pastelink.net Open in urlscan Pro
2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pastelink.net/j4sx6af6
Submission: On December 10 via manual (December 10th 2021, 2:01:03 pm UTC) from US — Scanned from IT

Summary HTTP 202 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 38 IPs in 8 countries across 25 domains to perform 202 HTTP transactions. The main IP is 2a01:7e00::f03c:91ff:fe39:1dbe, located in London, United Kingdom and belongs to LINODE-AP Linode, LLC, US. The main domain is pastelink.net.
TLS certificate: Issued by R3 on November 24th 2021. Valid for: 3 months.

This is the only time pastelink.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	2a01:7e00::f0... 2a01:7e00::f03c:91ff:fe39:1dbe	63949 (LINODE-AP...) (LINODE-AP Linode)
3	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3035::6815:5d0e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	51.77.64.70 51.77.64.70	16276 (OVH) (OVH)
35	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
5	3.120.90.180 3.120.90.180	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
15 20	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
15 25	23.195.249.2 23.195.249.2	16625 (AKAMAI-AS) (AKAMAI-AS)
10 15	37.252.173.38 37.252.173.38	29990 (ASN-APPNEX) (ASN-APPNEX)
6	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
3	23.202.53.245 23.202.53.245	16625 (AKAMAI-AS) (AKAMAI-AS)
17	2a00:1450:400... 2a00:1450:4001:82a::2006	15169 (GOOGLE) (GOOGLE)
1	52.19.128.14 52.19.128.14	16509 (AMAZON-02) (AMAZON-02)
1	138.201.63.165 138.201.63.165	24940 (HETZNER-AS) (HETZNER-AS)
9	23.53.42.65 23.53.42.65	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.48.241.99 52.48.241.99	16509 (AMAZON-02) (AMAZON-02)
1	99.81.33.101 99.81.33.101	16509 (AMAZON-02) (AMAZON-02)
1 4	78.46.90.238 78.46.90.238	24940 (HETZNER-AS) (HETZNER-AS)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba2a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	51.75.147.170 51.75.147.170	16276 (OVH) (OVH)
1	3.215.216.54 3.215.216.54	14618 (AMAZON-AES) (AMAZON-AES)
202	38

11 2a01:7e00::f03c:91ff:fe39:1dbe (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)

pastelink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3035::6815:5d0e (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.adligature.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.77.64.70 (Germany)

ASN16276 (OVH, FR)
PTR: de-fra-1.pro.ip-api.com

pro.ip-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.120.90.180 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-90-180.eu-central-1.compute.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.185.162 (United States) 15 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 23.195.249.2 (Prague, Czech Republic) 15 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-195-249-2.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 37.252.173.38 (Frankfurt am Main, Germany) 10 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.202.53.245 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-202-53-245.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.128.14 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-128-14.eu-west-1.compute.amazonaws.com

secure-gg.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.63.165 (Hockenheim, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.165.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.53.42.65 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-53-42-65.deploy.static.akamaitechnologies.com

secure-ds.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.241.99 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-241-99.eu-west-1.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.81.33.101 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-33-101.eu-west-1.compute.amazonaws.com

data.withcubed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.90.238 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.238.90.46.78.clients.your-server.de

hal900019.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba2a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.147.170 (France)

ASN16276 (OVH, FR)
PTR: ns3133977.ip-51-75-147.eu

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.215.216.54 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-215-216-54.compute-1.amazonaws.com

lm.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
61	googlesyndication.com pagead2.googlesyndication.com 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com tpc.googlesyndication.com	333 KB
41	doubleclick.net 15 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	303 KB
25	casalemedia.com 15 redirects dsum-sec.casalemedia.com	22 KB
17	2mdn.net s0.2mdn.net	735 KB
15	adnxs.com 10 redirects ib.adnxs.com	14 KB
15	serving-sys.com bs.serving-sys.com secure-ds.serving-sys.com lm.serving-sys.com	181 KB
12	gstatic.com www.gstatic.com fonts.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn0.gstatic.com	335 KB
11	pastelink.net pastelink.net	371 KB
7	google.com www.google.com adservice.google.com	2 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net hal900019.redintelligence.net	9 KB
5	googletagservices.com www.googletagservices.com	183 KB
5	ampproject.org cdn.ampproject.org	103 KB
4	moatads.com z.moatads.com mb.moatads.com px.moatads.com	109 KB
4	google-analytics.com www.google-analytics.com	20 KB
3	adligature.com cdn.adligature.com	162 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	googletagmanager.com www.googletagmanager.com	127 KB
1	contentspread.net cdn.contentspread.net	53 KB
1	createjs.com code.createjs.com	63 KB
1	withcubed.com data.withcubed.com
1	imrworldwide.com secure-gg.imrworldwide.com	562 B
1	google.it adservice.google.it	792 B
1	ip-api.com pro.ip-api.com	154 B
1	cloudflare.com cdnjs.cloudflare.com	2 KB
1	jquery.com code.jquery.com	30 KB
202	25

	Domain	Requested by
31	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
25	dsum-sec.casalemedia.com	15 redirects googleads.g.doubleclick.net
24	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com pastelink.net 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com googleads.g.doubleclick.net
20	cm.g.doubleclick.net	15 redirects googleads.g.doubleclick.net
17	s0.2mdn.net	910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com pastelink.net s0.2mdn.net secure-ds.serving-sys.com
15	ib.adnxs.com	10 redirects googleads.g.doubleclick.net
11	pastelink.net	pastelink.net
10	googleads.g.doubleclick.net	910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com pastelink.net
9	secure-ds.serving-sys.com	bs.serving-sys.com secure-ds.serving-sys.com
9	fonts.gstatic.com	fonts.googleapis.com
6	googleads4.g.doubleclick.net	googleads.g.doubleclick.net pastelink.net
6	910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
6	www.google.com	pastelink.net tpc.googlesyndication.com 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
5	bs.serving-sys.com	910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com secure-ds.serving-sys.com
5	www.googletagservices.com	910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	securepubads.g.doubleclick.net	cdn.adligature.com securepubads.g.doubleclick.net pastelink.net
4	hal900019.redintelligence.net	1 redirects 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com hal900019.redintelligence.net
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	cdn.adligature.com	pastelink.net cdn.adligature.com
3	fonts.googleapis.com	pastelink.net securepubads.g.doubleclick.net secure-ds.serving-sys.com
2	px.moatads.com	910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
2	www.googletagmanager.com	pastelink.net www.googletagmanager.com
1	lm.serving-sys.com	secure-ds.serving-sys.com
1	cdn.contentspread.net	hal900019.redintelligence.net
1	code.createjs.com	s0.2mdn.net
1	data.withcubed.com	910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
1	mb.moatads.com	z.moatads.com
1	hal9000.redintelligence.net	910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
1	secure-gg.imrworldwide.com	910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
1	z.moatads.com	googleads.g.doubleclick.net
1	encrypted-tbn0.gstatic.com	pastelink.net
1	encrypted-tbn2.gstatic.com	pastelink.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.it	securepubads.g.doubleclick.net
1	pro.ip-api.com	cdn.adligature.com
1	www.gstatic.com	www.google.com
1	cdnjs.cloudflare.com	pastelink.net
1	code.jquery.com	pastelink.net
202	39

This site contains links to these domains. Also see Links.

Domain
t.co
pic.twitter.com
www.facebook.com
twitter.com
t.me
api.whatsapp.com
www.reddit.com
www.pinterest.com
www.tumblr.com
www.blogger.com
profitquery.com
www.linkedin.com
share.flipboard.com
social-plugins.line.me
www.meneame.net
diasp.org
vk.com
connect.ok.ru

Subject Issuer	Validity	Valid
pastelink.net R3	`2021-11-24` - `2022-02-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-28` - `2022-11-27`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google.it GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
bs.serving-sys.com Amazon	`2021-05-10` - `2022-06-08`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-28` - `2022-02-01`	a year	crt.sh
redintelligence.net R3	`2021-10-21` - `2022-01-19`	3 months	crt.sh
secure-ds.serving-sys.com DigiCert SHA2 Secure Server CA	`2021-04-28` - `2022-05-03`	a year	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-25` - `2022-06-25`	a year	crt.sh
*.withcubed.com Amazon	`2021-08-12` - `2022-09-10`	a year	crt.sh
tls.adobe.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh
contentspread.net R3	`2021-12-03` - `2022-03-03`	3 months	crt.sh
lm.serving-sys.com Amazon	`2021-11-29` - `2022-12-27`	a year	crt.sh

This page contains 24 frames:

Primary Page: https://pastelink.net/j4sx6af6
Frame ID: F6B593C226C4DF85113B3610FB742908
Requests: 42 HTTP requests in this frame

Frame: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C72D2DE01CD35FCD8FCAC8D81DF78152
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4FC12DDA811E5074739EC1151F1ED85B
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 02F62CF0428D9C6DEF356D13B67A88CD
Requests: 2 HTTP requests in this frame

Frame: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C5EEC7522D15F93653EC4F1F5FC06B05
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: 4B3A9EC360741A7F8EDCA7C2E5CF3558
Requests: 16 HTTP requests in this frame

Frame: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C08EA09A7E7281E5BB126913052F1FDC
Requests: 15 HTTP requests in this frame

Frame: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C750034E385361FDBED9F6024EC0E421
Requests: 12 HTTP requests in this frame

Frame: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 876E0CEC92C62E7305EA2DDF3EBAD17D
Requests: 19 HTTP requests in this frame

Frame: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F6264BDED88AFCA0FF605C2CB66B575F
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNupDBD-0OkBGMjw854BMAE&v=APEucNUOfirPChhvb3VCOpwiMHlykV-y1ji31ZhwHa9-0SzWDqDIpqmTS-UsuJy8VQOMC_UqFJh9-yfb8SE9uH8n_-c-yMSYDzWOLJLMY25WtUq5CShUg-oppoDAPPtMS5QBnGVfAeqfIKJU8BYncyPE9H3cRo2-3FohdkAeDPwxlVqctTei0Kc
Frame ID: 72C2790FB31516A77A27D812547A59A2
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY6tnBNjAB&v=APEucNUTMW6o3aCGcGpu061kBPZ1nZR5-hx2UZ0EtW5TxdFhSAE1d4MVval7vuLUL066mYrdSYEFKcJMG4BDSTTSU6GiR5ZMRruBJfmjrrnQTa357dN4rK3FDhiDAacEbCDAG4rOiN9rgiDIIq3YoeBkCIjg9lqlI_ytYjzzOLqpx2VGM9fBu0w
Frame ID: E1A5542C67D00282695E4E8FEB611551
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL-8UhDTlVkY5M-nXzAB&v=APEucNWfCy4R_G8jglaiDIz4nWONMVd4D2HB8mBhKiLRbahD-0mfZY0K6OpHUD4nOJyM_saFAk5PiI5rPp0pOSR1RnzHghumMLcICnRayVv94dPaOBPCpbWoQu0wWhhzEgnN1kOEcieRTYpLtdRRXUVeg8wrj3HtGZr6c4Ma23LFTPIerxUAKZQ
Frame ID: 906A09C35B8F67535F2761830F6A5CDF
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL_tVRD79akBGJmPqrwBMAE&v=APEucNXln5cD2ef5le7skxWppo32fHPosHEIscQw9DKHfbJeAJUYdp8iq9u8gmdN1vhGPz3TBxybFYB_BKkQO4HirfzFrDsXiZ_zpbKB4e6ggdIKw6AALSM_R08_4FlOHfLqmlgbm6fJqryyzByBrUk0Ilz4UhZwS3-rI_a21rnLBdarVtKi-M4
Frame ID: ABA00147B6D2232A9BD9B406AED3196D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI_HFRDCyPr1Ahjiqru2ATAB&v=APEucNXP8seC-QqIpRD1F3Hpi9evrBxnzc3uiOqcPxyYPYUzyzZYep-I9YDnXw6sU-y8yAGp5YdsDvXzvON2XhA6JqYTjrDIko29e788KpcyrOo8RLbo36RhBudI3e2qNbbuKlD8ivdPXXXSQxl3NphG4E7bLNuLpJXSmQIFBlBZqzmK8DxM9rE
Frame ID: 829C5B33ABB499ACEB9B4A29E436F48B
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AD775B9F3939A96E8BF1267F1B6BD140
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D794915F0260BF455F3C09198AA8AE8E
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9672E3BF3324E7E24010EDD9187DE58A
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2
Frame ID: B5516CA23478B2F0D033B437353FADFA
Requests: 10 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8808549699446519882/300x250/300x250.html
Frame ID: D4E5D5552E7E8C7E09F3962363826435
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 21F8F89EA881A986E0C09300A642587A
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6D311E9114AA6FC0AA4FC4A8C7679772
Requests: 3 HTTP requests in this frame

Frame: https://secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/index.html?v=_2_144_1_0&n=1&sHost=secure-ds.serving-sys.com
Frame ID: 9F5713A0BAC85D0B5C5FF2085AFDB5C1
Requests: 10 HTTP requests in this frame

Frame: https://hal900019.redintelligence.net/request_content.php?s=46443900095948000707896011804019&a=14afae71
Frame ID: A480DE4AB825EEDE2304008EFC0ED566
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Seo Оптимизация Англоязычного Сайта - Pastelink.net

Page Statistics

202
Requests

90 %
HTTPS

57 %
IPv6

25
Domains

39
Subdomains

38
IPs

8
Countries

3135 kB
Transfer

7003 kB
Size

24
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: http://t.co/eU5QQitA1F
Title: http://t.co/eU5QQitA1F

Search URL Search Domain Scan URL

URL: http://t.co/myJ4OhAz2j
Title: http://t.co/myJ4OhAz2j

Search URL Search Domain Scan URL

URL: http://pic.twitter.com/c7MNzv5Ko6
Title: pic.twitter.com/c7MNzv5Ko6

Search URL Search Domain Scan URL

URL: http://t.co/c7MNzv5Ko6
Title: http://t.co/c7MNzv5Ko6

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://pastelink.net/j4sx6af6

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20https://pastelink.net/j4sx6af6

Search URL Search Domain Scan URL

URL: https://t.me/share/url?url=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20%0Ahttps://pastelink.net/j4sx6af6

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20https://pastelink.net/j4sx6af6

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://https://pastelink.net/j4sx6af6&title=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/button/?url=https://pastelink.net/j4sx6af6&description=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20&media=https://pastelink.net/assets/images/pastelink-logo-square.png

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share?v=3&u=https://pastelink.net/j4sx6af6&t=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20&posttype=link

Search URL Search Domain Scan URL

URL: https://www.blogger.com/blog-this.g?u=https://pastelink.net/j4sx6af6&n=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20

Search URL Search Domain Scan URL

URL: https://profitquery.com/add-to/livejournal/?url=https://pastelink.net/j4sx6af6&title=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://pastelink.net/j4sx6af6

Search URL Search Domain Scan URL

URL: https://share.flipboard.com/bookmarklet/popout?v=2&title=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20&url=https://pastelink.net/j4sx6af6

Search URL Search Domain Scan URL

URL: https://social-plugins.line.me/lineit/share?url=https://pastelink.net/j4sx6af6&text=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20

Search URL Search Domain Scan URL

URL: https://www.meneame.net/submit?url=https://pastelink.net/j4sx6af6

Search URL Search Domain Scan URL

URL: https://diasp.org/bookmarklet?url=https://pastelink.net/j4sx6af6&title=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20&jump=doclose

Search URL Search Domain Scan URL

URL: http://vk.com/share.php?url=https://pastelink.net/j4sx6af6&title=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20

Search URL Search Domain Scan URL

URL: https://connect.ok.ru/dk?st.cmd=WidgetSharePreview&st.shareUrl=https://pastelink.net/j4sx6af6

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 100

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1

Request Chain 101

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNdmihoHu9qDakWgEwXNAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1

Request Chain 102

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

Request Chain 103

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

Request Chain 111

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1

Request Chain 112

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNdmihoHu9qDakWgEwXNAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1

Request Chain 113

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

Request Chain 114

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

Request Chain 117

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1

Request Chain 118

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNdmihoHu9qDakWgEwXNAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1

Request Chain 119

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

Request Chain 120

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

Request Chain 123

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1

Request Chain 124

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNdmihoHu9qDakWgEwXNAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1

Request Chain 125

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

Request Chain 126

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

Request Chain 130

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1

Request Chain 131

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNdmihoHu9qDakWgEwXNAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1

Request Chain 132

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

Request Chain 133

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

Request Chain 156

https://hal900019.redintelligence.net/request.php?zone=74omlawhsoy3&nw=20&renderingType=javascript&namespace=46fc13822d&subid=&uid=cd54cbcc5a7cb069&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChnx4mV2zYZK-GMzJgAeur6P4DILfmZBh0IK23a0K8C4QASD7mLVCYP2CkYToEcgBCakCuz1NvuDysj6oAwGqBOABT9DM3Zemb8MueKu5eqgK-BEeBQvZrMZ_cH6V-Xbm_0qCV1_HwAC6nS0deTLBAi1jRt7tj9fro3BX0Ty8puEzbTFyDgreJWDIwIxY2WA6J-uEWOvdzlyASBkxl7c_QftH7N0ypaeiwIbNJEvKfx9QHYau-iT5-ToWKAMOjehqm9wDkMZ17ZE87DudZ_hYGXpiavvfoQegZyJCsRO0PzoflteJ0dTCFco96AB1cHeyjF3jbT3CDUZS9F04tgmcc-bd-6CG6C1M5WeNm3m3Miodc-l7QG6a9NuOVD_aOopf2jvABNbpmI3HAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMjcyNzA5ODE1MDg1NzM1MoAKA5gLAcgLAYAMAbATlIOzCtATANgTA4gUAdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRodkLB2jBVU4HXhkgrDeBuTnG7ZQ%26sig%3DAOD64_1iFrkj6-VEPEGZv2SR1oI89aQmXQ%26client%3Dca-pub-9070629843129312%26dbm_c%3DAKAmf-Axct6iEqjFK8a-ec-wQ4T5lYf0jwd97u_XZ7qmcHar6wLSfVjnVeNo7PeK5neQGWCLqs7O-kPkvRRN9LdJ2ler1C3IS9stsad3KXOmHiZ7TVh3MpLUYrwJ4x6nJXXzNpEbjtsChyVDoTOXdwnjE-uWjMUOxw%26cry%3D1%26dbm_d%3DAKAmf-DyYdsctWYjvXHzKerY7ESfx05rA8_T6Ljsw9mjc3ionm05Ti5YOxGzaMomePp8RZcQqJnxcNBKcOWvI5bixP2hV-AUHeJz9JrG54Ak1qA6tcw7d73WnvugnImMmzJDkPYT6E81oU06dPsXyXPDzNVgC-zoUzeku6U2wL6yPfl6ricUyyF80eIcUPPtBizWmKefWwLmUdaz079jfHoPpOvBrZx2VDCuVvbdatPUYVhXyhgFYH4EiPsZ33aUIWvt0-y8DwqRXZdH5diT2QFGsYueIEPtBnGpKLIWITaa4j_KPj_Ui7K9p4BLtpZXMvgI2eC_kIvZwaNAiTOJYaNr8_mBjFr7lDSZ1efYe6JLDKTypKNsvlecZwUr5JkoMzn4iYT-0Ghnv5uDgShluhGTzi4fo9qGHdv4P8SmVnST2CKJVXJVEGT_ZefO1qpHzNhyAM4KGUX_%26adurl%3D&documentReferer=https%3A%2F%2Fpastelink.net%2F&ancestorOrigins=https%3A%2F%2Fpastelink.net&random=6253576651689&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900019.redintelligence.net/request.php?zone=74omlawhsoy3&nw=20&renderingType=javascript&namespace=46fc13822d&subid=&uid=cd54cbcc5a7cb069&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChnx4mV2zYZK-GMzJgAeur6P4DILfmZBh0IK23a0K8C4QASD7mLVCYP2CkYToEcgBCakCuz1NvuDysj6oAwGqBOABT9DM3Zemb8MueKu5eqgK-BEeBQvZrMZ_cH6V-Xbm_0qCV1_HwAC6nS0deTLBAi1jRt7tj9fro3BX0Ty8puEzbTFyDgreJWDIwIxY2WA6J-uEWOvdzlyASBkxl7c_QftH7N0ypaeiwIbNJEvKfx9QHYau-iT5-ToWKAMOjehqm9wDkMZ17ZE87DudZ_hYGXpiavvfoQegZyJCsRO0PzoflteJ0dTCFco96AB1cHeyjF3jbT3CDUZS9F04tgmcc-bd-6CG6C1M5WeNm3m3Miodc-l7QG6a9NuOVD_aOopf2jvABNbpmI3HAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMjcyNzA5ODE1MDg1NzM1MoAKA5gLAcgLAYAMAbATlIOzCtATANgTA4gUAdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRodkLB2jBVU4HXhkgrDeBuTnG7ZQ%26sig%3DAOD64_1iFrkj6-VEPEGZv2SR1oI89aQmXQ%26client%3Dca-pub-9070629843129312%26dbm_c%3DAKAmf-Axct6iEqjFK8a-ec-wQ4T5lYf0jwd97u_XZ7qmcHar6wLSfVjnVeNo7PeK5neQGWCLqs7O-kPkvRRN9LdJ2ler1C3IS9stsad3KXOmHiZ7TVh3MpLUYrwJ4x6nJXXzNpEbjtsChyVDoTOXdwnjE-uWjMUOxw%26cry%3D1%26dbm_d%3DAKAmf-DyYdsctWYjvXHzKerY7ESfx05rA8_T6Ljsw9mjc3ionm05Ti5YOxGzaMomePp8RZcQqJnxcNBKcOWvI5bixP2hV-AUHeJz9JrG54Ak1qA6tcw7d73WnvugnImMmzJDkPYT6E81oU06dPsXyXPDzNVgC-zoUzeku6U2wL6yPfl6ricUyyF80eIcUPPtBizWmKefWwLmUdaz079jfHoPpOvBrZx2VDCuVvbdatPUYVhXyhgFYH4EiPsZ33aUIWvt0-y8DwqRXZdH5diT2QFGsYueIEPtBnGpKLIWITaa4j_KPj_Ui7K9p4BLtpZXMvgI2eC_kIvZwaNAiTOJYaNr8_mBjFr7lDSZ1efYe6JLDKTypKNsvlecZwUr5JkoMzn4iYT-0Ghnv5uDgShluhGTzi4fo9qGHdv4P8SmVnST2CKJVXJVEGT_ZefO1qpHzNhyAM4KGUX_%26adurl%3D&documentReferer=https%3A%2F%2Fpastelink.net%2F&ancestorOrigins=https%3A%2F%2Fpastelink.net&random=6253576651689&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

202 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request j4sx6af6 Show response
pastelink.net/ 27 KB
9 KB 186ms
90ms Document
text/html 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

2430dfb4ab6c1281815f9ddff9e1a979d3417cf033aae788c60501fda6d04714

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9

Response headers

server: nginx
date: Fri, 10 Dec 2021 14:00:56 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 119ms
38ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2c243eeac8e9c04aaddb3a8d759ab9b535faf21f7b292e61458ee5e45cb8a02a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 10 Dec 2021 13:51:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 10 Dec 2021 14:00:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 10 Dec 2021 14:00:56 GMT

