqwDN9yqIu1i8YWZuLN74KuSqbzMMk%2BI%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 178816
cf-ray: 79a121405f30368c-FRA
expires: Wed, 15 Feb 2023 22:49:58 GMT

GET
H2 200 rules.css
cdn.adligature.com/pl/prod/ 212 B
700 B 16ms
14ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/rules.css
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9deaac5d56e16e3ebabea7074260b0fd928a5f1ed99708ce779fba46a83bcdc8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 238
x-guploader-uploadid: ADPycdth6VZvpzREhmMqBmrKXxkYhTDAiaWYbNecjJXFzGOevW5tHK1z7C0gGMJj5LUaGXmXVH2JcA-qo5-i8cZjCYNhYBVObnmi
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 09 Feb 2023 19:08:53 GMT
server: cloudflare
etag: W/"6028266d2acabeaa67379ad7bbbb6964"
vary: Accept-Encoding
x-goog-hash: crc32c=mXGApQ==, md5=YCgmbSrKvqpnN5rXu7tpZA==
x-goog-generation: 1675969733527635
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TRYca0nOlqyhvI%2FzuekqT3w4%2BWbKLNXKHPD%2F2mUGF6xRZRF44uggWKNBqoNxsNED1yrOX%2BrrBLaHhFyFfG0hNmdJFvA1k%2BdhWtMls9uL4dVqNPKycyYp8dehWftj0YnCyqDlzqGwPGY9Ddl26tos4Zw%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
x-goog-stored-content-length: 212
cf-ray: 79a121405f2e368c-FRA
expires: Wed, 15 Feb 2023 21:33:53 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/tNAc29ZZrpcOCErva2nr4BS9/ 406 KB
163 KB 127ms
29ms Script
text/javascript 2a00:1450:400d:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/tNAc29ZZrpcOCErva2nr4BS9/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=captchaLoaded

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0924e5af960e9110d8424b1a364b61a5bcd949d53bcca312d0474dcb8c64a478

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 16:12:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 105294
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 166252
x-xss-protection: 0
last-modified: Mon, 06 Feb 2023 03:04:07 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 Feb 2024 16:12:57 GMT

GET
H2 200 debut_light.png
pastelink.net/assets/images/ 4 KB
4 KB 22ms
21ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/debut_light.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-10c8"
content-type: image/png
accept-ranges: bytes
content-length: 4296

GET
H2 200 pastelink-logo-german.svg
pastelink.net/assets/images/logo/ 14 KB
14 KB 23ms
22ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo-german.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

48c997dad566c02a0a4f8416efa520f838a711d067a08f33b3ccffd541333e92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-38e0"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 14560

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 arrow-down-blue.svg
pastelink.net/assets/images/ 239 B
409 B 22ms
21ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/arrow-down-blue.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-ef"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 239

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 110ms
30ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 21:19:53 GMT
x-content-type-options: nosniff
age: 173278
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Feb 2024 21:19:53 GMT

GET
H2 200 moon.svg
pastelink.net/assets/images/ 2 KB
2 KB 23ms
22ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/moon.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-62e"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 1582

GET
H2 200 public-black.svg
pastelink.net/assets/images/ 578 B
749 B 24ms
22ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/public-black.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-242"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 578

GET
H2 200 social-spritesheet.png
pastelink.net/assets/images/ 28 KB
28 KB 25ms
23ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/social-spritesheet.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-70de"
content-type: image/png
accept-ranges: bytes
content-length: 28894

GET
H2 200 logo-bg-90-tl.svg
pastelink.net/assets/images/ 2 KB
2 KB 25ms
24ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-bg-90-tl.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-933"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2355

GET
H2 200 pastelink-logo-german-contrast.svg
pastelink.net/assets/images/logo/ 15 KB
15 KB 33ms
32ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo-german-contrast.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

02614d11cbdc1f220b7be546d59ef5e14489c86a5fdce3f22ce7b6bf9990bc71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-3d2f"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 15663

GET
H2 200 logo-symbol-non-white-bg.svg
pastelink.net/assets/images/ 4 KB
5 KB 34ms
33ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-symbol-non-white-bg.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=35

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-11c0"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 4544

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 129ms
58ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 22:20:50 GMT
x-content-type-options: nosniff
age: 515221
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Feb 2024 22:20:50 GMT

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2
fonts.gstatic.com/s/montserrat/v25/ 12 KB
13 KB 105ms
34ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98be19bc78b5bc5d419e4fa6ea055ebd4671a963e2cc644aeed4362f15d14c31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 19:11:09 GMT
x-content-type-options: nosniff
age: 526602
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12700
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:56:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Feb 2024 19:11:09 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 132ms
61ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 15:34:40 GMT
x-content-type-options: nosniff
age: 453191
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 10 Feb 2024 15:34:40 GMT

GET
H/1.1 200
OK / Show response
pro.ip-api.com/json/ 53 B
208 B 90ms
17ms XHR
application/json 193.234.225.88
PDDA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/json/?key=ZxSSLwZtxrKxQbv&fields=status,countryCode,region
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-5.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 193.234.225.88 Milan, Italy, ASN34971 (PDDA-AS, IT),
Reverse DNS: hex.psxhosting.is
Software: /
Resource Hash: 493fcd04dc5b6aa93647eb988ea0eedc3f590a9e65df25cab2e5f9331e092eee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 15 Feb 2023 21:27:51 GMT
Content-Length: 53
Content-Type: application/json; charset=utf-8

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 76 KB
27 KB 91ms
23ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-5.6.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da902e292e31004712412a2bd99e0e0546439272650b1f649c737fe9a64d82e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26790
x-xss-protection: 0
server: sffe
etag: "1484 / 472 of 1000 / last-modified: 1676462809"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 15 Feb 2023 21:27:51 GMT

GET
H3 200 prebid-7.35.0.js Show response
cdn.adligature.com/pl/prod/ 339 KB
108 KB 23ms
22ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/prebid-7.35.0.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-5.6.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f97f22fde697c9d8c77639fbbca1a74e82708f3c908d9005107cd2fc71033da1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 238
cf-polished: origSize=347853
x-guploader-uploadid: ADPycdsj2qmAwOHi_iqXMFSISjUN_JNMYGWr9UkVUi8xcNO7y1E8lcq4oTTwnzvrLHSjs5p5_v8Qu_1F4AT4yYHNvBkasQTG6Rn3
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 09 Feb 2023 19:08:52 GMT
server: cloudflare
etag: W/"2da9bf1e0fca69a19e94f037f85b47f1"
vary: Accept-Encoding
x-goog-generation: 1675969732685869
content-type: application/javascript
x-goog-hash: crc32c=S2tX3Q==, md5=Lam/Hg/KaaGelPA3+FtH8Q==
cache-control: public, max-age=900, s-maxage=300, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ZOFu0laZG3OjnSkEkLRdqqgKTsJKh4TVdVFblcf2%2BRQKSUq3gbrEQ0FE6NfyO2AWSkqEomcOkYdAsDiv8OdsOPM9pck%2BlFsZV6815NtkTPQ92i4LeEhNzA7HSL5qeoWV4RtOBNi07JaFYGFCYNi9ow%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 347853
cf-ray: 79a12140bd743624-FRA
expires: Wed, 15 Feb 2023 21:25:54 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 72ms
17ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 15 Feb 2023 20:12:04 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 4547
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Wed, 15 Feb 2023 22:12:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 221 KB
77 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

53ec02545623a7375ae0c95357c0d424bc04c26932b884a75ca2c7799b479ae7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78669
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 15 Feb 2023 21:27:51 GMT

GET
H2 200 pubads_impl_2023020901.js Show response
securepubads.g.doubleclick.net/gpt/ 386 KB
130 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072410

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

980c5d3f2c9d21b9c5ddd170f98a7a3f77a8e96cf2406ed205d5ce339aeabf91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33574
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133132
x-xss-protection: 0
last-modified: Thu, 09 Feb 2023 09:35:45 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 15 Feb 2024 12:08:17 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 73 B
84 B 84ms
54ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c64cda3c1c7c935b57b27894caec3b370b98d70011c8e5ea2f31691be13c8fe7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60
x-xss-protection: 0
expires: Wed, 15 Feb 2023 21:27:51 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
252 B 63ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=45je32d0h1&_p=1665534491&cid=1985029942.1676496471&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1676496471&sct=1&seg=0&dl=https%3A%2F%2Fpastelink.net%2Fr3g0rpbb&dr=https%3A%2F%2Ft.co%2F&dt=Grub%20wa%2018%2B%20%26%20stream%20no%20vpn%20-%20Pastelink.net&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:51 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa68e17fb13028f96c0d5b38fcf7006182894eb694625f9dedf5824d5066a5f0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 114ms
23ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 72ms
23ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
7 KB 606ms
605ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1429750509653728&correlator=252252838580100&eid=31072410%2C31068826%2C31072427&output=ldjh&gdfp_req=1&vrg=2023020901&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CBottom_adhesion_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=1&adks=759513158&sfv=1-0-40&prev_scp=rand_key%3D4&eri=1&cust_params=refid%3D3&sc=1&cookie_enabled=1&abxe=1&dt=1676496471410&lmt=1676496471&dlt=1676496470941&idt=390&adxs=436&adys=1105&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fr3g0rpbb&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=516&ohw=1600&ga_vid=1985029942.1676496471&ga_sid=1676496471&ga_hid=1665534491&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6cd452d0d348248074b2cfbc693d6e2474b60808041ea28d64f8eeaf0e5dc649

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6727
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
7 KB 307ms
306ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1429750509653728&correlator=252252838580100&eid=31072410%2C31068826%2C31072427&output=ldjh&gdfp_req=1&vrg=2023020901&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CTop_leaderboard&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x250&fluid=height&ifi=2&adks=2603746535&sfv=1-0-40&prev_scp=rand_key%3D4&eri=1&cust_params=refid%3D3&sc=1&cookie_enabled=1&abxe=1&dt=1676496471424&lmt=1676496471&dlt=1676496470941&idt=390&adxs=310&adys=317&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fr3g0rpbb&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=705x146&msz=705x0&fws=4&ohw=1600&ga_vid=1985029942.1676496471&ga_sid=1676496471&ga_hid=1665534491&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0f9275b6394a9bf7d2e0e4f5013ecc514dd1661fa06bebe4e26c962ffd5442bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6829
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
6 KB 1081ms
1080ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1429750509653728&correlator=252252838580100&eid=31072410%2C31068826%2C31072427&output=ldjh&gdfp_req=1&vrg=2023020901&ptt=17&impl=fif&iu_parts=22405481091%2Cpastelink.net%2CSidebar_MPU&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600&ifi=3&adks=3854452215&sfv=1-0-40&prev_scp=rand_key%3D4&eri=1&cust_params=refid%3D3&sc=1&cookie_enabled=1&abxe=1&dt=1676496471429&lmt=1676496471&dlt=1676496470941&idt=390&adxs=1071&adys=521&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2Fr3g0rpbb&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=168x607&msz=160x-1&fws=4&ohw=1600&ga_vid=1985029942.1676496471&ga_sid=1676496471&ga_hid=1665534491&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

222e416d818f87983614eeb99022f9111ad1fb5423efbc615224e37707a24525

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6601
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C4B1 6 KB
3 KB 173ms
63ms Document
text/html 2a00:1450:400d:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 21:27:51 GMT
expires: Thu, 15 Feb 2024 21:27:51 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
206 B 22ms
21ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1665534491&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fr3g0rpbb&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Grub%20wa%2018%2B%20%26%20stream%20no%20vpn%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=2098854853&gjid=1826795967&cid=1985029942.1676496471&tid=UA-55088947-2&_gid=2078269229.1676496471&_r=1&_slc=1&gtm=45He32d0n8155WHPWQ&z=1924088321

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
68 B 21ms
21ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&aip=1&a=1665534491&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fr3g0rpbb&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Grub%20wa%2018%2B%20%26%20stream%20no%20vpn%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1413070611&gjid=367502472&cid=1985029942.1676496471&tid=UA-197326395-9&_gid=2078269229.1676496471&_r=1&_slc=1&z=1898243245

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 194ms
74ms XHR
application/json 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023020901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3e066fafbd5d0c8476e6fa4f93f1407946da98b9f3f8bb612f0653825fc0cc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11353
x-xss-protection: 0

GET
H2 200 container.html Show response
1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 81F7 6 KB
3 KB 30ms
29ms Document
text/html 2a00:1450:400d:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 21:27:51 GMT
expires: Thu, 15 Feb 2024 21:27:51 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9E91 624 B
825 B 125ms
51ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGLaEw-ABMAE&v=APEucNWKTuNZjjl0q9ZZOVRaAMuYv1js_uTavxAQ1JyUSduGrWfPuVMRkoqnbYIbrXrnYGRJvzDG9OOnmTGdA0AeU6dQUtv9DjgUh_RIR1DUCdn49gOVvqXbvedS4cO5rDIfHMioiDeACmChbXkRatevGBWVn8jFC2-qPKMF2oGoUD3QKyN_H5I

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 21:27:51 GMT
expires: Wed, 15 Feb 2023 21:27:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 81F7 78 KB
27 KB 187ms
109ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1a9f51121ef00d4bc11c410113432813ddbdcd85c9f2aabbd2c2c23c87408e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27798
x-xss-protection: 0
server: cafe
etag: 12162329123218539290
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 21:27:51 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 81F7 42 B
401 B 139ms
61ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ACIwNITNx5vkIRPB2kW-ZZF4e-8Y8foKbscylLtiJ0BvBZORbKlIeVGEIy70tNTHKokwHbw_jPKFIqEeBjOiHujTFrODA7azjo-QEhh780QNtxxPI

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 81F7 0
58 B 140ms
62ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5968634544489822789&x=1&ct=76

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 81F7 3 KB
1 KB 65ms
15ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:10:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11819
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 18:10:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 81F7 20 KB
9 KB 63ms
13ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72242
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 01:23:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 81F7 156 KB
48 KB 188ms
90ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0937a8903ce9027c6f433ddda4c1c9df0c5e6d64aea3696396b0c22c0e85661a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48832
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676324880006035"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Feb 2023 21:27:51 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 125ms
94ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Feb 2023 21:27:51 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9E91
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1&C=1

43 B
632 B

15ms
14ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGLaEw-ABMAE&v=APEucNWKTuNZjjl0q9ZZOVRaAMuYv1js_uTavxAQ1JyUSduGrWfPuVMRkoqnbYIbrXrnYGRJvzDG9OOnmTGdA0AeU6dQUtv9DjgUh_RIR1DUCdn49gOVvqXbvedS4cO5rDIfHMioiDeACmChbXkRatevGBWVn8jFC2-qPKMF2oGoUD3QKyN_H5I
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 21:27:52 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 21:27:52 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9E91
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.1OWKHe9-HbgIr4zN5KLQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1&google_hm=2

43 B
632 B

8ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGLaEw-ABMAE&v=APEucNWKTuNZjjl0q9ZZOVRaAMuYv1js_uTavxAQ1JyUSduGrWfPuVMRkoqnbYIbrXrnYGRJvzDG9OOnmTGdA0AeU6dQUtv9DjgUh_RIR1DUCdn49gOVvqXbvedS4cO5rDIfHMioiDeACmChbXkRatevGBWVn8jFC2-qPKMF2oGoUD3QKyN_H5I
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 21:27:52 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 9E91
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPkxvOmbnia7YfMxic9gM5E&google_cver=1

43 B
1 KB

17ms
17ms

Image
image/gif

185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPkxvOmbnia7YfMxic9gM5E&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGLaEw-ABMAE&v=APEucNWKTuNZjjl0q9ZZOVRaAMuYv1js_uTavxAQ1JyUSduGrWfPuVMRkoqnbYIbrXrnYGRJvzDG9OOnmTGdA0AeU6dQUtv9DjgUh_RIR1DUCdn49gOVvqXbvedS4cO5rDIfHMioiDeACmChbXkRatevGBWVn8jFC2-qPKMF2oGoUD3QKyN_H5I

Protocol

HTTP/1.1

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 21:27:52 GMT
AN-X-Request-Uuid: 6767afe1-5f91-4aa6-be3d-273bfb86019f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 37.58.57.2; 37.58.57.2; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPkxvOmbnia7YfMxic9gM5E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9E91
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDU5ODk0MzM1MjIzODg1ODk5OQ%3D%3D

170 B
243 B

25ms
24ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDU5ODk0MzM1MjIzODg1ODk5OQ%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 15 Feb 2023 21:27:52 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.58.57.2; 37.58.57.2; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 9542e046-4a2d-4186-b09b-5a5dae974868
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDU5ODk0MzM1MjIzODg1ODk5OQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 92EF 13 KB
5 KB 17ms
13ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10658
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 18:30:13 GMT
expires: Thu, 15 Feb 2024 18:30:13 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 828D 783 B
896 B 55ms
54ms Document
text/html 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b65796f5476ba2a00de6b7c86e94ee057aaa4d32be9863f819e8d2ee3de29876

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GkMyE9Yl_HywCHFZqURm1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-GkMyE9Yl_HywCHFZqURm1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 21:27:51 GMT
expires: Wed, 15 Feb 2023 21:27:51 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js Show response
pagead2.googlesyndication.com/bg/ Frame 92EF 36 KB
14 KB 30ms
29ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a69b896f769c49bc0f52b93a00fd1ec9f63e2d3ce70fcf23b526804356e18e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:07:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1214
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14239
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:07:38 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 81F7 0
56 B 61ms
61ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6134317210957&version=m202301300101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 81F7 0
56 B 64ms
63ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6134317210957&version=m202301300101&ct=76&x=1&cor=5968634544489823000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 81F7 95 KB
37 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CFzkDSCXkoU9b6Oy-L-I8O2l1MZ7ZH5eRsAonCjKCGC_ehPX-mJjzLo1XxEUzbmogWXbbvazceRX7yO2fHdyf2BAdpR_QT4ssDFRrDI09JctAG68fiCSLAjn3M4O1004-8GqcWlENQy4_Hyzup6nDEfT2gQMN-T45DhX0Eey62p8Sh3bg&dbm_d=AKAmf-AVqB7rYT6m1_03-hAH2fLSoAJxd9-Tiof9JjpBb_Yl5blnRm9kgdvJnzCKfIVcErWfkXN2f1kK7sRvKUSwXypjBHTrfnPuMy_zETmG-Pceoo_B-HCUoCBeXYPxhY2b3hayOswT-yLGp-UywWyBVSIo59aC3xmQnhwifkE_9wurDn6p8GUGnsaYbrqVl8xlEAD85rXN0zA0dx8_zfdaCrmwS0i-T24fxvKFDyMoLumNVrZxvhxa7dhyXz3iNefF-0v9_SbFW8_azdHbC2AfTG887W9Mz3gNCaMrUABlwuFVqkt6140r0Y1ICdLQzVAlGGkNASksnxjY-MWCr74V8mueR_ynjjxr7zEsn5-lEg-AiP48Y4xys03ilQ24l7WTDL68BXOT1iQawA7L8bQdX3hAyOhMMMfcdeJOMOgpe1LoaDVadiCKXAZt-pd4AzKXob9A1kTcjZlHxK6a2aXUcv_izEa6w5Io-N5QMp9nVJUzfY30zR9819ul_bI__tL9YwBMZYpSGZ9lDtRyHXTbarxw917uGqNz7MqPlPmCacCZmrmoiC6WJ5vgq8VvCWtoAOdOefiEAIDAIXwSFR18hbj38rmBqZIz43t4nU769rjV5HoD9lZ38jGLXtK1MSAgsKMKvOWfDMsVcwJQ6KEUquCYWlLslHlCvZG9XpLDEWlKsoBia_wItjC3S2YvPHwOthWYAQlBZYRFv6CAqIfcrWoZbLOkM7iP9ipptbaYC6-Wday_EU8dWo4WRvQ8KEVUZhMeIrpvPDNUTn0kEXwtVvtUkieOVwWcvwLm98vexbBfTE6OsB7dlpUkaUP4ekghYTpZ-4Zds5Y4kKQgiVNxq26V3szKIVUsz_jODPmVxzlF39PPxcrlS30M2lGu3cRl76B22JwfvVmJ-r05D1BpCtQQE_rlf8tTLwkLVeUSR4t8NeoDS9jEJ1uZijepAelzL-7yaz4dEI6ZLd5ILr-k0oiEhtPi_fFa4yKhCbrnLxHHP3mqmkxxI7SJZch0zRP3WdTpvBSUmLaK3CR3Fw6eDNVoJzGRDpHhPLcX3gbVJgYnGtwkJOTHoXwaI84z4ZNHPOFXu_YZ-D5An6wFWdwY0bDkMYrqg-SnnCft5GlZgW2Nx4bzGcrfAGt8hEwlSc8QYx3N_FUDm7hy7m9D_HSdkvOK6JYe0fCJu8lornQ_0gtAADi0M8CNsaZI7Tv00bdXeHvya1AIVNVA2_FByaA1pGge_zK1IBj4o3s4QgYbnxEuLrCwxwPwPjxVYjpjna57pjsusVd5kl89P_qAzgGOTE9ZyvLDBXUPmlW7Kps-qcEuSlH3KFjtAQkog8nPRahX1wAcjNFaiwR6E2lH1bI05vHgJV1qPnsGzJ016weuxT8SLWMDRQo0psEdePSJR9xkNWejcepgmV7CNNamN5NqObZFdnn6XbAUCA35F6li5ICeJt66rmov53PEKYP7PyR1YpNYxx7NPH0hiykjGefXuUbQGcTsZmXva7ZPNjoqAJftmKO5W5UldO2_714HR0hV1RJbnun-99tLDLaN7md8-3JdgD_1IVx0PKNIPFZYh2Nqw6gv4NnWtFrSGrzrRn9U62bt7mwbwqbVbC5QRRp6GHU5RFmFPhTF_KPQ2yopr5APO1JYDlZ0TFUT2Vg7WDLfJcwLZleFGWTAoDOA09__aaKQ0LObZ-U0mGQxZiJd8rk93mAMLtg2x_taj44e9Mwh3upfNtJtSZmDlDIVvsyRBnreMPUvij_jgBSk61k20E7h7rBBQBpTwg1B5Iv2MJYE_GES4EzOmL7lFZyDjv5CYbSkrE7GLQMI84MLrFlPCelaqgXaXRJl0KMQB9QAzVj1zwkjNI2Vo-HgHnevSQHuT1p8d15l0Uo_-fugbehn3F2l_FTj-JO7UxKMpZ6VfZscOv1xxG6GDS393PsXFyJphBtWDhQr0gWFarhrRXM7mB2xyuBRSFNen6G80xQg3pg6qmh_SL68iGipi4q4uHUt0N2TABAUseSR6J5WD7klsgTUH-whxpOzyworOPrGTHPL3wqKDXYWvhVnI0C1WZaK1rdaGd2f51ejqMF0uXd_b9C9rPIyJ_KmvMW9htzowsD7OrzgJqY4gNUT6E-oVjrT6byCv7FuNn1oM8C3AiQCv1SpHqrLwHoFKJzByrVecubI0EpcqOKYHngap_FiN2yzA646j6_FNx6X_lk9EZFzqT6Sjbq49j4gBM8Zr6heBdR7brvQuhojogW2dl0yePIBNnCf93hW4sW9of4ym0oVncO3WkrygjUx3C2_J5V5AE3IMtyH5UoJrOJaMUqmjXMXZDHEgHH4Ao8hc93vQpzzs20xKc6lsuM2QDTLSQbYf7k6UrpfdNWZbBKDSMQzH6L8LC8WU-Aq3ixkEwevXIMErGrys9rTisGte5ZhIBm_YrS7nfsUQ0vxe7lmQvzugZQCdPv9M8x43k0rX2rKv-IAIQuej1iZghiSlK7F4yHFfX1STYhqc9uqPI2jZhaoEOMZLcYsTXdh2pDnXPJFfSKcxkW0niwghXp3OC3MViL4-Ilj_zsxqkFspVSbIIyFRyGOQx1Sn84Np3-5BOfLqmfIDLRMVEfsq1X9TYiTO-L16Sef5urrrsN8aNh35J98Ozxf9YklMvbxtnEk19ROHlkV6MAqzNzG303qtH2zKMtSAuGrHbLtHsGW5iFypncROqrzLEYDp5D5FtUeNiks1yff8nqdjgNXO4hwpM-iay4hr9KX5QN8y38RIJcwrORWOsEHjA6POg1ehQUTTjR8ReLq9mhr8_bXhEAUYNRWXRmxZzc_5scb0EF5z45KtlUzmEzKOvhSMHUtcExr_H4HCXBMPcnyV7qYSXr8HlQOJ-YWCwDB0qQsmFy2j7Lhw5O6reOW9DlCEArbkNPuEunBfygO19v2LJsCySS9iH6flcGKvjMe5XirzfJ1jJFTPiR81ZW-vykSu3SxVrPWCfoXZjteJzxTQcEQlQRBbbSyn0GhdxIgIMx6QRqZp_PuKkHu-pgXvx7J3j-UVJdWwcW2DJc_2NEg6Ro5dYJ7s1wqP1l9efNjGmGkKpD_v21VJP3ExprsDM8StCzzaoU5zouLU9nS42IiWy4LXTUlu3LiLKq26Ki-bCPZ9kXp_gU4qEzrSFu1yLHzSh3AhJwOAZ8aUAbL0fktzP7PirQMe0uX8Pu_g0VXfX0LThKmRLTXKPeRK7yvaemWfUhCVyppAhunxExOLi2-rAcN6KcEdBaU-SJLCdkhJO7bii9XTggZONFa1WB1gyaWuicxH2H9fqqZZL2ERFhRYs7YjtcMHhZ9AsH7PybueRJ-y855vBPtCAh5Dd4HHzzWRkcedSYrAUbec3SYxSTR2yLtFrc--VjIe2zRGtYm5NQOXsSqWZRd3mA0j7F3B8f9iQxC2nBeXlM8VgGSezYIFZ07NX4GlfWXGvDQpoHR0BEZguLFCWU_QYllBFsDkCVpTQYv6w&cid=CAQSTADUE5ymOY4OoPsoHi4MFiu3fU3ebRUIiP51BFbEALMW1Mp0TqRL42NCHyKUIphvdYfJp9sd6SmZYeBLFJ6aeCXjrCiWovuBlfoXv3UYAQ&dc_eid=31072035&dv3_ver=m202301300101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=5968634544489823000&adk=356101037&idt=203&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8c6d1a69ec115786f6df18ccc0cba813605a040dafdf84f5f6cc32d0476c37e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38116
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 828D 0
0 61ms
61ms Image
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023020901&jk=1429750509653728&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

GET
H3 200 container.html Show response
1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7FAC 6 KB
3 KB 36ms
35ms Document
text/html 2a00:1450:400d:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 21:27:51 GMT
expires: Thu, 15 Feb 2024 21:27:51 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1350098/69352127/ Frame 81F7 46 KB
12 KB 190ms
33ms Script
application/javascript 34.253.25.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1350098/69352127/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010458973&ias_pubId=pub-9602519502618262&ias_chanId=1&ias_placementId=19651070878&bidurl=https://pastelink.net/r3g0rpbb&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iLNwHJfmGVfoYJ0cy6Xnhn
Requested by: Host: t.co
URL: https://t.co/ssYW4ginkF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.25.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-25-36.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 765fe9093b62526d240d14de222e4ecd283964ae7baa991cdaa646cb3d86048c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 81F7 106 KB
37 KB 124ms
30ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: t.co
URL: https://t.co/ssYW4ginkF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
Origin: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 06:22:12 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/ Frame 81F7 8 KB
3 KB 29ms
29ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CFzkDSCXkoU9b6Oy-L-I8O2l1MZ7ZH5eRsAonCjKCGC_ehPX-mJjzLo1XxEUzbmogWXbbvazceRX7yO2fHdyf2BAdpR_QT4ssDFRrDI09JctAG68fiCSLAjn3M4O1004-8GqcWlENQy4_Hyzup6nDEfT2gQMN-T45DhX0Eey62p8Sh3bg&dbm_d=AKAmf-AVqB7rYT6m1_03-hAH2fLSoAJxd9-Tiof9JjpBb_Yl5blnRm9kgdvJnzCKfIVcErWfkXN2f1kK7sRvKUSwXypjBHTrfnPuMy_zETmG-Pceoo_B-HCUoCBeXYPxhY2b3hayOswT-yLGp-UywWyBVSIo59aC3xmQnhwifkE_9wurDn6p8GUGnsaYbrqVl8xlEAD85rXN0zA0dx8_zfdaCrmwS0i-T24fxvKFDyMoLumNVrZxvhxa7dhyXz3iNefF-0v9_SbFW8_azdHbC2AfTG887W9Mz3gNCaMrUABlwuFVqkt6140r0Y1ICdLQzVAlGGkNASksnxjY-MWCr74V8mueR_ynjjxr7zEsn5-lEg-AiP48Y4xys03ilQ24l7WTDL68BXOT1iQawA7L8bQdX3hAyOhMMMfcdeJOMOgpe1LoaDVadiCKXAZt-pd4AzKXob9A1kTcjZlHxK6a2aXUcv_izEa6w5Io-N5QMp9nVJUzfY30zR9819ul_bI__tL9YwBMZYpSGZ9lDtRyHXTbarxw917uGqNz7MqPlPmCacCZmrmoiC6WJ5vgq8VvCWtoAOdOefiEAIDAIXwSFR18hbj38rmBqZIz43t4nU769rjV5HoD9lZ38jGLXtK1MSAgsKMKvOWfDMsVcwJQ6KEUquCYWlLslHlCvZG9XpLDEWlKsoBia_wItjC3S2YvPHwOthWYAQlBZYRFv6CAqIfcrWoZbLOkM7iP9ipptbaYC6-Wday_EU8dWo4WRvQ8KEVUZhMeIrpvPDNUTn0kEXwtVvtUkieOVwWcvwLm98vexbBfTE6OsB7dlpUkaUP4ekghYTpZ-4Zds5Y4kKQgiVNxq26V3szKIVUsz_jODPmVxzlF39PPxcrlS30M2lGu3cRl76B22JwfvVmJ-r05D1BpCtQQE_rlf8tTLwkLVeUSR4t8NeoDS9jEJ1uZijepAelzL-7yaz4dEI6ZLd5ILr-k0oiEhtPi_fFa4yKhCbrnLxHHP3mqmkxxI7SJZch0zRP3WdTpvBSUmLaK3CR3Fw6eDNVoJzGRDpHhPLcX3gbVJgYnGtwkJOTHoXwaI84z4ZNHPOFXu_YZ-D5An6wFWdwY0bDkMYrqg-SnnCft5GlZgW2Nx4bzGcrfAGt8hEwlSc8QYx3N_FUDm7hy7m9D_HSdkvOK6JYe0fCJu8lornQ_0gtAADi0M8CNsaZI7Tv00bdXeHvya1AIVNVA2_FByaA1pGge_zK1IBj4o3s4QgYbnxEuLrCwxwPwPjxVYjpjna57pjsusVd5kl89P_qAzgGOTE9ZyvLDBXUPmlW7Kps-qcEuSlH3KFjtAQkog8nPRahX1wAcjNFaiwR6E2lH1bI05vHgJV1qPnsGzJ016weuxT8SLWMDRQo0psEdePSJR9xkNWejcepgmV7CNNamN5NqObZFdnn6XbAUCA35F6li5ICeJt66rmov53PEKYP7PyR1YpNYxx7NPH0hiykjGefXuUbQGcTsZmXva7ZPNjoqAJftmKO5W5UldO2_714HR0hV1RJbnun-99tLDLaN7md8-3JdgD_1IVx0PKNIPFZYh2Nqw6gv4NnWtFrSGrzrRn9U62bt7mwbwqbVbC5QRRp6GHU5RFmFPhTF_KPQ2yopr5APO1JYDlZ0TFUT2Vg7WDLfJcwLZleFGWTAoDOA09__aaKQ0LObZ-U0mGQxZiJd8rk93mAMLtg2x_taj44e9Mwh3upfNtJtSZmDlDIVvsyRBnreMPUvij_jgBSk61k20E7h7rBBQBpTwg1B5Iv2MJYE_GES4EzOmL7lFZyDjv5CYbSkrE7GLQMI84MLrFlPCelaqgXaXRJl0KMQB9QAzVj1zwkjNI2Vo-HgHnevSQHuT1p8d15l0Uo_-fugbehn3F2l_FTj-JO7UxKMpZ6VfZscOv1xxG6GDS393PsXFyJphBtWDhQr0gWFarhrRXM7mB2xyuBRSFNen6G80xQg3pg6qmh_SL68iGipi4q4uHUt0N2TABAUseSR6J5WD7klsgTUH-whxpOzyworOPrGTHPL3wqKDXYWvhVnI0C1WZaK1rdaGd2f51ejqMF0uXd_b9C9rPIyJ_KmvMW9htzowsD7OrzgJqY4gNUT6E-oVjrT6byCv7FuNn1oM8C3AiQCv1SpHqrLwHoFKJzByrVecubI0EpcqOKYHngap_FiN2yzA646j6_FNx6X_lk9EZFzqT6Sjbq49j4gBM8Zr6heBdR7brvQuhojogW2dl0yePIBNnCf93hW4sW9of4ym0oVncO3WkrygjUx3C2_J5V5AE3IMtyH5UoJrOJaMUqmjXMXZDHEgHH4Ao8hc93vQpzzs20xKc6lsuM2QDTLSQbYf7k6UrpfdNWZbBKDSMQzH6L8LC8WU-Aq3ixkEwevXIMErGrys9rTisGte5ZhIBm_YrS7nfsUQ0vxe7lmQvzugZQCdPv9M8x43k0rX2rKv-IAIQuej1iZghiSlK7F4yHFfX1STYhqc9uqPI2jZhaoEOMZLcYsTXdh2pDnXPJFfSKcxkW0niwghXp3OC3MViL4-Ilj_zsxqkFspVSbIIyFRyGOQx1Sn84Np3-5BOfLqmfIDLRMVEfsq1X9TYiTO-L16Sef5urrrsN8aNh35J98Ozxf9YklMvbxtnEk19ROHlkV6MAqzNzG303qtH2zKMtSAuGrHbLtHsGW5iFypncROqrzLEYDp5D5FtUeNiks1yff8nqdjgNXO4hwpM-iay4hr9KX5QN8y38RIJcwrORWOsEHjA6POg1ehQUTTjR8ReLq9mhr8_bXhEAUYNRWXRmxZzc_5scb0EF5z45KtlUzmEzKOvhSMHUtcExr_H4HCXBMPcnyV7qYSXr8HlQOJ-YWCwDB0qQsmFy2j7Lhw5O6reOW9DlCEArbkNPuEunBfygO19v2LJsCySS9iH6flcGKvjMe5XirzfJ1jJFTPiR81ZW-vykSu3SxVrPWCfoXZjteJzxTQcEQlQRBbbSyn0GhdxIgIMx6QRqZp_PuKkHu-pgXvx7J3j-UVJdWwcW2DJc_2NEg6Ro5dYJ7s1wqP1l9efNjGmGkKpD_v21VJP3ExprsDM8StCzzaoU5zouLU9nS42IiWy4LXTUlu3LiLKq26Ki-bCPZ9kXp_gU4qEzrSFu1yLHzSh3AhJwOAZ8aUAbL0fktzP7PirQMe0uX8Pu_g0VXfX0LThKmRLTXKPeRK7yvaemWfUhCVyppAhunxExOLi2-rAcN6KcEdBaU-SJLCdkhJO7bii9XTggZONFa1WB1gyaWuicxH2H9fqqZZL2ERFhRYs7YjtcMHhZ9AsH7PybueRJ-y855vBPtCAh5Dd4HHzzWRkcedSYrAUbec3SYxSTR2yLtFrc--VjIe2zRGtYm5NQOXsSqWZRd3mA0j7F3B8f9iQxC2nBeXlM8VgGSezYIFZ07NX4GlfWXGvDQpoHR0BEZguLFCWU_QYllBFsDkCVpTQYv6w&cid=CAQSTADUE5ymOY4OoPsoHi4MFiu3fU3ebRUIiP51BFbEALMW1Mp0TqRL42NCHyKUIphvdYfJp9sd6SmZYeBLFJ6aeCXjrCiWovuBlfoXv3UYAQ&dc_eid=31072035&dv3_ver=m202301300101&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=5968634544489823000&adk=356101037&idt=203&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7047
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:30:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 81F7 28 KB
11 KB 29ms
29ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c5d87821b8806898a69c4e8cdc26f7fc8ea4bb175006aa060ca229f4810a0af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7047
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10817
x-xss-protection: 0
server: cafe
etag: 7837758721724492523
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:30:25 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D338 624 B
245 B 29ms
25ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIY_cLw0AEwAQ&v=APEucNWzkRu5HTj7BuhTldc07FAGqsLh_YlgyviLrrGkVGlZjea4qVMMe9pnD6YK7TAlg1wRxNVy9ib2vEd9DFxuOos2DXkpBTTgb041RnXLt32TUutcRtN0-72MFkq1XCIqb4oMt7P6LHY05SGlo1vCxPmAaC3qjspAeXOp3JCNRHeLdIkJJn0

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 21:27:52 GMT
expires: Wed, 15 Feb 2023 21:27:52 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7FAC 78 KB
27 KB 113ms
112ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 21:27:52 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FAC 42 B
63 B 67ms
63ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DbIL00lC4viSfsXXXFU35YwYJeH4Efe7-ULvOTdc7Y5nZslYIHyioKsVKVGl0VhfuoLqzTB17NhmZjgcxRmZ3itc7ePJx_cjAhQCHXIL2zHoA7_iA

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FAC 0
20 B 66ms
62ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16727690583211954258&x=1&ct=76

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 7FAC 3 KB
1 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:10:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11820
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 18:10:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 7FAC 20 KB
8 KB 19ms
15ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72243
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 01:23:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7FAC 156 KB
48 KB 71ms
67ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0937a8903ce9027c6f433ddda4c1c9df0c5e6d64aea3696396b0c22c0e85661a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48832
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676324880006035"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Feb 2023 21:27:52 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 92EF 0
10 B 17ms
15ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Cl1Yog
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:52 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D338
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1

43 B
632 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIY_cLw0AEwAQ&v=APEucNWzkRu5HTj7BuhTldc07FAGqsLh_YlgyviLrrGkVGlZjea4qVMMe9pnD6YK7TAlg1wRxNVy9ib2vEd9DFxuOos2DXkpBTTgb041RnXLt32TUutcRtN0-72MFkq1XCIqb4oMt7P6LHY05SGlo1vCxPmAaC3qjspAeXOp3JCNRHeLdIkJJn0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 21:27:52 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D338
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.1OWKHe9-HbgIr4zN5KLQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1&google_hm=2

43 B
632 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIY_cLw0AEwAQ&v=APEucNWzkRu5HTj7BuhTldc07FAGqsLh_YlgyviLrrGkVGlZjea4qVMMe9pnD6YK7TAlg1wRxNVy9ib2vEd9DFxuOos2DXkpBTTgb041RnXLt32TUutcRtN0-72MFkq1XCIqb4oMt7P6LHY05SGlo1vCxPmAaC3qjspAeXOp3JCNRHeLdIkJJn0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 21:27:52 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJZkMLGRvaPaojykFRJrb6A&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame D338
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPkxvOmbnia7YfMxic9gM5E&google_cver=1

43 B
1 KB

16ms
15ms

Image
image/gif

185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPkxvOmbnia7YfMxic9gM5E&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIY_cLw0AEwAQ&v=APEucNWzkRu5HTj7BuhTldc07FAGqsLh_YlgyviLrrGkVGlZjea4qVMMe9pnD6YK7TAlg1wRxNVy9ib2vEd9DFxuOos2DXkpBTTgb041RnXLt32TUutcRtN0-72MFkq1XCIqb4oMt7P6LHY05SGlo1vCxPmAaC3qjspAeXOp3JCNRHeLdIkJJn0

Protocol

HTTP/1.1

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 21:27:52 GMT
AN-X-Request-Uuid: a04170fc-c491-4601-8ac7-fd9f03c9a0a5
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 37.58.57.2; 37.58.57.2; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPkxvOmbnia7YfMxic9gM5E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D338
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDU5ODk0MzM1MjIzODg1ODk5OQ%3D%3D

170 B
188 B

32ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDU5ODk0MzM1MjIzODg1ODk5OQ%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 15 Feb 2023 21:27:52 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.58.57.2; 37.58.57.2; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: f1306ec1-4d3b-46d9-a7cc-252558ff5b69
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDU5ODk0MzM1MjIzODg1ODk5OQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 81F7 41 KB
15 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:20:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32855
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 12:20:17 GMT

GET
DATA 200
OK truncated
/ Frame 81F7 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 78bc69e4dac823c639db80ed2c1e34d51c80301355a7422f53a6d76caf51f277