GET
H2 200 styles.css
pastelink.net/assets/css/ 282 KB
282 KB 50ms
49ms Stylesheet
text/css 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/css/styles.css?q=19

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

b0939d55dff27ea2ca24040d47216c107ba59e2e2414c19ab1ae9fd54acf98bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/j4sx6af6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
last-modified: Mon, 29 Nov 2021 11:28:52 GMT
server: nginx
etag: "61a4b974-46713"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
accept-ranges: bytes
content-length: 288531

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 65ms
21ms Script
application/javascript 2001:4de0:ac18::1:a:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/j4sx6af6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
content-encoding: gzip
last-modified: Tue, 02 Mar 2021 17:27:20 GMT
server: nginx
etag: W/"603e7578-15d9d"
vary: Accept-Encoding
x-hw: 1639144856.dop019.ml1.t,1639144856.cds221.ml1.hn,1639144856.cds012.ml1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 script.min.js Show response
pastelink.net/assets/js/ 32 KB
32 KB 44ms
44ms Script
application/javascript 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/js/script.min.js?q=19

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

bcf6c79635689a63a0bab926671698fdeb8718d1f8095c403f8ce572bc3fdc6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/j4sx6af6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
last-modified: Thu, 09 Dec 2021 14:44:14 GMT
server: nginx
etag: "61b2163e-7f62"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
accept-ranges: bytes
content-length: 32610

GET
H2 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/ 2 KB
2 KB 98ms
45ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/js.cookie.min.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6383037
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 772
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec5-6d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yB%2FCGtJB1C8NUBykMT%2FGj7r3NPZa2mQnoE9ly4I8r%2FJ74%2F1d6Vtj9brpom45xZ0XAhuWI%2FkcS0nVdLNDwWEdCurs9EM8fUQPXbxZtJLN%2B5xeOmLHJd5HujE1ZsNHnynplMEa5CFHMjrcg%2Bxx7cxI7XAb"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6bb7009a9d1c5a13-MXP
expires: Wed, 30 Nov 2022 14:00:56 GMT

GET
H2 200 rules.js Show response
cdn.adligature.com/pl/prod/ 14 KB
4 KB 114ms
35ms Script
application/javascript 2606:4700:3035::6815:5d0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/rules.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/j4sx6af6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:5d0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16df8c004e0008ff4acd382ae492e5c024d5160c964b450ecc900cd798e2145e

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=SA9hgg==, md5=H8vU9EZJ4FoBemZmuclPmQ==
date: Fri, 10 Dec 2021 14:00:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 333
cf-polished: origSize=23445
x-guploader-uploadid: ADPycduOqyGEB1uYMapPDpOLNvcbaaTIr7rWx0tIHwKxdbfNmfyvnsStbqjzOqO718TOhrvIy-ruSTwQVa2ht6ePz_aX4KdPpQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 01 Dec 2021 19:26:34 GMT
server: cloudflare
etag: W/"1fcbd4f44649e05a017a6666b9c94f99"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cH12vUtB%2FiXKh2hIsn5CRZRyDug2juyD5BePQTkYUYOZUbsDX15YG0jmwwV30lW4Wl8PTV%2BCAw1rlqA0Dr6E9giPkmzjm5mZYVJnXcxQpn8jKcSqbgqA%2Bp%2BwTjf94xC%2B8yPRa2KpeUR9ZzuCZn6Weg0%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1638386794311895
content-type: application/javascript
expires: Fri, 10 Dec 2021 14:05:23 GMT
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
x-goog-stored-content-length: 23445
cf-ray: 6bb7009abd7e59bf-MXP
cf-bgj: minify

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 906 B
986 B 120ms
47ms Script
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=captchaLoaded

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b4cceddc30059920c0956673d6663b57473083435da239b8db13638ed1dce9ee

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 573
x-xss-protection: 1; mode=block
expires: Fri, 10 Dec 2021 14:00:56 GMT

GET
H2 200 pastelink-logo.svg
pastelink.net/assets/images/logo/ 3 KB
3 KB 44ms
43ms Image
image/svg+xml 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/j4sx6af6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
last-modified: Wed, 06 Oct 2021 13:37:31 GMT
server: nginx
etag: "615da69b-d3d"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3389

GET
H2 200 public.png
pastelink.net/assets/images/ 609 B
775 B 50ms
48ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/public.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

04bcd86676a40009fe53606bce88edf13537b712f218f9c6057e97c612513092

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/j4sx6af6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
last-modified: Thu, 27 May 2021 10:51:10 GMT
server: nginx
etag: "60af799e-261"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
accept-ranges: bytes
content-length: 609

GET
H2 200 pastelink-logo-white.svg
pastelink.net/assets/images/logo/ 3 KB
4 KB 50ms
48ms Image
image/svg+xml 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo-white.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

83a94ad8a46a35ec117a480b3d9108764d211f2cf9620f895dd990ac8a7c631e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/j4sx6af6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
last-modified: Thu, 25 Nov 2021 11:28:22 GMT
server: nginx
etag: "619f7356-deb"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3563

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 191 KB
66 KB 112ms
38ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4a8067b8906ce0c35ac472d87d2231ce6cf5ee8af11048b722790f684c1c33c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67209
x-xss-protection: 0
last-modified: Fri, 10 Dec 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 10 Dec 2021 14:00:56 GMT

GET
H2 200 advally-4.16.0.js Show response
cdn.adligature.com/rules.js/ 99 KB
28 KB 35ms
33ms Script
application/javascript 2606:4700:3035::6815:5d0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/rules.js/advally-4.16.0.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:5d0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9b5e39ed853660559e07aca1b5a1eb85776268b619f0d482571e64a41bd21b1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=s5BTgg==, md5=fUipxOzkHEMvkTKKpkHGmw==
date: Fri, 10 Dec 2021 14:00:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2760
cf-polished: origSize=166223
x-guploader-uploadid: ADPycdsddhVIVsrDEMzmi5Rah2_MUpQesJXkCSJ5Vo3GTCnuxNxHqDYCyj4fv2pcA_ffdMHZwW99J0D6r6I8jLcVd0CekNaSVw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 01 Dec 2021 19:18:53 GMT
server: cloudflare
etag: W/"7d48a9c4ece41c432f91328aa641c69b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uvFIY5qw7To8OebtbHAi4%2FQgbILb2Jhru65DxnRu%2Bm8zhhfruJZgYPw2A1cMukU2DKx3Huni3FNKmK%2BGnDOFnmZy3N2ifybTcbfymgDnnv1Fvkixtn5C1C6pQZUvE16YKVWABf1QD%2FPSoiEupfEB%2BkE%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1638386333473101
content-type: application/javascript
cache-control: public, max-age=7200, s-maxage=7200, must-revalidate
x-goog-stored-content-length: 166223
cf-ray: 6bb7009b4f4359bf-MXP
expires: Fri, 10 Dec 2021 15:14:56 GMT

GET
H2 200 recaptcha__it.js Show response
www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/ 346 KB
136 KB 101ms
29ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__it.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=captchaLoaded

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bca75b318e180bbff8ac0c4027db00c0194f5b59dccc48ec843a9c1d57e7cd0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 18:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 329723
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138508
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 05:02:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Tue, 06 Dec 2022 18:25:33 GMT

GET
H2 200 debut_light.png
pastelink.net/assets/images/ 4 KB
4 KB 48ms
48ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/debut_light.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=19

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
last-modified: Thu, 27 May 2021 10:51:09 GMT
server: nginx
etag: "60af799d-10c8"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
accept-ranges: bytes
content-length: 4296

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a9777d3d83dbfe0ab03d15242cea1d535861cb690f755a92b342c8bd2788315

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 arrow-down-blue.svg
pastelink.net/assets/images/ 239 B
409 B 47ms
47ms Image
image/svg+xml 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/arrow-down-blue.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=19

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
last-modified: Wed, 29 Sep 2021 15:26:32 GMT
server: nginx
etag: "615485a8-ef"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
accept-ranges: bytes
content-length: 239

GET
H2 200 social-spritesheet.png
pastelink.net/assets/images/ 28 KB
28 KB 47ms
46ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/social-spritesheet.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=19

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
last-modified: Fri, 05 Nov 2021 18:20:14 GMT
server: nginx
etag: "618575de-70de"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
accept-ranges: bytes
content-length: 28894

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 105ms
38ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 21:14:29 GMT
x-content-type-options: nosniff
age: 319587
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 06 Dec 2022 21:14:29 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 19 KB
19 KB 123ms
56ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61519deaa156f24ad28ae848179016c7cc741270cb7b30043c24bd30203bdaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 10:02:14 GMT
x-content-type-options: nosniff
age: 187122
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19824
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:37 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 10:02:14 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 132ms
65ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 21:35:21 GMT
x-content-type-options: nosniff
age: 318335
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 06 Dec 2022 21:35:21 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_bZF3g3D_u50.woff2
fonts.gstatic.com/s/montserrat/v18/ 12 KB
12 KB 91ms
41ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_bZF3g3D_u50.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88238ba9ddb1bc1d0f5075399928eefe3b6428e99e5cf83b80a5584eec9ad40d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 18:22:57 GMT
x-content-type-options: nosniff
age: 157079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12352
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:42 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 18:22:57 GMT

GET
H2 200 logo-bg-90-tl.svg
pastelink.net/assets/images/ 2 KB
2 KB 43ms
43ms Image
image/svg+xml 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-bg-90-tl.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=19

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
last-modified: Thu, 25 Nov 2021 11:28:22 GMT
server: nginx
etag: "619f7356-933"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2355

GET
H2 200 logo-symbol-non-white-bg.svg
pastelink.net/assets/images/ 4 KB
5 KB 43ms
43ms Image
image/svg+xml 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-symbol-non-white-bg.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=19

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx /

Resource Hash

15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:56 GMT
last-modified: Thu, 25 Nov 2021 11:28:22 GMT
server: nginx
etag: "619f7356-11c0"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
accept-ranges: bytes
content-length: 4544

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 85ms
53ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 04:20:35 GMT
x-content-type-options: nosniff
age: 34821
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7832
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:48 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 10 Dec 2022 04:20:35 GMT

GET
H/1.1 200
OK / Show response
pro.ip-api.com/csv/ 6 B
154 B 89ms
25ms XHR
text/plain 51.77.64.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/csv/?key=ZxSSLwZtxrKxQbv&fields=countryCode,region
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.16.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.77.64.70 , Germany, ASN16276 (OVH, FR),
Reverse DNS: de-fra-1.pro.ip-api.com
Software: /
Resource Hash: 045ee283f419dfcf9bc2486f5fab993357266bc8261157d71b7c825bc8c01516

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 14:00:56 GMT
Content-Length: 6
Content-Type: text/plain; charset=utf-8

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 127ms
53ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.16.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

b3de8c45717c786a0f570950637e1be46b05d42fc9faeb456ebecc3c0694c368

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1066 / 142 of 1000 / last-modified: 1639137928"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27036
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 10 Dec 2021 14:00:57 GMT

GET
H3 200 prebid-5.16.0.js Show response
cdn.adligature.com/prebid/ 447 KB
129 KB 88ms
88ms Script
application/javascript 2606:4700:3035::6815:5d0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/prebid/prebid-5.16.0.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.16.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:5d0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29d9e84a57a16dfa31898ca631469fc31f813264c7256aa59a3d0b522e649adb

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=ZIyDug==, md5=U9pQJoWwhMQQ81YUFJsf0w==
date: Fri, 10 Dec 2021 14:00:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 43
cf-polished: origSize=458305
x-guploader-uploadid: ADPycdvxw7xQQUcEbAP_LC6Dl4BTMvLpbAFoK5y-TcbAXFO9em5FID_T80TFfbehMLSLGOwZUAM0mt57-VDydQSIq-I
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 30 Sep 2021 13:07:25 GMT
server: cloudflare
etag: W/"53da502685b084c410f35614149b1fd3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WkkHtdREdBaRI%2B9VXNloFV7cUk2OQmVZMYWkZuM8AgY2DBilS7hERCU%2FEU8KifeTIrByth8xsi1p6PuGQsCg3%2F4vYy1PXj0ad4T%2BSJoDfBLyJUIytMLsYrlizDHMXL3uQiP%2BwwLgsEG7aT%2FoiH%2FByQg%3D"}],"group":"cf-nel","max_age":604800}
content-language: en
x-goog-generation: 1633007245842835
content-type: application/javascript
expires: Fri, 10 Dec 2021 14:10:13 GMT
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
x-goog-stored-content-length: 458305
cf-ray: 6bb7009bbdd95a01-MXP
cf-bgj: minify

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 163 KB
60 KB 80ms
35ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6455adf28715e49245364466d0eec20f4b0ef0882055bf49cf58a1e0563ebdea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61829
x-xss-protection: 0
expires: Fri, 10 Dec 2021 14:00:57 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 92ms
31ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1559
date: Fri, 10 Dec 2021 13:34:58 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 10 Dec 2021 15:34:58 GMT

GET
H3 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 348 KB
117 KB 88ms
47ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 10 Dec 2021 14:00:57 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 70 B
97 B 67ms
34ms XHR
application/json 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

39c0b8be3e2bd4ecc61b4a789ac1e94d6a6812a15499181634db22e64fe7221c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 14:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72
x-xss-protection: 0
expires: Fri, 10 Dec 2021 14:00:57 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 90ms
45ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2098932155&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fj4sx6af6&ul=en-us&de=UTF-8&dt=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1516013621&gjid=271234415&cid=353030409.1639144858&tid=UA-55088947-2&_gid=901904845.1639144858&_r=1&gtm=2wgc1055WHPWQ&z=1752953575

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 57ms
43ms Ping
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oec10&_p=2098932155&sr=1600x1200&ul=en-us&cid=353030409.1639144858&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fj4sx6af6&dt=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20-%20Pastelink.net&sid=1639144857&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastelink.net/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 43ms
43ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=2098932155&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2Fj4sx6af6&ul=en-us&de=UTF-8&dt=Seo%20%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F%20%D0%90%D0%BD%D0%B3%D0%BB%D0%BE%D1%8F%D0%B7%D1%8B%D1%87%D0%BD%D0%BE%D0%B3%D0%BE%20%D0%A1%D0%B0%D0%B9%D1%82%D0%B0%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=575707398&gjid=2093497979&cid=353030409.1639144858&tid=UA-197326395-9&_gid=901904845.1639144858&_r=1&_slc=1&z=1457440009

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 346 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ebd635d843d43673dd737988e3383b01614cfca991785e481a47e7bd6b8aea17

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 integrator.js Show response
adservice.google.it/adsid/ 107 B
792 B 135ms
36ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.it/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 14:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 104ms
42ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 14:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 134 KB
36 KB 872ms
872ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2334239469092704&correlator=3534218561282492&output=ldjh&impl=fifs&eid=31061815%2C44756558&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211210&iu_parts=22405481091%2Cpastelink.net%2CBottom_adhesion_banner%2CTop_leaderboard%2CInline_banner%2CSidebar_MPU&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F4%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5&prev_iu_szs=728x90%2C320x50%7C300x250%2C300x250%2C300x250%2C300x250%2C160x600&fluid=0%2Cheight%2C0%2C0%2C0%2C0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1639144857&dt=1639144857698&dlt=1639144857020&idt=611&frm=20&biw=1600&bih=1200&oid=2&adxs=436%2C310%2C513%2C513%2C513%2C1071&adys=1105%2C315%2C722%2C1432%2C2261%2C575&adks=3402602959%2C1666686559%2C2365527928%2C2365527929%2C2365527910%2C2108190548&ucis=1%7C2%7C3%7C4%7C5%7C6&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fpastelink.net%2Fj4sx6af6&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1%7C705x147%7C665x250%7C665x250%7C665x250%7C168x606&msz=728x-1%7C705x0%7C300x-1%7C300x-1%7C300x-1%7C160x-1&ga_vid=353030409.1639144858&ga_sid=1639144858&ga_hid=2098932155&ga_fc=true&ga_cid=901904845.1639144858&fws=516%2C4%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600&btvi=0%7C0%7C0%7C1%7C2%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

69bd260690cc0b10ee72cf07d456b512faf59d757b8c4672f107450c6840ef53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36732
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 100ms
39ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021120601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

783a86ac4764c748fd6e22b57b4831896daca7f66f0dc1af78d783e5764f58d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 14:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8495
x-xss-protection: 0

GET
H2 200 container.html Show response
910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C72D 6 KB
4 KB 114ms
37ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 14:00:57 GMT
expires: Sat, 10 Dec 2022 14:00:57 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 134ms
49ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Fri, 10 Dec 2021 14:00:57 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4FC1 13 KB
5 KB 98ms
37ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Fri, 10 Dec 2021 13:03:31 GMT
expires: Sat, 10 Dec 2022 13:03:31 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3446
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 02F6 783 B
535 B 97ms
41ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c70812d188585befd817f0768951ca4e030d3afe20ee7cf05fbe98e81090e68d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-mZoAGGB8BmCVzf0YrsiCwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 10 Dec 2021 14:00:57 GMT
date: Fri, 10 Dec 2021 14:00:57 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-mZoAGGB8BmCVzf0YrsiCwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 02F6 0
0 80ms
79ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021120601&jk=2334239469092704&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 4FC1 35 KB
13 KB 33ms
32ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:13:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6435
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13622
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 12:13:42 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 67ms
67ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021120601&jk=2334239469092704&bg=!S0ilSAzNAAZKWFskSlg7ACkAdvg8WnLzIog76AMslKmUYbDDPJZFafiZJvWywlWhhw1seaQuDrw2AQIAAABPUgAAAApoAQcKAFp9SjecQ90AYxH0JCpeYVVc4SDpmizVdZ3fikIx1WQja3MstMOJ_M0YXH7s281u_dTZRXiKs7FvHsKtzIrNwELIJHPL4m284h3RFGau5xamLdEAShWkBA5N_FOZAnT8ngHQerPc8nuk5gIO7JNJpjSIKyS0w0M2x37IHascC34DGIChH77JNg6B_5vKZSlg1kSS1OuScYX_2h4R-gVs_FYHYEhGXDbyYReI4_JGmq8T-nEldh-SWpd-8Irqr3zEaiCgQ3W8Wo_GvlQNN1uKydql0XDB75JE13_hJncWdaIrbyQs91Qo5ycnSe74DDqNfeLbrG9po9-ocQgdfWe5PdjkDVusalVdsCGYZV1bLbjNSSz3dYYiAzbI758tWTmt-LFwZ_Mukm-26-_5eldJGcxPEvcN0mWjhnU4xxT2W2dqp-xdpvPdkK25ctH8cikVa_wwgGpFGeXd1AmPKi7zwkE-eUctU5cwJru7m6UtgjTxVkQ_2fe-shyuGbssSVPhNoqt4NaqNPDdA1ITW-2XVVrG8fAFG_iNyHJX03iwUdP72ahErYhaQGb1_-HdJx2veab7OwKIW9OZCPhCUcOiLTg7m2z9gpgBjLqJMDZ2-HuCZhML_eBsndbLxIsZx3ZQ0Fsv4WTqrZ8tuBMR0DEfJVAf-0VVQ1Egk8Xx5wKV5n1qTB5J-5fbF7BBuVSH_sbY8O-2c2LJ4NTIez81RNVNJqvS1jbTVA4WQkvRVHGMf9kEJUQogZtg8scNIKizVd3KLyYUB21xIvEJAp9skLlvL6Uk66bmUc96MF7PFB3wz1_WwV4VMkwCumkSZar9EJmW60w5Dqb8I0j_MM9qbJuCEUhQVVA7vLkBjo8YlMvc_NzRw4-2ChBzbPzr4JshP3XGd1w47sJT4w4SlfwnLkn6kfPOWDQ-oJQIp48XdXkkb2Fhz81S6uTx9OueHMdwdwR1Ec0Q

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C5EE 6 KB
3 KB 64ms
30ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 14:00:57 GMT
expires: Sat, 10 Dec 2022 14:00:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111011823000/ Frame 4B3A 189 KB
55 KB 135ms
28ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 107547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55592
x-xss-protection: 0
server: sffe
date: Thu, 09 Dec 2021 08:08:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11dee2040f5fc1d7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 09 Dec 2022 08:08:31 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 4B3A 13 KB
5 KB 163ms
57ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 107547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4992
x-xss-protection: 0
server: sffe
date: Thu, 09 Dec 2021 08:08:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "858600ba27ef7413"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 09 Dec 2022 08:08:31 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 4B3A 89 KB
28 KB 167ms
60ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 107547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28555
x-xss-protection: 0
server: sffe
date: Thu, 09 Dec 2021 08:08:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a64e482645fd262b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 09 Dec 2022 08:08:31 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 4B3A 5 KB
2 KB 173ms
67ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 107547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
server: sffe
date: Thu, 09 Dec 2021 08:08:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cb4f0e89d7d37d9b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 09 Dec 2022 08:08:31 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 4B3A 40 KB
13 KB 164ms
57ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 107547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12826
x-xss-protection: 0
server: sffe
date: Thu, 09 Dec 2021 08:08:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f02165e023e70703"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 09 Dec 2022 08:08:31 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 4B3A 3 KB
599 B 83ms
38ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5ae91fe13f17bd08dbfa835ba6128d165dba3c87ed1d3d1619e22e458657d681

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 10 Dec 2021 12:39:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 10 Dec 2021 14:00:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H3 200 container.html Show response
910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C08E 6 KB
3 KB 35ms
28ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 14:00:57 GMT
expires: Sat, 10 Dec 2022 14:00:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C750 6 KB
3 KB 31ms
29ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 14:00:57 GMT
expires: Sat, 10 Dec 2022 14:00:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 876E 6 KB
3 KB 30ms
29ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 14:00:57 GMT
expires: Sat, 10 Dec 2022 14:00:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F626 6 KB
3 KB 28ms
28ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 14:00:57 GMT
expires: Sat, 10 Dec 2022 14:00:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ru.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4B3A 3 KB
3 KB 38ms
38ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ru.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 09 Dec 2021 18:06:03 GMT
x-content-type-options: nosniff
server: cafe
age: 71695
etag: 6726277462267614359
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3041
x-xss-protection: 0
expires: Fri, 10 Dec 2021 18:06:03 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4B3A 344 B
368 B 38ms
37ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 09 Dec 2021 16:59:05 GMT
x-content-type-options: nosniff
server: cafe
age: 75713
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Fri, 10 Dec 2021 16:59:05 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 4B3A 0
0 35ms
34ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRLXXG6uC6GWnKfqI0csiOZ_YHfF6sBqDARdtwiVrYbrYRB903T5TQdFaPwpUir0FFfModXg6I_f5t1jxCfRvg1ED0r7Q
Requested by: Host: pastelink.net
URL: https://pastelink.net/j4sx6af6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4B3A 0
0 74ms
74ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C5dzEmV2zYfu6GMzJgAeur6P4DJWF4bhjjNGY1rcNzoHNuZYkEAEg-5i1QmD9gpGE6BGgAc_R0ZkDyAEGqQK7PU2-4PKyPuACAKgDAcgDCqoE6AFP0KWIvtRnWohsdgCE19KY4PmSpQWnI3aunSDwbNuTvYx_6_WzU1-Gzmnj7iVISv2m4MVrkaeLTlWYicOW8uKriSyWE-jLz2rsPuDYzT4ySgC-LIqaPRjhL6ne4tUAMT3nCjN9tFYq4xizU4PQ0sMJizZ2YajG6Fe8RCiPjjARPLvST4JNtxaxY3DxmdG4oahFd7hrsjAvGpZAwcIjGvJonguKtB1r5s4qGFHiU0AClcVeEn_mpdkSOXUWf7J7LDZfl-Z3RD5Q5StBgNRca3OjYZd9ivP0H9X9cQvEHMgiW7UFb14vN_TrwATGkqeE0wPgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGN4AHma6uZqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6a-G9gHAfIHBBDI-TrSCAkIiOGAEBABGB3yCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTKACgPICwHYEw7QFQGAFwGyFx4KHAgAEhRwdWItOTA3MDYyOTg0MzEyOTMxMhj63nw&sigh=v4v76vftQDI&uach_m=[UACH]&template_id=493&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: pastelink.net
URL: https://pastelink.net/j4sx6af6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 72C2 624 B
974 B 123ms
37ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNupDBD-0OkBGMjw854BMAE&v=APEucNUOfirPChhvb3VCOpwiMHlykV-y1ji31ZhwHa9-0SzWDqDIpqmTS-UsuJy8VQOMC_UqFJh9-yfb8SE9uH8n_-c-yMSYDzWOLJLMY25WtUq5CShUg-oppoDAPPtMS5QBnGVfAeqfIKJU8BYncyPE9H3cRo2-3FohdkAeDPwxlVqctTei0Kc