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 10C7 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 142975
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 14 Feb 2023 05:44:57 GMT
expires: Wed, 14 Feb 2024 05:44:57 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FAC 0
20 B 61ms
61ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6933829610963&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FAC 0
20 B 61ms
61ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6933829610963&version=m202301230201&ct=76&x=1&cor=16727690583211954000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7FAC 82 KB
34 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CshgwJAbT7EvJWRLpFMBO6bYEVS3aQk2XYaznG3ARINikyb3W4D17UZXKNpXcU-Niec3VTMe3-UXJL-GHiOdh91nyMtw&cry=1&dbm_d=AKAmf-B8sKsI1Wk98v4ENoyJkxjm9A_U-MFJKBGOvRVykN3GJnk9ixfvs5axO6JTcCmbyoGm4j8UwYIb6kEjULOn1KKXhbGLUhl2H0b6x56A1NAUb9jKllSadtEdXj3sVWalb5gy2pTuXIAGvtQwOphEbXYZBNS_WpyujwIJTsNqNIu1IKCIpEzJOk8sLsgu77TRK9wXmlFeq6oQakY_3bOeCFrTjbu_6mdXgs8kfnJKyS-vf4T0Ah3-V5Jldha5S_WN3uWp8fUrNJquhACI3JalkIFYoTXfWi8kM6c1R5hdz5RJJ_uYoQjANuy-9sLG75wn_mAP5jvEJQw5aiR01ZbhP_0lFo-FiO8yXpdxxb0lGIr2nBfdS-CD_yqJfAewBmcpoctO_Z4b2A_iF_aEMTFoMqmFHZ73XyEa7ugqhLbvvrjNsrcT0lB09DEwLkTxUQfnqxI7XRXxkwFrbF1idrxYhCNyWWFk6lMnGW4q1YldU6h9DRiYz6mAZsS6Rnj7OHrcYiInhN_srBvCQCYtjjearj8F45U2Qpg51xYJoNxlPvP00GuvL1e-CaBCWZMqhgDMNlxYgBCGf0hwMs_mynVdXqaT-64adpsq3o80I1onh8ML-v5RRNP8Tlk93r6JsTmFnfXnb8HnGPilal58gcL1TaBZdl9D6FH2Qvvap7Gi_204t1UZDL_jROabOza_CYkDT9-zlQ75pQYnTeE2EsfSPSgC_HxHVOxzWIhYH2eTdH71pmUA8ZKoXEU_eN7y4e0lPumAa2OA0g1fQRpwZYANWXsceakC9llAG8AHK5qDJMkueb_AJSHu4OiDZcRcR1j5vCLRSLN1YQScOO2nqOu02j7YgLUIFH6AJPKHmQbKPID0rpXxyWqJN9kLB-KqwH7OYG5q411ecfVrwWlpwpdnRU1BTe-Y5AsLZDSqaASE-Or7iRwnIR7WaMm2pd8m8p2F_8BJkuEzgjxxdXoX8fqYrqeXNwjVMsohDzthbPCHN52Grp5ViGnYDG-xI2f4esgDYvq4Y5EyEME4Uvg4l0KDm5YRUxVtqerxSP2LBS-MuI7TeFMSKSE38Dph1a-yO2XpvBggtlwAs7TAgK3sih_bBIiGi_rAvDtW64yWmqiPpAyXYZWua16RMHb9TFTe2SXXrEpzXJ4B1NinPBjmIY7txl_FJH2ZwY3oZfEC3QANabA7dhPw0tOhr2EwcDf4RaLw4ZUPqVVjTSeP2jsaySQGz-MQGq1FYEcfAmCJsgwhKyAlku7Ufo3hzOsyUTNjsTjrCwi8K9xMPO9nR-t0nvktR6T4KUuTdGFeXaftuSMCilunf0zNjUif3kKi3am9OAU6OAIHdjgDa7k_qZXCl1-awdwhc8C-f2ll4ritXv1OgjDhhggKe0IXM5FgWRpuyEX_QZnel_7i7RepqEP4V5fVdvRaNUQ4if35L25ss3caQKriOBU0C0Wczmmae8zUcSLLEmWRndUFUWDj94xwjslpEWgS5vbYQvPj551MPrFq8W-NS5UOvhZ8e4jIcE9gQlc3GogtjLff_e1gvLaF_MyMml3XRaqVzeI9KinMZiYM__eT9mgvpz5eKtF0EKgaOZgZzy1YlllOF_n5rL8Bol3S0xe_hPGgXw1I2ZtLm5cAT6OCV8u9ygzV3L8it0zoAmZgOLVU1hJaPry9-7j_kS6-Ltq01sTl143xkg13G3NagVuoRRh9iHBO581jaMtAdXw_0mw_SworhpFi5ELCUYBkhS7j-BNlcFt5-7MT68rnLKa1rrti8Eun4lvk9QD0Sfy4GVnBoNFiYvUnCq_utvbXzQ7OX8fkT7bTzMTrhkOm3VBlVLRh3IlZDPvDocX5rLdZR1tEDEtbbZsH7E6qvpEi8vx2cw_NZr-mowH4_3TotyxWl4rJmbpRjcGbfVTbJFg6qCiC88-Nb_hMInXxCn6fN5X1wVkMzuvpdiwocEdqZxo4dC9cbwsAWPMuWT4ivG5sMz8bNmN2XvVbPTaNbAAYxEL5G2Ii7Xsv2kACyam1-fACDLd9Bzci2jpBvR563wZW5CtnzoO8j_TXyOzqlTFAPFXhCI-sQLG4yp9H1yeNcjaHaZhZWVI95M2XIegGtqGjjRqf-xI_UaP0mtVQ9ezraV9Ln4htqNzWCOQ3PAFbpy8qIr0-nRA1T30KhUPU-OrIE6ikmvWa91wTF3X_Ezek3W0o-DtMoCZKuPXUr6tzywfQ7cu5SmkQjDFhRSwOVcGKxFPBSk19cM0Pua4WyuKUIEWw9hO4uycvtxqW8fh_hmfTKHDFyFNMo2bMAToQdaWQS-U8AYNjf39nF77d-zR1q4c1VTHsZzdRwnT6mHrInQhsOWcYx6z4o2n60IwFaYrR6TN13NzeIHeKoFlQ8rkNC-drowrZCOZ-1_aOKJWrEDS4gGpmIWOcalIgTattL_lkVv0vXM1pLVe_57nEmfK1DroeJVQxtIBb6s_ARf2RbTArUXmbceN2jIn6Zev3Q83z2KtbWJtYz0hGj_QKgITnYBE7ehmfMLO7NsXBjKSGZ0bfRVkTBCRt6CBV0xQZbTvUji4FbrrUOvFW1_60ntQGCZoaePIlLi6Ska4-2kKBSihaTux5rpjNZ2xNIU6kEu1X3ZauUlIxePZ0AW3eSdqzUsgNMDR4nvUIfM3Ns-Fh6fY3sxjAfWQHHRzb-hZiuu0NJ2yhGCRCc2gnwYU1wT6_KWU23P3yJH0x8lUfN6Mt-LdkQqKiZYEkt3mENP74LHqMNMSnLHCXgZ2fgMG9wNHfYim-GET1aiXexpimSBA4sXNLOVrv1oqOYP3fhX9xydO80V13AFT6cT7JE8B5ukoLOoj4YS5p3KFQNLKq02rsbMAzs-Z4zZCD0Nbe0n-sW3-OmA0NyYcl89j0DrTDMIh3u4jVfVk9eRBxYSst6RUt-JJsAsucAGJ6VWpibR6PuGnxgu4ZUv5RXCm4z3jm-XLJ-g7cZksANo8CoqaUO9_MSfJyyRB7TnOmht-eBUc3KNv0emDriSn7mNiMBRcolRRFO6n1XsNouOZb8XPWDqjow5rVFQICwdwEXZ6LKgjKneWAQf10c5NTV5fokFaI02HW4untaHii7f_MIIqzHzDV4e9JvNQJKYhBIh7ziVkbyQuhGp9MZya0WiFcxBsmHyor8I26JyY2a_36BhC4Cbs21fDWcIJustMrhlWM7Ec1xGosS_dGeZFfZRmGNyI8azlJ0m2XmhS1cT2TcCDJtefuvgs4cLSjNq0d2MaPdkRj8m2igTZp3gMBokQhwy9cuv4wDpj3LguW3F6aDdEge5yj-LX5CghXD212Q-koji3t8LRV9aIb0OQaef4zqsv-HmJZvdNzVAV_ih4tj_3mFE_kyV2ZTXXlpq5HKwOOt__ql5vQ5QNfcAWefukV2UjScgOzHSwgq9Fvu2_tvvxH5QY-2-nO1b0e9EWdWpPRASTcPmMzRNjoIFvE&cid=CAQSSwDUE5ymLRu-sjbNa7XHXqgpql6-gsz8CNwldgrQV7bTsU8Eko5XP-sEOIICfkYtX4pOP2vsNIzqEsk06ITZXHIrOptfv8R42k2FxhgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=16727690583211954000&adk=1964084972&idt=118&cac=0&dtd=5

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a8cf1a1f1e9738ef2c62dc187192f682c43a2f5e3fb3816bccca45117cba279

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34816
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js Show response
pagead2.googlesyndication.com/bg/ Frame 10C7 36 KB
14 KB 32ms
32ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a69b896f769c49bc0f52b93a00fd1ec9f63e2d3ce70fcf23b526804356e18e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:07:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1214
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14239
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:07:38 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/ Frame 4E09 98 KB
21 KB 94ms
30ms Document
text/html 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b067ed23c20502933aea5d561f7c4a06e7beb0cb10e7768302cff29ad8c3ab8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 42985
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 21577
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 09:31:27 GMT
expires: Thu, 15 Feb 2024 09:31:27 GMT
last-modified: Mon, 06 Feb 2023 08:20:07 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 81F7 0
0 208ms
78ms Fetch
image/gif 142.251.208.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstclBeZwZsxLsadoIpPJj1VvxMNBePzE1A76-sA6Q2t3f5vQ1DYfmsSpIod9GRhnzCz_xaeeaXGm9JmseWx8vSC0iy8IGG0mFCmYkY5WQ-HbAj8EAG8jia9Fdnf-0ft41WJjDV5SrT_gY6rZqsaFNkbHBAVjcjdOe6sUozTzfSjteh2rZ7Gf6eN6wC926tP1V63pR1uc5VE5FXBRjFpMZ9dWB6lEiDnjDn-3DC_ePOtGqh0C9dx8rHEOAUFO7k8DLWx1FOfNYj4Yo-HmVXEcof4qlpuKV_jKWajlZ-7Qk626RabQnbfTMlIt8o8bi5sJJbcdLWKW3GEdOVZmAZxmd6wc2i8rGUU4pQkO5dYLy-QqCV8aE63fxIhsrYYsZo50EGKf5ZK-oY_tON6Eexy2ws82K__G5uFmavisPOOYHBGRtZ-Hrn4Sy_YR43A1oBeoogZ-MQsRqLTPwo4DUDY0UL-rJG_7lnXz9Mand3w5LGqdGYmvN5I3Nt_gan0PbhMWA_lid7pQRn3P_j_yoQCrV_K_iVksC1KQiZKQBxmY_wdZlx_vczpnvzNOlPVyX9jZH0kjUOvhwfHJNaHrujWRemImiqqA4DVEoB7Wr41Nq7KL8n0WDcf5WmYeMFABLtQbaT-7w0sPLzEpJF0lWo4KM5EaOpKs4f9iD9rYPmbQmn-23JnIz8SjSB3okrbSXtzfGfWUBD0wADtPmMXEt086cnsr0d7F1eaFcnHWmP5101I_RvJxDKgu48G11SoLOtGVddR1lu3XrjrbO9v2GH2Z3xxMF52pnS0vCBuEb6yCJmKekw21inweDyXpnEHFJgqlQjIsjFtz0nTxxwHtwZCOs3yTzAdaxBki1DG9Hy_REwglUU0M1X19ByZszTCviHyNwEIiH-j2jd8_uAtss-f9z-dGbVPXqjnetxs1FvUdKQlWiesDpoqaxB3Y087rflg-3siez5EtXEIgGVbLVUXZNdWf7ge7Gm_Z37cN9MvX4CVKz_nxjGkJVFW1l54SLC3nwoslMmu88LtA0R1xJxhN1CrZK6LEksGG_g1z3QzelwMdCk_hHZsS0HEmyTgC-trODFJ9KKxVELNF1HYBIwRhnq8HxgNUaxRbT6gWWdXtuFSvYPoVK1dSbekohgaBvXN6HF-3Ea8aPgzgv94icu0Id9fD_pR7DDZxHMyjGe0f81A9drFQ3K-kIQzxBD8QAq6g8q_5by6ezHydwbZCFlJlX0fXvUp1g&sai=AMfl-YRr0bHZcpXAAl55c6mwU5XAyfHrev_Gy7t6LRgAqegRORj2rFGfnRLxmBE2cbqKbHnUJj94NNd_FD4Fv9-ZMhF-QuOnyKZzSTl5Qnjmym_VlISvLXG2LJ2mDxhKq1rpQmNny85MBGlT6ps2nb4eKpgUD43TqE0QwuXJ_Z7ZPdSzabut8m8Rn9T_5bFKL30ersywPL0DKyGaKJ9QSNvik9Atur3e_KdI7Ron_mLjmUDUiYgNlCuqe-2B_JNMUEsFpiSfKY07BAdMjchXoO17p46obz1MzwPVSkDY&sig=Cg0ArKJSzB85tuyHYAzDEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=174&cbvp=1&cstd=169&cisv=r20230213.09394&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: t.co
URL: https://t.co/ssYW4ginkF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.208.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s42-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 15 Feb 2023 21:27:52 GMT

GET
H2 200 93656
tags.bluekai.com/site/ Frame 81F7 62 B
581 B 644ms
503ms Image
image/gif 23.35.209.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/93656?limit=0&phint=event%3Dimp&phint=aid%3D6531095&phint=cid%3D29364893&phint=crid%3D186460175&phint=pid%3D359274924
Requested by: Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.209.176 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-209-176.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Wed, 15 Feb 2023 21:27:52 GMT
content-length: 62
bk-server: 2419
content-type: image/gif

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 7FAC 106 KB
37 KB 34ms
34ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: t.co
URL: https://t.co/ssYW4ginkF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
Origin: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 06:22:12 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/ Frame 7FAC 8 KB
3 KB 35ms
35ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CshgwJAbT7EvJWRLpFMBO6bYEVS3aQk2XYaznG3ARINikyb3W4D17UZXKNpXcU-Niec3VTMe3-UXJL-GHiOdh91nyMtw&cry=1&dbm_d=AKAmf-B8sKsI1Wk98v4ENoyJkxjm9A_U-MFJKBGOvRVykN3GJnk9ixfvs5axO6JTcCmbyoGm4j8UwYIb6kEjULOn1KKXhbGLUhl2H0b6x56A1NAUb9jKllSadtEdXj3sVWalb5gy2pTuXIAGvtQwOphEbXYZBNS_WpyujwIJTsNqNIu1IKCIpEzJOk8sLsgu77TRK9wXmlFeq6oQakY_3bOeCFrTjbu_6mdXgs8kfnJKyS-vf4T0Ah3-V5Jldha5S_WN3uWp8fUrNJquhACI3JalkIFYoTXfWi8kM6c1R5hdz5RJJ_uYoQjANuy-9sLG75wn_mAP5jvEJQw5aiR01ZbhP_0lFo-FiO8yXpdxxb0lGIr2nBfdS-CD_yqJfAewBmcpoctO_Z4b2A_iF_aEMTFoMqmFHZ73XyEa7ugqhLbvvrjNsrcT0lB09DEwLkTxUQfnqxI7XRXxkwFrbF1idrxYhCNyWWFk6lMnGW4q1YldU6h9DRiYz6mAZsS6Rnj7OHrcYiInhN_srBvCQCYtjjearj8F45U2Qpg51xYJoNxlPvP00GuvL1e-CaBCWZMqhgDMNlxYgBCGf0hwMs_mynVdXqaT-64adpsq3o80I1onh8ML-v5RRNP8Tlk93r6JsTmFnfXnb8HnGPilal58gcL1TaBZdl9D6FH2Qvvap7Gi_204t1UZDL_jROabOza_CYkDT9-zlQ75pQYnTeE2EsfSPSgC_HxHVOxzWIhYH2eTdH71pmUA8ZKoXEU_eN7y4e0lPumAa2OA0g1fQRpwZYANWXsceakC9llAG8AHK5qDJMkueb_AJSHu4OiDZcRcR1j5vCLRSLN1YQScOO2nqOu02j7YgLUIFH6AJPKHmQbKPID0rpXxyWqJN9kLB-KqwH7OYG5q411ecfVrwWlpwpdnRU1BTe-Y5AsLZDSqaASE-Or7iRwnIR7WaMm2pd8m8p2F_8BJkuEzgjxxdXoX8fqYrqeXNwjVMsohDzthbPCHN52Grp5ViGnYDG-xI2f4esgDYvq4Y5EyEME4Uvg4l0KDm5YRUxVtqerxSP2LBS-MuI7TeFMSKSE38Dph1a-yO2XpvBggtlwAs7TAgK3sih_bBIiGi_rAvDtW64yWmqiPpAyXYZWua16RMHb9TFTe2SXXrEpzXJ4B1NinPBjmIY7txl_FJH2ZwY3oZfEC3QANabA7dhPw0tOhr2EwcDf4RaLw4ZUPqVVjTSeP2jsaySQGz-MQGq1FYEcfAmCJsgwhKyAlku7Ufo3hzOsyUTNjsTjrCwi8K9xMPO9nR-t0nvktR6T4KUuTdGFeXaftuSMCilunf0zNjUif3kKi3am9OAU6OAIHdjgDa7k_qZXCl1-awdwhc8C-f2ll4ritXv1OgjDhhggKe0IXM5FgWRpuyEX_QZnel_7i7RepqEP4V5fVdvRaNUQ4if35L25ss3caQKriOBU0C0Wczmmae8zUcSLLEmWRndUFUWDj94xwjslpEWgS5vbYQvPj551MPrFq8W-NS5UOvhZ8e4jIcE9gQlc3GogtjLff_e1gvLaF_MyMml3XRaqVzeI9KinMZiYM__eT9mgvpz5eKtF0EKgaOZgZzy1YlllOF_n5rL8Bol3S0xe_hPGgXw1I2ZtLm5cAT6OCV8u9ygzV3L8it0zoAmZgOLVU1hJaPry9-7j_kS6-Ltq01sTl143xkg13G3NagVuoRRh9iHBO581jaMtAdXw_0mw_SworhpFi5ELCUYBkhS7j-BNlcFt5-7MT68rnLKa1rrti8Eun4lvk9QD0Sfy4GVnBoNFiYvUnCq_utvbXzQ7OX8fkT7bTzMTrhkOm3VBlVLRh3IlZDPvDocX5rLdZR1tEDEtbbZsH7E6qvpEi8vx2cw_NZr-mowH4_3TotyxWl4rJmbpRjcGbfVTbJFg6qCiC88-Nb_hMInXxCn6fN5X1wVkMzuvpdiwocEdqZxo4dC9cbwsAWPMuWT4ivG5sMz8bNmN2XvVbPTaNbAAYxEL5G2Ii7Xsv2kACyam1-fACDLd9Bzci2jpBvR563wZW5CtnzoO8j_TXyOzqlTFAPFXhCI-sQLG4yp9H1yeNcjaHaZhZWVI95M2XIegGtqGjjRqf-xI_UaP0mtVQ9ezraV9Ln4htqNzWCOQ3PAFbpy8qIr0-nRA1T30KhUPU-OrIE6ikmvWa91wTF3X_Ezek3W0o-DtMoCZKuPXUr6tzywfQ7cu5SmkQjDFhRSwOVcGKxFPBSk19cM0Pua4WyuKUIEWw9hO4uycvtxqW8fh_hmfTKHDFyFNMo2bMAToQdaWQS-U8AYNjf39nF77d-zR1q4c1VTHsZzdRwnT6mHrInQhsOWcYx6z4o2n60IwFaYrR6TN13NzeIHeKoFlQ8rkNC-drowrZCOZ-1_aOKJWrEDS4gGpmIWOcalIgTattL_lkVv0vXM1pLVe_57nEmfK1DroeJVQxtIBb6s_ARf2RbTArUXmbceN2jIn6Zev3Q83z2KtbWJtYz0hGj_QKgITnYBE7ehmfMLO7NsXBjKSGZ0bfRVkTBCRt6CBV0xQZbTvUji4FbrrUOvFW1_60ntQGCZoaePIlLi6Ska4-2kKBSihaTux5rpjNZ2xNIU6kEu1X3ZauUlIxePZ0AW3eSdqzUsgNMDR4nvUIfM3Ns-Fh6fY3sxjAfWQHHRzb-hZiuu0NJ2yhGCRCc2gnwYU1wT6_KWU23P3yJH0x8lUfN6Mt-LdkQqKiZYEkt3mENP74LHqMNMSnLHCXgZ2fgMG9wNHfYim-GET1aiXexpimSBA4sXNLOVrv1oqOYP3fhX9xydO80V13AFT6cT7JE8B5ukoLOoj4YS5p3KFQNLKq02rsbMAzs-Z4zZCD0Nbe0n-sW3-OmA0NyYcl89j0DrTDMIh3u4jVfVk9eRBxYSst6RUt-JJsAsucAGJ6VWpibR6PuGnxgu4ZUv5RXCm4z3jm-XLJ-g7cZksANo8CoqaUO9_MSfJyyRB7TnOmht-eBUc3KNv0emDriSn7mNiMBRcolRRFO6n1XsNouOZb8XPWDqjow5rVFQICwdwEXZ6LKgjKneWAQf10c5NTV5fokFaI02HW4untaHii7f_MIIqzHzDV4e9JvNQJKYhBIh7ziVkbyQuhGp9MZya0WiFcxBsmHyor8I26JyY2a_36BhC4Cbs21fDWcIJustMrhlWM7Ec1xGosS_dGeZFfZRmGNyI8azlJ0m2XmhS1cT2TcCDJtefuvgs4cLSjNq0d2MaPdkRj8m2igTZp3gMBokQhwy9cuv4wDpj3LguW3F6aDdEge5yj-LX5CghXD212Q-koji3t8LRV9aIb0OQaef4zqsv-HmJZvdNzVAV_ih4tj_3mFE_kyV2ZTXXlpq5HKwOOt__ql5vQ5QNfcAWefukV2UjScgOzHSwgq9Fvu2_tvvxH5QY-2-nO1b0e9EWdWpPRASTcPmMzRNjoIFvE&cid=CAQSSwDUE5ymLRu-sjbNa7XHXqgpql6-gsz8CNwldgrQV7bTsU8Eko5XP-sEOIICfkYtX4pOP2vsNIzqEsk06ITZXHIrOptfv8R42k2FxhgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=16727690583211954000&adk=1964084972&idt=118&cac=0&dtd=5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7047
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:30:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 7FAC 28 KB
11 KB 33ms
32ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c5d87821b8806898a69c4e8cdc26f7fc8ea4bb175006aa060ca229f4810a0af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7047
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10817
x-xss-protection: 0
server: cafe
etag: 7837758721724492523
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:30:25 GMT

GET
H2 200 main.19.8.394.js Show response
static.adsafeprotected.com/ Frame 81F7 200 KB
63 KB 43ms
9ms Script
application/javascript 2600:9000:21f3:9600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.394.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1350098/69352127/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010458973&ias_pubId=pub-9602519502618262&ias_chanId=1&ias_placementId=19651070878&bidurl=https://pastelink.net/r3g0rpbb&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iLNwHJfmGVfoYJ0cy6Xnhn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:9600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7a37a4e2f1464a5f82bafc1aea9bc92be25447be734467ecdbd5e1874e22551b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:21:45 GMT
x-amz-version-id: _dZBOGo6WbGPtb685W__WVIjRkb5PQgb
content-encoding: gzip
via: 1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 450368
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 09 Feb 2023 22:04:06 GMT
server: AmazonS3
etag: W/"23f65915f6ceb35c339633ede270d26c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: rTDpWDc6CPARkoM_m-8frA90GH18anxzZGGkBC_95Gw_lfyCod6Ztg==

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 4E09 29 KB
10 KB 31ms
30ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 13:24:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28998
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 13:24:34 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7FAC 41 KB
15 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:20:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32855
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 12:20:17 GMT

GET
DATA 200
OK truncated
/ Frame 7FAC 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5dc8fc5815e1cf78eaa279369bb25c391b1e45daa2179ad198361b84bc0cedc4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/ Frame AE40 11 KB
4 KB 31ms
30ms Document
text/html 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b7c1f9b0cd43d700389d777d0d7e54ac741860e29caa6ad833ca4d3eb27585d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 434016
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3986
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 10 Feb 2023 20:54:16 GMT
expires: Sat, 10 Feb 2024 20:54:16 GMT
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7FAC 0
0 74ms
73ms Fetch
image/gif 142.251.208.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssBcs3LYXwGkP1deNA1qbVjMEBfMla5RGR1s2iRiTv1XU7N50EgKmiv6I3LCqz72Rqea1mspsLNYV0ytaJGkQcD5WZ1K3yrkl9MnvnXzJZTOVHO29G4C-UkSSy-sIKcNoxQhz7oKigFM7nTEHhOjmCY4SoFvqprAi1hx9bCdw_-JAEpljgw0pXRhbbdfwz81jPLUnQm9rvxpIrd-ch_A0SuTGPdlRhZiHTaWFQt4xAE0UKAfkwQvyfHptziO3_wWWGqFVXBASqziHWYMy6oLXs4Z2tataNVSh7sQQY2TSkMN-PKxTacuf46Jw_TeSV3UlDGZzL15zr14pM8GLP0ICu1BbXdvdFCeLgxYPLHIRlFU_C_65JjsA-Td5OSVCCeLeIMW2N9t-I7YcPL5-krzuu6fHS-8b1E3GXwtPWSf5CFFOhLh_fDSn2QQjQ0KvXaToRjzfHMkyai7iv1fqhgIOUrNrLbxiCPIHuydX2T1rJKSgGlzKaczA00ZNJ4voZ8FHfM78cUjvt2bw1eUMRajbHbrSt_Zfqspi1HINVuHcTw0wivuOs1egt_3Nkay7R8XdUO8bYy2YUy9l31gXuxmf7xSc3SBmVGbuf1nfM4isj871kHtPHo9m5kvrhDf4wmUiKe8B5jQ1UKDwxkj33DpmxOgmX4I3ceOPySLcn32i_DQHLm1C650BB8EA-awEnA9MqtE_7H5zHpNJZPxtiY_OPf6IZ2tpYweppY0_zjMAqHV-kE5V9iXFa4o1VUt0tx0pYVgBRdUrhTzhap__wxIWAp6tFC8Ifypy-JSTf3bHKIeBOLJ4CGML0iZxr054B1Kfz0Wc4pGz3eO6yjSl-ogjz4ucamx2aOolIETm6EibphHjautIQifqjCtWFA9mdaRUMun2Avq4r9B58VEaA4TDhHKEv4Pm3gWiSHCA0GNAqJU9bIwtqA2yeqYgBVXWcbDC9_p6k8Amk-ODMeOj9t9Og1uzz2C2dlEzMpESeCRKSbmydtR-vGTa2z01nMYkmOsEw0qKeqEyRvZcn0C7_UHEWZEJbOiK1jul8wBdzaJlfapoDWm9ooeSZsKMOgJ-Fku4j3ZdyglNszPCYD3gD4eIaVs5cqXyqc-Ps2VOmtweHQOgroy7mCyZXQgKm6R47P7YjApEp31P1n3L6Y5S6uv1cICBnEZkp3RE5I2nqrHStmznJgWWQO_4I2AiAIPZwwpj_JN34OR1SWAfuRSvS_3Y-ZBQ3-R_cqN_F9j8HD53eH6MjS&sai=AMfl-YSHcFcMm5-Xzp6hxPlwip_drTdlyJReyhPOnE8gTEG_pjRimiF9nJJvg7pyqufSSwEM7zgfDtgyK2Zvu9Q169zHmxJhX-29eUNtCV9gaiA6c87698rxETihkzOT5IHg9Mp1LC5Pg2XxwOhMwVJGWBDY6aL8XYyzp8U3QFN5KECdHkOgeThFTYBs5_iVpseNfMMV_vMRP4DH_So6oNX7DM8F4NeFQDVBIyLIHcsj_vBsFnH8SCIw5QXtjJphMgb5EzCgZaNXHVBtZUWKqePVGKx7u7E-bBXl&sig=Cg0ArKJSzAu_xZKJZ5OxEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=129&cbvp=1&cstd=128&cisv=r20230213.46056&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: t.co
URL: https://t.co/ssYW4ginkF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.208.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s42-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 15 Feb 2023 21:27:52 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 81F7
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1350098/69352127/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010458973&ias_pubId=pub-9602519502618262&ias_chanId=1&ias_placementId=19651070878&bi...
https://static.adsafeprotected.com/skeleton.js?bundleId=${BUNDLE_ID}

17 B
464 B

10ms
9ms

Script
application/javascript

2600:9000:21f3:9600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js?bundleId=${BUNDLE_ID}
Requested by: Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2600:9000:21f3:9600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 02:33:19 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 6375274
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: 4k-ghfzCJyJc11TwJt13ZpxPtqCvSIHQ-zldunzzNpyb6ii2Ri4RPg==

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: nginx
x-server-name: app12.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js?bundleId=${BUNDLE_ID}
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame AEB6 91 KB
23 KB 14ms
13ms Script
application/javascript 2600:9000:21f3:9600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:9600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 01:04:21 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 8022212
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: ra_IMlkMSeLejeVK8Uj-MjEozZ9BEngjTzVQraco_6s9VOMD1nVYaw==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81F7 43 B
215 B 563ms
174ms Image
image/gif 2600:1f13:800:7780:3b11:b4cd:137d:cd0a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1350098&asId=23738251-31cd-9d69-1dd0-1c1e5de02302&tv=%7Bc:4klSvH,pingTime:-3,time:153,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:127%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:153,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:127,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B36~0%5D,as:%5B36~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tvYclsE+11%7C12*.1350098-69352127%7C121%7C1221%7C123%7C13%7C14%7C151%7C152,idMap:12*,rmeas:1,rend:0,renddet:na,siq:128%7D&br=c
Requested by: Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:3b11:b4cd:137d:cd0a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: nginx
x-server-name: dt17.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81F7 43 B
215 B 559ms
175ms Image
image/gif 2600:1f13:800:7780:3b11:b4cd:137d:cd0a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1350098&asId=23738251-31cd-9d69-1dd0-1c1e5de02302&tv=%7Bc:4klSvK,pingTime:-6,time:156,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:156,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:127,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B39~0%5D,as:%5B39~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tvYclsE+11%7C12*.1350098-69352127%7C121%7C1221%7C123%7C13%7C14%7C151%7C152,idMap:12*,rmeas:1,rend:0,renddet:na,siq:128%7D&tpiLookup=ao:pastelink.net*&br=c
Requested by: Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:3b11:b4cd:137d:cd0a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: nginx
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.10.3/ Frame AE40 64 KB
23 KB 14ms
13ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.3/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b4e40ffeea4f88fa78707ac8a7aa1beefb4f707d7bba71eb8b0e40ce20fbc94

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 535583
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23286
last-modified: Tue, 12 Apr 2022 12:35:57 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6255722d-5af6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AIKBtucyNDGyrngy8Xs3zE20QopLfkp7HyO5S9heLXQu7rdDylGf%2FLfpvbRT7HeNttC4QCBPI%2F5Ks%2BH55nHZsiRh0ZoJqaXUAGbIffqLQj9TexX260E3Rwbakzr1QBprmVs6IqeAJL3ZBA8Ktdr3RAaz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79a121491dd4bb4d-FRA
expires: Mon, 05 Feb 2024 21:27:52 GMT

GET
H3 200 creative-1.0.9-alpha.js Show response
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/scripts/ Frame AE40 3 KB
1 KB 31ms
30ms Script
application/x-javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/scripts/creative-1.0.9-alpha.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de22b749dfb9461f4308fddfbc79f0b636f78f4add1e26a481fdd23be02cb3c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:53:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88487
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1012
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Feb 2024 20:53:05 GMT

GET
H3 200 keyvisual-x2.jpg
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/ Frame AE40 114 KB
114 KB 31ms
30ms Image
image/jpeg 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/keyvisual-x2.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9cb3dd55ec2b8c0dc703fc8c15ccee41161ef9189e069fc7e8b18e56b7567480

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:53:05 GMT
x-content-type-options: nosniff
age: 88487
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 116858
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Feb 2024 20:53:05 GMT

GET
H3 200 donut-1-x2.png
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/ Frame AE40 4 KB
4 KB 57ms
56ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/donut-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bc0b41d96faf37f1a7392d804ad6cb2b980be26596753761024b7d3d9bb79de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 02:07:35 GMT
x-content-type-options: nosniff
age: 69617
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3967
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Feb 2024 02:07:35 GMT

GET
H3 200 donut-2-x2.png
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/ Frame AE40 2 KB
2 KB 62ms
61ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/donut-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6032ace0de4c42162f71431b2ab16aa63aa8c8bbed88d49eaf6e6fb7baf9448c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 02:07:35 GMT
x-content-type-options: nosniff
age: 69617
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Feb 2024 02:07:35 GMT

GET
H3 200 partner.svg
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/ Frame AE40 414 B
312 B 62ms
61ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/partner.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23f1437cd33df500ccadb5cacf49ba212539c95a7a25567c45b99caa9f26ed5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 14:05:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 458533
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 276
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Feb 2024 14:05:39 GMT

GET
H3 200 text-1-x2.png
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/ Frame AE40 2 KB
2 KB 63ms
61ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/text-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5de1529044a5d1984698c2940878941d40f1c8017ce86d3f2c0f7100bb8c45e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 23:45:10 GMT
x-content-type-options: nosniff
age: 164562
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1631
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 13 Feb 2024 23:45:10 GMT

GET
H3 200 text-2-x2.png
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/ Frame AE40 3 KB
3 KB 59ms
58ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/text-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c79fe55829a405962157cfbcffb4972a89d5904bb0eca0bfaf54e3f1f5ce305

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:53:05 GMT
x-content-type-options: nosniff
age: 88487
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2709
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Feb 2024 20:53:05 GMT

GET
H3 200 cta-x2.png
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/ Frame AE40 4 KB
4 KB 55ms
54ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/cta-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5b2b6f1e352f3575c381f47f2bb0aba701b7cf5b36f5cc9e689e607d375c370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Sat, 11 Feb 2023 02:43:02 GMT
x-content-type-options: nosniff
age: 413090
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4299
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Feb 2024 02:43:02 GMT

GET
H3 200 overlay-donut-1-x2.png
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/ Frame AE40 4 KB
4 KB 56ms
55ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/overlay-donut-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e7f6d3bc4e956a9e9606c86cbd7c3c558ee412d27a64f57eabeb160b7ce161

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 14:05:39 GMT
x-content-type-options: nosniff
age: 458533
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3762
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Feb 2024 14:05:39 GMT

GET
H3 200 overlay-donut-2-x2.png
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/ Frame AE40 2 KB
2 KB 57ms
56ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/overlay-donut-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed9f95fa0e7551e2ed988e3e31066ccc1d169b992ba04a76f1fc00d8e219654d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 02:07:36 GMT
x-content-type-options: nosniff
age: 69616
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2385
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Feb 2024 02:07:36 GMT

GET
H3 200 overlay-cta-hover-x2.png
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/ Frame AE40 3 KB
3 KB 62ms
61ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/overlay-cta-hover-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82a714eed18ecef4daa162cd9dbde8dc79a9679ad93d1bb1cdce7ff35a468a95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 10:08:33 GMT
x-content-type-options: nosniff
age: 40759
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3186
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Feb 2024 10:08:33 GMT

GET
H3 200 overlay-cta-x2.png
s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/ Frame AE40 3 KB
3 KB 63ms
62ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/images/overlay-cta-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

473922d81a67d36d47e37ecd58944bb25d8955ebb5407a9b6712a7cabf5b6640

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938396239931529090/LEYLA-KANN_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 14:05:39 GMT
x-content-type-options: nosniff
age: 458533
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3186
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:20:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Feb 2024 14:05:39 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81F7 43 B
215 B 533ms
173ms Image
image/gif 2600:1f13:800:7780:3b11:b4cd:137d:cd0a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1350098&asId=23738251-31cd-9d69-1dd0-1c1e5de02302&tv=%7Bc:4klSwa,pingTime:-2,time:182,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:567,beZ:568,mfA:682,cmA:683,inA:683,inZ:686,prA:686,prZ:691,si:695,poA:696,poZ:709,cmZ:709,mfZ:709,loA:723,loZ:725,ltA:748,ltZ:749,mdA:569,mdZ:620%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:127%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:182,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:127,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B65~0%5D,as:%5B65~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tvYclsE+11%7C12*.1350098-69352127%7C121%7C1221%7C123%7C13%7C14%7C151%7C152,idMap:12*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:na,siq:128,sinceFw:52,readyFired:true%7D&br=c
Requested by: Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:3b11:b4cd:137d:cd0a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: nginx
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9C8D 22 KB
8 KB 15ms
14ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 142975
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 14 Feb 2023 05:44:57 GMT
expires: Wed, 14 Feb 2024 05:44:57 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 81F7 0
0 68ms
68ms Fetch
image/gif 142.251.208.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstclBeZwZsxLsadoIpPJj1VvxMNBePzE1A76-sA6Q2t3f5vQ1DYfmsSpIod9GRhnzCz_xaeeaXGm9JmseWx8vSC0iy8IGG0mFCmYkY5WQ-HbAj8EAG8jia9Fdnf-0ft41WJjDV5SrT_gY6rZqsaFNkbHBAVjcjdOe6sUozTzfSjteh2rZ7Gf6eN6wC926tP1V63pR1uc5VE5FXBRjFpMZ9dWB6lEiDnjDn-3DC_ePOtGqh0C9dx8rHEOAUFO7k8DLWx1FOfNYj4Yo-HmVXEcof4qlpuKV_jKWajlZ-7Qk626RabQnbfTMlIt8o8bi5sJJbcdLWKW3GEdOVZmAZxmd6wc2i8rGUU4pQkO5dYLy-QqCV8aE63fxIhsrYYsZo50EGKf5ZK-oY_tON6Eexy2ws82K__G5uFmavisPOOYHBGRtZ-Hrn4Sy_YR43A1oBeoogZ-MQsRqLTPwo4DUDY0UL-rJG_7lnXz9Mand3w5LGqdGYmvN5I3Nt_gan0PbhMWA_lid7pQRn3P_j_yoQCrV_K_iVksC1KQiZKQBxmY_wdZlx_vczpnvzNOlPVyX9jZH0kjUOvhwfHJNaHrujWRemImiqqA4DVEoB7Wr41Nq7KL8n0WDcf5WmYeMFABLtQbaT-7w0sPLzEpJF0lWo4KM5EaOpKs4f9iD9rYPmbQmn-23JnIz8SjSB3okrbSXtzfGfWUBD0wADtPmMXEt086cnsr0d7F1eaFcnHWmP5101I_RvJxDKgu48G11SoLOtGVddR1lu3XrjrbO9v2GH2Z3xxMF52pnS0vCBuEb6yCJmKekw21inweDyXpnEHFJgqlQjIsjFtz0nTxxwHtwZCOs3yTzAdaxBki1DG9Hy_REwglUU0M1X19ByZszTCviHyNwEIiH-j2jd8_uAtss-f9z-dGbVPXqjnetxs1FvUdKQlWiesDpoqaxB3Y087rflg-3siez5EtXEIgGVbLVUXZNdWf7ge7Gm_Z37cN9MvX4CVKz_nxjGkJVFW1l54SLC3nwoslMmu88LtA0R1xJxhN1CrZK6LEksGG_g1z3QzelwMdCk_hHZsS0HEmyTgC-trODFJ9KKxVELNF1HYBIwRhnq8HxgNUaxRbT6gWWdXtuFSvYPoVK1dSbekohgaBvXN6HF-3Ea8aPgzgv94icu0Id9fD_pR7DDZxHMyjGe0f81A9drFQ3K-kIQzxBD8QAq6g8q_5by6ezHydwbZCFlJlX0fXvUp1g&sai=AMfl-YRr0bHZcpXAAl55c6mwU5XAyfHrev_Gy7t6LRgAqegRORj2rFGfnRLxmBE2cbqKbHnUJj94NNd_FD4Fv9-ZMhF-QuOnyKZzSTl5Qnjmym_VlISvLXG2LJ2mDxhKq1rpQmNny85MBGlT6ps2nb4eKpgUD43TqE0QwuXJ_Z7ZPdSzabut8m8Rn9T_5bFKL30ersywPL0DKyGaKJ9QSNvik9Atur3e_KdI7Ron_mLjmUDUiYgNlCuqe-2B_JNMUEsFpiSfKY07BAdMjchXoO17p46obz1MzwPVSkDY&sig=Cg0ArKJSzB85tuyHYAzDEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=413&vt=11&dtpt=239&dett=3&cstd=169&cisv=r20230213.09394&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: t.co
URL: https://t.co/ssYW4ginkF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.208.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s42-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 15 Feb 2023 21:27:52 GMT