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 14:00:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C08E 71 KB
30 KB 185ms
101ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DtjUNfGCsX4DxcbhqkuyblZO-GRTcT8VRu9Dw4WxEV2fw05mAUzyP-ozV6juG3RLGck5huFmeybbRPYlworkQaFNlM0lpJ4c35tw2osFw1zZ3w1QurNS_lERsjpcaCVDN8SyHvJT_9na0mtX8lhP7UTfOuKw&dbm_d=AKAmf-C_R0gQTasTiXXuu99fNcxgfJErJWb7qSIp1jU_WG3IL13XV1szOcAxl9tseGa0mRizTXwqTc8bUHQjZ4wcNQcJD2GS4t9flzvGEsTZ8KppPoeJnxuDDZqXuc2Q1FjQrLm7HHHzNU3zG7WtNSVvpYVseUkIXFvnUCemwfdz0sjIw1YfETosnRikJU2FpWme913b68XVyMK3TjAwcukweO4Ek9xaBOWq99cs6AKJnBZFkII5ks4RlBzytEew1GoRc1Nptb_OnDrw4nBUFDYLJoF-V1wux8uKVanAc3sUpeKyv5jWKV4yZJ8YQ6bEAiIFDp1m8ANQLJc3Dd-pl2JWh8I-Ygp4WGelrZIu_JzF3Kfe5eJgVkJ4yeJmAV4EHgt9bZgVOgYFjgKo5MXmxHUI18G14RWMI8NJ9-ApG9oeQ125cMmbO6tnAPDRF5aRXC6eGXO3ZPxVk_hiCd7TQGW8USl22yrwGifQMFVOMIXNAJtkBhzGT3yitruJKtKVzcBHGWtJ82GZbpsXpi4eWgB7yIH8DPZf7RtkFUwMJiud_2s6xSP9_5mhamy7Qu-w7KoYt0l_wlDaieCOxQITFp-SEBYhq2JtxC0pGYT6qtaD6El-73CQth8sYUMGv84kx3c6L4ZpM0BL_Y977SnnVW77tpCjrA0-NY4XFKR9ywNCCf9wGsfdSlDixVTDf2gEQrw2CbJrAf2WgwHGooLXRwfGdfNGQybcnPR4JXtJ2W3TCJTF_GUQIaG4C7oOZtUPVARU_v3CCrFLrChNb8FbdKmCkSo8t-Q8CiEaA_Z1D26dtIPLvZn106ymHFlyUxtXtootxQ7GA9oqJDcSuyA9U4TGgaieic_2yMKl6FGnPZVUS-lSvi2U2Ssv8HgSCvyePdFX86DZG0V8BPqH6HaWSyKhv72sAKgGHoIxzev00vWSxrxjyWFZUO38LMTIDldLHBRqhh2S6_N2GmUbQK9CPWBfMph_8ukB0SK2O71gAlmdLy8KKnduNV6MHSS01aPdOqrIQMgoqs1LaJk5qPpmMuTVmZLUHfxaNQQrZsOjujIzszoiExLAQoLW10dV-adMYwlKS7A-ydS4DWbWxXa_Fn8O-qSWteXpdKL5nw6fVojN80jAnJmTiu-GJvx1SYKMXEGHg4eZ1pTBrmOouBVtO6-5cjggXeoP7QG8-PTtVS_YLFB8M1bovbPrlZ9RpRFV22OZU0AuXxA9vUGKI-V1C4g6T2wPNBB7l8lFi6h6-Cb02vXPjGa36avy4fdKT7zkkmWHitubb3PhWXnZXCYpYE3ojnIZUDNgPniZA9IxSdFjaFnjbJxfn7gtLhI9BJEqiFzzoqgDYfaywmVfq5y3iNNh9JhGipqCKD50r9_2h6X_IpQJIbk_ZxCgpxfCz_tP6bzhc54iuXbTu6eTH4hcT_DRbSm4sTNLrRjZ_UwIoTNOMQ5i2RpO7yLgGy-OJBpiHF6DjYHRq5olM4GRvFz3AmoRwDmu-Jt9i-fXf-ZDEz3itsgjn9V3-P4ZRxOg1xFkGv4xo71LSnK2w1qptfjeoD2ctqLVptE6Noex7YOOP_IpQxu-Bys7rCbWCMnCPqv9uLnRXD5Nz_8haB4GIq_iGHnAPQxIhFgtOc04YiZffTt4GP01a2M16pVg9tmO60Ye7j6JKqVTP2OwKnpQR87Ql2EWrxXX5leOZbXLnCtpFhbfGerpac2SiSfCe6mah5OlIkCCN1vtVqc5pyVXVEVJuSqIGiGG8KWP5iFwKe5rbzuROS7bOK6Ow0BbcpBxG_Owj_0tmxAGh7w0pe73mp3sxmZ6mNEygyr8skKvx2MQvmAomcLhHlhiDgz9IEmVDegdDnEoByaImlDBZDEwczKr6kVHIc-Fr8yJF3lCE4q1Kgud_sTL97tK3S16ZfwjFOOviprsA9VYTcM-pCMKHuWgPBvYSXPdPhRXN9z9LGiB8OkC73rnnu3HwZ59wflM1saFyODUhuRszFv7SlJwZg-8RmmJXfHtPfnop2YIqYYq-Z8VxjhcL8mntVOEKflPaiabmwMgZc_0NscJNJqLb6fE1XZk_jbR342Hz9UMStGA9vM28B93vlpKN8aqYXPjGVKM87mC3lSRzJXQbYFF2rZLkfi74SWHYlZVUo5I0X4dg0M9-SE0S2mttbpmnmW2kxnQYNYxnGC2RBvhLJ8FFhikSMrKqJ3psXXVyQlYFToyiaSXLGZmJbjpXGe4RZCafc0tcqbmI3cQCWUxucyVRrWDcFsK6rGkb2Vw7TzaAHapjTt7ghQ67ICzTPHyNF-qSBvjRbSklvfXcI87CBJPPnN9BtymC9txUa6t6gAjMmjGXB9J_XjT3tNI3-llVzwopElV_MvIt7QEdnYT-tWOgFR1GgTGwyxRB9-7R51mzu6PfOpw6Hg7HEakWTOtw4QqLmEKGLoj2mNpjuXQ1VkQuU089jPVs_rUb6vLo-YCp6I_O29U92QKXXT7cuYL-xFjdtySvsi99hI9XpCzkFbcPsFVWBfzzWMC36pSVl74e6_ZnKL-oM7HGi1j9IH99Tf8KaaJ28Jyc-NIqMinCEn1JheMT6u97RP-6IlgEcBkApwLbbk_ivP1Q4Jnknzw_u5jlvR7u_Yi7xCUhz5EgZAggHNrf3R2MvYCmeo9Od-JIUvY4vgMM6uw98Hbb4JpLPV3fDKxOS2TLTLCXuvF-HoyejHStUyzQLrntk-rxjXSVc77e6ZPYSRJhPxhvHO7uvw2vQ2Q3Fdq_wQASMW2lci-1Vd_pp-xp6YCnHAIBERnuVtqUpWI2do1mxNXoSLc4tc7Nh0c1NRJzYA9fNXEP6nkYa1G3c_nRUWYLpTXNB82E2K7JH8qu0mXJwR5OaESQ5RC1y1GTwFl3_uV7DVpYAf3s5RkGiy8Nogo61hhKOae0bKdOR3WeXc-EMdTA6Vuv_WFZNXJuJeVeJguAIejfpBipzuEnmKugLzjLFr1gJTak4JV0ZhOoNPcFqWRjXDSYaWwr65mcOVKQnNUutGZRnuYsDamTRaF6SurPY047vnE_sMU1qG7S7Q2KzUvbIZIThiJxe5sbg3OMTbwEnOBoYlEwNS-BgValUVyJj7-E4jOgkZNRFeyX1SsX5ao3CQoQO5FkFO3mvZqktbrmVnc_7mT0gF0-R3grWlmZyJuelmdji1ixARG2q3qOUiq3j9SnSJfBzMUE5PSh4uv31PY_v66yPGRb2uiR1fpSYP2gM9uhK5w-fAZfnVv2DSJK_I8y4MJrSDy9d51RvTrb4p4YdZFXLyPweUQmW6Rb6ik6WU8GxNCGMgCvfVyEEXic2d4-Nm8wy9xPFptxoCyAtTB82uNibCEBrrpANI5iWOQexCFFcQ7Yf3anJpjLfG6H0U&cid=CAASFeRoguT8zH21jjQ7QuulCjE1p75WnQ&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01566e4443eb97b261da0e01333dd14094bce3e970faadc3fab65fdb77283723

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30446
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C08E 42 B
63 B 67ms
67ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CLOsJ0n6q0_BhkEVLaFutfq9keU88_Zh0igX274DEUHBoBQyjh1Y4QW0jXISvl9aZgmslrpoTmHzetgQsu1IYyfqfU1FYaH-LRCLr4S8tawPDjKBc

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C08E 2 KB
1 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:57:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:57:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C08E 119 KB
37 KB 128ms
45ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C08E 15 KB
6 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:53:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 464
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:53:14 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E1A5 624 B
559 B 122ms
41ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY6tnBNjAB&v=APEucNUTMW6o3aCGcGpu061kBPZ1nZR5-hx2UZ0EtW5TxdFhSAE1d4MVval7vuLUL066mYrdSYEFKcJMG4BDSTTSU6GiR5ZMRruBJfmjrrnQTa357dN4rK3FDhiDAacEbCDAG4rOiN9rgiDIIq3YoeBkCIjg9lqlI_ytYjzzOLqpx2VGM9fBu0w

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 14:00:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C750 24 KB
14 KB 161ms
81ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CtrBRUdHZFMIOJnBmdybfXbvwZscq-_J_haCcD1JjP5yM8FNkMfU77a8PEok5v1GAslyvLZMsVs7733d3Fj3N9jaaHKuU-p939_x-koOHdDRVzb9QyL147yq7ONgVlZ9SqsWLm_wIIRFE5JhTq1OsGTiQ0jQ&cry=1&dbm_d=AKAmf-AdgaKsL3zt50N6ezHM-OxHw8qdYSWU9SinqnlA5AhPJqTbS_XvIqDMwDOJfjC_Q1bnYeCSBWJ3qVo6dlzCwsE5pnKB29PX5spuPz1PAGUFjud8Bva5V3hsuSs8LATVJWY7rxAHpKH5o6A01nDlCfLFIwJCXeTK2jbwlEIU1Fuv2nmCcpkUSIEtnYdH8MAcLCIzItQo8O1sKFrEImZbzbMUW2xlYpuptuH_v2LplwkbVcH-4bUn15the4j0-9R2QqMFIh0pRiqqsLMvBFPLgj2DPHu3luIaJOFOzDNDOD7DjLcoyVXZqD8-Ax_ww3BZOv1fOcyIKbJeR9aSUqbOKEcJqgbcdU1D5YJR88oSWoId6d97fePPAcpOSn1PJw0fsmkRJxsPufdsnXK6nxCIR5cGGbMjSEKt1NQeXLDUGg-YOexWFHgsqWgfVfthYJA9svGomVBTw9kttoBQilB3-gpaT49_-pdF4vQvJpCf3ZPy-FiPsi_dOH_LkvNNLJH5GwlSNn1XliyASujEbAryL-PB3sdfG_pfBx-R-x4EQ9n5AwpuYmQNiF2Bsnlt8sq9gZOtbOVKKGyoCu4XlDokPmLR8XVIWqLZs6bqvSSSi_gFNWrxQanwdcpPu-O3kF0U-3GyAafmn4WJrzQwxUbqbSuod0EGqFKLntO5Jmnxr_GMxg-urfe0i47_xfNxOSuTcdwNeJvES-ug0UROs04k87e4yDoyJaxTlMvhk-SLbZ5Kx_sx7BhNY85H-pMvK_kGB_Y5W5rkK4lS0ipatNR07C_iQH3YoQ5cdmVf3ESoiMp3O5-N2UNZev3dsASTQlT54hMTjsg6PNJZI5MmdwRRefV3f4j5XTOyiViuTG1Zea_NmUXuqW3ZEoIA0_cOJZSquJFlpY_xjoVDlvXy0oU8d7J_9QmhdWL_P8K4y7qd6o8CmerGzygncdO_rQ-yAwcEfVnrXjG1DWgAO0zRUZf3IrheJPSFJ0WQHegx12M7K9LccdeXpW58Vytf0bBhTcuN6ey11SW_m1YKTRfU64Qvt3nfLLZIUAwOnU5Itc6Vtm-mmH5ghvCdvMo1_F_0-VGmtciJRfAX3lLFpcmHZ-fLMR4lRkNQGwPXECvgOUBlUi8hTKu6H0IFMbRt0FA_OX5M2JYfFs1tmCoqWCHyen67YTyp3gH-Cf-UbcV_27GWRfdRIGIiVEgD698jbA99snWrPjsELS2KkUL3Lhn4y4nzgaxj1lclOkXMOHqP3UNqvtXj-g2yhBjCbe4hIT9do1Y-KHkDH4EwU9i-UlfiGyGWrvSK4WBzMeAoFW8rv1SzopawPsCBO00RmjmKOj1JnrtGXZ6XKQziiKA7VluqVf8FJ963_rmI5N6VKdNvfoAZ4XgMhH1EXP72CNpnmSBA9z-IzTzbPI9oIhC-fVUuobdpDvGa5AVzhjiM8QPhez6Gq1uuD-VPuRUNmmpW9WwyUIlW2OMJ4MhMwr8nRtqHW7jrxgjG5konWls5dd_zGbuRmJPow5oDjO9igLoKUvsdQ83OTmQk-EiFnrV9yg81Aao4ySBE-pkaZA7Wg_hVTTVQ0PlV-Lxsskvj0t7i1Ulc1803ERsgAsvnxTut_dA1bXNLu3JVl0MWv9_K7X_jc7HpS8-vhZxX-g9Q4BxLJrn3l7eyG7yoGawC7R7SWw2ySuAchkDDdN-f28g63eR4NvVQNO5gLY1bmc8Ttad0RPaUQwSHs0p3cPhxCGhY4JfJfmCk3TwPVL-QblXzVmL_jxwAeM6DJrdWEKMC1Plo8AkMrTKYl6I77ru9s9aPxwM5Bjl_CwtCjMOrZeHrl9CHILH_W8BSFR61ZZrMil7eB3OIeInf6cBoRYixpVtce7tKewYJvoM0AuMCExNJwZsVS16Xk3jP7kKuJTopm0C85YojgrU-OB8cVmi5z8IZTOR_u-o00lhGXFONqb1pH2WWXsGYsngJ0L6dUtOz1zzjW7qeXrmsGNltr-J35eW2Oy_PpdpVRWsaMqcUoq559noCBMxc98OFm7ATOuSMCI6zB0jJNqPJPp2-fTDJY5CaTAxvfVM4QN1qIRLycdfmHAPU4EUlpUYniL7sji0xk-w1VdLvChwwZpafboiFhkr_5JUnPd878CfG12x9IfR0QdL20GGoV1OS5PNVzcbo4qaQpEzREc8nTE6Ium60XhLxeiTpQ41zn_LhFO0C1-Vz2t3Vs6MaeTZMlNWGF688CPQCdaHQSg-YPEDyueiXIDklDgoT9vHEjoXxsKBQInz73ANTgR-ufOszyzLr0xc63cI5CE6ig6pn31a3zRrMvVo75VzrKah1F-RjOF2_Zh7kGp_n5Sou4SBdSgn8l-sR8SBivxEGt5QvSvaBzZO5GMKjJGHgw_IbLWougUtypyENw2ZfM7OzpIqF57FoqgCvVtjqnpnXtCjuc2OphezfYAoVNpJltF1R4qKMG_NbfnLQbqNK8oX9eU6cVDY5I7IH_F7Gl2oJK6bj1nqQmeMofx5SoeEXFBSJhJM41CSXKvydscgOF2W9_bvteFI27gyNxma7uR3jqdalZ0VxuJRJMt7WKG8bkrdZSPOVAvsbLYV2vNdjNRxzeaG3IOziZ_-jGgQsaGC70JQQisX2i-P6IoiX6EcFQtoYIrfnWbSQ99GsK4N3PVtCZBKcsG2PHhmcZOUQQEMVXc-x2gjkZRnHO_cfsxCpXXE20CBsrQD9xufUtBTsYbY_Y3as9NOd7ZfAL9E_R1RYRPWr2R-wUCYIhzzFiXt-4W7-ZBpZ6B95nN0U729kg0GqWJV4WZnHZLfDYlLQjlmqzNvW-kFPYey4QsEmh8r31d94Ru9l5vE2jijywHDDG2qASYqZRNPgdM_usCeWFfB0jOCrFF8y2vQMryKoFMiW9ziHWRB3CkohP4ixCZtoOq7UpgGAP2Bz--5iWz1NrAj-b7Uy12wkcwZuW7_4DPuA_zDYCNob8h0eTIK1ml85wK4AMmDtpY7ukx5Sm-yBP8DntQZPtD7hnXI__e75hDj6Q5wDZLMMRFOITh1ngPYuK9hlKj5GiNdzlFCOGgBmy5b2zt5jbrg1GHTSEl4VzujsQnor1_JEwsfn5mf6G30aYhfyuqb41YgDh3uzXGaStv7Rkb5kC1fzjo2vRlsZuDue1HuCGksRPy-ckC-K4ItFF3qdqmRIBVkDypTInlZJ2f9alUi6J7TOUOxFKwdGS5Rd5IbkV_-eUFtMS5IxqXBZDqsOVszVZc8B5aQYeFWIrX_GAI7wGCaqwBojgSOJnr4hFfQOWH_1ul05t4VqlLlAjkdmT2p1TwJOxp5v5Ttfdz-naFn5bTkB00pL02CoEUPKICihFMx8W9sdydXYhNr1AeOWnScBD6aQNfnsQbgNJ2-Z8bvn4XkW_FmZzf7Rcs-gPQDMvwtSUEwjVw&cid=CAASFeRodkLB2jBVU4HXhkgrDeBuTnG7ZQ&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

394cac9a51a5d167d738d8bb28d52204c66341f8da4abdbf88dcf8cbe841557f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14498
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C750 42 B
63 B 67ms
67ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BtGtstw-uFMIzIh54ul73ubgk_XsM9BFzKFlJfqWi6M81-rSmJtrxbksMXeJ30Ma7cpG-4KPex_RpXCy-VEuPCt_a1EGB75gG1_UklmAK7of7a01E

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C750 2 KB
1 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:57:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:57:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C750 119 KB
37 KB 181ms
102ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C750 15 KB
6 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:53:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 464
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:53:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C750 0
0 34ms
34ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQMn51k4mg1mCpslhkxPobv7CgRouuDKRkj0CLRdMuZCL3C78BkhNsjRwoyy7FTvAWoVYGbBa1Qeq9ayj8PJ3rISJ82ag
Requested by: Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 906A 624 B
558 B 115ms
38ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL-8UhDTlVkY5M-nXzAB&v=APEucNWfCy4R_G8jglaiDIz4nWONMVd4D2HB8mBhKiLRbahD-0mfZY0K6OpHUD4nOJyM_saFAk5PiI5rPp0pOSR1RnzHghumMLcICnRayVv94dPaOBPCpbWoQu0wWhhzEgnN1kOEcieRTYpLtdRRXUVeg8wrj3HtGZr6c4Ma23LFTPIerxUAKZQ

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 14:00:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C5EE 75 KB
31 KB 167ms
91ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BTXVeBY5lQGyO_D5W48bX0h7BqB-1Vkh8msaLcCUATG616fyuXLgHKoKeJ6MHGCmwPhhz4eINuKZPGlRc2P_svf89eepaINg8k3_av-WD41SKzW8Ty3NPZPmbCvwjrdaKd7PYR_0MZ6pe1tOeSNnpjoRfmqQ&dbm_d=AKAmf-BDOH8D43qYpiGEoyhxyf_z8TqGU9smTvSIS1iDkBa7-iE1BPKYwJ7y48ajpumyKmpWv8tKyoDaEt5iSd47Lce5Lww-HH3KB1tsUPQAtLaS6Yhx7K-jHrk-r5GaZ1NTvujAJJ1yAdSXJijv8eo_zIRsEVT19de5Cn6KhRa784o3v5xVSxnxewGeQdYVnj9BJoxO0meBRU5V1cayakjrzkRPIcMa7pD_tmg1VtUM2wOKosa_DOuUpeFMPqkUPu0-qZROaW33Usxy0Liqm2PKgMqhRgzIVELqWE_5TMNLqdcIzwHSm95VV832EqnnzZlKSq4zrp2vN4F0GWh5n3G5Vlc3z2tqxWGgomWr6EZTYmWenPkWTLJDm5tLTmRqxTbMOFLhAd_ET-MfsE9pKSL64sRrVlIUeJyUTdiuhFN6UTPOoHsaZfzQCbRGy0smskVxIwOIBHU268Mhf8UxsYEWKLncy5AM4sXVTu7rN0tjjBz4kch3j442xLUWOWy_OMqpd9EWx-4azqy5E-9WQ6WE_HtQqfXWkfXujr6cI12xfvqTnCTM0On6uAXielZAkzTYzGzZpbjfUZbjQ5BEY-Uz4QxA8GqOaWauoFPf84ZEeww06cy9EX_xO8NKylCx5RyyUITZi3BoKABkJgUAlTbrgp98tLJJsKjPi34loBToyCUPC52Ttkv23IJGPcdzzPdmiSUxo_krnVAwTTuyS2AA6UfSmcqgHV5gTqSFQPklYW779fn3rcASm36_zeL6upNLyS9fv7aqnQvUHKtmV1LXY9R6g1-egYu52U8s_u93zMrl_xnQAEZ27KdZlbEOe6pkMYMrtnJMXCSDBF3AxUsCi9jKjxJbcfVgbZnzPGr6Q_6jvkOC-X9m6quK7KYWNZtXVKJXMT-vNd7wT9LzD7ZfBFJEUvyQ-74gbGQ5ykTY68gDHBVtWRxFkvcJuJTB75xpiRcH0qUqfcOSbPo1dUGyMdb790P8NAOQHB9VsxxB11kQcroKeQbIGBxP4EFsqRTsRdEjIrGOffh2ZK251jPsAszc2d5EwRhgaNYYkIr0ICY--2RgpV0qCUIPYpLVnIBpZI_p_lwqpJnIW7cKenoqmJbatXLrGFWnYUnh7Fw0TCK2nyGPvUTp7a_pvhBpArteCzwBU9UnKgJ4b4WS7Iq9PDWIoajpxSxeH_PpD9TUGHoP2j1uVqatnB-0MixiZL_W3cqbk2pcHnWyR6faMltQLKhnEXebYvq0GEgb4RIz7TOxG8m7RVCgkmwZO7i4vUT6cUqgc7FcDDVSHQg-sfYt3eTd-0lITz5XYorF-3Z7mkHty8-ESf6n1cPmB7r0ve0KbS20r4NXaTHlnBhF-M__dNs8D_ana1TOt9X18mfV8Ja3nM6LfB8NKFpX_BAW1viMN5kNa3HHxCc3PUyZWtoEEq-cUE7wUyw8o5xQLMIqp_cviIShBr9ug_tyPuUqGl4of-K1QcTFAfcwG9o4T01vEhhec_g17iOYpzzZF6XHNtRu83Tv81w6WnHWrYaLFa4U6J96cPKHeg__7GSf_z8CSk5o1gHaLolLYjbvr3TlmMs7vDt2wtuBCq_EGZgZNZmCbDRl9RIF3zAYJ2n7k5ttQPz_z5-t0HAGBMzV-p9Gi1Pe_FAO90MLBNr4huFDPeMdDr4q29O07FFLxmUObaWhcgwaUFJeFLwfbcb1d8Q5CqA2PDmMhE_LZKLnzNrNWkU1N2uHWfdT7XEvWY1r4iCkooAQ4nqIGNRt0vyk6AxQAuraaHTdURXsnvstDKCbyJnfSGAF5tMKEd1lbtRG5ffEfQbXNzvYNFmSRCIOUpNRfKwf5AcnqyGbbY2D45RmJFr0wHxL3fmez0-jv5Ni764Qm4zFBwN7H2AxXNNKgOJTpAhLA_HA9uJZRt-Ge9NDMdITnFiqCkS42X4oQTNWUf8MHchtuy-cVO9YWfKiFSlb1g6zUxA2jxLVlcHton1jFVVvomWjPjbuXgrhkzElaW8AX5kVAkCGxeEky7wyDbCg9S7RfVq3hYgHWyEalsK-Vc7RBw_ytsOZgwuCiORpIKeirE5E9a2AfeSHXS39L_Vvfwj_d2oXUpddHkyH7dYEruG3x8MeSz0HEHsrLx5jh_ox-eMM-6iY3BF9FHqT9Vii2cxMi5wyHxHXCRr37I95z91mmF4G0tYz7zUDWCU4V33zYoVfyvG_Q2Ywit6UyOQh2mzE1IxNQNzuloPhFBHSn4-oMJvPeKXqJ-9JP-y-w8OIjxQcxlpvxLNo83yK40OM6QOVNbWeUueDgvZbL3qIyKTd-JGBRpfM_3kUXu6tRZPYR2Ebgp5MMLQdHy--r8uEJYVBKRxa4ktkHWemQbE_3_dlqJluaHsb35fgReY06GPU-QSD9AmgK0xsN1KzsjqfH-_pK9dC6wij-zPNYtes2oLW7SJcu-2j2842pJ6N_aRAf9YMJ3ptpQp5PQpNl6XvZ6YDZArwU8ZO8i7yiw6MXFPQqyqsYAEhln9jqBY5_zOH7PYAQ5_ym2KBpFfUbyJ-VzYrgP8haV7LAjocLF4Q4yD0LdyadEB3cQtsKC2wBElxCNP06zLPBYs_-2pHoPjBwIYCaJQUWxTtvgTM3YAFzLhl8X456Hj8lVb6Fv3NZar0nGuYnpKXIaBpdFjcNjkV44AFuDy7PGbePzfGWSnNaxvHBlb1BRk7EY22GWQC4nVFTPtnoxwkrY0OjaGPcB9upm_rpuq52a_pyn6mU5qaBK9e-hHMj7As2fDQV5ggGbh7Z-MS8nt8rqKh9eoVpvh0yWHP61hXf4cFAtBhvtTAOVgOp75Vur96kV7vTEkDiA6EPoR98O0KUjC-pYbEPOivXKKDscx78XBgK6sGDH7Xw1p-cSXbTIsNBzhIq0__Bsbmbaxh6gAvLcNMayomlzwcczXf130E9T-FCuOarPPC1W4Dglhc6x8Ns9X47yW5aZn3olHs0adqp2Q9lD9mXDFq6rx0ZtsMcUldmb78NEFd15jgMvdxrOLmv01ag6DKoDXOKSYIjzeJjBzpQWWK3YR4W0okzWBqUAyEMgvWBVNBMDoFsKF0FAMw75aWqT8g3hGdTQRgO8RwUDkih7cDciPA73ClzHoUMNP_RLtYnWTfUBco0yqnIqEuWvW98d7nTX95qOShCC5w33_tI6YN1SA7HkoT1PEZCO5Rot0MeOlnZbeeN0ghOKhz5kaOkkw4f_fUgeVM3pZqShM_FBMyHB4CvKQwGOmBPw4cL7a9tgxErtht9_trQ6I6NB_CFJ6BU74ro-nbZEDdMg&cid=CAASFeRozI_jT5W1s1rrxLiu0-i2w11QKw&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdbbe9b47d53b06db4b606bacfead067500a7e064b8cfc786854adb8fd374e30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31040
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C5EE 42 B
63 B 67ms
67ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ACDx-H953X22_oOwkyw1eyoqffoKvUtUqPtpoxbNN1SYyWY0jp14dWty3TyAoMmCUtcdvyRkOD9qzo09p1FIm7aJm0w0lH2PS3ctajtRYjG-DucIY

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C5EE 2 KB
1 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:57:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:57:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C5EE 119 KB
37 KB 167ms
92ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C5EE 15 KB
6 KB 38ms
36ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:53:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 464
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:53:14 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame ABA0 624 B
340 B 112ms
39ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL_tVRD79akBGJmPqrwBMAE&v=APEucNXln5cD2ef5le7skxWppo32fHPosHEIscQw9DKHfbJeAJUYdp8iq9u8gmdN1vhGPz3TBxybFYB_BKkQO4HirfzFrDsXiZ_zpbKB4e6ggdIKw6AALSM_R08_4FlOHfLqmlgbm6fJqryyzByBrUk0Ilz4UhZwS3-rI_a21rnLBdarVtKi-M4

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 14:00:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 876E 58 KB
28 KB 137ms
64ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BWOs-PalcutALftq_IkylNDnV2Tf4sMpVAh_A_Jm_KNZSizn_4xCljqLXg6qygVuxdtHQcgj0E1G1HZcTcLePAJ-MwcZSrv-NzG5agl3AyOy1sss6Z0J2kTgR4qs2td-aH6kuj0z_qWTf1NqLULPDqOLBVsA&dbm_d=AKAmf-DC_gcvubAcsH7OoHzqWzABztfMsUS4E1KUJjFrktKzRbs-XRxJRbmtBCpbwqwE_dbGChBctp0yIxutx6OpzZROIeNetql-n1KA5IlqDE3vckcH_A1NuPLlZhYD0BY7R2_n5h0QEF7p531vcJ_q3nwd0qtC6VFZg7b5_8YvBUbnJGMFKeQfR7lCLSh5vHVZkfEc-AWiK8ZTf_JakPaGTtErD1s8VYEKQcmomq4pyNRwOaAfACaXlFCirx-mRb7DYYykecZDFjGBD4g7XcAuroXZK7sZY7_6B84Akyokm753KGzst60wFa9oKBpSIkFdur51rv43Q9IL7lSUgDUOwFGG8idgOivj0uumV4L5OBaHbh_VWWFJ0Fo-vbOqn2C1CVGmrKQ5D1Twe7k1_s0YDuz3UFToFNgDHUoZ1Q18R93cPP0bGco-jWQGTYHMDpTk3WcRqV71-Dd91dpoMske16TehCxz6pPIO3yKrfDWOWVfwesZP1C-8ENnDQaOL-bHa0ck-irjQB4BkwGkMB0dAbk1vjKOFcYsVmBi46yGmL3YxLZag-MbczgWNBot1zz9ihSByGVJdOsoXUKrLPj_LW3C8GdkfoUowvCv1vtyNSx4wpiM-Dum2jfnncihggHjDjR8EBHb6w_73QbP82YVZVC3va0oQpfbUqVgeBUw1bQp17exqtMcGEyyyq2eA_sjh3Psqnb2OGCEsxr30WRx16SjsACmW0hWL6Vlcjwjy7KLNRi1nd_dsPDyQrdG9LtMJJadn9TaE-Y4VDy8dxqsc7JjxgYLFikLVXfby4SnXI_moz8fU4ZS9kFyyObn4kELptEldO31llJs36cEeABAwV261xhb1fVQN5Szl_8GajR25tWg2C3SUu_q2Et2IGFjDXsjUpLidwKABKAxUXVY-h9JjmO5rRC7Cqdgd-9-dMX1QYQwt76zTumvazBmRRq_SIKBej22gZVFL5G-sH663OR6wslGd8DTkGMoLaYnBz2V_eYMS0eSKNYCPZp4ld-PaukZThttt0tnOS4jbPNGVkk_or0yEuPkH6GBuvrj8JYdhwtD2aKNTo3fbK_eDk5fYZgFpxL7AofxnkwSRESjnEUQh4hEUfiEycMHI9nGoqriVZ9ceJF9Pm08K54zycIOwgCSKgd66bi7rFOaDLyUq9i36uVGAUVgSIyZ3bzcTHUR_IbbagbQI9HPKIN7T4ToY_bHNyxcBEAskeTwNk71uyQclykpWvNLZxJgFtGlqSVPXpq8N-Pm589149EhECM5yea7YFSxwIeadlRg4vZCulKLId-dx9UKIYhBgil2z6z3ppzjJn6yPrV97CoX92SCwlfRtoUcC7lqnG00ZBaHHKFOviwVfhdUwperZqHMHRWm344219qGSf6uA9yfbrNQftnAsRqI2FjduZiKUs7e3EoKvFmmBjgKE8-WX0M6vj4FvLIlK7BLUKI0fYfMGUovLK6X7CK8sY6JgUSZ3Q0u-o8JH-EhSN0_inpBcVWXzGxNhOzlU1_FKBbuZvqFo7i9dt-zcleqEyuuiN5VuY2jG9PckmpMk2LSTq7rf1cjRcaBynIfFjcNPA-OKirWkFsJQowRH7xD0P_OPAN5_AziP3Qqe2fkUNKVpeBY1clPsyAQ-xmiQbLtlJ23B1i0bqupKQl1pNUOT_w4LqPx1Mw6B7gWbDjtYQXKo_47zUndtH1BZEE8BfD1yJf1_0OmSxYXoOuV1Lu-PCIdmCYNw5NpYfvndZ8R8iV-HXzpsXruEWeOI3hhvfWfEJcY0sXvmHCaJzb8uwUZz4IlWg9vuFl4hdFgWpBPUahOQ-IyKxaHqYqdO0H2-JxgetWXar1EXdAP6dh77fnDWllNQxJFcLkzQVNiV1fkP6xsYcLK5y65052fG67m09C2zWBnf87x2CaLl4BQCVbrh6NYWIN61KT4qpq75gIevvIbCSVeaMRfZXvLbfRLE5ChLV0qjWJAHxptZF7nm5iS774IOHz4I3CP_ujLgtjCsc8ykx96lgTIFr8oAtD5bUGVZCUFh0xMqUJ7XvMlPVPYVehwL7PIz4LH8hkgefpFMK_j8K31LRw14WBnA2VhxVEj6viOGRruDQZ0hu5bm0FkvuIEuxg0HPfmch45Q5rSKhGKXi6y1JOnParYbjezGDhJvWggbvhNhkRUdcRk88SwqH_qTq-nScCXVSssjFUaVr0xdig3af_NMTsZr1ADxoNccHP0Agl7mLKu3aIIR7RA-jbt6KaQV4vD8IY-0-MYvaW4R0offrAjBZIa0hW9k_L4CMcD-1II_zFrhcaNCdHSv1TxmPeVrECXmpHtYW9mhmL--ieWG3EI0RcPANO4SGyYVFiHZJdJmBzOjMAAaw1X8Zbrp-qOgzuLAqzqy0IhbnY7A9NJnIZrkn1CbkxfSklLFTbFKeocXzLIpmJXS8x2ZY-fhD2L_Ry4QsQpC3sbRi7JwfdNbB-AWmwMN37D_OTKqzIkq0CJv5RjW2r2N5wPIy3qvpBMV0sZco0LeVUX5og5pOpTiRg9OBszPRT8frxCqgIkZxGByHSkrG1fwR4105evVGcN24neViLp7opW2ANaybXAqMvJgZezLgyopN0v35DfP0esxV-7_YiHFmn-acElBOBagW40NbTOl-TC-C6H76rPzpWU_3f1DQRr1jlPYDyv_duQxZjZyLU3hatOEP04bFEouMNqROsvy4GrncVEJba5Cz3GxPKjlru_1igU-phEGlTWdAQ6J3u-jQPepG99nrdM3o1BzT1i4VGW4kLd3sZIwUsViu9G5rUfro_5aaed8FkgCWzcgAKHqEj7NgGQ0L2aFdZyglnTalEpqV_O370jFh3DXhf9AjhNMQrvFrSOwYM8hJHLMvtRop2h6m0GFybY8zrmn7F2hPIaPv4Y7XZGithdnNg-fzXYgwnmOQQGxRoqpKxP87hwY8pvswPnsySEPazNN2-8NvGS5gtsY87uuZLpCbgOYcPXoOIYFPrN_zc8oIOXMuL53z9Vr7Y9UxJ1equJGRubMo4pbFaXbivZ4M7tfayRaRf9bK9xa2PSaPY3-O019eWcrhayMmYj0UaJW9kNS86SWGEni7tAdsoAVG6PtlKSLThR0xbKeBS5ajLmUFj52ZJv52QVUS5Cj3Snp91p94dO5PvDgc6detRCe9g93lOzq3A83uZptlj9It9mPYhjc2Bqj4bcXeN6LT-B3zaftUCjrcsgmzjDGXAuLVpUSZpSJSmYdhBq7ATjlldtYCJQa17zyXYsu8HYnOcpg0cttJ1ZZvw5p8OQVKotq9y2-dU2220fpv8&cid=CAASFeRoRq24bFmdmUFI23j4ieG5XK5HdA&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c45b8cd6c44fb38cb399a1cd975969a9aed8972e043855bf98b88dc7fd9bb75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28913
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 876E 42 B
63 B 68ms
67ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C-EwhKmhmtDOCj3K0KaeT-FzQTJLwrNRpJcWrbNKZ5mq_l3LmNp4u9xOrtsDiXaiKltIjHvE9tor75PWxTZeWUGlRoz3CTCwu2FFqpySmvYZJcTV0

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 876E 2 KB
1 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:57:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:57:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 876E 119 KB
37 KB 145ms
73ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 876E 15 KB
6 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:53:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 464
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:53:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 876E 0
0 35ms
34ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSnuKoM6eX2RTEarAC7uNAYV1FzBx_ZPsFjkbUY44z74E-eNgvKYi_Fx8CB2enWugA6ENdvFcIt_lfZ2Y0JrfHGnyD7Gw
Requested by: Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 829C 624 B
340 B 124ms
53ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CI_HFRDCyPr1Ahjiqru2ATAB&v=APEucNXP8seC-QqIpRD1F3Hpi9evrBxnzc3uiOqcPxyYPYUzyzZYep-I9YDnXw6sU-y8yAGp5YdsDvXzvON2XhA6JqYTjrDIko29e788KpcyrOo8RLbo36RhBudI3e2qNbbuKlD8ivdPXXXSQxl3NphG4E7bLNuLpJXSmQIFBlBZqzmK8DxM9rE

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 14:00:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F626 24 KB
14 KB 156ms
87ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AOtSRCM5WXD_55aoyiSJhft0j9kLZJrJp2kVfOMrQDdJPapxX7gbCoU26ec3rcNjs58l_ufEkK6fen_aWAITeXvuDo8oJTRKvyjp4SrNZrZEHs30OnnXfBpFIwJqL_9IsOZU8_nQO13_VVVrNel-FhLZuepA&cry=1&dbm_d=AKAmf-DfTYfGt1eioSAg_T87s__3QHksXbuSFtrytRwVXk7DyUulXBuZwVcQ_U7_sZcbY_XqZnMFV79YnAGuftCGeJPN_TKT_u5HsIPfFFSXKs01C8saTzGL4zu3H8Y9dIduLTjv4fi-svnrJWfZyU3CJ6-RJkEM80bbvlp716c1A1umzq3BKvQ8kdrB9E8YgCdJZHTpk8_bK5l0Iqe64HT9pAuk1ybD51xoWk-cXOUjp0_kCL0Mfb9z22qaiinjrtdBA3mUhASbKnZJzEa7wtXXmM4u8lG-17fgv5UJag4VLir99KANmGy26gECq0P7esio6BKe7J4zpmsQ_PcMsmnof7Yxd1wrodKlqTERy3gOCsQkNaWmi05JHfU2zZQUJjiWC6XPlPAgRzOS6ZJTQcQ8333ru4r_uX2PJtQ9NR3OCUegVZneBH8bljz8Z5ra1ZwMtNgqzuic97CF4_ae6VqCWGybSpnfXDf3kCZKf2XZVyxe4pmsfqAGlyzAxYe2BWlNUXNsHNg2PTXrgB1C8WMsCiQXN7yo6-7JKBhZagA6HWrOAKOVTTbB-BHCdb7kyNAwKgdz-qfuSEOjaqEnteF-e4DAxHtc02-dKGmYHyTUageDdcDwoaZQPsok2ipQKChqYsrDvP1m7G2c3vnbxAr-uBNJ9jKbyB0ZZjLisTahKTjehNYdnn4rPClT2ivCXset2XNLfC6iU8fTzFkSU5cchQAHn-8hjeQ4vM_9BGf5FWkLdmdKc990IADg7UnNSBy7c0WRVW-JMIL4mfZtPU0_WOAvpRrKHK7SchDUU-WuA2xfvg_Jxjh1cKYHDHbHvWKfjY_JsS9fXCPp-6HG0y7MXHtHKBYonnWvPEmf0RggZjblSaH0iK3N5h3SHojdcbAvqseYtlvG6zKq7RtFTv_ir0eGfCe1ncb7YogzK2axjUHSwB3tEG4pXG0DoShzTqbYaWRCFoP_3CmE5wXtGdAsy0b1qe7r6CsHdomdcVINgRY1O3OJo57VQW7gj-XlJrcvwXViUlylkPn-S7tGow1zRhllzPwj9wfKkB-6OH06IIAHww9dWzrCI2eK0j67pA3WM_uFkEJBzqjNTpYjuQV0R3tVyFHMd4KL5sngIjc5Vv0mpwLmC7nqsd4wxlfDq1JSocVRziGl8Nzj4b3o2pkOVl4og9b5kZvKXkj7fKddQqtJ2YNzBjtBSH69lHy2H_Xd-XevsxpTwVBqUwewQTlagHgGi1RyjlYnXImMsfDhFoBrQgVDSq1FojsKCHjGPmQHo2mdcRJjH_P0fepKiCqf1Erqp1WLoNrb13wvQBPeEF3oWhAxDLxPXyKxU98pRRrfe98aksrxm7QakBFtReKjBOPMOemZ2U3P-HJ4_IpmwqB-OaNaZLXSLl8ZO-l8s14mjyq1b4l2J0oyDslKq05jFXuOUK6vNOceKD26xqwhT1a1jNzVVOSg8-brL1h-X9pVA2-NnSxnE06ti6R4wBVLg9xNTfpA8OkjDTyVX-75dZzk4Nu2HpI12AiPPTUDssv9MhqN_7bgkKaQ9lElWEum98leQktSk4u7vreOQ81laKVutsdmO9vxnvy_fyoqMNWndIjImx0IzmTz2KDljBvPhxPSpuG0ZaUiUHLC9hCA17lVO2L0J-MJe4p-wvkCLCSZwuPJxhOks7mqwcbNAwovISKlJXXWvZ3tFlCUjv7vHsdlK1NTULiIrkUXErJe_s208RhLmENGHebIJtK0Is66Wf7ZxkYGlVJF0_YhWbH4ZQcEmnK1LnuPLfaDihp2woirTGB32cP2kY5KLhPToQl1tc0qUaI4PsAmVn3LL9eiBV8H2kZoSb-kte422GOzV6_wF5BbFNwhxW1sPPriIWHhAakAizOaOa7pXi76702sVLefsrUG8knn6CaqN-_MgPL15kUrSjMXvB428CPvj2jHI52lBf3OVXbBrD2Oo1ZwPXZdhkCqywQauJ2vGJ3Lg3vDaczwbKuzM53dTRcyUNIqbY9ISNKOmr2G2Y658x9c0U6waKVFIX7oe8PCqAAefsRDn-DZIMZOPe93L2MGOWlZJoTDBVCNKw8-pYB5F8HbH99rfkVHUzJhCMT_Uys0OS7iXFIDpxbzWyAUiEPNJcvbYInhAyAXr6VXNbGNuzWv43MPrm9VqrMan0T4hFxQxVP8uHQvccucYRTyxIOnNI12dR1pY6Z0ae99XwLF2aKvSQt5kIuawNShM96FY7fL4krXqKer7RW9rfp5R-WVI4JuRhJpru_3hL6Ig4BtRpDVn9rjotAErQEI1QE2UxgK7s2b-iGuITMBg8V3WAWdWW08G5gME8Z3_zXibrmfs6PXL3yWnYTwGR2Co9uHOT7PGe766N_CkcP7KjP689zw_G4pAmLJoEgFnvV1SovjGz9BExfD1ZquHEu27r1n5ygawtHU1T2IiLGGVdnaCwOB3Z0ht52MVulNsvlONVtvN70nYUn6AdEyN5J0PIh623XnlXWqDZyzRRpfqLHq4ssa4tHfU-ssmBBncvCcs6CGrgcGus5B4wdNHC_W7hpmBUTLbFZ3H2m2jUBy8fy1QO9JwW2FR4MlwjUf51KGaynYP3Dmahvlh1JON4eOWqPfm-r4mMhhPWZz-LLo2e0QSbi7yOUoSYK5cqkXWoQ_ZXQpfrddbTxkQJLv6Sp-T5ZGVSKelURLJONLw9u0DLadr57_Hr_3yc8Y72aNo4DIE5Fo7_f3Jy0RYO8Alf1xhybO5EdOERB1FonBmV_i4ZpG-dXw1A34ygl1z8iFWoDtyAvMSJ8pXnmzHn8QsZZMiKhmJiq3kzU76XGu6KcWUQjC-DaIOSnpMjRrKRBBYdRfvTlmK559Ti3bqIu4LCmE8CA6cU0vqIKgLUZZ6HH35DZoLdOBN1eNPfAPLaHpPruqhyPUAqoeTSBs4LVNGiNinBfa250ZcomunKJNbM_VCMj50guhgAgwjkSImWRd7-BLQmgnlwAhDWI6a-V6c5EnQcrILbgZ4Gt4e-SC2Smd0-wWruAssHrqUPp4fN2dQLWyFkq9ulhKP5Kz5ZgVENtRpYuS4HMrjP1UGjIoTPTHF4E1KAHG-MmTL5JXpeAI05H1Wv8QwOorJOcnM3h8XRWls7oMYtGp6giv4YuKkbiEkqtAg2ZrWQZaNP8uXFUEvf_NXdjZOuCZUN99Mg3OWyyI5LZE7wwG4X-UgLGG4JgUcdO_dDc8N_sRBr8EEo_efvixLtUJxNjXPAIGpkN015QpwKJaAyvk4SxgSyOKYN1Lg6FsP8ojY_7nIF7NNO5aIjPs93EKpXKAQ9gpgmT1ILzU5i1XaqRAshdnao26Fd156aXj62DvTxfdvZe3eKc2yNt2OTZ5uJ29VJI6zw58xxjC5nSVq4oaIuHw4ULHjG6q8rGY1ovCc0sQzFViS8GVl1J1g7h3u8mo0CdaA8-ZYblwBQOQYeo9L6WXb1livgJa_ARYfhynBAKMge0W6JbMDOu2bkpueB1W_pn-2Y_Dj6TWfCnITzg0hX7UP8OVqNzZLCKewjWftmnuLIZrARjy_MuWDkap4ooGAKBTL3gcDRQtpGKlVeEvsyt0GPIoEoJmWOGK8uZWnp76aPuVwe3BI389oTmGuUBd8mrBWTYPnzFhbvmR7MKZNNt7JFxlU84O&cid=CAASFeRomRDqC93N4bBax5IJO5b_UlNgRw&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4950c70944f5cddc0d3b7694fb170d6cba3a7d3919ebeb233f2557212a46ecd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14388
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F626 42 B
63 B 69ms
68ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CtG45qjEktyPXZV5GH1JBnyzC5zAasvewrkvBuDvfLED1Zz4s_ELtkOlgU8DOE3Y8gWfiOMXCKvxqmZYNQLKT2yHwZDdHOJ1ZCBnaYcIxcAFH5xpU