GET
H3 200 container.html Show response
1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 40A6 6 KB
3 KB 30ms
30ms Document
text/html 2a00:1450:400d:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 21:27:51 GMT
expires: Thu, 15 Feb 2024 21:27:51 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 CTA.png
s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/ Frame 4E09 816 B
843 B 35ms
32ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/CTA.png

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16891e0cf16cc669f251765e7183fd272e2f5d5d6af7026335db83c14ba74e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 13:24:06 GMT
x-content-type-options: nosniff
age: 461026
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 816
x-xss-protection: 0
last-modified: Mon, 06 Feb 2023 08:20:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Feb 2024 13:24:06 GMT

GET
H3 200 Text3.png
s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/ Frame 4E09 1 KB
1 KB 36ms
34ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/Text3.png

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a711bfc819736f6bae6b19c0115567e15f8456b15ac45d432c3a60a92df0422

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 20:45:19 GMT
x-content-type-options: nosniff
age: 175353
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1250
x-xss-protection: 0
last-modified: Mon, 06 Feb 2023 08:20:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 13 Feb 2024 20:45:19 GMT

GET
H3 200 Text2.png
s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/ Frame 4E09 5 KB
5 KB 38ms
35ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/Text2.png

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afe7db97c6c82733d3021296ee77fab9ff1be4fa561c13d2cf8440ddf4a5918d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 00:58:09 GMT
x-content-type-options: nosniff
age: 160183
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4904
x-xss-protection: 0
last-modified: Mon, 06 Feb 2023 08:20:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Feb 2024 00:58:09 GMT

GET
H3 200 Text1.png
s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/ Frame 4E09 3 KB
4 KB 39ms
36ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/Text1.png

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65cee11e0deacfaae4c183167928488cd0d840f167c221f42e37b4d2887905c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 21:13:40 GMT
x-content-type-options: nosniff
age: 173652
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3581
x-xss-protection: 0
last-modified: Mon, 06 Feb 2023 08:20:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 13 Feb 2024 21:13:40 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/ Frame 4E09 2 KB
2 KB 37ms
34ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/logo.png

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17216fdb62be8d9b4ade429447db311869286dc7774f8a9210fe040d562a177d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 16:31:47 GMT
x-content-type-options: nosniff
age: 17765
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1856
x-xss-protection: 0
last-modified: Mon, 06 Feb 2023 08:20:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Feb 2024 16:31:47 GMT

GET
H3 200 BG.png
s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/ Frame 4E09 11 KB
11 KB 42ms
39ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/BG.png

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8a96d965a4e9f7893810214620e582f80a08991e81bb13206a0f047c2971a69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355683572928081992/300x250/_export/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 16:16:18 GMT
x-content-type-options: nosniff
age: 18694
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11427
x-xss-protection: 0
last-modified: Mon, 06 Feb 2023 08:20:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Feb 2024 16:16:18 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 10C7 0
20 B 68ms
67ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BI04gWE7tY5a3AtOA9u8Pr-ShqAIAAAAAOAHgBAI&bg=!hoWlhdHNAAYuhb89DoU7ADkAdvg8WqYWTK0PzJpEsgicXjy7vN2t9dk0nOVBvJctwE4Nfd5hMHSfQLlPlmqcYwC5QteyH71AdY4CAAAA6FIAAAACaAEHmQNFBx2SM3VRXKgix-vAcREQPUiDrQcbJuagmR0pmjW7tf_6KkmOSHIJrWE87r4vhiY7rDlN-AHR9CY6hdY_cvG2PB1ldTP5GZFUvNfi7_ncZQFyBiiPTvP02qBDfSqSt8tmbScFvFALx1rqbOHmfg_j5_e4Hk8t2Tugxt1lQwhvTF2_HkscY7Z8J7QQVOqa8iN9-sojZc04deUU6qm1oudDIbn2chLhkeRzpOAwUebvG0DvS1JtmZd6kC__a8VNyushv7Vtijg65n6WpG2NIBYNjmn1I6nHt-Nw8I1uoM_rUls0zlLJhAHbOSjUp_vBQFfMil-DX_xzqrHza5LI8Z4qaOMDMQ3NU2OnwU01okrK-AxWc4eN_LUUc6GkhQpUx_dDKewMU23Jp-v6vLi6-4GxTsKtlsSICqGVvmT_205Bid_Mb4oWyfPF_acx7_BYsWGYzK5YTeREQIMnP7g9Brwhvpc9g1h7HK6TsfeLynqE2BPtZ4ussyYYNwYWS7v6jFCccTTG14MbrkYr7HegT4WkszrwcyXXJS-HKI4aXyJ7giDvuPfvovPOfHnCuOl_0s9FyrrqipAilHStMOVJ1-5MEV50W3aSIkmJ3w3n_7yJbTiULe8Ri-0jZWvR9AgZRHByGDYjPvh-CSIBNAhXtiOG32oNUvBlK0lpJNRswEk8TSm581_crhxHVP--G5ftYMYh5kb9Z1kkyat2GW_ko7l3pmuq6-M9zVYitFudkgVL4IC4pIXt6D2DwpHTtJ-cbpClHjGHJvthwSYyH8h8AW17yuXg6GgmPgyBHDRH6iYZrhbKBO1xglIndGgrP9ILL1uaBhd7lPDg5fEODZDMFa9BkP9DGL_FmR4oNbudBlUbrUctShreWm0qvK_IxI6hkdaZZjOfYOVmQ-gmb3-9Q9TnPS1mqCUET5vn3nXtWc0P_gWQERDXmWC_WEZhbj7Q00saxZjfiezGNLJxTyideSEt8MnazWBr17euqSPNhHeRRxrre0u-ZZlY57_PdXBWHFA2XGJx8PTHgQsA5w81KjS_5qsAyJBNRkawKNVMMU8XCLNHDjD82fuIrYdcSjBPCKfv91OcC4SB2Zkn4YtHd9aRU1B_JpSg

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js Show response
pagead2.googlesyndication.com/bg/ Frame 9C8D 36 KB
14 KB 34ms
33ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a69b896f769c49bc0f52b93a00fd1ec9f63e2d3ce70fcf23b526804356e18e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:07:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1214
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14239
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:07:38 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 587E 640 B
265 B 53ms
51ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY1-v4xgEwAQ&v=APEucNWf6JCyr9I3CPjBBOpVQ8062WIwhfed_zxL06beZ3tC1bp869KsR7E6ZuKeg3XMo99-fiHcwN7EJx2uV0OshE9X1xEV2ucOqa3V0T4sDtJbZZb-9LyHXRv6rLnTx6hKzsLXyvrhVAzCURSFKuYphpaMPmol9MPHcVmt0jGEYh4UWiCpOi4

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 21:27:52 GMT
expires: Wed, 15 Feb 2023 21:27:52 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 40A6 78 KB
27 KB 76ms
75ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 21:27:52 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 40A6 42 B
63 B 62ms
61ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A4TbCFhTVLP0e4zbLFa3MCdMRzWpyF7x28_SY69VK7uveTF-PbFG-0gx_vRU0mzGhCsiTNz4iGs1PHDGK89vD_gaEwDmRMwI9VNz64IblHfvp7tA4

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 40A6 0
20 B 63ms
62ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16837149531347379092&x=1&ct=76

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 40A6 3 KB
1 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:10:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11820
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 18:10:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 40A6 20 KB
8 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72243
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 01:23:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 40A6 156 KB
48 KB 100ms
99ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0937a8903ce9027c6f433ddda4c1c9df0c5e6d64aea3696396b0c22c0e85661a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48832
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676324880006035"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Feb 2023 21:27:52 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81F7 43 B
215 B 614ms
339ms Image
image/gif 2600:1f13:800:7780:3b11:b4cd:137d:cd0a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1350098&asId=23738251-31cd-9d69-1dd0-1c1e5de02302&tv=%7Bc:4klSxy,time:268,type:e,im:%7Bpci:%7Btdr:72%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:268,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:127,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B152~0%5D,as:%5B152~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tvYclsE+11%7C12*.1350098-69352127%7C121%7C1221%7C123%7C13%7C14%7C151%7C152,idMap:12*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:128,sis:233%7D&br=c
Requested by: Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:3b11:b4cd:137d:cd0a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 587E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECk3c-zZ3Enh0xV2au45bkM&google_cver=1

43 B
114 B

176ms
161ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECk3c-zZ3Enh0xV2au45bkM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY1-v4xgEwAQ&v=APEucNWf6JCyr9I3CPjBBOpVQ8062WIwhfed_zxL06beZ3tC1bp869KsR7E6ZuKeg3XMo99-fiHcwN7EJx2uV0OshE9X1xEV2ucOqa3V0T4sDtJbZZb-9LyHXRv6rLnTx6hKzsLXyvrhVAzCURSFKuYphpaMPmol9MPHcVmt0jGEYh4UWiCpOi4
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECk3c-zZ3Enh0xV2au45bkM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 587E 43 B
304 B 73ms
20ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY1-v4xgEwAQ&v=APEucNWf6JCyr9I3CPjBBOpVQ8062WIwhfed_zxL06beZ3tC1bp869KsR7E6ZuKeg3XMo99-fiHcwN7EJx2uV0OshE9X1xEV2ucOqa3V0T4sDtJbZZb-9LyHXRv6rLnTx6hKzsLXyvrhVAzCURSFKuYphpaMPmol9MPHcVmt0jGEYh4UWiCpOi4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 587E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEOnyq1SDz5FS8B-MzWiNQOY&google_cver=1

23 B
172 B

145ms
62ms

Image
image/gif

23.35.209.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEOnyq1SDz5FS8B-MzWiNQOY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY1-v4xgEwAQ&v=APEucNWf6JCyr9I3CPjBBOpVQ8062WIwhfed_zxL06beZ3tC1bp869KsR7E6ZuKeg3XMo99-fiHcwN7EJx2uV0OshE9X1xEV2ucOqa3V0T4sDtJbZZb-9LyHXRv6rLnTx6hKzsLXyvrhVAzCURSFKuYphpaMPmol9MPHcVmt0jGEYh4UWiCpOi4
Protocol: H2
Server: 23.35.209.30 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-209-30.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

expires: Wed, 15 Feb 2023 21:27:52 GMT
pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEOnyq1SDz5FS8B-MzWiNQOY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 587E 23 B
172 B 189ms
59ms Image
image/gif 23.35.209.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY1-v4xgEwAQ&v=APEucNWf6JCyr9I3CPjBBOpVQ8062WIwhfed_zxL06beZ3tC1bp869KsR7E6ZuKeg3XMo99-fiHcwN7EJx2uV0OshE9X1xEV2ucOqa3V0T4sDtJbZZb-9LyHXRv6rLnTx6hKzsLXyvrhVAzCURSFKuYphpaMPmol9MPHcVmt0jGEYh4UWiCpOi4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.209.30 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-209-30.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

expires: Wed, 15 Feb 2023 21:27:52 GMT
pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7FAC 0
0 65ms
64ms Fetch
image/gif 142.251.208.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssBcs3LYXwGkP1deNA1qbVjMEBfMla5RGR1s2iRiTv1XU7N50EgKmiv6I3LCqz72Rqea1mspsLNYV0ytaJGkQcD5WZ1K3yrkl9MnvnXzJZTOVHO29G4C-UkSSy-sIKcNoxQhz7oKigFM7nTEHhOjmCY4SoFvqprAi1hx9bCdw_-JAEpljgw0pXRhbbdfwz81jPLUnQm9rvxpIrd-ch_A0SuTGPdlRhZiHTaWFQt4xAE0UKAfkwQvyfHptziO3_wWWGqFVXBASqziHWYMy6oLXs4Z2tataNVSh7sQQY2TSkMN-PKxTacuf46Jw_TeSV3UlDGZzL15zr14pM8GLP0ICu1BbXdvdFCeLgxYPLHIRlFU_C_65JjsA-Td5OSVCCeLeIMW2N9t-I7YcPL5-krzuu6fHS-8b1E3GXwtPWSf5CFFOhLh_fDSn2QQjQ0KvXaToRjzfHMkyai7iv1fqhgIOUrNrLbxiCPIHuydX2T1rJKSgGlzKaczA00ZNJ4voZ8FHfM78cUjvt2bw1eUMRajbHbrSt_Zfqspi1HINVuHcTw0wivuOs1egt_3Nkay7R8XdUO8bYy2YUy9l31gXuxmf7xSc3SBmVGbuf1nfM4isj871kHtPHo9m5kvrhDf4wmUiKe8B5jQ1UKDwxkj33DpmxOgmX4I3ceOPySLcn32i_DQHLm1C650BB8EA-awEnA9MqtE_7H5zHpNJZPxtiY_OPf6IZ2tpYweppY0_zjMAqHV-kE5V9iXFa4o1VUt0tx0pYVgBRdUrhTzhap__wxIWAp6tFC8Ifypy-JSTf3bHKIeBOLJ4CGML0iZxr054B1Kfz0Wc4pGz3eO6yjSl-ogjz4ucamx2aOolIETm6EibphHjautIQifqjCtWFA9mdaRUMun2Avq4r9B58VEaA4TDhHKEv4Pm3gWiSHCA0GNAqJU9bIwtqA2yeqYgBVXWcbDC9_p6k8Amk-ODMeOj9t9Og1uzz2C2dlEzMpESeCRKSbmydtR-vGTa2z01nMYkmOsEw0qKeqEyRvZcn0C7_UHEWZEJbOiK1jul8wBdzaJlfapoDWm9ooeSZsKMOgJ-Fku4j3ZdyglNszPCYD3gD4eIaVs5cqXyqc-Ps2VOmtweHQOgroy7mCyZXQgKm6R47P7YjApEp31P1n3L6Y5S6uv1cICBnEZkp3RE5I2nqrHStmznJgWWQO_4I2AiAIPZwwpj_JN34OR1SWAfuRSvS_3Y-ZBQ3-R_cqN_F9j8HD53eH6MjS&sai=AMfl-YSHcFcMm5-Xzp6hxPlwip_drTdlyJReyhPOnE8gTEG_pjRimiF9nJJvg7pyqufSSwEM7zgfDtgyK2Zvu9Q169zHmxJhX-29eUNtCV9gaiA6c87698rxETihkzOT5IHg9Mp1LC5Pg2XxwOhMwVJGWBDY6aL8XYyzp8U3QFN5KECdHkOgeThFTYBs5_iVpseNfMMV_vMRP4DH_So6oNX7DM8F4NeFQDVBIyLIHcsj_vBsFnH8SCIw5QXtjJphMgb5EzCgZaNXHVBtZUWKqePVGKx7u7E-bBXl&sig=Cg0ArKJSzAu_xZKJZ5OxEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=354&vt=11&dtpt=225&dett=3&cstd=128&cisv=r20230213.46056&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: t.co
URL: https://t.co/ssYW4ginkF