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adServer.bs Show response
bs.serving-sys.com/Serving/ Frame F626 17 KB
7 KB 128ms
32ms Script
text/html 3.120.90.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1077151113&gdpr=&gdpr_consent=&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCaFL2mV2zYe3AGMzJgAeur6P4DLzf58plzauwzLsOltDmrYkCEAEg-5i1QmD9gpGE6BGgAdu2kpUoyAEJqQK7PU2-4PKyPqgDAaoE3wFP0OtS_YeAzrqD2U3Hiee0EHzf8auouWZI63EBldasyKPQpdi2BD4r3QWQe7QjAIXuj6QanhGv6_MQ8FXk9mTW9GsKqOh4v4RusHJD5x461-gN9kC7cOpePB0OOCvLBkBRGU860yVEhrjkNULw63ldpxKyAVU7kxEe5Q_azonkI7h25MnrFKzur6hDI8R-zuYvSUQ0ADXsrnu_S6pSiKcNgyItE_TeO3NKgDrfvkAL3XUiqO_fPYZ4NfdtDx0i0Z3h_oeMIzT-E8L7LTr18h6Kxt5jy8bZmNIgmBb9RP6LwASF9YDf3APgBAOQBgGgBk2AB9vu4vQCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi0yNzI3MDk4MTUwODU3MzUygAoDmAsByAsBgAwBsBPPubMN0BMA2BMN2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRomRDqC93N4bBax5IJO5b_UlNgRw%26sig%3DAOD64_3LP_BLsyTuvh7Qf7k1QpXNF_1PNQ%26client%3Dca-pub-9070629843129312%26dbm_c%3DAKAmf-Dd-MYePdHMR14kP-ttpcodMHRA9UCKeqalGwrZTwbVJubIXPxUmLyvw4fKQ2HpCAqSS_Ze2x4tEF59aXY8LOIDNNeS0IeWjP5QOJRjv2vk71MqwkiLFR-mcsH-h-GPlg_Qb7zFkhxXoEli5Rsru_SqF99z5Q%26cry%3D1%26dbm_d%3DAKAmf-Bw76vVj9BhyPc-BALuYgQAqxn3JTdX7Nozym8vYSacJpaPEqxh2DDPLri78ZBLm5d5FlUjfET-jzF_k-06r8h-J1cRco666kRGsSJer0_GtbBbNIhaI5UVTIvGMLTDoDrpat-qvtv9_KWiCCRHTcoDrDpDbp8WWK5Rxum-hRzemB-uB5SJxKniyrboKTvzhA__fWodho3Q2SdiWwXBY2ynF506RhGSIZ4jzvbZLKma4a6JthgkT1Xf5d7zItIMaewapNAt1h_BNRyjI2Ntsl-3tnSDGe3SyPNFXyJTe2C_6Cb5nf_feSNgKKFUZhlpgQkQVlRP_k1DTAp4M4KTP3JGRcIVQwLsMVKsidJ3ssezybambH9T-1uap7KGWvk9KI2etms-XO7AKij9IETWHpm3f6U5fuwyElu8f0g_iZHthhzOxYF_iQCFQ9kpPrShIMyHGWjjFA4knsZh4x13p4-AaGRURw%26adurl%3D&e=0&ord=1639144857401517&z=10000
Requested by: Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.90.180 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-90-180.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 0c7c5562e74c2d98d787d6684c064814359e651d03579340787754a343906d66

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: text/html; charset=UTF-8
content-length: 6690
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame F626 2 KB
1 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:57:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:57:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F626 119 KB
37 KB 185ms
117ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame F626 15 KB
6 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:53:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 464
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:53:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F626 0
0 35ms
34ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTZKKA3-rjETNcd0LSS44GQK9Qhgir7oxMXOg1EM4QhtSqtVWNlX0FjBou-mi9yIsqt5GhkufxT5mro8zZxUwKsutB4vA
Requested by: Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 4B3A 49 KB
50 KB 107ms
26ms Image
image/jpeg 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcSLN24o4J5Rq01zz3yJ-L2HNGdrbLnTHMXB4x9eOaaWDUzoiM4&usqp=CAI

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b318fc1e5a27af32428f8eb048090034171125daa5fc756dc36054d63ba995dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 14:43:34 GMT
x-content-type-options: nosniff
age: 256644
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50425
x-xss-protection: 0
last-modified: Tue, 09 Jun 2020 10:54:32 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 07 Dec 2022 14:43:34 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 4B3A 12 KB
13 KB 146ms
38ms Image
image/jpeg 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcSYKpfdnqRKq6_v-yRtNsJy52Fvzp9lDjJVudvrBf2GD9itrrFj&usqp=CAI

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0affb5f65a6d6507724252ec9e8ec60bcbf12126ae42c974c67fd5b4ca9e025c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 18:51:39 GMT
x-content-type-options: nosniff
age: 241759
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12550
x-xss-protection: 0
last-modified: Thu, 25 Mar 2021 23:03:30 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 07 Dec 2022 18:51:39 GMT

GET
DATA 200
OK truncated
/ Frame 4B3A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5aec13eb55f7a72f29ae7eb7669db1cedebc6e8e53611e002d538bf14304edd

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v15/ Frame 4B3A 20 KB
20 KB 76ms
27ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v15/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 09:49:59 GMT
x-content-type-options: nosniff
age: 187859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20900
x-xss-protection: 0
last-modified: Mon, 19 Apr 2021 22:53:16 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 09:49:59 GMT

GET
H3 200 ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v15/ Frame 4B3A 21 KB
21 KB 79ms
31ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v15/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

880615098e4a8fa71bedc4b510d6b74145e0528eef749bf4127ee6db7989a1fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 04:37:56 GMT
x-content-type-options: nosniff
age: 33782
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21464
x-xss-protection: 0
last-modified: Mon, 19 Apr 2021 22:53:23 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 10 Dec 2022 04:37:56 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 72C2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1

43 B
1012 B

102ms
101ms

Image
image/gif

23.195.249.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNupDBD-0OkBGMjw854BMAE&v=APEucNUOfirPChhvb3VCOpwiMHlykV-y1ji31ZhwHa9-0SzWDqDIpqmTS-UsuJy8VQOMC_UqFJh9-yfb8SE9uH8n_-c-yMSYDzWOLJLMY25WtUq5CShUg-oppoDAPPtMS5QBnGVfAeqfIKJU8BYncyPE9H3cRo2-3FohdkAeDPwxlVqctTei0Kc
Protocol: HTTP/1.1
Server: 23.195.249.2 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-249-2.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 14:00:59 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 72C2
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNdmihoHu9qDakWgEwXNAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1

43 B
892 B

61ms
61ms

Image
image/gif

23.195.249.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNupDBD-0OkBGMjw854BMAE&v=APEucNUOfirPChhvb3VCOpwiMHlykV-y1ji31ZhwHa9-0SzWDqDIpqmTS-UsuJy8VQOMC_UqFJh9-yfb8SE9uH8n_-c-yMSYDzWOLJLMY25WtUq5CShUg-oppoDAPPtMS5QBnGVfAeqfIKJU8BYncyPE9H3cRo2-3FohdkAeDPwxlVqctTei0Kc
Protocol: HTTP/1.1
Server: 23.195.249.2 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-249-2.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 14:00:59 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 72C2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

43 B
1004 B

29ms
28ms

Image
image/gif

37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNupDBD-0OkBGMjw854BMAE&v=APEucNUOfirPChhvb3VCOpwiMHlykV-y1ji31ZhwHa9-0SzWDqDIpqmTS-UsuJy8VQOMC_UqFJh9-yfb8SE9uH8n_-c-yMSYDzWOLJLMY25WtUq5CShUg-oppoDAPPtMS5QBnGVfAeqfIKJU8BYncyPE9H3cRo2-3FohdkAeDPwxlVqctTei0Kc

Protocol

HTTP/1.1

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
X-Proxy-Origin: 95.174.64.205; 95.174.64.205; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 3fce27cd-138a-48cc-8d99-974a11691032
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 72C2
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

170 B
188 B

99ms
56ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
X-Proxy-Origin: 95.174.64.205; 95.174.64.205; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 5958495c-3722-40ac-82b5-392ae0b395c9
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 876E 24 KB
9 KB 32ms
31ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BWOs-PalcutALftq_IkylNDnV2Tf4sMpVAh_A_Jm_KNZSizn_4xCljqLXg6qygVuxdtHQcgj0E1G1HZcTcLePAJ-MwcZSrv-NzG5agl3AyOy1sss6Z0J2kTgR4qs2td-aH6kuj0z_qWTf1NqLULPDqOLBVsA&dbm_d=AKAmf-DC_gcvubAcsH7OoHzqWzABztfMsUS4E1KUJjFrktKzRbs-XRxJRbmtBCpbwqwE_dbGChBctp0yIxutx6OpzZROIeNetql-n1KA5IlqDE3vckcH_A1NuPLlZhYD0BY7R2_n5h0QEF7p531vcJ_q3nwd0qtC6VFZg7b5_8YvBUbnJGMFKeQfR7lCLSh5vHVZkfEc-AWiK8ZTf_JakPaGTtErD1s8VYEKQcmomq4pyNRwOaAfACaXlFCirx-mRb7DYYykecZDFjGBD4g7XcAuroXZK7sZY7_6B84Akyokm753KGzst60wFa9oKBpSIkFdur51rv43Q9IL7lSUgDUOwFGG8idgOivj0uumV4L5OBaHbh_VWWFJ0Fo-vbOqn2C1CVGmrKQ5D1Twe7k1_s0YDuz3UFToFNgDHUoZ1Q18R93cPP0bGco-jWQGTYHMDpTk3WcRqV71-Dd91dpoMske16TehCxz6pPIO3yKrfDWOWVfwesZP1C-8ENnDQaOL-bHa0ck-irjQB4BkwGkMB0dAbk1vjKOFcYsVmBi46yGmL3YxLZag-MbczgWNBot1zz9ihSByGVJdOsoXUKrLPj_LW3C8GdkfoUowvCv1vtyNSx4wpiM-Dum2jfnncihggHjDjR8EBHb6w_73QbP82YVZVC3va0oQpfbUqVgeBUw1bQp17exqtMcGEyyyq2eA_sjh3Psqnb2OGCEsxr30WRx16SjsACmW0hWL6Vlcjwjy7KLNRi1nd_dsPDyQrdG9LtMJJadn9TaE-Y4VDy8dxqsc7JjxgYLFikLVXfby4SnXI_moz8fU4ZS9kFyyObn4kELptEldO31llJs36cEeABAwV261xhb1fVQN5Szl_8GajR25tWg2C3SUu_q2Et2IGFjDXsjUpLidwKABKAxUXVY-h9JjmO5rRC7Cqdgd-9-dMX1QYQwt76zTumvazBmRRq_SIKBej22gZVFL5G-sH663OR6wslGd8DTkGMoLaYnBz2V_eYMS0eSKNYCPZp4ld-PaukZThttt0tnOS4jbPNGVkk_or0yEuPkH6GBuvrj8JYdhwtD2aKNTo3fbK_eDk5fYZgFpxL7AofxnkwSRESjnEUQh4hEUfiEycMHI9nGoqriVZ9ceJF9Pm08K54zycIOwgCSKgd66bi7rFOaDLyUq9i36uVGAUVgSIyZ3bzcTHUR_IbbagbQI9HPKIN7T4ToY_bHNyxcBEAskeTwNk71uyQclykpWvNLZxJgFtGlqSVPXpq8N-Pm589149EhECM5yea7YFSxwIeadlRg4vZCulKLId-dx9UKIYhBgil2z6z3ppzjJn6yPrV97CoX92SCwlfRtoUcC7lqnG00ZBaHHKFOviwVfhdUwperZqHMHRWm344219qGSf6uA9yfbrNQftnAsRqI2FjduZiKUs7e3EoKvFmmBjgKE8-WX0M6vj4FvLIlK7BLUKI0fYfMGUovLK6X7CK8sY6JgUSZ3Q0u-o8JH-EhSN0_inpBcVWXzGxNhOzlU1_FKBbuZvqFo7i9dt-zcleqEyuuiN5VuY2jG9PckmpMk2LSTq7rf1cjRcaBynIfFjcNPA-OKirWkFsJQowRH7xD0P_OPAN5_AziP3Qqe2fkUNKVpeBY1clPsyAQ-xmiQbLtlJ23B1i0bqupKQl1pNUOT_w4LqPx1Mw6B7gWbDjtYQXKo_47zUndtH1BZEE8BfD1yJf1_0OmSxYXoOuV1Lu-PCIdmCYNw5NpYfvndZ8R8iV-HXzpsXruEWeOI3hhvfWfEJcY0sXvmHCaJzb8uwUZz4IlWg9vuFl4hdFgWpBPUahOQ-IyKxaHqYqdO0H2-JxgetWXar1EXdAP6dh77fnDWllNQxJFcLkzQVNiV1fkP6xsYcLK5y65052fG67m09C2zWBnf87x2CaLl4BQCVbrh6NYWIN61KT4qpq75gIevvIbCSVeaMRfZXvLbfRLE5ChLV0qjWJAHxptZF7nm5iS774IOHz4I3CP_ujLgtjCsc8ykx96lgTIFr8oAtD5bUGVZCUFh0xMqUJ7XvMlPVPYVehwL7PIz4LH8hkgefpFMK_j8K31LRw14WBnA2VhxVEj6viOGRruDQZ0hu5bm0FkvuIEuxg0HPfmch45Q5rSKhGKXi6y1JOnParYbjezGDhJvWggbvhNhkRUdcRk88SwqH_qTq-nScCXVSssjFUaVr0xdig3af_NMTsZr1ADxoNccHP0Agl7mLKu3aIIR7RA-jbt6KaQV4vD8IY-0-MYvaW4R0offrAjBZIa0hW9k_L4CMcD-1II_zFrhcaNCdHSv1TxmPeVrECXmpHtYW9mhmL--ieWG3EI0RcPANO4SGyYVFiHZJdJmBzOjMAAaw1X8Zbrp-qOgzuLAqzqy0IhbnY7A9NJnIZrkn1CbkxfSklLFTbFKeocXzLIpmJXS8x2ZY-fhD2L_Ry4QsQpC3sbRi7JwfdNbB-AWmwMN37D_OTKqzIkq0CJv5RjW2r2N5wPIy3qvpBMV0sZco0LeVUX5og5pOpTiRg9OBszPRT8frxCqgIkZxGByHSkrG1fwR4105evVGcN24neViLp7opW2ANaybXAqMvJgZezLgyopN0v35DfP0esxV-7_YiHFmn-acElBOBagW40NbTOl-TC-C6H76rPzpWU_3f1DQRr1jlPYDyv_duQxZjZyLU3hatOEP04bFEouMNqROsvy4GrncVEJba5Cz3GxPKjlru_1igU-phEGlTWdAQ6J3u-jQPepG99nrdM3o1BzT1i4VGW4kLd3sZIwUsViu9G5rUfro_5aaed8FkgCWzcgAKHqEj7NgGQ0L2aFdZyglnTalEpqV_O370jFh3DXhf9AjhNMQrvFrSOwYM8hJHLMvtRop2h6m0GFybY8zrmn7F2hPIaPv4Y7XZGithdnNg-fzXYgwnmOQQGxRoqpKxP87hwY8pvswPnsySEPazNN2-8NvGS5gtsY87uuZLpCbgOYcPXoOIYFPrN_zc8oIOXMuL53z9Vr7Y9UxJ1equJGRubMo4pbFaXbivZ4M7tfayRaRf9bK9xa2PSaPY3-O019eWcrhayMmYj0UaJW9kNS86SWGEni7tAdsoAVG6PtlKSLThR0xbKeBS5ajLmUFj52ZJv52QVUS5Cj3Snp91p94dO5PvDgc6detRCe9g93lOzq3A83uZptlj9It9mPYhjc2Bqj4bcXeN6LT-B3zaftUCjrcsgmzjDGXAuLVpUSZpSJSmYdhBq7ATjlldtYCJQa17zyXYsu8HYnOcpg0cttJ1ZZvw5p8OQVKotq9y2-dU2220fpv8&cid=CAASFeRoRq24bFmdmUFI23j4ieG5XK5HdA&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:58:48 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 876E 8 KB
3 KB 32ms
32ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:52:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:52:26 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 876E 0
571 B 173ms
79ms Ping
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvoOzaUstcjsUAEJ9H18tn8D_1Frsnm35hkrdcJi8hknag6JWfUsDSnpcXr9eftNxIg21fP6FZw16lsgUUx-Zbqf6W6-euOySxlwqSC7seZvAXM0ml_RpC9aeoUD5eAtzWBx19k2lL3MS3pjuaFl3FQg_M9m0BRjsr893JWvnHBJO8ez6R5cMfRVNvY3y_JX7MhMTf2EwH8CeQMky502cfiwegWuslTLsuvTKaqfHO69vKKDwLwcq3imOGlVl6otULKGAoYv1_JehMZUfOD8OBEuvn-29GBB8Zk9-erzZVhhxEqd8dGdqHODE39cnUIiBKIq3mzduSOYT0ClS9der7Q43B6GunUMtDO-L3j67eoFc4jdkw0KBaMigOHath2KVOQ3z6wXLgc0Oq378USPx4I4_S2haVQ1RxdzvTqxXBAlcnvS_TOpCo5Xfp7o7-835N6KvLdc_t47K7RcB7b461unQYnO9gIN0-XxTjVzueNOgKnMRU8DuP1C3JItAXKm5LRA2WLz2S4E8YpXXg2AQA5xKZQ0dRh8ckg0J1-xMzI-w4So-s5PxyjJaZuv3GqsGItKbRqogyEHm9tYBmB6TeJeo0jyUMFkaoBM4Nu5zFmDi0QacN0V8ixuaEm_qREwHnqv-xdHMU5KS_tox-b_ggJemR_TP4IM-KGL7ojfF4x1ShrA80K608R2Boif60uUonoYgrImTutwiiZiZXtTxNCGE4t_5NtZGegegBxkJbZi68aEvI7CMH7-CgaF_HdkXNARvScUxdyCcdfrwj9C8wlgN4nR5zGQ0eudh7_jwcQHNhNocaCFzBu2ZP6bbLNw4Z1xMrarfBvaPxZAEVVARDeJKkbHDnhvhyOw3a9-xL6qa2AS2VyI0fWMcTboOwTgIfOjck1bWA0M1tW-N9VRuMEqVGopfnf8iyGK_rmUoGXQxFw_b-mxfzhRtJx-FQ-WVTL-a7BLWSnbWhR2Pu-_z1OcyjOI4xfCc1HQQRAcnGqh9mRXKt5RSfmoPIXnKCaTwwT3EUPmhvjWxawzL5EUNUTsQ2W4VAOq2-sEpXDJkKApPcO-TlG2TlO1KICdnyTwjiUF0_Jm5CWXn9EfUTTNbyPG4lJLB4lxC1f&sai=AMfl-YSwomBe5OlUVcPb2o1qLVZ81-LDb3E3detdzNEuSvRpA_r0pG-HXTX6VIuXs-gOyc6ajD91nu2ImZg9HkjZKlWfhHIrxLxZhmsLNxIznp4q8YgLSBVrenUnx7Mpx-N17y6HSUSpLEJU919YM2skFNy8gLmahDbtTp_o3LE&sig=Cg0ArKJSzA6Yv28CrxQXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211207.34012&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 10 Dec 2021 14:00:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 moatad.js Show response
z.moatads.com/publicisespuigdcm372604918178/ Frame 876E 322 KB
109 KB 124ms
36ms Script
application/x-javascript 23.202.53.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/publicisespuigdcm372604918178/moatad.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BWOs-PalcutALftq_IkylNDnV2Tf4sMpVAh_A_Jm_KNZSizn_4xCljqLXg6qygVuxdtHQcgj0E1G1HZcTcLePAJ-MwcZSrv-NzG5agl3AyOy1sss6Z0J2kTgR4qs2td-aH6kuj0z_qWTf1NqLULPDqOLBVsA&dbm_d=AKAmf-DC_gcvubAcsH7OoHzqWzABztfMsUS4E1KUJjFrktKzRbs-XRxJRbmtBCpbwqwE_dbGChBctp0yIxutx6OpzZROIeNetql-n1KA5IlqDE3vckcH_A1NuPLlZhYD0BY7R2_n5h0QEF7p531vcJ_q3nwd0qtC6VFZg7b5_8YvBUbnJGMFKeQfR7lCLSh5vHVZkfEc-AWiK8ZTf_JakPaGTtErD1s8VYEKQcmomq4pyNRwOaAfACaXlFCirx-mRb7DYYykecZDFjGBD4g7XcAuroXZK7sZY7_6B84Akyokm753KGzst60wFa9oKBpSIkFdur51rv43Q9IL7lSUgDUOwFGG8idgOivj0uumV4L5OBaHbh_VWWFJ0Fo-vbOqn2C1CVGmrKQ5D1Twe7k1_s0YDuz3UFToFNgDHUoZ1Q18R93cPP0bGco-jWQGTYHMDpTk3WcRqV71-Dd91dpoMske16TehCxz6pPIO3yKrfDWOWVfwesZP1C-8ENnDQaOL-bHa0ck-irjQB4BkwGkMB0dAbk1vjKOFcYsVmBi46yGmL3YxLZag-MbczgWNBot1zz9ihSByGVJdOsoXUKrLPj_LW3C8GdkfoUowvCv1vtyNSx4wpiM-Dum2jfnncihggHjDjR8EBHb6w_73QbP82YVZVC3va0oQpfbUqVgeBUw1bQp17exqtMcGEyyyq2eA_sjh3Psqnb2OGCEsxr30WRx16SjsACmW0hWL6Vlcjwjy7KLNRi1nd_dsPDyQrdG9LtMJJadn9TaE-Y4VDy8dxqsc7JjxgYLFikLVXfby4SnXI_moz8fU4ZS9kFyyObn4kELptEldO31llJs36cEeABAwV261xhb1fVQN5Szl_8GajR25tWg2C3SUu_q2Et2IGFjDXsjUpLidwKABKAxUXVY-h9JjmO5rRC7Cqdgd-9-dMX1QYQwt76zTumvazBmRRq_SIKBej22gZVFL5G-sH663OR6wslGd8DTkGMoLaYnBz2V_eYMS0eSKNYCPZp4ld-PaukZThttt0tnOS4jbPNGVkk_or0yEuPkH6GBuvrj8JYdhwtD2aKNTo3fbK_eDk5fYZgFpxL7AofxnkwSRESjnEUQh4hEUfiEycMHI9nGoqriVZ9ceJF9Pm08K54zycIOwgCSKgd66bi7rFOaDLyUq9i36uVGAUVgSIyZ3bzcTHUR_IbbagbQI9HPKIN7T4ToY_bHNyxcBEAskeTwNk71uyQclykpWvNLZxJgFtGlqSVPXpq8N-Pm589149EhECM5yea7YFSxwIeadlRg4vZCulKLId-dx9UKIYhBgil2z6z3ppzjJn6yPrV97CoX92SCwlfRtoUcC7lqnG00ZBaHHKFOviwVfhdUwperZqHMHRWm344219qGSf6uA9yfbrNQftnAsRqI2FjduZiKUs7e3EoKvFmmBjgKE8-WX0M6vj4FvLIlK7BLUKI0fYfMGUovLK6X7CK8sY6JgUSZ3Q0u-o8JH-EhSN0_inpBcVWXzGxNhOzlU1_FKBbuZvqFo7i9dt-zcleqEyuuiN5VuY2jG9PckmpMk2LSTq7rf1cjRcaBynIfFjcNPA-OKirWkFsJQowRH7xD0P_OPAN5_AziP3Qqe2fkUNKVpeBY1clPsyAQ-xmiQbLtlJ23B1i0bqupKQl1pNUOT_w4LqPx1Mw6B7gWbDjtYQXKo_47zUndtH1BZEE8BfD1yJf1_0OmSxYXoOuV1Lu-PCIdmCYNw5NpYfvndZ8R8iV-HXzpsXruEWeOI3hhvfWfEJcY0sXvmHCaJzb8uwUZz4IlWg9vuFl4hdFgWpBPUahOQ-IyKxaHqYqdO0H2-JxgetWXar1EXdAP6dh77fnDWllNQxJFcLkzQVNiV1fkP6xsYcLK5y65052fG67m09C2zWBnf87x2CaLl4BQCVbrh6NYWIN61KT4qpq75gIevvIbCSVeaMRfZXvLbfRLE5ChLV0qjWJAHxptZF7nm5iS774IOHz4I3CP_ujLgtjCsc8ykx96lgTIFr8oAtD5bUGVZCUFh0xMqUJ7XvMlPVPYVehwL7PIz4LH8hkgefpFMK_j8K31LRw14WBnA2VhxVEj6viOGRruDQZ0hu5bm0FkvuIEuxg0HPfmch45Q5rSKhGKXi6y1JOnParYbjezGDhJvWggbvhNhkRUdcRk88SwqH_qTq-nScCXVSssjFUaVr0xdig3af_NMTsZr1ADxoNccHP0Agl7mLKu3aIIR7RA-jbt6KaQV4vD8IY-0-MYvaW4R0offrAjBZIa0hW9k_L4CMcD-1II_zFrhcaNCdHSv1TxmPeVrECXmpHtYW9mhmL--ieWG3EI0RcPANO4SGyYVFiHZJdJmBzOjMAAaw1X8Zbrp-qOgzuLAqzqy0IhbnY7A9NJnIZrkn1CbkxfSklLFTbFKeocXzLIpmJXS8x2ZY-fhD2L_Ry4QsQpC3sbRi7JwfdNbB-AWmwMN37D_OTKqzIkq0CJv5RjW2r2N5wPIy3qvpBMV0sZco0LeVUX5og5pOpTiRg9OBszPRT8frxCqgIkZxGByHSkrG1fwR4105evVGcN24neViLp7opW2ANaybXAqMvJgZezLgyopN0v35DfP0esxV-7_YiHFmn-acElBOBagW40NbTOl-TC-C6H76rPzpWU_3f1DQRr1jlPYDyv_duQxZjZyLU3hatOEP04bFEouMNqROsvy4GrncVEJba5Cz3GxPKjlru_1igU-phEGlTWdAQ6J3u-jQPepG99nrdM3o1BzT1i4VGW4kLd3sZIwUsViu9G5rUfro_5aaed8FkgCWzcgAKHqEj7NgGQ0L2aFdZyglnTalEpqV_O370jFh3DXhf9AjhNMQrvFrSOwYM8hJHLMvtRop2h6m0GFybY8zrmn7F2hPIaPv4Y7XZGithdnNg-fzXYgwnmOQQGxRoqpKxP87hwY8pvswPnsySEPazNN2-8NvGS5gtsY87uuZLpCbgOYcPXoOIYFPrN_zc8oIOXMuL53z9Vr7Y9UxJ1equJGRubMo4pbFaXbivZ4M7tfayRaRf9bK9xa2PSaPY3-O019eWcrhayMmYj0UaJW9kNS86SWGEni7tAdsoAVG6PtlKSLThR0xbKeBS5ajLmUFj52ZJv52QVUS5Cj3Snp91p94dO5PvDgc6detRCe9g93lOzq3A83uZptlj9It9mPYhjc2Bqj4bcXeN6LT-B3zaftUCjrcsgmzjDGXAuLVpUSZpSJSmYdhBq7ATjlldtYCJQa17zyXYsu8HYnOcpg0cttJ1ZZvw5p8OQVKotq9y2-dU2220fpv8&cid=CAASFeRoRq24bFmdmUFI23j4ieG5XK5HdA&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.202.53.245 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-202-53-245.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1ad1e1ff4c6fe8b3ba9034712530214390bb42d682cf0f0f00760d9a9d165ba9

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 16:36:13 GMT
server: AmazonS3
x-amz-request-id: PDPE9KVADQXMFQZE
etag: "41adac8f80fe3382cb171e636b7169a4"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=46564
accept-ranges: bytes
content-length: 110709
x-amz-id-2: WRVXXdcJUE116oPj9YUdA7CECEoOWCCZNAYAPqet8TnpWmnzkN6qls7UX46rfvS38L4VbGrPgD0=

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 876E 41 KB
15 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71715
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 18:05:43 GMT

GET
H2 200 CDpacorabanne_prpromotionalcampaigns_pacoxmas2021_conversion_DP_hub_mediumrectangle_TBC_0_EN_SPR-20432_PSD-packshot.jpg
s0.2mdn.net/6977787/ Frame 876E 89 KB
90 KB 131ms
29ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/6977787/CDpacorabanne_prpromotionalcampaigns_pacoxmas2021_conversion_DP_hub_mediumrectangle_TBC_0_EN_SPR-20432_PSD-packshot.jpg

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46548578ca8a2c7fe261de50083676bbe4ad77babe0be4f2acfa783375e0ca91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 23:07:10 GMT
x-content-type-options: nosniff
age: 53628
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91094
x-xss-protection: 0
last-modified: Fri, 26 Nov 2021 10:06:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 23:07:10 GMT

GET
H2 200 m
secure-gg.imrworldwide.com/cgi-bin/ Frame 876E 44 B
562 B 210ms
65ms Image
image/gif 52.19.128.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gg.imrworldwide.com/cgi-bin/m?ca=nlsn308670&cr=162239681&ce=N465010.2120902AODDBM&pc=321914950&ci=nlsnci3080&am=1&at=view&rt=banner&st=image&r=3878809652&C78=G1,DCM&uoo=0
Requested by: Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.128.14 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-128-14.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gg.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 906A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1

43 B
1012 B

168ms
65ms

Image
image/gif

23.195.249.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL-8UhDTlVkY5M-nXzAB&v=APEucNWfCy4R_G8jglaiDIz4nWONMVd4D2HB8mBhKiLRbahD-0mfZY0K6OpHUD4nOJyM_saFAk5PiI5rPp0pOSR1RnzHghumMLcICnRayVv94dPaOBPCpbWoQu0wWhhzEgnN1kOEcieRTYpLtdRRXUVeg8wrj3HtGZr6c4Ma23LFTPIerxUAKZQ
Protocol: HTTP/1.1
Server: 23.195.249.2 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-249-2.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 14:00:59 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 906A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNdmihoHu9qDakWgEwXNAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1

43 B
1012 B

109ms
60ms

Image
image/gif

23.195.249.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL-8UhDTlVkY5M-nXzAB&v=APEucNWfCy4R_G8jglaiDIz4nWONMVd4D2HB8mBhKiLRbahD-0mfZY0K6OpHUD4nOJyM_saFAk5PiI5rPp0pOSR1RnzHghumMLcICnRayVv94dPaOBPCpbWoQu0wWhhzEgnN1kOEcieRTYpLtdRRXUVeg8wrj3HtGZr6c4Ma23LFTPIerxUAKZQ
Protocol: HTTP/1.1
Server: 23.195.249.2 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-249-2.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 14:00:59 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 906A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

43 B
1004 B

92ms
65ms

Image
image/gif

37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL-8UhDTlVkY5M-nXzAB&v=APEucNWfCy4R_G8jglaiDIz4nWONMVd4D2HB8mBhKiLRbahD-0mfZY0K6OpHUD4nOJyM_saFAk5PiI5rPp0pOSR1RnzHghumMLcICnRayVv94dPaOBPCpbWoQu0wWhhzEgnN1kOEcieRTYpLtdRRXUVeg8wrj3HtGZr6c4Ma23LFTPIerxUAKZQ

Protocol

HTTP/1.1

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
X-Proxy-Origin: 95.174.64.205; 95.174.64.205; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: b10f411b-e511-48b7-bb8a-d11ebdcac17b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 906A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

170 B
188 B

85ms
41ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
X-Proxy-Origin: 95.174.64.205; 95.174.64.205; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 13d2f9cf-41e8-4130-a72c-653bcf8ea4cb
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame C750 24 KB
9 KB 32ms
32ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CtrBRUdHZFMIOJnBmdybfXbvwZscq-_J_haCcD1JjP5yM8FNkMfU77a8PEok5v1GAslyvLZMsVs7733d3Fj3N9jaaHKuU-p939_x-koOHdDRVzb9QyL147yq7ONgVlZ9SqsWLm_wIIRFE5JhTq1OsGTiQ0jQ&cry=1&dbm_d=AKAmf-AdgaKsL3zt50N6ezHM-OxHw8qdYSWU9SinqnlA5AhPJqTbS_XvIqDMwDOJfjC_Q1bnYeCSBWJ3qVo6dlzCwsE5pnKB29PX5spuPz1PAGUFjud8Bva5V3hsuSs8LATVJWY7rxAHpKH5o6A01nDlCfLFIwJCXeTK2jbwlEIU1Fuv2nmCcpkUSIEtnYdH8MAcLCIzItQo8O1sKFrEImZbzbMUW2xlYpuptuH_v2LplwkbVcH-4bUn15the4j0-9R2QqMFIh0pRiqqsLMvBFPLgj2DPHu3luIaJOFOzDNDOD7DjLcoyVXZqD8-Ax_ww3BZOv1fOcyIKbJeR9aSUqbOKEcJqgbcdU1D5YJR88oSWoId6d97fePPAcpOSn1PJw0fsmkRJxsPufdsnXK6nxCIR5cGGbMjSEKt1NQeXLDUGg-YOexWFHgsqWgfVfthYJA9svGomVBTw9kttoBQilB3-gpaT49_-pdF4vQvJpCf3ZPy-FiPsi_dOH_LkvNNLJH5GwlSNn1XliyASujEbAryL-PB3sdfG_pfBx-R-x4EQ9n5AwpuYmQNiF2Bsnlt8sq9gZOtbOVKKGyoCu4XlDokPmLR8XVIWqLZs6bqvSSSi_gFNWrxQanwdcpPu-O3kF0U-3GyAafmn4WJrzQwxUbqbSuod0EGqFKLntO5Jmnxr_GMxg-urfe0i47_xfNxOSuTcdwNeJvES-ug0UROs04k87e4yDoyJaxTlMvhk-SLbZ5Kx_sx7BhNY85H-pMvK_kGB_Y5W5rkK4lS0ipatNR07C_iQH3YoQ5cdmVf3ESoiMp3O5-N2UNZev3dsASTQlT54hMTjsg6PNJZI5MmdwRRefV3f4j5XTOyiViuTG1Zea_NmUXuqW3ZEoIA0_cOJZSquJFlpY_xjoVDlvXy0oU8d7J_9QmhdWL_P8K4y7qd6o8CmerGzygncdO_rQ-yAwcEfVnrXjG1DWgAO0zRUZf3IrheJPSFJ0WQHegx12M7K9LccdeXpW58Vytf0bBhTcuN6ey11SW_m1YKTRfU64Qvt3nfLLZIUAwOnU5Itc6Vtm-mmH5ghvCdvMo1_F_0-VGmtciJRfAX3lLFpcmHZ-fLMR4lRkNQGwPXECvgOUBlUi8hTKu6H0IFMbRt0FA_OX5M2JYfFs1tmCoqWCHyen67YTyp3gH-Cf-UbcV_27GWRfdRIGIiVEgD698jbA99snWrPjsELS2KkUL3Lhn4y4nzgaxj1lclOkXMOHqP3UNqvtXj-g2yhBjCbe4hIT9do1Y-KHkDH4EwU9i-UlfiGyGWrvSK4WBzMeAoFW8rv1SzopawPsCBO00RmjmKOj1JnrtGXZ6XKQziiKA7VluqVf8FJ963_rmI5N6VKdNvfoAZ4XgMhH1EXP72CNpnmSBA9z-IzTzbPI9oIhC-fVUuobdpDvGa5AVzhjiM8QPhez6Gq1uuD-VPuRUNmmpW9WwyUIlW2OMJ4MhMwr8nRtqHW7jrxgjG5konWls5dd_zGbuRmJPow5oDjO9igLoKUvsdQ83OTmQk-EiFnrV9yg81Aao4ySBE-pkaZA7Wg_hVTTVQ0PlV-Lxsskvj0t7i1Ulc1803ERsgAsvnxTut_dA1bXNLu3JVl0MWv9_K7X_jc7HpS8-vhZxX-g9Q4BxLJrn3l7eyG7yoGawC7R7SWw2ySuAchkDDdN-f28g63eR4NvVQNO5gLY1bmc8Ttad0RPaUQwSHs0p3cPhxCGhY4JfJfmCk3TwPVL-QblXzVmL_jxwAeM6DJrdWEKMC1Plo8AkMrTKYl6I77ru9s9aPxwM5Bjl_CwtCjMOrZeHrl9CHILH_W8BSFR61ZZrMil7eB3OIeInf6cBoRYixpVtce7tKewYJvoM0AuMCExNJwZsVS16Xk3jP7kKuJTopm0C85YojgrU-OB8cVmi5z8IZTOR_u-o00lhGXFONqb1pH2WWXsGYsngJ0L6dUtOz1zzjW7qeXrmsGNltr-J35eW2Oy_PpdpVRWsaMqcUoq559noCBMxc98OFm7ATOuSMCI6zB0jJNqPJPp2-fTDJY5CaTAxvfVM4QN1qIRLycdfmHAPU4EUlpUYniL7sji0xk-w1VdLvChwwZpafboiFhkr_5JUnPd878CfG12x9IfR0QdL20GGoV1OS5PNVzcbo4qaQpEzREc8nTE6Ium60XhLxeiTpQ41zn_LhFO0C1-Vz2t3Vs6MaeTZMlNWGF688CPQCdaHQSg-YPEDyueiXIDklDgoT9vHEjoXxsKBQInz73ANTgR-ufOszyzLr0xc63cI5CE6ig6pn31a3zRrMvVo75VzrKah1F-RjOF2_Zh7kGp_n5Sou4SBdSgn8l-sR8SBivxEGt5QvSvaBzZO5GMKjJGHgw_IbLWougUtypyENw2ZfM7OzpIqF57FoqgCvVtjqnpnXtCjuc2OphezfYAoVNpJltF1R4qKMG_NbfnLQbqNK8oX9eU6cVDY5I7IH_F7Gl2oJK6bj1nqQmeMofx5SoeEXFBSJhJM41CSXKvydscgOF2W9_bvteFI27gyNxma7uR3jqdalZ0VxuJRJMt7WKG8bkrdZSPOVAvsbLYV2vNdjNRxzeaG3IOziZ_-jGgQsaGC70JQQisX2i-P6IoiX6EcFQtoYIrfnWbSQ99GsK4N3PVtCZBKcsG2PHhmcZOUQQEMVXc-x2gjkZRnHO_cfsxCpXXE20CBsrQD9xufUtBTsYbY_Y3as9NOd7ZfAL9E_R1RYRPWr2R-wUCYIhzzFiXt-4W7-ZBpZ6B95nN0U729kg0GqWJV4WZnHZLfDYlLQjlmqzNvW-kFPYey4QsEmh8r31d94Ru9l5vE2jijywHDDG2qASYqZRNPgdM_usCeWFfB0jOCrFF8y2vQMryKoFMiW9ziHWRB3CkohP4ixCZtoOq7UpgGAP2Bz--5iWz1NrAj-b7Uy12wkcwZuW7_4DPuA_zDYCNob8h0eTIK1ml85wK4AMmDtpY7ukx5Sm-yBP8DntQZPtD7hnXI__e75hDj6Q5wDZLMMRFOITh1ngPYuK9hlKj5GiNdzlFCOGgBmy5b2zt5jbrg1GHTSEl4VzujsQnor1_JEwsfn5mf6G30aYhfyuqb41YgDh3uzXGaStv7Rkb5kC1fzjo2vRlsZuDue1HuCGksRPy-ckC-K4ItFF3qdqmRIBVkDypTInlZJ2f9alUi6J7TOUOxFKwdGS5Rd5IbkV_-eUFtMS5IxqXBZDqsOVszVZc8B5aQYeFWIrX_GAI7wGCaqwBojgSOJnr4hFfQOWH_1ul05t4VqlLlAjkdmT2p1TwJOxp5v5Ttfdz-naFn5bTkB00pL02CoEUPKICihFMx8W9sdydXYhNr1AeOWnScBD6aQNfnsQbgNJ2-Z8bvn4XkW_FmZzf7Rcs-gPQDMvwtSUEwjVw&cid=CAASFeRodkLB2jBVU4HXhkgrDeBuTnG7ZQ&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:58:48 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C750 41 KB
15 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71715
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 18:05:43 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame ABA0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1

43 B
1012 B

97ms
96ms

Image
image/gif

23.195.249.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL_tVRD79akBGJmPqrwBMAE&v=APEucNXln5cD2ef5le7skxWppo32fHPosHEIscQw9DKHfbJeAJUYdp8iq9u8gmdN1vhGPz3TBxybFYB_BKkQO4HirfzFrDsXiZ_zpbKB4e6ggdIKw6AALSM_R08_4FlOHfLqmlgbm6fJqryyzByBrUk0Ilz4UhZwS3-rI_a21rnLBdarVtKi-M4
Protocol: HTTP/1.1
Server: 23.195.249.2 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-249-2.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 14:00:59 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame ABA0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNdmihoHu9qDakWgEwXNAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1

43 B
892 B

64ms
63ms

Image
image/gif

23.195.249.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL_tVRD79akBGJmPqrwBMAE&v=APEucNXln5cD2ef5le7skxWppo32fHPosHEIscQw9DKHfbJeAJUYdp8iq9u8gmdN1vhGPz3TBxybFYB_BKkQO4HirfzFrDsXiZ_zpbKB4e6ggdIKw6AALSM_R08_4FlOHfLqmlgbm6fJqryyzByBrUk0Ilz4UhZwS3-rI_a21rnLBdarVtKi-M4
Protocol: HTTP/1.1
Server: 23.195.249.2 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-249-2.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 14:00:59 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame ABA0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

43 B
1004 B

45ms
43ms

Image
image/gif

37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL_tVRD79akBGJmPqrwBMAE&v=APEucNXln5cD2ef5le7skxWppo32fHPosHEIscQw9DKHfbJeAJUYdp8iq9u8gmdN1vhGPz3TBxybFYB_BKkQO4HirfzFrDsXiZ_zpbKB4e6ggdIKw6AALSM_R08_4FlOHfLqmlgbm6fJqryyzByBrUk0Ilz4UhZwS3-rI_a21rnLBdarVtKi-M4

Protocol

HTTP/1.1

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
X-Proxy-Origin: 95.174.64.205; 95.174.64.205; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 8ee69a0e-dbae-4f8c-81ec-5fef43e816eb
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ABA0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