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.208.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s42-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 15 Feb 2023 21:27:52 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 65ms
64ms Image
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023020901&jk=1429750509653728&bg=!9fal9qLNAAYuhb89DoU7ADkAdvg8Wk_Wgr_2MfpxCgXefssyPm_x9yyLdcmwHnkdjKgKvbRo4Pz_-O5Bm3Ujro7hw1tUkvpRxR4CAAAAYFIAAAACaAEHCgAkJvc79OkEhZJUhfDSK77NjmPDjNm7h0T11sRVSTmb3eAghXq1mQLZQBvos4gqJb7iExQl465Yrg-JoNV0KOV5kO3ifaSJNwcoo1KLD49pIjerNqWOKJMJ7rwNicgJAMP1Hg32uAiVQ-TNfDoxzuNvIfoqXP5q39A8t30Oeot7p9mPQdmR4DJPse3-ec3CGUlZiK7BVH4vuUDdK__tpCsYDB_K7ZLKj4e_hfjRtUuFUK7QdnULIWY71s8erRnqNH6TBH8y8UWJbh7yJMFhv4MwvYrNm46eIZe2ZATOp75sUjEfey1GIp0q8hPLdA81YAJqCLetf7KdbvJ3wOfnlqKHk0PlC0Y5Nq8ZFr9nMRQ1-VjxBhr0CiQMs9J6iniHYV0yzJFELSMGlvlTkyFeP5ofueBT07avqz1lgEStxL06BodkKe5MSB7ZmZ-wge1XzB8lm_JK2re9vfaODR6i9bs3kH92StE7Y3eip8gSR9vWl60Qds6_noJTWU5UHHG_XO_N-CNtFkVqXRK2nErksmX4tHCKhX9B3SMJWBdeqVJTvhEYB7C-qatTd5dBqqlL6OYD2Jp0KDgtLRJE_Zb0oa2ahh4zmirsu4bB7HkBuNL2_QnNhLuvTvW2yTTd_bA12RMtBTvy9-Atld_Gxb7jYZJkgNxsytYx8S4qBagx_Uv84GD0SNS6Qc_trH6UVQZF_RiG4QN9Nh3PZcMfZX8om3sHYat9JyTJ_CNdXb7q3nnepO-5ZVpytdlrouMb1QGseEp2olOaw0kzjMDTBKkqboHIILjlGHZQtMWXs79ZeAi-UbM19KXqaAIkenheBYK5zV_PEUUFPYtzmb0xGbK8QHTrtPZkqiyqmE9cuZiPOs0jyX-mM8dFJzcFpRWGQvXyIBwbdvx-IqGxRfUvvReAutGaQ8uHWgWijDL4o3QA6B0t34QeJb4hWw-zzlLPDMfxKpSuLLREsZEQlw7oibNf3XI0lcCIOlhFeeoNMpC3H97uXz0BakuC8tVeffCb3POY9E8t
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 40A6 0
20 B 63ms
62ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1579075379970&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 40A6 0
20 B 64ms
63ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1579075379970&version=m202301230201&ct=76&x=1&cor=16837149531347378000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 40A6 87 KB
35 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A2Ln5DNK5vJObRcmz-o22-oAhD93J00BruQHlJNFe7N2ORckjvfD-YMdMU1gaH0NcmljgECYbJUWlDdRzkWu3oP0OiMI8d66IJqcBUlPYXbyAFq8srq4ABahXP9YLXB0S07kXjmL3l7X_DmU1p5PQfxLssJQeVYwUphQGWfli3BllAkMI&dbm_d=AKAmf-Ar3R7ivJSPOVo67qSogjV3E2IouKLQtjo0d77g9ozz4R-d9DuoUITLotDKqKD5peDD6zj9sg2A5ll1lCmXXyzKcjq-w0h6Rm5UdBEPkYJRPgkGBBdqPV-SVsfxzvlht9T6zPB5pFyBoxi0rFvNaMs-RXAVd-xnDVkBSp7KlJHLyl3N3Mg0wCmH-0IzaEuzN2h0Md3Zo5dXZCr5t3LVMWsFaOymOvxfGV9p4IXqZdFI-7lMXyCHtYoq85TBiNNSqRMq1Mvgah9JQo59D_DzkPjUplRF6oofZgjfCCzI1jGAfGcInpLD2JknRMc8I0ETxnI5sAzn0M_Ch5jM_8vty4-aqjJSCH30FtXJt2pns8UK44NymvDNM2ohP9nSrudtqbj3qsEYXM7YDVM3yF-APvVbloV0UxixFu3lYp5eA3GQV2zMVtwaBHptFw_hKyRKP_3731CeK3sjfh1QcEa_Hkyc164ywxfaIcqliAx-wz4SmwR7JLOalfOKdmhMF4adMbX8vnwIBh6yTAx8apdjO1o_QIFtkYsQxGjrrsrd-Hp9VFhGSFa14RiWEeNXZ0F-RIlnmCVBuKGwLz_UdfrVqLfHbo6CMZ6p8Y0e3whJEy59AsjU8SwQDtNYUMX3MNlA349n6Wz_Xco5C2YtkWFt9-KPx1KZeQDhCY4pbsnoOuMLuUUR3rf1tlXEryUU5DB2T8HHeLAQly1IJdLNPyMOVSwHya7CJEQeJC9FARO6GQDLcXl6vMy75fDq1jYu-vrYGk6AciQgAc1HNZOMDNvkW3g1fSaBkAG5su8i5MCZ8OLDZ1X3L_KckteqzR3jlyaCS0Q-nGIDdL-POmnUWgDwPlyjcgZ9GIQunE_T9HIOgHvpJuFfsZhS3PIrvlhAmSUZGAEYHO9Mnsa2tLvPOqsbNQ0X6GGr--qNb6CCMMAkEAragZ0ZrsjbCNTA7hpToG6Ahimj8W-mgxb2HtTnmm4-QF7biGrR4wOakzHseW6vFGWpU0Ios8HTvZYlSVhhlnFkUQoEKcnrnYA81p0pAEFBQPz8TUf_nd7IqjGq1yrHLCqcKmMHU1Mi2SHDch3XB6Dsbry2YIg2TLvQCrvtKRhoL6K4vEgOTWYMdk-Mf67iR10WNsyyNzU_PVAui-qIc3k79YYSfcCjRrgvf-1qaqbuDNiqd_j_zOH2QK-j2xy5A0zgDxZ3fGmOGivnnwVwDA5dWa7zyrCtsi8RfPPRLf5-TY-kHVpPT59K1TwrronOyZ_MuBQwZ-akscdtjb5diwOKVeZfS5Eg86HnT-1I8uhXoVhNrlpjMCwFqH3oWho-rAgCZKalBKrqqOLWVGkCu60kAmkyPcmJgBnLYNMiDdCNv52YCEXVb7BTavAmSykHp1FkOAa426L6js_Dg4tOCjE9k-_GqK31cgBNoHvIH3w1mvYBXAYQb-B0d2pyN9_CUENBFEmyyAgI9nuHtMdpMGGRcxIId96ze79DhHel9BSF_7pEBJnOUCnSrq2y5NB3x6Nb6UDr4A5xeK88rXXm9ABwKPyresFOcRG11qhT7JGCZzHOMW-VQyPp0X_9KAojLowq3aKS9KF3ahwRvY3HRMil4XBnX65J964q0oB2KKU-_9LGVNDvCknjcEC0rPsyi6udiu2Jk8987F55CML7jne4ShXhxWGEBz_JmjBHXCNY6qlX6LIcK_Gmp-qMy8URP4LmMTSVBMSe4nqM0Ay6MDPrFfBPk7NI6YHqv_c9stYqWGwfUTPDY1aL7YIDTZa22PYNa83gSjBugzok3iZdJON_4xV_5p2AaTs4tYtUbEGcyDLG0orwDbBvQDvVbmv7NF-GD7Q-12_QL6qtc-qOMxnfUK9dxm_PXclfz29_voBqqEmClFcxHa0Kt6r0xo6DfHWp0x8VRPy2u42jTNE0j2TRQobue4P48mJXADUcYz5XSafvRcIYuz5PJB4OO8arMluG7ackw8t2RO8QkAqpG5LvBKjMCGMaoItwQWM-GxlCP8QKlDjSSY1IOkjf-wVPOBiLTlYv5Mcbz_fR6EzD7d_8QOOLTvq18dlrhT5MCVKwuyeuQJZkziWsd586DVQQi83nxsLjyNfUuQzFSdsp99ev35DrbJz0kJvAmtW1qcuEud0tdiG4vbX8bErsfIUrvVUV4a8eGSU-h3H9GneaDE1fA4mXWTF9vaYJO_2h9Q5vG27zFmEEQVu7HBAjmXW6HBWcXk308Of_h8ThdSBkEOEHLGoRbUwIwDDEYT91pYXlOvGAcIYbnLbhLOVzEdtTif9B01DA-4cukiaUrONNQiyuPg3iAR1opGROt8Vlw-laOUU_mylOgq-xa3zhkIpJegAqXJGEYL8CySx7TMuT7TJ5vz4WoGw6V-OIOfSEFJaFSSFS1EkKJItwHmdrknEHpx-TQFL_SjEUPzI-RWzWSBNVBYgXv5foii4x159XjpiEzpRjcCXtcP7Kgr3yFlU4w3Z8CZv1EXSVw0vO3UTg5kpQZ5R25QY1t1wuD0CsM_zdb2KAainzswiqKy5wthXWC1RV_japZlvrxVDqyOtv-aNg19suMEGjlWDuxbIYg2BBaZgIZ4WKbesxb4AOjI3Bn4b6B5hKgmAk2A9giHcbStc0yIYnJAzVO16bEI5IJGOZF-p7cx2DxBdv57K37Ok93cou4z30u3m92e7vcwKuCLHXUyb_OzXqvGIfeIRH6PXKdqi0fz0A-wiyfStoAopo42p75Y-YWqIe7bN-32zmMWs7uMLozTIgn3AOFXymbqarObXUF-WxAlcqtwM_6MtGjaUD5ivihrIqQyI0ASNajfm4Xk-paFOqVCK89dTO4hpjocVNQ-ETdY4Zc4iNDqo2t0XdHh2-aS6HF8nH-aAQr25HhPn2WYlaKiuwQoP0orokKSf6JlXsg7SegmnncSIcrS_7PxQBNm2_XMjZtkdS-KgPvautGgQf8vxFxJHd0IepF8yKYi787S__iAjrMQ2H39csUjLljrHTvUcjFaZPX0fCAFrzruALffM6oYq9eX9YaXCH6Q-QaZge29XJ3FUxjoQ8TbgHmQbE0B5lv7a-9qpLZMMyFlRXwuR7rknZ-30_SjOb0f0XDfRgpsLQww-aQD7D269di5m5DW-p7eaD7g0bgfi9pLPX506Jju-ndP_7ngl7iesNiyVtVGaqNeosHExbHY327krVnJB_oLidVGBdyfqwc2WVy43KlyIJmKXNaDOfMkJyr72byRbDu-Iznt6nSJpTcZkwehXTeLg2jkTDDn_yQ7toP8Rf1mywPfbqPgAfJyBLZrStUk7T3yth6h--fHz7jHZ1s27TlESIQrlyXvbfBWMP&cid=CAQSSwDUE5ym2eEFGR-6nCPlL-idz1-1NStU6NzQKtsRNZvLZvhTfBbW7TjGszbf6PAxkX9_XFM15vU0Yvv6sbSvlcE5GzLpPKWwTnW8axgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=16837149531347378000&adk=1964084972&rc=1&idt=89&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a9e772f02a5917ec19a41a60e31b5ffa31767831e46ac25ee22f03150fcd184

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36094
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9C8D 0
20 B 67ms
67ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BZGDeWE7tY8uoELu59u8PxtqYuAcAAAAAOAHgBAI&bg=!pKelp_PNAAYuhb89DoU7ADkAdvg8Wn9eYuD98j6ZucxTenz218WKCkZz-PME_Q1HGcdQW83fIkma-d1PegfdVgHc8ORYKjU4x04CAAAAflIAAAAGaAEHmQM_fjJCe0l1R3edGZhPtSLV43opspK8an2QNpEpYvOJS3qNj0jpe3kaQ08hyQSDSOmWRxQaUy16bmewk9pqpFaZz28QNmSr-i1nXzAsPb8aqNWT0G8FJY9JYVIWNDAFJcMFi8g_Cfvd_8EOiMXqBG90XatYPTulPFgWmEEUjYvOJyIWFRu5YnSj9dOYMJyUQuzXbU4VrvaHb7a4R6Pri_N4qb5fOuX5Hr-DQEBVOHNVSDsW5Igxe-DQNmfjVyGcGrS5uT5pzl873Lfsc5h_22yi_yvF-7a2YN9Yi73Uh6k__26jMmCs4g5Xy4cOsg9ojBuvrgBDv-bOU4yMKgcpJEWBY2HM6HZTNVrYBtRQMU6DHlUJT4GqVssdrpi9dOZ5sp87apWRL_vumflhgbpi1VkeQtxe0AUe9jzjN1ZGAH56KAmrbVSjpjHag3tJj35p4dos7Rm3Oi5Q6p4PaA6eRtlx3a3JBToSJ4mIHHDNlok2FiiWb-O6qC8bTvmS6K2I_fmFq_tyVexTqk5mJDg2QkIkJqQcsKaedydCBJ0EJmpNS07uz66NkZ7iUuzYshR2QJ6zqiO9QF3FJ1AtGLaQpwWDAkf4Ep_CcF2nKoqct-OkTjGEHFJGJnGt5RfkDTrn06sXxWB1NlsI3TpV0iN4QSOE7a0ieb7YTYPTi_Y_78Vcx2eQwyUNRhizNJraSevpcC7OmiJs4Lb4MLDmDJhUcqJhLrySIOaXo8TdCFftMoUcELDBilGBBgCwL3FJUj6-Y_FChf6GsDQEEvBcAVtXRz5jzPSVTm3VVDxYw2nx-oGnrl1ml_lF15czZyFvfuscAEXCwrAcLqWaldgZMCSXLinVbfwRxmIAI4iyMlWAtayYDes5bb-RiEA9GsF7bzaxexGkqVtcJtgVLlvCCRVvMoiPh8za3NrOyvnU8rVDptzdEVhy_OcXpUyx0FpdtC12n2XePuiJ-pJ5W9LKdbQqW8_XuuFjwXdQtHN325VLJxk8xpibtt-fB5eGZ5GV_onRLWGtCN3oNPDs_b4NwhyDwj0PYPNaIHgFxFAhIHAh1w1ON7xG-oTLWu0os7jdn6aIwGvZvrlCpx9JX5y9893S_Auu

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 40A6 170 KB
59 KB 30ms
29ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: t.co
URL: https://t.co/ssYW4ginkF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
Origin: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7046
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 19:30:26 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/ Frame 40A6 8 KB
3 KB 30ms
30ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A2Ln5DNK5vJObRcmz-o22-oAhD93J00BruQHlJNFe7N2ORckjvfD-YMdMU1gaH0NcmljgECYbJUWlDdRzkWu3oP0OiMI8d66IJqcBUlPYXbyAFq8srq4ABahXP9YLXB0S07kXjmL3l7X_DmU1p5PQfxLssJQeVYwUphQGWfli3BllAkMI&dbm_d=AKAmf-Ar3R7ivJSPOVo67qSogjV3E2IouKLQtjo0d77g9ozz4R-d9DuoUITLotDKqKD5peDD6zj9sg2A5ll1lCmXXyzKcjq-w0h6Rm5UdBEPkYJRPgkGBBdqPV-SVsfxzvlht9T6zPB5pFyBoxi0rFvNaMs-RXAVd-xnDVkBSp7KlJHLyl3N3Mg0wCmH-0IzaEuzN2h0Md3Zo5dXZCr5t3LVMWsFaOymOvxfGV9p4IXqZdFI-7lMXyCHtYoq85TBiNNSqRMq1Mvgah9JQo59D_DzkPjUplRF6oofZgjfCCzI1jGAfGcInpLD2JknRMc8I0ETxnI5sAzn0M_Ch5jM_8vty4-aqjJSCH30FtXJt2pns8UK44NymvDNM2ohP9nSrudtqbj3qsEYXM7YDVM3yF-APvVbloV0UxixFu3lYp5eA3GQV2zMVtwaBHptFw_hKyRKP_3731CeK3sjfh1QcEa_Hkyc164ywxfaIcqliAx-wz4SmwR7JLOalfOKdmhMF4adMbX8vnwIBh6yTAx8apdjO1o_QIFtkYsQxGjrrsrd-Hp9VFhGSFa14RiWEeNXZ0F-RIlnmCVBuKGwLz_UdfrVqLfHbo6CMZ6p8Y0e3whJEy59AsjU8SwQDtNYUMX3MNlA349n6Wz_Xco5C2YtkWFt9-KPx1KZeQDhCY4pbsnoOuMLuUUR3rf1tlXEryUU5DB2T8HHeLAQly1IJdLNPyMOVSwHya7CJEQeJC9FARO6GQDLcXl6vMy75fDq1jYu-vrYGk6AciQgAc1HNZOMDNvkW3g1fSaBkAG5su8i5MCZ8OLDZ1X3L_KckteqzR3jlyaCS0Q-nGIDdL-POmnUWgDwPlyjcgZ9GIQunE_T9HIOgHvpJuFfsZhS3PIrvlhAmSUZGAEYHO9Mnsa2tLvPOqsbNQ0X6GGr--qNb6CCMMAkEAragZ0ZrsjbCNTA7hpToG6Ahimj8W-mgxb2HtTnmm4-QF7biGrR4wOakzHseW6vFGWpU0Ios8HTvZYlSVhhlnFkUQoEKcnrnYA81p0pAEFBQPz8TUf_nd7IqjGq1yrHLCqcKmMHU1Mi2SHDch3XB6Dsbry2YIg2TLvQCrvtKRhoL6K4vEgOTWYMdk-Mf67iR10WNsyyNzU_PVAui-qIc3k79YYSfcCjRrgvf-1qaqbuDNiqd_j_zOH2QK-j2xy5A0zgDxZ3fGmOGivnnwVwDA5dWa7zyrCtsi8RfPPRLf5-TY-kHVpPT59K1TwrronOyZ_MuBQwZ-akscdtjb5diwOKVeZfS5Eg86HnT-1I8uhXoVhNrlpjMCwFqH3oWho-rAgCZKalBKrqqOLWVGkCu60kAmkyPcmJgBnLYNMiDdCNv52YCEXVb7BTavAmSykHp1FkOAa426L6js_Dg4tOCjE9k-_GqK31cgBNoHvIH3w1mvYBXAYQb-B0d2pyN9_CUENBFEmyyAgI9nuHtMdpMGGRcxIId96ze79DhHel9BSF_7pEBJnOUCnSrq2y5NB3x6Nb6UDr4A5xeK88rXXm9ABwKPyresFOcRG11qhT7JGCZzHOMW-VQyPp0X_9KAojLowq3aKS9KF3ahwRvY3HRMil4XBnX65J964q0oB2KKU-_9LGVNDvCknjcEC0rPsyi6udiu2Jk8987F55CML7jne4ShXhxWGEBz_JmjBHXCNY6qlX6LIcK_Gmp-qMy8URP4LmMTSVBMSe4nqM0Ay6MDPrFfBPk7NI6YHqv_c9stYqWGwfUTPDY1aL7YIDTZa22PYNa83gSjBugzok3iZdJON_4xV_5p2AaTs4tYtUbEGcyDLG0orwDbBvQDvVbmv7NF-GD7Q-12_QL6qtc-qOMxnfUK9dxm_PXclfz29_voBqqEmClFcxHa0Kt6r0xo6DfHWp0x8VRPy2u42jTNE0j2TRQobue4P48mJXADUcYz5XSafvRcIYuz5PJB4OO8arMluG7ackw8t2RO8QkAqpG5LvBKjMCGMaoItwQWM-GxlCP8QKlDjSSY1IOkjf-wVPOBiLTlYv5Mcbz_fR6EzD7d_8QOOLTvq18dlrhT5MCVKwuyeuQJZkziWsd586DVQQi83nxsLjyNfUuQzFSdsp99ev35DrbJz0kJvAmtW1qcuEud0tdiG4vbX8bErsfIUrvVUV4a8eGSU-h3H9GneaDE1fA4mXWTF9vaYJO_2h9Q5vG27zFmEEQVu7HBAjmXW6HBWcXk308Of_h8ThdSBkEOEHLGoRbUwIwDDEYT91pYXlOvGAcIYbnLbhLOVzEdtTif9B01DA-4cukiaUrONNQiyuPg3iAR1opGROt8Vlw-laOUU_mylOgq-xa3zhkIpJegAqXJGEYL8CySx7TMuT7TJ5vz4WoGw6V-OIOfSEFJaFSSFS1EkKJItwHmdrknEHpx-TQFL_SjEUPzI-RWzWSBNVBYgXv5foii4x159XjpiEzpRjcCXtcP7Kgr3yFlU4w3Z8CZv1EXSVw0vO3UTg5kpQZ5R25QY1t1wuD0CsM_zdb2KAainzswiqKy5wthXWC1RV_japZlvrxVDqyOtv-aNg19suMEGjlWDuxbIYg2BBaZgIZ4WKbesxb4AOjI3Bn4b6B5hKgmAk2A9giHcbStc0yIYnJAzVO16bEI5IJGOZF-p7cx2DxBdv57K37Ok93cou4z30u3m92e7vcwKuCLHXUyb_OzXqvGIfeIRH6PXKdqi0fz0A-wiyfStoAopo42p75Y-YWqIe7bN-32zmMWs7uMLozTIgn3AOFXymbqarObXUF-WxAlcqtwM_6MtGjaUD5ivihrIqQyI0ASNajfm4Xk-paFOqVCK89dTO4hpjocVNQ-ETdY4Zc4iNDqo2t0XdHh2-aS6HF8nH-aAQr25HhPn2WYlaKiuwQoP0orokKSf6JlXsg7SegmnncSIcrS_7PxQBNm2_XMjZtkdS-KgPvautGgQf8vxFxJHd0IepF8yKYi787S__iAjrMQ2H39csUjLljrHTvUcjFaZPX0fCAFrzruALffM6oYq9eX9YaXCH6Q-QaZge29XJ3FUxjoQ8TbgHmQbE0B5lv7a-9qpLZMMyFlRXwuR7rknZ-30_SjOb0f0XDfRgpsLQww-aQD7D269di5m5DW-p7eaD7g0bgfi9pLPX506Jju-ndP_7ngl7iesNiyVtVGaqNeosHExbHY327krVnJB_oLidVGBdyfqwc2WVy43KlyIJmKXNaDOfMkJyr72byRbDu-Iznt6nSJpTcZkwehXTeLg2jkTDDn_yQ7toP8Rf1mywPfbqPgAfJyBLZrStUk7T3yth6h--fHz7jHZ1s27TlESIQrlyXvbfBWMP&cid=CAQSSwDUE5ym2eEFGR-6nCPlL-idz1-1NStU6NzQKtsRNZvLZvhTfBbW7TjGszbf6PAxkX9_XFM15vU0Yvv6sbSvlcE5GzLpPKWwTnW8axgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F&ds=l&xdt=1&iif=1&cor=16837149531347378000&adk=1964084972&rc=1&idt=89&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7047
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:30:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 40A6 28 KB
11 KB 29ms
29ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c5d87821b8806898a69c4e8cdc26f7fc8ea4bb175006aa060ca229f4810a0af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7047
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10817
x-xss-protection: 0
server: cafe
etag: 7837758721724492523
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 19:30:25 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81F7 43 B
216 B 197ms
172ms Image
image/gif 2600:1f13:800:7780:3b11:b4cd:137d:cd0a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1350098&asId=23738251-31cd-9d69-1dd0-1c1e5de02302&tv=%7Bc:4klSBy,pingTime:-10,time:517,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTEwLjAuNTQ4MS45NiBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1676496472840%7C%7C61dae4d5ad0392f85055d67207d128be%7C%7C785dfe55a9f2805c0938a5514a072eb7%7C%7C89e100b13c7fb4818e81587856c0cacb%7C%7C8225bc60240f261f7e605f9370a36829%7C%7Cfa7ccad3d606700d0d1021b0caf82304%7C%7C41d5c63cccad929be20c86149d1b5c42%7C%7Ce27ccd349d967f0e374349d90830bf29%7C%7C1663701684%7D
Requested by: Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:3b11:b4cd:137d:cd0a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:52 GMT
server: nginx
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 40A6 41 KB
15 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
URL: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:20:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32855
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 12:20:17 GMT