170 B
188 B

39ms
39ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
X-Proxy-Origin: 95.174.64.205; 95.174.64.205; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 188f6e79-2332-435a-a299-1b1a5e93b5ae
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame F626 24 KB
9 KB 33ms
32ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AOtSRCM5WXD_55aoyiSJhft0j9kLZJrJp2kVfOMrQDdJPapxX7gbCoU26ec3rcNjs58l_ufEkK6fen_aWAITeXvuDo8oJTRKvyjp4SrNZrZEHs30OnnXfBpFIwJqL_9IsOZU8_nQO13_VVVrNel-FhLZuepA&cry=1&dbm_d=AKAmf-DfTYfGt1eioSAg_T87s__3QHksXbuSFtrytRwVXk7DyUulXBuZwVcQ_U7_sZcbY_XqZnMFV79YnAGuftCGeJPN_TKT_u5HsIPfFFSXKs01C8saTzGL4zu3H8Y9dIduLTjv4fi-svnrJWfZyU3CJ6-RJkEM80bbvlp716c1A1umzq3BKvQ8kdrB9E8YgCdJZHTpk8_bK5l0Iqe64HT9pAuk1ybD51xoWk-cXOUjp0_kCL0Mfb9z22qaiinjrtdBA3mUhASbKnZJzEa7wtXXmM4u8lG-17fgv5UJag4VLir99KANmGy26gECq0P7esio6BKe7J4zpmsQ_PcMsmnof7Yxd1wrodKlqTERy3gOCsQkNaWmi05JHfU2zZQUJjiWC6XPlPAgRzOS6ZJTQcQ8333ru4r_uX2PJtQ9NR3OCUegVZneBH8bljz8Z5ra1ZwMtNgqzuic97CF4_ae6VqCWGybSpnfXDf3kCZKf2XZVyxe4pmsfqAGlyzAxYe2BWlNUXNsHNg2PTXrgB1C8WMsCiQXN7yo6-7JKBhZagA6HWrOAKOVTTbB-BHCdb7kyNAwKgdz-qfuSEOjaqEnteF-e4DAxHtc02-dKGmYHyTUageDdcDwoaZQPsok2ipQKChqYsrDvP1m7G2c3vnbxAr-uBNJ9jKbyB0ZZjLisTahKTjehNYdnn4rPClT2ivCXset2XNLfC6iU8fTzFkSU5cchQAHn-8hjeQ4vM_9BGf5FWkLdmdKc990IADg7UnNSBy7c0WRVW-JMIL4mfZtPU0_WOAvpRrKHK7SchDUU-WuA2xfvg_Jxjh1cKYHDHbHvWKfjY_JsS9fXCPp-6HG0y7MXHtHKBYonnWvPEmf0RggZjblSaH0iK3N5h3SHojdcbAvqseYtlvG6zKq7RtFTv_ir0eGfCe1ncb7YogzK2axjUHSwB3tEG4pXG0DoShzTqbYaWRCFoP_3CmE5wXtGdAsy0b1qe7r6CsHdomdcVINgRY1O3OJo57VQW7gj-XlJrcvwXViUlylkPn-S7tGow1zRhllzPwj9wfKkB-6OH06IIAHww9dWzrCI2eK0j67pA3WM_uFkEJBzqjNTpYjuQV0R3tVyFHMd4KL5sngIjc5Vv0mpwLmC7nqsd4wxlfDq1JSocVRziGl8Nzj4b3o2pkOVl4og9b5kZvKXkj7fKddQqtJ2YNzBjtBSH69lHy2H_Xd-XevsxpTwVBqUwewQTlagHgGi1RyjlYnXImMsfDhFoBrQgVDSq1FojsKCHjGPmQHo2mdcRJjH_P0fepKiCqf1Erqp1WLoNrb13wvQBPeEF3oWhAxDLxPXyKxU98pRRrfe98aksrxm7QakBFtReKjBOPMOemZ2U3P-HJ4_IpmwqB-OaNaZLXSLl8ZO-l8s14mjyq1b4l2J0oyDslKq05jFXuOUK6vNOceKD26xqwhT1a1jNzVVOSg8-brL1h-X9pVA2-NnSxnE06ti6R4wBVLg9xNTfpA8OkjDTyVX-75dZzk4Nu2HpI12AiPPTUDssv9MhqN_7bgkKaQ9lElWEum98leQktSk4u7vreOQ81laKVutsdmO9vxnvy_fyoqMNWndIjImx0IzmTz2KDljBvPhxPSpuG0ZaUiUHLC9hCA17lVO2L0J-MJe4p-wvkCLCSZwuPJxhOks7mqwcbNAwovISKlJXXWvZ3tFlCUjv7vHsdlK1NTULiIrkUXErJe_s208RhLmENGHebIJtK0Is66Wf7ZxkYGlVJF0_YhWbH4ZQcEmnK1LnuPLfaDihp2woirTGB32cP2kY5KLhPToQl1tc0qUaI4PsAmVn3LL9eiBV8H2kZoSb-kte422GOzV6_wF5BbFNwhxW1sPPriIWHhAakAizOaOa7pXi76702sVLefsrUG8knn6CaqN-_MgPL15kUrSjMXvB428CPvj2jHI52lBf3OVXbBrD2Oo1ZwPXZdhkCqywQauJ2vGJ3Lg3vDaczwbKuzM53dTRcyUNIqbY9ISNKOmr2G2Y658x9c0U6waKVFIX7oe8PCqAAefsRDn-DZIMZOPe93L2MGOWlZJoTDBVCNKw8-pYB5F8HbH99rfkVHUzJhCMT_Uys0OS7iXFIDpxbzWyAUiEPNJcvbYInhAyAXr6VXNbGNuzWv43MPrm9VqrMan0T4hFxQxVP8uHQvccucYRTyxIOnNI12dR1pY6Z0ae99XwLF2aKvSQt5kIuawNShM96FY7fL4krXqKer7RW9rfp5R-WVI4JuRhJpru_3hL6Ig4BtRpDVn9rjotAErQEI1QE2UxgK7s2b-iGuITMBg8V3WAWdWW08G5gME8Z3_zXibrmfs6PXL3yWnYTwGR2Co9uHOT7PGe766N_CkcP7KjP689zw_G4pAmLJoEgFnvV1SovjGz9BExfD1ZquHEu27r1n5ygawtHU1T2IiLGGVdnaCwOB3Z0ht52MVulNsvlONVtvN70nYUn6AdEyN5J0PIh623XnlXWqDZyzRRpfqLHq4ssa4tHfU-ssmBBncvCcs6CGrgcGus5B4wdNHC_W7hpmBUTLbFZ3H2m2jUBy8fy1QO9JwW2FR4MlwjUf51KGaynYP3Dmahvlh1JON4eOWqPfm-r4mMhhPWZz-LLo2e0QSbi7yOUoSYK5cqkXWoQ_ZXQpfrddbTxkQJLv6Sp-T5ZGVSKelURLJONLw9u0DLadr57_Hr_3yc8Y72aNo4DIE5Fo7_f3Jy0RYO8Alf1xhybO5EdOERB1FonBmV_i4ZpG-dXw1A34ygl1z8iFWoDtyAvMSJ8pXnmzHn8QsZZMiKhmJiq3kzU76XGu6KcWUQjC-DaIOSnpMjRrKRBBYdRfvTlmK559Ti3bqIu4LCmE8CA6cU0vqIKgLUZZ6HH35DZoLdOBN1eNPfAPLaHpPruqhyPUAqoeTSBs4LVNGiNinBfa250ZcomunKJNbM_VCMj50guhgAgwjkSImWRd7-BLQmgnlwAhDWI6a-V6c5EnQcrILbgZ4Gt4e-SC2Smd0-wWruAssHrqUPp4fN2dQLWyFkq9ulhKP5Kz5ZgVENtRpYuS4HMrjP1UGjIoTPTHF4E1KAHG-MmTL5JXpeAI05H1Wv8QwOorJOcnM3h8XRWls7oMYtGp6giv4YuKkbiEkqtAg2ZrWQZaNP8uXFUEvf_NXdjZOuCZUN99Mg3OWyyI5LZE7wwG4X-UgLGG4JgUcdO_dDc8N_sRBr8EEo_efvixLtUJxNjXPAIGpkN015QpwKJaAyvk4SxgSyOKYN1Lg6FsP8ojY_7nIF7NNO5aIjPs93EKpXKAQ9gpgmT1ILzU5i1XaqRAshdnao26Fd156aXj62DvTxfdvZe3eKc2yNt2OTZ5uJ29VJI6zw58xxjC5nSVq4oaIuHw4ULHjG6q8rGY1ovCc0sQzFViS8GVl1J1g7h3u8mo0CdaA8-ZYblwBQOQYeo9L6WXb1livgJa_ARYfhynBAKMge0W6JbMDOu2bkpueB1W_pn-2Y_Dj6TWfCnITzg0hX7UP8OVqNzZLCKewjWftmnuLIZrARjy_MuWDkap4ooGAKBTL3gcDRQtpGKlVeEvsyt0GPIoEoJmWOGK8uZWnp76aPuVwe3BI389oTmGuUBd8mrBWTYPnzFhbvmR7MKZNNt7JFxlU84O&cid=CAASFeRomRDqC93N4bBax5IJO5b_UlNgRw&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:58:48 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F626 41 KB
15 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71715
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 18:05:43 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E1A5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1

43 B
1012 B

166ms
65ms

Image
image/gif

23.195.249.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY6tnBNjAB&v=APEucNUTMW6o3aCGcGpu061kBPZ1nZR5-hx2UZ0EtW5TxdFhSAE1d4MVval7vuLUL066mYrdSYEFKcJMG4BDSTTSU6GiR5ZMRruBJfmjrrnQTa357dN4rK3FDhiDAacEbCDAG4rOiN9rgiDIIq3YoeBkCIjg9lqlI_ytYjzzOLqpx2VGM9fBu0w
Protocol: HTTP/1.1
Server: 23.195.249.2 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-249-2.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 14:00:59 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E1A5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNdmihoHu9qDakWgEwXNAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1

43 B
892 B

61ms
60ms

Image
image/gif

23.195.249.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY6tnBNjAB&v=APEucNUTMW6o3aCGcGpu061kBPZ1nZR5-hx2UZ0EtW5TxdFhSAE1d4MVval7vuLUL066mYrdSYEFKcJMG4BDSTTSU6GiR5ZMRruBJfmjrrnQTa357dN4rK3FDhiDAacEbCDAG4rOiN9rgiDIIq3YoeBkCIjg9lqlI_ytYjzzOLqpx2VGM9fBu0w
Protocol: HTTP/1.1
Server: 23.195.249.2 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-249-2.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 14:00:59 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame E1A5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

43 B
1004 B

72ms
28ms

Image
image/gif

37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY6tnBNjAB&v=APEucNUTMW6o3aCGcGpu061kBPZ1nZR5-hx2UZ0EtW5TxdFhSAE1d4MVval7vuLUL066mYrdSYEFKcJMG4BDSTTSU6GiR5ZMRruBJfmjrrnQTa357dN4rK3FDhiDAacEbCDAG4rOiN9rgiDIIq3YoeBkCIjg9lqlI_ytYjzzOLqpx2VGM9fBu0w

Protocol

HTTP/1.1

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
X-Proxy-Origin: 95.174.64.205; 95.174.64.205; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 33514ad5-0470-4a60-a357-8c328daa6b99
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E1A5
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

170 B
188 B

41ms
40ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
X-Proxy-Origin: 95.174.64.205; 95.174.64.205; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: f94da263-39ff-4c55-aeab-466f4c477c8b
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame C5EE 169 KB
59 KB 116ms
26ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Origin: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 08:44:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19009
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Dec 2021 08:44:09 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame C5EE 8 KB
3 KB 31ms
31ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BTXVeBY5lQGyO_D5W48bX0h7BqB-1Vkh8msaLcCUATG616fyuXLgHKoKeJ6MHGCmwPhhz4eINuKZPGlRc2P_svf89eepaINg8k3_av-WD41SKzW8Ty3NPZPmbCvwjrdaKd7PYR_0MZ6pe1tOeSNnpjoRfmqQ&dbm_d=AKAmf-BDOH8D43qYpiGEoyhxyf_z8TqGU9smTvSIS1iDkBa7-iE1BPKYwJ7y48ajpumyKmpWv8tKyoDaEt5iSd47Lce5Lww-HH3KB1tsUPQAtLaS6Yhx7K-jHrk-r5GaZ1NTvujAJJ1yAdSXJijv8eo_zIRsEVT19de5Cn6KhRa784o3v5xVSxnxewGeQdYVnj9BJoxO0meBRU5V1cayakjrzkRPIcMa7pD_tmg1VtUM2wOKosa_DOuUpeFMPqkUPu0-qZROaW33Usxy0Liqm2PKgMqhRgzIVELqWE_5TMNLqdcIzwHSm95VV832EqnnzZlKSq4zrp2vN4F0GWh5n3G5Vlc3z2tqxWGgomWr6EZTYmWenPkWTLJDm5tLTmRqxTbMOFLhAd_ET-MfsE9pKSL64sRrVlIUeJyUTdiuhFN6UTPOoHsaZfzQCbRGy0smskVxIwOIBHU268Mhf8UxsYEWKLncy5AM4sXVTu7rN0tjjBz4kch3j442xLUWOWy_OMqpd9EWx-4azqy5E-9WQ6WE_HtQqfXWkfXujr6cI12xfvqTnCTM0On6uAXielZAkzTYzGzZpbjfUZbjQ5BEY-Uz4QxA8GqOaWauoFPf84ZEeww06cy9EX_xO8NKylCx5RyyUITZi3BoKABkJgUAlTbrgp98tLJJsKjPi34loBToyCUPC52Ttkv23IJGPcdzzPdmiSUxo_krnVAwTTuyS2AA6UfSmcqgHV5gTqSFQPklYW779fn3rcASm36_zeL6upNLyS9fv7aqnQvUHKtmV1LXY9R6g1-egYu52U8s_u93zMrl_xnQAEZ27KdZlbEOe6pkMYMrtnJMXCSDBF3AxUsCi9jKjxJbcfVgbZnzPGr6Q_6jvkOC-X9m6quK7KYWNZtXVKJXMT-vNd7wT9LzD7ZfBFJEUvyQ-74gbGQ5ykTY68gDHBVtWRxFkvcJuJTB75xpiRcH0qUqfcOSbPo1dUGyMdb790P8NAOQHB9VsxxB11kQcroKeQbIGBxP4EFsqRTsRdEjIrGOffh2ZK251jPsAszc2d5EwRhgaNYYkIr0ICY--2RgpV0qCUIPYpLVnIBpZI_p_lwqpJnIW7cKenoqmJbatXLrGFWnYUnh7Fw0TCK2nyGPvUTp7a_pvhBpArteCzwBU9UnKgJ4b4WS7Iq9PDWIoajpxSxeH_PpD9TUGHoP2j1uVqatnB-0MixiZL_W3cqbk2pcHnWyR6faMltQLKhnEXebYvq0GEgb4RIz7TOxG8m7RVCgkmwZO7i4vUT6cUqgc7FcDDVSHQg-sfYt3eTd-0lITz5XYorF-3Z7mkHty8-ESf6n1cPmB7r0ve0KbS20r4NXaTHlnBhF-M__dNs8D_ana1TOt9X18mfV8Ja3nM6LfB8NKFpX_BAW1viMN5kNa3HHxCc3PUyZWtoEEq-cUE7wUyw8o5xQLMIqp_cviIShBr9ug_tyPuUqGl4of-K1QcTFAfcwG9o4T01vEhhec_g17iOYpzzZF6XHNtRu83Tv81w6WnHWrYaLFa4U6J96cPKHeg__7GSf_z8CSk5o1gHaLolLYjbvr3TlmMs7vDt2wtuBCq_EGZgZNZmCbDRl9RIF3zAYJ2n7k5ttQPz_z5-t0HAGBMzV-p9Gi1Pe_FAO90MLBNr4huFDPeMdDr4q29O07FFLxmUObaWhcgwaUFJeFLwfbcb1d8Q5CqA2PDmMhE_LZKLnzNrNWkU1N2uHWfdT7XEvWY1r4iCkooAQ4nqIGNRt0vyk6AxQAuraaHTdURXsnvstDKCbyJnfSGAF5tMKEd1lbtRG5ffEfQbXNzvYNFmSRCIOUpNRfKwf5AcnqyGbbY2D45RmJFr0wHxL3fmez0-jv5Ni764Qm4zFBwN7H2AxXNNKgOJTpAhLA_HA9uJZRt-Ge9NDMdITnFiqCkS42X4oQTNWUf8MHchtuy-cVO9YWfKiFSlb1g6zUxA2jxLVlcHton1jFVVvomWjPjbuXgrhkzElaW8AX5kVAkCGxeEky7wyDbCg9S7RfVq3hYgHWyEalsK-Vc7RBw_ytsOZgwuCiORpIKeirE5E9a2AfeSHXS39L_Vvfwj_d2oXUpddHkyH7dYEruG3x8MeSz0HEHsrLx5jh_ox-eMM-6iY3BF9FHqT9Vii2cxMi5wyHxHXCRr37I95z91mmF4G0tYz7zUDWCU4V33zYoVfyvG_Q2Ywit6UyOQh2mzE1IxNQNzuloPhFBHSn4-oMJvPeKXqJ-9JP-y-w8OIjxQcxlpvxLNo83yK40OM6QOVNbWeUueDgvZbL3qIyKTd-JGBRpfM_3kUXu6tRZPYR2Ebgp5MMLQdHy--r8uEJYVBKRxa4ktkHWemQbE_3_dlqJluaHsb35fgReY06GPU-QSD9AmgK0xsN1KzsjqfH-_pK9dC6wij-zPNYtes2oLW7SJcu-2j2842pJ6N_aRAf9YMJ3ptpQp5PQpNl6XvZ6YDZArwU8ZO8i7yiw6MXFPQqyqsYAEhln9jqBY5_zOH7PYAQ5_ym2KBpFfUbyJ-VzYrgP8haV7LAjocLF4Q4yD0LdyadEB3cQtsKC2wBElxCNP06zLPBYs_-2pHoPjBwIYCaJQUWxTtvgTM3YAFzLhl8X456Hj8lVb6Fv3NZar0nGuYnpKXIaBpdFjcNjkV44AFuDy7PGbePzfGWSnNaxvHBlb1BRk7EY22GWQC4nVFTPtnoxwkrY0OjaGPcB9upm_rpuq52a_pyn6mU5qaBK9e-hHMj7As2fDQV5ggGbh7Z-MS8nt8rqKh9eoVpvh0yWHP61hXf4cFAtBhvtTAOVgOp75Vur96kV7vTEkDiA6EPoR98O0KUjC-pYbEPOivXKKDscx78XBgK6sGDH7Xw1p-cSXbTIsNBzhIq0__Bsbmbaxh6gAvLcNMayomlzwcczXf130E9T-FCuOarPPC1W4Dglhc6x8Ns9X47yW5aZn3olHs0adqp2Q9lD9mXDFq6rx0ZtsMcUldmb78NEFd15jgMvdxrOLmv01ag6DKoDXOKSYIjzeJjBzpQWWK3YR4W0okzWBqUAyEMgvWBVNBMDoFsKF0FAMw75aWqT8g3hGdTQRgO8RwUDkih7cDciPA73ClzHoUMNP_RLtYnWTfUBco0yqnIqEuWvW98d7nTX95qOShCC5w33_tI6YN1SA7HkoT1PEZCO5Rot0MeOlnZbeeN0ghOKhz5kaOkkw4f_fUgeVM3pZqShM_FBMyHB4CvKQwGOmBPw4cL7a9tgxErtht9_trQ6I6NB_CFJ6BU74ro-nbZEDdMg&cid=CAASFeRozI_jT5W1s1rrxLiu0-i2w11QKw&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:52:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:52:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame C5EE 24 KB
9 KB 31ms
31ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:58:48 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 829C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1

43 B
1012 B

141ms
60ms

Image
image/gif

23.195.249.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI_HFRDCyPr1Ahjiqru2ATAB&v=APEucNXP8seC-QqIpRD1F3Hpi9evrBxnzc3uiOqcPxyYPYUzyzZYep-I9YDnXw6sU-y8yAGp5YdsDvXzvON2XhA6JqYTjrDIko29e788KpcyrOo8RLbo36RhBudI3e2qNbbuKlD8ivdPXXXSQxl3NphG4E7bLNuLpJXSmQIFBlBZqzmK8DxM9rE
Protocol: HTTP/1.1
Server: 23.195.249.2 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-249-2.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 14:00:59 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 829C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNdmihoHu9qDakWgEwXNAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1

43 B
892 B

61ms
61ms

Image
image/gif

23.195.249.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI_HFRDCyPr1Ahjiqru2ATAB&v=APEucNXP8seC-QqIpRD1F3Hpi9evrBxnzc3uiOqcPxyYPYUzyzZYep-I9YDnXw6sU-y8yAGp5YdsDvXzvON2XhA6JqYTjrDIko29e788KpcyrOo8RLbo36RhBudI3e2qNbbuKlD8ivdPXXXSQxl3NphG4E7bLNuLpJXSmQIFBlBZqzmK8DxM9rE
Protocol: HTTP/1.1
Server: 23.195.249.2 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-249-2.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 14:00:59 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA_FDyewCHWoTv4-0TKcLbk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 829C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

43 B
1004 B

84ms
30ms

Image
image/gif

37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI_HFRDCyPr1Ahjiqru2ATAB&v=APEucNXP8seC-QqIpRD1F3Hpi9evrBxnzc3uiOqcPxyYPYUzyzZYep-I9YDnXw6sU-y8yAGp5YdsDvXzvON2XhA6JqYTjrDIko29e788KpcyrOo8RLbo36RhBudI3e2qNbbuKlD8ivdPXXXSQxl3NphG4E7bLNuLpJXSmQIFBlBZqzmK8DxM9rE

Protocol

HTTP/1.1

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
X-Proxy-Origin: 95.174.64.205; 95.174.64.205; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: b5a55a38-bbd4-4bd8-a716-e1fd001a3ff1
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEM3KZR7Fqevuqat4YRqJq_A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 829C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