GET
DATA 200
OK truncated
/ Frame 40A6 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f0fc6db869601c2bea2a4bc634ec2a5ed9ba52bbe8c0554abed8a8490e165a4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/6576122382381761588/ Frame ED6F 15 KB
2 KB 63ms
62ms Document
text/html 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6576122382381761588/index.html?e=69&leftOffset=0&topOffset=0&c=sZvETkQcdQ&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da370b1c5f5ae01a7f61adb2d34c89a5d4780263b7c3f3789dae5e510bf8be7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2277
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 21:27:52 GMT
expires: Thu, 15 Feb 2024 21:27:52 GMT
last-modified: Wed, 14 Sep 2022 10:33:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 40A6 0
0 73ms
73ms Fetch
image/gif 142.251.208.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDv4GPBneQ9tDsqoSBiJ6F6833YMMyma9BEcIOPTuYQdMrPyCvLtmOrXRTjYBWziSOgEqpUdyj7CcTR2qXhvXFTczUInEYBwr8tC81Pu2a7e0sghCb0mHNM_EceWp7bC3WxdND1SpaprPqd6OeRGMzirbvBksVLVyjpwYUrvP_xnmimzWuuAtxG7w9cRji6rIcb_01nlkCmKG8xd4cHpGaR0-A2mL5QaFclv31bZArATcVH66GyxifWi4V7hoFJtyQqCjIVJf9vZgW_6YpddQ1u7lfTOZ9HDjfCGZK24vkbKJurUKYQlpEijf3OoeVAb8QchFk6Wyh6AnqUFYp8GPppj8uX5Mi63iMFYbAVdOuQAxN9dFU71udUIJtfX5prTI_VmlUBwnau2Jpr1p6UCa-Y32qyD30pkd6TgIAZ6iz0-RLhyWFReHY8siOZCSNBwZfJq818n0Xx6UA8G7xghuhIKViGHQIWoBO3isdzHMQCOG3h2tWceL_fHCfkOy-DHK3txa5gOOo1pCphL1SXdkpODU4OFGQUk3-mi9sc5jUZkwB2c8xCjQTa1Lyk3eU3a254RFg7AzHH9dBI3wiWgPTs5HRRwRc-FONj9XHZxPMBUqQmkcBMWAl9CNkfds85-ddGaBfKTA7O2DFgL36yzwcMSKsHI9eEKECzvT2qrnkc_spH51AtU4nGmqva3_WlZoTmF1MeTN7uBAk7t4E0JGhJMEUpoTL_LnLTEtwZinMx2lInzoZUgIqd-Y7gPC7SOcxftD-F5asG3oHYMVhxcR-YARHaC3cnxlI6nnA47KUtFgL1MF4GieXc8QRLZkYJ6YefRxZ8huLELFAbIDjK-lUXk4Py5zOeDlYJR9ZZh_6TPBJnwbQdqPy2pyLUKrPTxn94OkdrzqnHQmkqQ-o_Q5mIWvmO8FzOeY3a_cLL54D4gsApaUwfjAnyuBpp5NVkjSDLNQc62FW5AUztsoTeOASsqablnSU9qttvSWolDBZlZCHOD-Rd5pKwLPkNJaQTAIw6xE1yMtBmo7CgcCEqbq_7cCjnEzZyef3W-CgiKozetqhR8OxuSEVNKCWBkgOYiMzjaFO4WTrSeOQiUQFc_GBmKNYg7ANCGzeIE43wbdArHyYTNpFg8Dm6E6T9SlPjC1sAQGJnShOMfaahet9toqZINEWnFhjS2agm4M__dpuyKUPX4PZLgGiyQl6jPES16rj4BTcA-k3qIdZQo-vNdkJaGn4EX168xrw--HgygnqSA&sai=AMfl-YQxHvqK-YgCRlbnvA8Voooy2E1xIeEBNE8Mx5KQ4_WJ0t9wKPLdzQZrdn_H5L5EyEnvUxN2MwnQIvZBlDh-ry_lDYaIxoamNjge97NTY8k7Uef34XmGkUms1TwoCE0G1l5el2Ma9MXap_dBoCb5YEY0luijpXaJB7cRk5JoTw0FhGGfhw4QV_VQzzXSkFCw8uqu4bAcJvO-CkMC-PeCWvv2MpLn6ma4IdjoJoYRDdxc33pMvKVqwOJefTfFxv5eon-vyApMGbE2yAM9MS2cyT6UWFctfGz2&sig=Cg0ArKJSzIQm1GoPgv8wEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=120&cbvp=1&cstd=114&cisv=r20230213.17235&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: t.co
URL: https://t.co/ssYW4ginkF

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.208.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s42-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 15 Feb 2023 21:27:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 15 Feb 2023 21:27:52 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D070 22 KB
8 KB 15ms
14ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 142975
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 14 Feb 2023 05:44:57 GMT
expires: Wed, 14 Feb 2024 05:44:57 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js Show response
pagead2.googlesyndication.com/bg/ Frame D070 36 KB
14 KB 30ms
30ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a69b896f769c49bc0f52b93a00fd1ec9f63e2d3ce70fcf23b526804356e18e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:07:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1214
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14239
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:07:38 GMT

GET
H3 200 1661867165592.css
s0.2mdn.net/sadbundle/6576122382381761588/ Frame ED6F 10 KB
2 KB 30ms
29ms Stylesheet
text/css 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6576122382381761588/1661867165592.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6576122382381761588/index.html?e=69&leftOffset=0&topOffset=0&c=sZvETkQcdQ&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

deeb4c9986010348d7a1c89b7fdf816bda2f572d023e717a024f8bd14d9ff303

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6576122382381761588/index.html?e=69&leftOffset=0&topOffset=0&c=sZvETkQcdQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 06:37:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 485419
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2420
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:33:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Feb 2024 06:37:33 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame ED6F 118 KB
40 KB 32ms
30ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6576122382381761588/index.html?e=69&leftOffset=0&topOffset=0&c=sZvETkQcdQ&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6576122382381761588/index.html?e=69&leftOffset=0&topOffset=0&c=sZvETkQcdQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7046
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 19:30:26 GMT

GET
H3 200 1661867165592.js Show response
s0.2mdn.net/sadbundle/6576122382381761588/ Frame ED6F 34 KB
11 KB 35ms
33ms Script
application/x-javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6576122382381761588/1661867165592.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6576122382381761588/index.html?e=69&leftOffset=0&topOffset=0&c=sZvETkQcdQ&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6576122382381761588/index.html?e=69&leftOffset=0&topOffset=0&c=sZvETkQcdQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 16:57:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16210
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11482
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:33:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Feb 2024 16:57:42 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/6576122382381761588/ Frame ED6F 3 KB
1 KB 30ms
29ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6576122382381761588/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6576122382381761588/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6576122382381761588/1661867165592.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:36:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89495
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1365
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 10:33:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Feb 2024 20:36:18 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 40A6 0
0 65ms
64ms Fetch
image/gif 142.251.208.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDv4GPBneQ9tDsqoSBiJ6F6833YMMyma9BEcIOPTuYQdMrPyCvLtmOrXRTjYBWziSOgEqpUdyj7CcTR2qXhvXFTczUInEYBwr8tC81Pu2a7e0sghCb0mHNM_EceWp7bC3WxdND1SpaprPqd6OeRGMzirbvBksVLVyjpwYUrvP_xnmimzWuuAtxG7w9cRji6rIcb_01nlkCmKG8xd4cHpGaR0-A2mL5QaFclv31bZArATcVH66GyxifWi4V7hoFJtyQqCjIVJf9vZgW_6YpddQ1u7lfTOZ9HDjfCGZK24vkbKJurUKYQlpEijf3OoeVAb8QchFk6Wyh6AnqUFYp8GPppj8uX5Mi63iMFYbAVdOuQAxN9dFU71udUIJtfX5prTI_VmlUBwnau2Jpr1p6UCa-Y32qyD30pkd6TgIAZ6iz0-RLhyWFReHY8siOZCSNBwZfJq818n0Xx6UA8G7xghuhIKViGHQIWoBO3isdzHMQCOG3h2tWceL_fHCfkOy-DHK3txa5gOOo1pCphL1SXdkpODU4OFGQUk3-mi9sc5jUZkwB2c8xCjQTa1Lyk3eU3a254RFg7AzHH9dBI3wiWgPTs5HRRwRc-FONj9XHZxPMBUqQmkcBMWAl9CNkfds85-ddGaBfKTA7O2DFgL36yzwcMSKsHI9eEKECzvT2qrnkc_spH51AtU4nGmqva3_WlZoTmF1MeTN7uBAk7t4E0JGhJMEUpoTL_LnLTEtwZinMx2lInzoZUgIqd-Y7gPC7SOcxftD-F5asG3oHYMVhxcR-YARHaC3cnxlI6nnA47KUtFgL1MF4GieXc8QRLZkYJ6YefRxZ8huLELFAbIDjK-lUXk4Py5zOeDlYJR9ZZh_6TPBJnwbQdqPy2pyLUKrPTxn94OkdrzqnHQmkqQ-o_Q5mIWvmO8FzOeY3a_cLL54D4gsApaUwfjAnyuBpp5NVkjSDLNQc62FW5AUztsoTeOASsqablnSU9qttvSWolDBZlZCHOD-Rd5pKwLPkNJaQTAIw6xE1yMtBmo7CgcCEqbq_7cCjnEzZyef3W-CgiKozetqhR8OxuSEVNKCWBkgOYiMzjaFO4WTrSeOQiUQFc_GBmKNYg7ANCGzeIE43wbdArHyYTNpFg8Dm6E6T9SlPjC1sAQGJnShOMfaahet9toqZINEWnFhjS2agm4M__dpuyKUPX4PZLgGiyQl6jPES16rj4BTcA-k3qIdZQo-vNdkJaGn4EX168xrw--HgygnqSA&sai=AMfl-YQxHvqK-YgCRlbnvA8Voooy2E1xIeEBNE8Mx5KQ4_WJ0t9wKPLdzQZrdn_H5L5EyEnvUxN2MwnQIvZBlDh-ry_lDYaIxoamNjge97NTY8k7Uef34XmGkUms1TwoCE0G1l5el2Ma9MXap_dBoCb5YEY0luijpXaJB7cRk5JoTw0FhGGfhw4QV_VQzzXSkFCw8uqu4bAcJvO-CkMC-PeCWvv2MpLn6ma4IdjoJoYRDdxc33pMvKVqwOJefTfFxv5eon-vyApMGbE2yAM9MS2cyT6UWFctfGz2&sig=Cg0ArKJSzIQm1GoPgv8wEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=291&vt=11&dtpt=171&dett=3&cstd=114&cisv=r20230213.17235&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: t.co
URL: https://t.co/ssYW4ginkF

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.208.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s42-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:53 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 15 Feb 2023 21:27:53 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D070 0
20 B 66ms
65ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BLDoaWE7tY9ezK_izx_AP9dqc6A4AAAAAOAHgBAI&bg=!Dg2lDVnNAAYuhb89DoU7ADkAdvg8WiBMIyNalzYkgtmoFcuUjUwFnHbEGNevkHDTIU9UWI-4gdMQf2qYMSkl5cAwqZh7LjIY7yICAAAAV1IAAAADaAEHmQMr9K7isdEM4GxZBbGN0Fi2vB86Jsv9CcPC9ZqIwFSccc7yWdBqaMZm6skuoEZ8eOseSJKiMhv-P7gG5XnVrfdIDeUnRn11ic54IO6YAhnk2iOTgxGBdjgwstWxZSm3kn9xqG39OG_Opx3U3FU5L4Cj9HErROkXCL0yM2YBo8MK905Np2kNd4cqEDx9YnZxgNnV3H_3TwdRz5FwcAXr33ufVgt0WtU5sMEgs7OxIZ7bA5k-Vb2bjFLN8kgytcJ41VdGr2xHcZMAe1fJwxm1MK4GFs-Z1xwVTKjweE1am5myf78IEL2bfYnwPQYOg09SFi2N5dWor5bDiWOaNiiFtkWrKICu_gWW-l7h8hYDYWPciUzcWXnMP8q_dpvOU3jDxfH2wJo2pM20cnwNriO47OsIYnZW_E6J0h1GwRVSPGSjeOw8SkagL0G6lVasUXburfPZk5t2cz3TjseXpOMt36_OEALs5Jz0hSQdzgok5OagxA9_F8IdxnlpFTCY3cm00hcTl9GpSmgb08oA57kg9nx3Dd65kuL5r8MsBBSlTYt7JPBxdpIG-xdrIDUem9MJPvs3gu-Aed_DRZiDv_GOP106udED9O5fFWKlzZpptSgttvLJNO57G8vXJ0KipNgsX2N9OoDzcVzNI3ECb6FfU4T1uERKa7Ds5H34mjKERMf81rCpfVeGKTdVn-oMLu12r6eUqptNBvJfQp41e5eglrIOnlxV5TmxIyYC5-5zqaJLR36OnJbJW8959E15OEsZe6meBPaV_ez2pAkwNcbOlY_t9CW78owiuqoNJ-rkvClMlpYRWmGP-nwfKSl81EVdFgTMIWnf0mlF7SlPnWxF0U8iiqROuqTJx4qZURmvJc7HvUDi6yB8uvaaJGe1zNCm-onVDpZ8jVIvD2Uc-b1PctUYXQgfZIr2TFfHtrwTw1KicOwJ9YZtBFawuL1w37d6GgDxXWEGePPpya1DjQZO0ttrUGNOjDrdyBKKlHuxjzDxjHWD5wWVAg7rpUwi3S6EZpeuKfVDza0eT9DQqTGJP4BPFwuPz37hNRZvdH2msTtbUck3XtABx6GjAz8enQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame ED6F 13 KB
6 KB 111ms
30ms Script
text/javascript 2a00:1450:400d:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6576122382381761588/1661867165592.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 04:46:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60064
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 04:46:49 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame ED6F 7 KB
6 KB 70ms
70ms XHR
application/json 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da12928cce08f1983ddc946100eddbad230d919ce45ffd7468b7a7acb2f08545

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5707
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame ED6F 17 KB
6 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Feb 2023 21:27:53 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 81F7 42 B
64 B 65ms
64ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu8IHcJOL1Ayf6r3xx5tkSEdrY956Ud32uqnnpJv_RLcrjRFWK8fSYdvbFRWvK-LD3LT-zy60VFwWyIHa9jyu9MJAIEkQiNBHBwaL0OBE0ZUv4FAOx_vewDkyNFiEAYAL2j6VGnEg&sai=AMfl-YRCv6uyitSbM65_QBL29XfEIVZEtBJSgtYmaD93mI-lQj-mBidGE3jozg3jX6pY12ZUM0nc4zm4ggW7fDLBrHiwevRAWe0jXnKmgXmib3yA3ClaKXj1sWxXuKTPHQ4koKOivk0Nlqb17_p6CQ&sig=Cg0ArKJSzLDiZtGKSrJPEAE&cid=CAQSTADUE5ymOY4OoPsoHi4MFiu3fU3ebRUIiP51BFbEALMW1Mp0TqRL42NCHyKUIphvdYfJp9sd6SmZYeBLFJ6aeCXjrCiWovuBlfoXv3UYAQ&id=lidar2&mcvt=1001&p=317,310,567,610&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2603746535&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676496471757&rpt=422&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js Show response
pagead2.googlesyndication.com/bg/ Frame 66A6 36 KB
14 KB 30ms
29ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppuJb3acSbwPUrk6AP0eyfY-LTznD88jtSaAQ1bhjg8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a69b896f769c49bc0f52b93a00fd1ec9f63e2d3ce70fcf23b526804356e18e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:07:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1215
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14239
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:07:38 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame ED6F 98 KB
98 KB 30ms
30ms Font
font/woff2 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6576122382381761588/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6576122382381761588/1661867165592.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:15:42 GMT
x-content-type-options: nosniff
age: 731
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 15 Feb 2023 21:30:42 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame ED6F 57 KB
57 KB 35ms
35ms Font
font/woff 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6576122382381761588/1661867165592.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6576122382381761588/1661867165592.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:24:05 GMT
x-content-type-options: nosniff
age: 228
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 15 Feb 2023 21:39:05 GMT

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJxXzU0MHg3MjBfMjIwOC1ob21lc3BvdC0zMDY3YzIzNGIxLTQyODEtNDJkZS1iYjM0LTc0ZGQwMzdmZjcwNy5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjMyM...
d27rf63iunghx1.cloudfront.net/ Frame ED6F 147 KB
148 KB 74ms
32ms Image
image/png 2600:9000:21f3:c200:15:6513:6d40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d27rf63iunghx1.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJxXzU0MHg3MjBfMjIwOC1ob21lc3BvdC0zMDY3YzIzNGIxLTQyODEtNDJkZS1iYjM0LTc0ZGQwMzdmZjcwNy5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjMyMCwiaGVpZ2h0IjoxMjAwLCJmaXQiOiJpbnNpZGUifX19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:c200:15:6513:6d40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 1f1b1697d36d1d208ecac570b0a2fbc3c6e9c64543a26d50a638a1b7dfc88cbe

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 15:43:37 GMT
via: 1.1 04ce5a607a98db6d08257633417b84d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 452656
x-amzn-requestid: 78fdace2-e33d-47b4-8970-aab89cf0472d
x-cache: Hit from cloudfront
x-amz-apigw-id: AITmcFruFiAFoCw=
content-length: 150757
last-modified: Tue, 22 Nov 2022 15:09:09 GMT
x-amzn-trace-id: Root=1-63e66628-0eb71a01124c556775e7116e
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: iH7r4azXe8gdE59uJdWTW9yC5mYOGgW_u8ZGD4UWtXLgA8n3no_l3g==

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJob21lc3BvdC1yb3V0ZXItd2Vpc3Mtd2xhbmU0MmFhNjc1LTcxYjktNGRjYi04MmE0LTAyNzYzMDA2ZTIzYy5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjMyM...
d27rf63iunghx1.cloudfront.net/ Frame ED6F 203 KB
204 KB 54ms
12ms Image
image/png 2600:9000:21f3:c200:15:6513:6d40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d27rf63iunghx1.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJob21lc3BvdC1yb3V0ZXItd2Vpc3Mtd2xhbmU0MmFhNjc1LTcxYjktNGRjYi04MmE0LTAyNzYzMDA2ZTIzYy5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjMyMCwiaGVpZ2h0IjoxMjAwLCJmaXQiOiJpbnNpZGUifX19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:c200:15:6513:6d40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c89c110ebee9f008571395a3652ca0119ffffd4b1f53ce1f77acb5f3835e9949

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 15:43:37 GMT
via: 1.1 04ce5a607a98db6d08257633417b84d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 452656
x-amzn-requestid: db66ed1b-d5a4-4c9c-9204-c4aac1516849
x-cache: Hit from cloudfront
x-amz-apigw-id: AITmbEgSFiAFlCw=
content-length: 207654
last-modified: Tue, 22 Nov 2022 15:08:42 GMT
x-amzn-trace-id: Root=1-63e66628-4d320f3338305a01205fc218
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: 5o4FQAalafeJQK8EQf3O7Kt17wFft_qWbxSXyqRLVXooV99oPZUYpg==

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJxXzU0MHg3MjBfMjIwOC1ob21lc3BvdC0zMDY3YzIzNGIxLTQyODEtNDJkZS1iYjM0LTc0ZGQwMzdmZjcwNy5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjMyM...
d27rf63iunghx1.cloudfront.net/ Frame ED6F 147 KB
148 KB 33ms
13ms Image
image/png 2600:9000:21f3:c200:15:6513:6d40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d27rf63iunghx1.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJxXzU0MHg3MjBfMjIwOC1ob21lc3BvdC0zMDY3YzIzNGIxLTQyODEtNDJkZS1iYjM0LTc0ZGQwMzdmZjcwNy5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjMyMCwiaGVpZ2h0IjoxMjAwLCJmaXQiOiJpbnNpZGUifX19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:c200:15:6513:6d40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 1f1b1697d36d1d208ecac570b0a2fbc3c6e9c64543a26d50a638a1b7dfc88cbe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 15:50:29 GMT
via: 1.1 ccfe5851ecd4194e2d976fb32dec7538.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 452244
x-amzn-requestid: 0799c4ee-7f37-4164-995a-d1c997c5f691
x-cache: Hit from cloudfront
x-amz-apigw-id: AIUm9HBFliAFUgw=
content-length: 150757
last-modified: Tue, 22 Nov 2022 15:09:09 GMT
x-amzn-trace-id: Root=1-63e667c5-41e8f70858e411c9061874ff
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: G-lRm0IoLQGM2rn-qpyLn1CM_uQEdVbSrqDJ28Ob4u7VFCg79BmVcQ==

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7FAC 42 B
64 B 65ms
65ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6lRecwZnXKwejSXxiQVtfFN9lzgmZTLIiUrIvEDwgL76WVOZce2Smmg9b4dSPC1M25N01oXxmVsb8yNzUfwhd1JsbiekqK9pE6FvzW1k15-6Vl-bKM7-ZnyvCzA9VRmMAcKAelg&sai=AMfl-YQXq_jGvFqqRGKYqDoiZ7GYXJsdZaFA2w0ztXtSzm5ANXcoIBBlGoBtSmeYRrJ_jQy-RO0bIU0XxEJX8LJM5C0SjPwm9CwxnBSN8qyWnWyOhs6c_acm1ueUSk9ElJ7qH2rQhBXlVefTXGDo&sig=Cg0ArKJSzMu1IEcS73PkEAE&cid=CAQSSwDUE5ymLRu-sjbNa7XHXqgpql6-gsz8CNwldgrQV7bTsU8Eko5XP-sEOIICfkYtX4pOP2vsNIzqEsk06ITZXHIrOptfv8R42k2FxhgB&id=lidar2&mcvt=1000&p=1105,436,1195,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=759513158&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676496472051&rpt=378&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FAC 0
20 B 62ms
62ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6933829610963&version=m202301230201&ct=76&x=1&cor=16727690583211954000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 40A6 42 B
64 B 65ms
65ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst-lhujZdrTlpWI1-NER6hP5hBZqjSRuHfuNhQjn1Z2J809SeWwB2EOoMfHkRLfPRzKrw3FRETXRGwu0_rQwzZLUTTg-iKaAkNIifSFwxB0HfSXB6UuK_BqDXYIowm-0iopbs6ZXA&sai=AMfl-YQaElTEJ6IWOOljRLhEin_sjg_xoNqF6Gxc1O2uEoOj83zUL_9lhhHGHlxpQHYPZMllxJg62l71s3EvxIscjfKcouqjcDTy7LT5fG7IGJHUh_nO3xdQEdsvmbt3qq4VjVWljHD8ESKRcb7U&sig=Cg0ArKJSzOzbEiXpRu36EAE&cid=CAQSSwDUE5ym2eEFGR-6nCPlL-idz1-1NStU6NzQKtsRNZvLZvhTfBbW7TjGszbf6PAxkX9_XFM15vU0Yvv6sbSvlcE5GzLpPKWwTnW8axgB&id=lidar2&mcvt=1001&p=521,1190,561,1231&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3854452215&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676496472529&rpt=336&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 40A6 0
20 B 207ms
206ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1579075379970&version=m202301230201&ct=76&x=1&cor=16837149531347378000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 81F7 0
20 B 64ms
63ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6134317210957&version=m202301300101&ct=76&x=1&cor=5968634544489823000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81F7 43 B
215 B 172ms
171ms Image
image/gif 2600:1f13:800:7780:3b11:b4cd:137d:cd0a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1350098&asId=23738251-31cd-9d69-1dd0-1c1e5de02302&tv=%7Bc:4klT2t,pingTime:1,time:2185,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:127%7D,%7Bpiv:100,vs:i,r:,t:1184%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1184,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:127,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1067~0,1~100%5D,as:%5B1068~300.250%5D%7D%7D,%7Bsl:i,t:1184,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:619,fm:tvYclsE+11%7C12*.1350098-69352127%7C121%7C1221%7C123%7C13%7C14%7C151%7C152,idMap:12*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:128,sis:233%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:3b11:b4cd:137d:cd0a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:54 GMT
server: nginx
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81F7 43 B
215 B 171ms
170ms Image
image/gif 2600:1f13:800:7780:3b11:b4cd:137d:cd0a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1350098&asId=23738251-31cd-9d69-1dd0-1c1e5de02302&tv=%7Bc:4klT2u,pingTime:1,time:2186,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:127%7D,%7Bpiv:100,vs:i,r:,t:1184%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1002,o:1184,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:127,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1067~0,1~100%5D,as:%5B1068~300.250%5D%7D%7D,%7Bsl:i,t:1184,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:619,fm:tvYclsE+11%7C12*.1350098-69352127%7C121%7C1221%7C123%7C13%7C14%7C151%7C152,idMap:12*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:128,sis:233%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:3b11:b4cd:137d:cd0a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:54 GMT
server: nginx
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJob21lc3BvdC1yb3V0ZXItd2Vpc3Mtd2xhbmU0MmFhNjc1LTcxYjktNGRjYi04MmE0LTAyNzYzMDA2ZTIzYy5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjMyM...
d27rf63iunghx1.cloudfront.net/ Frame ED6F 203 KB
204 KB 12ms
11ms Image
image/png 2600:9000:21f3:c200:15:6513:6d40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d27rf63iunghx1.cloudfront.net/eyJidWNrZXQiOiJhZGNtcy1tZWRpYS10cmltbWVkLXByb2R1Y3Rpb24iLCJrZXkiOiJob21lc3BvdC1yb3V0ZXItd2Vpc3Mtd2xhbmU0MmFhNjc1LTcxYjktNGRjYi04MmE0LTAyNzYzMDA2ZTIzYy5wbmciLCJlZGl0cyI6eyJyZXNpemUiOnsid2lkdGgiOjMyMCwiaGVpZ2h0IjoxMjAwLCJmaXQiOiJpbnNpZGUifX19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:c200:15:6513:6d40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c89c110ebee9f008571395a3652ca0119ffffd4b1f53ce1f77acb5f3835e9949

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 15:50:32 GMT
via: 1.1 ccfe5851ecd4194e2d976fb32dec7538.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 452244
x-amzn-requestid: cd78f8c4-91d4-4b04-a5b3-127591c9855a
x-cache: Hit from cloudfront
x-amz-apigw-id: AIUnZG7tliAFppQ=
content-length: 207654
last-modified: Tue, 22 Nov 2022 15:08:42 GMT
x-amzn-trace-id: Root=1-63e667c8-5e197e48665bfa8e04ecf8a7
access-control-allow-methods: GET
content-type: png
access-control-allow-origin: *
cache-control: max-age=31536000,public
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: YXyN0TWyhRdCPyRMbhZqLWSMOiCd-xaVhF-ItAnD7NWJkvsKekoDww==

GET
H3 404 99df2c33-380e-453a-a6e4-28b19ae3adc3
s0.2mdn.net/sadbundle/6576122382381761588/ Frame ED6F 43 B
69 B 111ms
110ms Image
image/gif 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6576122382381761588/99df2c33-380e-453a-a6e4-28b19ae3adc3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6576122382381761588/index.html?e=69&leftOffset=0&topOffset=0&c=sZvETkQcdQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:27:56 GMT
x-content-type-options: nosniff
server: sffe
x-dns-prefetch-control: off
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-xss-protection: 0
expires: Wed, 15 Feb 2023 21:27:56 GMT

GET
H2 200 dc_oe=ChMI17_khbyY_QIV-NkRCB11LQftEAAYACCQvfdKQhMI9J-6hbyY_QIVyYT9Bx1KTAf4;stragg=1;&timestamp=1676496476389;str=Show%20Slide%200;strtype=1
ade.googlesyndication.com/ddm/activity/ Frame 40A6 42 B
401 B 179ms
64ms Image
image/gif 172.217.20.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI17_khbyY_QIV-NkRCB11LQftEAAYACCQvfdKQhMI9J-6hbyY_QIVyYT9Bx1KTAf4;stragg=1;&timestamp=1676496476389;str=Show%20Slide%200;strtype=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.20.2 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 18ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=45je32d0h1&_p=1665534491&cid=1985029942.1676496471&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAI&sid=1676496471&sct=1&seg=0&dl=https%3A%2F%2Fpastelink.net%2Fr3g0rpbb&dr=https%3A%2F%2Ft.co%2F&dt=Grub%20wa%2018%2B%20%26%20stream%20no%20vpn%20-%20Pastelink.net&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastelink.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81F7 43 B
215 B 172ms
171ms Image
image/gif 2600:1f13:800:7780:3b11:b4cd:137d:cd0a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1350098&asId=23738251-31cd-9d69-1dd0-1c1e5de02302&tv=%7Bc:4klU4Z,pingTime:5,time:6185,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:127%7D,%7Bpiv:100,vs:i,r:,t:1184%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:1184,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:127,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1067~0,1~100%5D,as:%5B1068~300.250%5D%7D%7D,%7Bsl:i,t:1184,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5000~100%5D,as:%5B5000~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:174,fm:tvYclsE+11%7C12*.1350098-69352127%7C121%7C1221%7C123%7C13%7C14%7C151%7C152,idMap:12*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:128,sis:233%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:3b11:b4cd:137d:cd0a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:58 GMT
server: nginx
x-server-name: dt25.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81F7 43 B
215 B 173ms
172ms Image
image/gif 2600:1f13:800:7780:3b11:b4cd:137d:cd0a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1350098&asId=23738251-31cd-9d69-1dd0-1c1e5de02302&tv=%7Bc:4klU50,pingTime:5,time:6186,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:127%7D,%7Bpiv:100,vs:i,r:,t:1184%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5002,o:1184,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:127,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1067~0,1~100%5D,as:%5B1068~300.250%5D%7D%7D,%7Bsl:i,t:1184,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~100%5D,as:%5B5001~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:174,fm:tvYclsE+11%7C12*.1350098-69352127%7C121%7C1221%7C123%7C13%7C14%7C151%7C152,idMap:12*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:128,sis:233%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:3b11:b4cd:137d:cd0a Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 21:27:58 GMT
server: nginx
x-server-name: dt26.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Verdicts & Comments Add Verdict or Comment

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-20 19:11:50	Name: muc Value: 60af1d8d-07f5-4f2a-8c51-ea5d577535c4
pastelink.net/	1970-01-20 10:31:36	Name: PHPSESSID Value: 20mvksgesn59n6lh3dn0ske05d
.pastelink.net/	1970-01-20 11:51:12	Name: _gcl_au Value: 1.1.328133398.1676496471
pastelink.net/	1970-01-20 09:43:02	Name: plTest Value: true
pastelink.net/	1970-01-20 10:24:48	Name: _pbjs_userid_consent_data Value: 3524755945110770
.pastelink.net/	1970-01-20 19:17:36	Name: _ga Value: GA1.2.1985029942.1676496471
.pastelink.net/	1970-01-20 09:43:02	Name: _gid Value: GA1.2.2078269229.1676496471
.pastelink.net/	1970-01-20 09:41:36	Name: _gat_UA-55088947-2 Value: 1
.pastelink.net/	1970-01-20 09:41:36	Name: _gat_advallyTrackerpl Value: 1
.doubleclick.net/	1970-01-20 19:03:12	Name: IDE Value: AHWqTUmAMdZLL_yXWNiP31Wk9F9Shma5T9nz2CO_-eKm2Umj4gn-7V3Dte0N75Ek
.adnxs.com/	1970-01-20 11:51:12	Name: uuid2 Value: 4598943352238858999
.adnxs.com/	1970-01-20 11:51:12	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTspKx#s!]tbPl1M>e)ZlrFUfJ+tGXvWBK#'lOHKojUY6Y>@Hfj=HEa/*I]5)bXBReAf3If)y3KL9D3I?+b9TkAu
.casalemedia.com/	1970-01-20 18:27:12	Name: CMID Value: Y.1OWKHe9-HbgIr4zN5KLQAA
.casalemedia.com/	1970-01-20 11:51:12	Name: CMPS Value: 3258
.casalemedia.com/	1970-01-20 11:51:12	Name: CMPRO Value: 3258
.pastelink.net/	1970-01-20 19:03:12	Name: __gads Value: ID=6966f2d2027ad15f:T=1676496471:S=ALNI_MZF4Q2JVeNY-8f6cSXQhidF5O1dFQ
.pastelink.net/	1970-01-20 19:03:12	Name: __gpi Value: UID=00000bb7422b11a6:T=1676496471:RT=1676496471:S=ALNI_MZRKmS2ofFbrKaYtAvc7Z8nJEcwoA
.pastelink.net/	1970-01-20 19:17:36	Name: _ga_S3DKHVPF03 Value: GS1.1.1676496471.1.0.1676496472.0.0.0
.bluekai.com/	1970-01-20 14:00:48	Name: bkdc Value: phx
.bluekai.com/	1970-01-20 14:00:48	Name: bkpa Value: KJyNp1LvQY9xCKs73StU65ajuJ+KJWoG/WPvKF8Wz7AIeg2TrWjOQOSUihwU/m50z3TCFMcUYPjm8jKBMfqHQoJA42rfbHRy7ZeQlPP8BYiPs2duauhoj6iqetUUJxz=
.bluekai.com/	1970-01-20 14:00:48	Name: bku Value: ts6O9aCmfV1w4sR8

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://s0.2mdn.net/sadbundle/6576122382381761588/99df2c33-380e-453a-a6e4-28b19ae3adc3 Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1eb72a9efddbf5163a28c872b913bcda.safeframe.googlesyndication.com
ade.googlesyndication.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
cdn.adligature.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.jquery.com
d27rf63iunghx1.cloudfront.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
pastelink.net
pro.ip-api.com
region1.google-analytics.com
s0.2mdn.net
securepubads.g.doubleclick.net
static.adsafeprotected.com
sync.teads.tv
t.co
tags.bluekai.com
tinyurl.com
tpc.googlesyndication.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.244.42.69
142.250.185.162
142.251.208.130
172.217.20.2
185.80.39.216
185.89.211.84
193.234.225.88
2001:4860:4802:34::36
2001:4de0:ac18::1:a:3b
23.35.209.176
23.35.209.30
2600:1f13:800:7780:3b11:b4cd:137d:cd0a
2600:9000:21f3:9600:8:48e:53c0:93a1
2600:9000:21f3:c200:15:6513:6d40:21
2606:4700:10::6814:8a41
2606:4700::6811:180e
2a00:1450:4001:801::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:812::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2001
2a00:1450:4001:829::2008
2a00:1450:4001:82f::200e
2a00:1450:400d:802::2002
2a00:1450:400d:802::200a
2a00:1450:400d:803::2003
2a00:1450:400d:808::2003
2a00:1450:400d:808::2006
2a00:1450:400d:808::200a
2a00:1450:400d:80c::2002
2a00:1450:400d:80d::2001
2a00:1450:400d:80d::2004
2a06:98c1:3121::3
34.253.25.36
35.244.159.8
89.35.29.15
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
02614d11cbdc1f220b7be546d59ef5e14489c86a5fdce3f22ce7b6bf9990bc71
0924e5af960e9110d8424b1a364b61a5bcd949d53bcca312d0474dcb8c64a478
0937a8903ce9027c6f433ddda4c1c9df0c5e6d64aea3696396b0c22c0e85661a
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b7c1f9b0cd43d700389d777d0d7e54ac741860e29caa6ad833ca4d3eb27585d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c79fe55829a405962157cfbcffb4972a89d5904bb0eca0bfaf54e3f1f5ce305
0f9275b6394a9bf7d2e0e4f5013ecc514dd1661fa06bebe4e26c962ffd5442bb
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b
15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc
16891e0cf16cc669f251765e7183fd272e2f5d5d6af7026335db83c14ba74e01
16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557
17216fdb62be8d9b4ade429447db311869286dc7774f8a9210fe040d562a177d
190d542d8e593c755fd16e67ca62583e183957829dfb69cc2e00c7bf67df237d
1b067ed23c20502933aea5d561f7c4a06e7beb0cb10e7768302cff29ad8c3ab8
1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1f0fc6db869601c2bea2a4bc634ec2a5ed9ba52bbe8c0554abed8a8490e165a4
1f1b1697d36d1d208ecac570b0a2fbc3c6e9c64543a26d50a638a1b7dfc88cbe
222e416d818f87983614eeb99022f9111ad1fb5423efbc615224e37707a24525
23f1437cd33df500ccadb5cacf49ba212539c95a7a25567c45b99caa9f26ed5a
29eb9fe99c14e2e2ea4b8051f2f9ac26735c6d4e46070b555caeabc4646e6aff
2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
473922d81a67d36d47e37ecd58944bb25d8955ebb5407a9b6712a7cabf5b6640
48c997dad566c02a0a4f8416efa520f838a711d067a08f33b3ccffd541333e92
493fcd04dc5b6aa93647eb988ea0eedc3f590a9e65df25cab2e5f9331e092eee
4989bc93c351231cf57c606028d58c3c35ec23a469cfe4475195db035df17fd0
49e7f6d3bc4e956a9e9606c86cbd7c3c558ee412d27a64f57eabeb160b7ce161
4a9e772f02a5917ec19a41a60e31b5ffa31767831e46ac25ee22f03150fcd184
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc
53ec02545623a7375ae0c95357c0d424bc04c26932b884a75ca2c7799b479ae7
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a8cf1a1f1e9738ef2c62dc187192f682c43a2f5e3fb3816bccca45117cba279
5c5d87821b8806898a69c4e8cdc26f7fc8ea4bb175006aa060ca229f4810a0af
5dc8fc5815e1cf78eaa279369bb25c391b1e45daa2179ad198361b84bc0cedc4
6032ace0de4c42162f71431b2ab16aa63aa8c8bbed88d49eaf6e6fb7baf9448c
608a57d9316756bcffb9ef7e5bdd0a923f6c911b9d52058e493775a0ad7827ac
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65cee11e0deacfaae4c183167928488cd0d840f167c221f42e37b4d2887905c1
670dc66bdd658139d240eedad1274df27975093212b087640ace94fdd41e2038
6cd452d0d348248074b2cfbc693d6e2474b60808041ea28d64f8eeaf0e5dc649
765fe9093b62526d240d14de222e4ecd283964ae7baa991cdaa646cb3d86048c
78bc69e4dac823c639db80ed2c1e34d51c80301355a7422f53a6d76caf51f277
7a37a4e2f1464a5f82bafc1aea9bc92be25447be734467ecdbd5e1874e22551b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
82a714eed18ecef4daa162cd9dbde8dc79a9679ad93d1bb1cdce7ff35a468a95
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
8a711bfc819736f6bae6b19c0115567e15f8456b15ac45d432c3a60a92df0422
8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7
8b4e40ffeea4f88fa78707ac8a7aa1beefb4f707d7bba71eb8b0e40ce20fbc94
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
980c5d3f2c9d21b9c5ddd170f98a7a3f77a8e96cf2406ed205d5ce339aeabf91
98be19bc78b5bc5d419e4fa6ea055ebd4671a963e2cc644aeed4362f15d14c31
9bc0b41d96faf37f1a7392d804ad6cb2b980be26596753761024b7d3d9bb79de
9cb3dd55ec2b8c0dc703fc8c15ccee41161ef9189e069fc7e8b18e56b7567480
9deaac5d56e16e3ebabea7074260b0fd928a5f1ed99708ce779fba46a83bcdc8
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a3e066fafbd5d0c8476e6fa4f93f1407946da98b9f3f8bb612f0653825fc0cc2
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a69b896f769c49bc0f52b93a00fd1ec9f63e2d3ce70fcf23b526804356e18e0f
a8a96d965a4e9f7893810214620e582f80a08991e81bb13206a0f047c2971a69
aa68e17fb13028f96c0d5b38fcf7006182894eb694625f9dedf5824d5066a5f0
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
afe7db97c6c82733d3021296ee77fab9ff1be4fa561c13d2cf8440ddf4a5918d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a9f51121ef00d4bc11c410113432813ddbdcd85c9f2aabbd2c2c23c87408e4
b65796f5476ba2a00de6b7c86e94ee057aaa4d32be9863f819e8d2ee3de29876
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
bff328a532116b831b80682b654debb3d9a6352211378464f4dab046205535d6
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
c5de1529044a5d1984698c2940878941d40f1c8017ce86d3f2c0f7100bb8c45e
c64cda3c1c7c935b57b27894caec3b370b98d70011c8e5ea2f31691be13c8fe7
c89c110ebee9f008571395a3652ca0119ffffd4b1f53ce1f77acb5f3835e9949
cc512301255515966a31281192fd886494b8ff8a8ce75ecba79d13b1b50e2f96
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d8c6d1a69ec115786f6df18ccc0cba813605a040dafdf84f5f6cc32d0476c37e
da12928cce08f1983ddc946100eddbad230d919ce45ffd7468b7a7acb2f08545
da370b1c5f5ae01a7f61adb2d34c89a5d4780263b7c3f3789dae5e510bf8be7b
da902e292e31004712412a2bd99e0e0546439272650b1f649c737fe9a64d82e0
db2363029b4f54378ff6662b39bc15138122f515494fc54048fd89a70485fe55
de22b749dfb9461f4308fddfbc79f0b636f78f4add1e26a481fdd23be02cb3c7
deeb4c9986010348d7a1c89b7fdf816bda2f572d023e717a024f8bd14d9ff303
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
ebfd96030683611d9ed054682f1ddf8b9098bc7d10105602b338605b0ae82a9a
ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f
ed9f95fa0e7551e2ed988e3e31066ccc1d169b992ba04a76f1fc00d8e219654d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5b2b6f1e352f3575c381f47f2bb0aba701b7cf5b36f5cc9e689e607d375c370
f97f22fde697c9d8c77639fbbca1a74e82708f3c908d9005107cd2fc71033da1
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

pastelink.net Open in urlscan Pro 89.35.29.15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

182 Requests

94 %HTTPS

67 %IPv6

24 Domains

36 Subdomains

36 IPs

8 Countries

2934 kBTransfer

5986 kBSize

21 Cookies

15 Outgoing links

Page URL History

Redirected requests

182 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pastelink.net Open in urlscan Pro
89.35.29.15 Public Scan

Screenshot
Live screenshot

Full Image

182
Requests

94 %
HTTPS

67 %
IPv6

24
Domains

36
Subdomains

36
IPs

8
Countries

2934 kB
Transfer

5986 kB
Size

21
Cookies

182 HTTP transactions
5 data transactions