170 B
188 B

39ms
39ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:58 GMT
X-Proxy-Origin: 95.174.64.205; 95.174.64.205; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 4289ee47-1e4f-4080-9e83-26d59e74b90f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MzQ3MjY5MTIyMTI0NTkxNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame C08E 106 KB
37 KB 134ms
58ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Origin: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:10:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3006
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Dec 2021 13:10:52 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame C08E 8 KB
3 KB 31ms
31ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DtjUNfGCsX4DxcbhqkuyblZO-GRTcT8VRu9Dw4WxEV2fw05mAUzyP-ozV6juG3RLGck5huFmeybbRPYlworkQaFNlM0lpJ4c35tw2osFw1zZ3w1QurNS_lERsjpcaCVDN8SyHvJT_9na0mtX8lhP7UTfOuKw&dbm_d=AKAmf-C_R0gQTasTiXXuu99fNcxgfJErJWb7qSIp1jU_WG3IL13XV1szOcAxl9tseGa0mRizTXwqTc8bUHQjZ4wcNQcJD2GS4t9flzvGEsTZ8KppPoeJnxuDDZqXuc2Q1FjQrLm7HHHzNU3zG7WtNSVvpYVseUkIXFvnUCemwfdz0sjIw1YfETosnRikJU2FpWme913b68XVyMK3TjAwcukweO4Ek9xaBOWq99cs6AKJnBZFkII5ks4RlBzytEew1GoRc1Nptb_OnDrw4nBUFDYLJoF-V1wux8uKVanAc3sUpeKyv5jWKV4yZJ8YQ6bEAiIFDp1m8ANQLJc3Dd-pl2JWh8I-Ygp4WGelrZIu_JzF3Kfe5eJgVkJ4yeJmAV4EHgt9bZgVOgYFjgKo5MXmxHUI18G14RWMI8NJ9-ApG9oeQ125cMmbO6tnAPDRF5aRXC6eGXO3ZPxVk_hiCd7TQGW8USl22yrwGifQMFVOMIXNAJtkBhzGT3yitruJKtKVzcBHGWtJ82GZbpsXpi4eWgB7yIH8DPZf7RtkFUwMJiud_2s6xSP9_5mhamy7Qu-w7KoYt0l_wlDaieCOxQITFp-SEBYhq2JtxC0pGYT6qtaD6El-73CQth8sYUMGv84kx3c6L4ZpM0BL_Y977SnnVW77tpCjrA0-NY4XFKR9ywNCCf9wGsfdSlDixVTDf2gEQrw2CbJrAf2WgwHGooLXRwfGdfNGQybcnPR4JXtJ2W3TCJTF_GUQIaG4C7oOZtUPVARU_v3CCrFLrChNb8FbdKmCkSo8t-Q8CiEaA_Z1D26dtIPLvZn106ymHFlyUxtXtootxQ7GA9oqJDcSuyA9U4TGgaieic_2yMKl6FGnPZVUS-lSvi2U2Ssv8HgSCvyePdFX86DZG0V8BPqH6HaWSyKhv72sAKgGHoIxzev00vWSxrxjyWFZUO38LMTIDldLHBRqhh2S6_N2GmUbQK9CPWBfMph_8ukB0SK2O71gAlmdLy8KKnduNV6MHSS01aPdOqrIQMgoqs1LaJk5qPpmMuTVmZLUHfxaNQQrZsOjujIzszoiExLAQoLW10dV-adMYwlKS7A-ydS4DWbWxXa_Fn8O-qSWteXpdKL5nw6fVojN80jAnJmTiu-GJvx1SYKMXEGHg4eZ1pTBrmOouBVtO6-5cjggXeoP7QG8-PTtVS_YLFB8M1bovbPrlZ9RpRFV22OZU0AuXxA9vUGKI-V1C4g6T2wPNBB7l8lFi6h6-Cb02vXPjGa36avy4fdKT7zkkmWHitubb3PhWXnZXCYpYE3ojnIZUDNgPniZA9IxSdFjaFnjbJxfn7gtLhI9BJEqiFzzoqgDYfaywmVfq5y3iNNh9JhGipqCKD50r9_2h6X_IpQJIbk_ZxCgpxfCz_tP6bzhc54iuXbTu6eTH4hcT_DRbSm4sTNLrRjZ_UwIoTNOMQ5i2RpO7yLgGy-OJBpiHF6DjYHRq5olM4GRvFz3AmoRwDmu-Jt9i-fXf-ZDEz3itsgjn9V3-P4ZRxOg1xFkGv4xo71LSnK2w1qptfjeoD2ctqLVptE6Noex7YOOP_IpQxu-Bys7rCbWCMnCPqv9uLnRXD5Nz_8haB4GIq_iGHnAPQxIhFgtOc04YiZffTt4GP01a2M16pVg9tmO60Ye7j6JKqVTP2OwKnpQR87Ql2EWrxXX5leOZbXLnCtpFhbfGerpac2SiSfCe6mah5OlIkCCN1vtVqc5pyVXVEVJuSqIGiGG8KWP5iFwKe5rbzuROS7bOK6Ow0BbcpBxG_Owj_0tmxAGh7w0pe73mp3sxmZ6mNEygyr8skKvx2MQvmAomcLhHlhiDgz9IEmVDegdDnEoByaImlDBZDEwczKr6kVHIc-Fr8yJF3lCE4q1Kgud_sTL97tK3S16ZfwjFOOviprsA9VYTcM-pCMKHuWgPBvYSXPdPhRXN9z9LGiB8OkC73rnnu3HwZ59wflM1saFyODUhuRszFv7SlJwZg-8RmmJXfHtPfnop2YIqYYq-Z8VxjhcL8mntVOEKflPaiabmwMgZc_0NscJNJqLb6fE1XZk_jbR342Hz9UMStGA9vM28B93vlpKN8aqYXPjGVKM87mC3lSRzJXQbYFF2rZLkfi74SWHYlZVUo5I0X4dg0M9-SE0S2mttbpmnmW2kxnQYNYxnGC2RBvhLJ8FFhikSMrKqJ3psXXVyQlYFToyiaSXLGZmJbjpXGe4RZCafc0tcqbmI3cQCWUxucyVRrWDcFsK6rGkb2Vw7TzaAHapjTt7ghQ67ICzTPHyNF-qSBvjRbSklvfXcI87CBJPPnN9BtymC9txUa6t6gAjMmjGXB9J_XjT3tNI3-llVzwopElV_MvIt7QEdnYT-tWOgFR1GgTGwyxRB9-7R51mzu6PfOpw6Hg7HEakWTOtw4QqLmEKGLoj2mNpjuXQ1VkQuU089jPVs_rUb6vLo-YCp6I_O29U92QKXXT7cuYL-xFjdtySvsi99hI9XpCzkFbcPsFVWBfzzWMC36pSVl74e6_ZnKL-oM7HGi1j9IH99Tf8KaaJ28Jyc-NIqMinCEn1JheMT6u97RP-6IlgEcBkApwLbbk_ivP1Q4Jnknzw_u5jlvR7u_Yi7xCUhz5EgZAggHNrf3R2MvYCmeo9Od-JIUvY4vgMM6uw98Hbb4JpLPV3fDKxOS2TLTLCXuvF-HoyejHStUyzQLrntk-rxjXSVc77e6ZPYSRJhPxhvHO7uvw2vQ2Q3Fdq_wQASMW2lci-1Vd_pp-xp6YCnHAIBERnuVtqUpWI2do1mxNXoSLc4tc7Nh0c1NRJzYA9fNXEP6nkYa1G3c_nRUWYLpTXNB82E2K7JH8qu0mXJwR5OaESQ5RC1y1GTwFl3_uV7DVpYAf3s5RkGiy8Nogo61hhKOae0bKdOR3WeXc-EMdTA6Vuv_WFZNXJuJeVeJguAIejfpBipzuEnmKugLzjLFr1gJTak4JV0ZhOoNPcFqWRjXDSYaWwr65mcOVKQnNUutGZRnuYsDamTRaF6SurPY047vnE_sMU1qG7S7Q2KzUvbIZIThiJxe5sbg3OMTbwEnOBoYlEwNS-BgValUVyJj7-E4jOgkZNRFeyX1SsX5ao3CQoQO5FkFO3mvZqktbrmVnc_7mT0gF0-R3grWlmZyJuelmdji1ixARG2q3qOUiq3j9SnSJfBzMUE5PSh4uv31PY_v66yPGRb2uiR1fpSYP2gM9uhK5w-fAZfnVv2DSJK_I8y4MJrSDy9d51RvTrb4p4YdZFXLyPweUQmW6Rb6ik6WU8GxNCGMgCvfVyEEXic2d4-Nm8wy9xPFptxoCyAtTB82uNibCEBrrpANI5iWOQexCFFcQ7Yf3anJpjLfG6H0U&cid=CAASFeRoguT8zH21jjQ7QuulCjE1p75WnQ&rfl=1%2Chttps%253A%252F%252Fpastelink.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:52:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:52:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame C08E 24 KB
9 KB 31ms
31ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:58:48 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AD77 22 KB
8 KB 38ms
37ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 71713
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D794 22 KB
8 KB 39ms
38ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 71713
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 876E 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45e537f73c7a61ff6c759efe45464b7c3f450f70d958d7ddfc92026be4a622e9

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9672 22 KB
8 KB 37ms
37ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 71713
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK 74omlawhsoy3 Show response
hal9000.redintelligence.net/zone/ Frame C750 11 KB
4 KB 102ms
32ms Script
text/html 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/74omlawhsoy3?subid=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChnx4mV2zYZK-GMzJgAeur6P4DILfmZBh0IK23a0K8C4QASD7mLVCYP2CkYToEcgBCakCuz1NvuDysj6oAwGqBOABT9DM3Zemb8MueKu5eqgK-BEeBQvZrMZ_cH6V-Xbm_0qCV1_HwAC6nS0deTLBAi1jRt7tj9fro3BX0Ty8puEzbTFyDgreJWDIwIxY2WA6J-uEWOvdzlyASBkxl7c_QftH7N0ypaeiwIbNJEvKfx9QHYau-iT5-ToWKAMOjehqm9wDkMZ17ZE87DudZ_hYGXpiavvfoQegZyJCsRO0PzoflteJ0dTCFco96AB1cHeyjF3jbT3CDUZS9F04tgmcc-bd-6CG6C1M5WeNm3m3Miodc-l7QG6a9NuOVD_aOopf2jvABNbpmI3HAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMjcyNzA5ODE1MDg1NzM1MoAKA5gLAcgLAYAMAbATlIOzCtATANgTA4gUAdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRodkLB2jBVU4HXhkgrDeBuTnG7ZQ%26sig%3DAOD64_1iFrkj6-VEPEGZv2SR1oI89aQmXQ%26client%3Dca-pub-9070629843129312%26dbm_c%3DAKAmf-Axct6iEqjFK8a-ec-wQ4T5lYf0jwd97u_XZ7qmcHar6wLSfVjnVeNo7PeK5neQGWCLqs7O-kPkvRRN9LdJ2ler1C3IS9stsad3KXOmHiZ7TVh3MpLUYrwJ4x6nJXXzNpEbjtsChyVDoTOXdwnjE-uWjMUOxw%26cry%3D1%26dbm_d%3DAKAmf-DyYdsctWYjvXHzKerY7ESfx05rA8_T6Ljsw9mjc3ionm05Ti5YOxGzaMomePp8RZcQqJnxcNBKcOWvI5bixP2hV-AUHeJz9JrG54Ak1qA6tcw7d73WnvugnImMmzJDkPYT6E81oU06dPsXyXPDzNVgC-zoUzeku6U2wL6yPfl6ricUyyF80eIcUPPtBizWmKefWwLmUdaz079jfHoPpOvBrZx2VDCuVvbdatPUYVhXyhgFYH4EiPsZ33aUIWvt0-y8DwqRXZdH5diT2QFGsYueIEPtBnGpKLIWITaa4j_KPj_Ui7K9p4BLtpZXMvgI2eC_kIvZwaNAiTOJYaNr8_mBjFr7lDSZ1efYe6JLDKTypKNsvlecZwUr5JkoMzn4iYT-0Ghnv5uDgShluhGTzi4fo9qGHdv4P8SmVnST2CKJVXJVEGT_ZefO1qpHzNhyAM4KGUX_%26adurl%3D
Requested by: Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 10bf9dda8588fecfe664cd03e0fd6f641e25e482f397e3a3f47dc6f72b19ae04

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 14:00:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3915
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 ebHtml5Banner.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_215_3_0/ Frame F626 316 KB
86 KB 176ms
50ms Script
application/javascript 23.53.42.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_215_3_0/ebHtml5Banner.js
Requested by: Host: bs.serving-sys.com
URL: https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1077151113&gdpr=&gdpr_consent=&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCaFL2mV2zYe3AGMzJgAeur6P4DLzf58plzauwzLsOltDmrYkCEAEg-5i1QmD9gpGE6BGgAdu2kpUoyAEJqQK7PU2-4PKyPqgDAaoE3wFP0OtS_YeAzrqD2U3Hiee0EHzf8auouWZI63EBldasyKPQpdi2BD4r3QWQe7QjAIXuj6QanhGv6_MQ8FXk9mTW9GsKqOh4v4RusHJD5x461-gN9kC7cOpePB0OOCvLBkBRGU860yVEhrjkNULw63ldpxKyAVU7kxEe5Q_azonkI7h25MnrFKzur6hDI8R-zuYvSUQ0ADXsrnu_S6pSiKcNgyItE_TeO3NKgDrfvkAL3XUiqO_fPYZ4NfdtDx0i0Z3h_oeMIzT-E8L7LTr18h6Kxt5jy8bZmNIgmBb9RP6LwASF9YDf3APgBAOQBgGgBk2AB9vu4vQCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi0yNzI3MDk4MTUwODU3MzUygAoDmAsByAsBgAwBsBPPubMN0BMA2BMN2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRomRDqC93N4bBax5IJO5b_UlNgRw%26sig%3DAOD64_3LP_BLsyTuvh7Qf7k1QpXNF_1PNQ%26client%3Dca-pub-9070629843129312%26dbm_c%3DAKAmf-Dd-MYePdHMR14kP-ttpcodMHRA9UCKeqalGwrZTwbVJubIXPxUmLyvw4fKQ2HpCAqSS_Ze2x4tEF59aXY8LOIDNNeS0IeWjP5QOJRjv2vk71MqwkiLFR-mcsH-h-GPlg_Qb7zFkhxXoEli5Rsru_SqF99z5Q%26cry%3D1%26dbm_d%3DAKAmf-Bw76vVj9BhyPc-BALuYgQAqxn3JTdX7Nozym8vYSacJpaPEqxh2DDPLri78ZBLm5d5FlUjfET-jzF_k-06r8h-J1cRco666kRGsSJer0_GtbBbNIhaI5UVTIvGMLTDoDrpat-qvtv9_KWiCCRHTcoDrDpDbp8WWK5Rxum-hRzemB-uB5SJxKniyrboKTvzhA__fWodho3Q2SdiWwXBY2ynF506RhGSIZ4jzvbZLKma4a6JthgkT1Xf5d7zItIMaewapNAt1h_BNRyjI2Ntsl-3tnSDGe3SyPNFXyJTe2C_6Cb5nf_feSNgKKFUZhlpgQkQVlRP_k1DTAp4M4KTP3JGRcIVQwLsMVKsidJ3ssezybambH9T-1uap7KGWvk9KI2etms-XO7AKij9IETWHpm3f6U5fuwyElu8f0g_iZHthhzOxYF_iQCFQ9kpPrShIMyHGWjjFA4knsZh4x13p4-AaGRURw%26adurl%3D&e=0&ord=1639144857401517&z=10000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-65.deploy.static.akamaitechnologies.com
Software: / ARR/2.5
Resource Hash: a0594f92988fceeb8a77920ab9bf998887599822e747c6f7a989303a3a66db67

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:58 GMT
content-encoding: gzip
last-modified: Wed, 01 Dec 2021 15:34:19 GMT
server
x-powered-by: ARR/2.5
etag: "709322e8c8e6d71:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 87851
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame F626 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c876829b474ffd8910e806b587e0eef7f749ededf0308f73ad155391f529666

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C5EE 41 KB
15 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71715
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 18:05:43 GMT

GET
DATA 200
OK truncated
/ Frame C5EE 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36d87c41f17e0b41cdf547e49226749ad26ac71d7ea87f6ad220568f9cce8c5f

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C08E 41 KB
15 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71715
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 18:05:43 GMT

GET
DATA 200
OK truncated
/ Frame C08E 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67a2c89788c446376cb2dc5c6b20eae20e930b3bb42a046acdcf5eb02d33a65f

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 876E 0
23 B 99ms
65ms Ping
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 14:00:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/ Frame B551 3 KB
1 KB 70ms
34ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01b2fc741987677ad0f65d0a51da562add03ef2590ea0e3d1b2d26a80aeb65d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 1069
date: Fri, 10 Dec 2021 14:00:58 GMT
expires: Sat, 11 Dec 2021 14:00:58 GMT
cache-control: public, max-age=86400
last-modified: Wed, 30 Oct 2019 10:03:39 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C5EE 0
24 B 88ms
72ms Ping
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu0NyTHQRG3pEyS6Xv884udMRD6DdBorHoUz2S2x0CsHElWFkI4xlyVzbX-Ts3uoOFp-cWT6vCFnsej6s27roxF4X6Iw-0gScjEXivBcTEhtoRVbuEdqsyKK-HgeLHOI6W-Cne3PxwNETrexbaNOV90s5h5dR2VOweNeZqheONkoRcSZhshi1DWvkDaCaLDBHHFWRWofEJiMJzwn1x72Zl3WftRSkoXob4FljPa-tovK1DA8FkE10FYMFZDFuYAojcFfP4np_Zyx69vFWg4E39OVG8Os6XQR1mwA7BP0WJsAOVUZ1vWZ7Hrk04ZeNIUZIw4j0lhG-27VjTDV1Du_jmbGhlto9wRWybO2DRq2qXLs3HutS4AN4qC2RxjhEZPzxcb4decaTlkwI29xoEXwUvjHyAgqzXzSxwKGsmeyByTuZgYSlsM6sWSs9DYYeZHhu_6nEV9ZaZnc81wutHo6XorQB0olB5t3tvQ7RupS-qo836M-1zkh2KHv_3Q7BJA7_sDGC78chasAq0F1oqItWdAKXlvbPQwaqq82MMUEmhATS54qrAVwdrT1FS0OqRAH22O-jwCFoNQVLWeht0aqyaxVmXXPGEZTjbme91nvnG5mAGMMniTJVJIUz7CicjDhGWeUlLZIq-IDX37rDrswMn_eNnUOFFz69312jhsW3DZZkH5s4ioH3QYpDZTiArNFNaKeyVpuk3XEOumSqyoQYtB7q2OfQMnzzkRgrOiDrVJJUaVWLknozpH52XjSW_Wqq2XQ2pLm8AMmX2suxQmq0b7bV5dYs7zE0WvXW7oEoEZWl-O5MgwBVJuf68aKBjU31VwYPweIEt8XMJ6uiRzjNqQkOvbag_dluIIY7HZUey_eFM6MMrHWn3_uW-CtEPVl_mbMYsMnqVNsINZc5z3RCtCfg_fZO32rKTBO-SOto8OjXNlvrihskESTmhEQoqCZGVdWoe6ML9BTILD_jH26DVy1crAosUShVxRam3Bp1rm9EUckf-FvJKayMYMIs8r2VYfD63P15IUz3lra9W0KYlqDxwtAjp9X8C8SZeyxS1IVBCnSPU60FmXJkRHC0ZRkpIW0I4yjRpgMBi-sy1t8wn5YKTt5y5X6wUX4dY7LQ8XrGjuzkprz4-l_ibb3N6UFM8&sai=AMfl-YSCsqmG9LIZomNx-3EFCQUa-oec6STXvEllwZ3amdH-LjrQ3-pjTmMpY5pq4myE-Tx6zU2fkqrWhkIDkMp955OXZQYZ2WkLayRuDjgx_XWsaAwxP5NlMtvWO0dQZ9w-V5OZwfUMOfyd2infVLJYuzJiP4Emw-ttWppGmBc&sig=Cg0ArKJSzKrbLJMUS-ivEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=273&cbvp=1&cstd=266&cisv=r20211207.56557&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 10 Dec 2021 14:00:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 v1 Show response
mb.moatads.com/ot/ Frame 876E 46 B
220 B 194ms
53ms Script
text/html 52.48.241.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/ot/v1?url=https%3A%2F%2Fpastelink.net%2F&pcode=moatot&ord=1639144859226&jv=1815852173&callback=OneTagNadoscallback_18632077
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/publicisespuigdcm372604918178/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.241.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-241-99.eu-west-1.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: 0837b1844707a57303320b7d8fb2b6ea63d9891612fc8f0cb10cd526ff557e3a

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:59 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "7c063cf24190268c4d6653b6580a8302fea25c70"
content-length: 46
content-type: text/html; charset=UTF-8

GET
H2 200 pixel.gif
px.moatads.com/ Frame 876E 43 B
260 B 45ms
35ms Image
image/gif 23.202.53.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=PUBLICIS_ES_PUIG_DCM1&hp=1&ra=1&pxm=6&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fpastelink.net&lp=https%3A%2F%2Fpastelink.net&t=1639144859226&de=28595408773&m=0&ar=cc97a930ec1-clean&iw=3c4b5c9&q=2&cb=0&ym=0&cu=1639144859226&ll=2&lm=1&ln=1&r=0&em=0&en=0&d=6977787%3A26861060%3A321914950%3A162239681&zMoatENV=-&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fpastelink.net%2F&id=0&ii=3&bo=3415378&bd=pastelink.net&zMoatOrigSlicer1=3415378&zMoatOrigSlicer2=N%2FA&gw=publicisespuigdcm372604918178&fd=1&ac=1&it=500&ti=0&ih=1&pe=0%3A-%3A-%3A0%3A450&jh=-1&jm=-1&fs=195926&na=1947282538&cs=0
Requested by: Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.202.53.245 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-202-53-245.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:58 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 10 Dec 2021 14:00:58 GMT

GET
H3 200 300x250.html Show response
s0.2mdn.net/sadbundle/8808549699446519882/300x250/ Frame D4E5 6 KB
2 KB 26ms
26ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8808549699446519882/300x250/300x250.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b19558cc8258296c14b00f2ac0eea0b1a48f623e9a98d7ee82c4dc9b7d67062e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 2291
date: Mon, 06 Dec 2021 18:12:22 GMT
expires: Tue, 06 Dec 2022 18:12:22 GMT
last-modified: Wed, 05 May 2021 15:28:39 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 330516
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C08E 0
24 B 73ms
73ms Ping
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssSDjoqeragwnenGHzoP1m6_zTWJmLc8fDfllFVibSIAC1ozrWhQHRpSXt4WcPooOAb5flqG7oXOgrvsTZrSEN9sB4v7n8pWRvUTix3lKeNs3lovpvtsB7sh21odk4IlzEgpe-lmTbzfmteA8yjvmkd18t3WIaeB48JSVriQMONae8IiLwOQyq-5oiPoegzD1xwVFs6Yk6sMOEqjm_dlRVbaRXOQcMUlPY-joJoax7CtHhaLkwx6vKgwylQ8pX5z2zbbV0LHvsWBBrG1HiqsU_Ib8kSfmgJp5x_XMftQsGoIdAGNySIgmj_xSURdfRloLoyex9RlG_nUWxujOx7cdXVbMeY0sRCLbyHZx_en8xeWmirTi99AjgAQEhhHlT4vV1GVvZsWEOn8aTWAYXn_HaW3_SIo_185lZ-O1Z_QAr-SQPcSMUa8ClVlev_aTy9v_stzedWI8L8jiOdo53TnZ9rBSYkN9uQ-Mr19Q7NO2pYVROVytql_Fgvpxk_6Px9VNqWJooMEMzy5FPe_sT6RfublYbPWnwo-rIO20Xqr9ebK5h9RxSek_TpejEL0vNZF6IlnRmmoUbN9o7U_TPQvpPW0-sbOv5vmMW079CYB6pwnRo0hcTMRD1t6EzwZNTmxz5XwMYVb2UzrMAfoP_iaZ-zw2BJKFjeoxUAza4ThQgelN5LbXFmgPTFjxkpxkpku4tc3A8KJ8rrLKezyeTEzabSBxsHk-kPzZqKwNENg1Z2aM_D0xLjkwM6kDqbUuLNepOt1uwp8cjqdAiXtyhsiUi1Q34Tmbkdfpb24TBJ1MiTzXIuSBaOq8bfYwizPp1D9ZhB4nIHWTbPe2JrOpNw9jwP_37OPW6NNBH04_B0VhnPVDDpRUuEs4qh_35KcsrGb5VMNstTd8qVahdKf9S21qD8cC3CAXxT1pjYk8bNm4Uw3JZub8jlZkULzTHbeV2S3hx5vy4P9DnloK1sUzTYY61tvZ_ppOQV0VkHXiSMJcCU2vN0R_zbX8GVdD64GCw9ZXaJ4x_TWq34j2TOBSVkL3bzpkwPS7G2au8lNHLTAmYN_aDnDe9nrWOwForvY_xBDqN87YLQJOeUwNHxYTt02mlHdATJ9y909Ju3j4FrzUcQgmlIqVTZXMKf16QM51sy-rVzV2td8p4vUjWh24exGPXtSbyEDoMvpg&sai=AMfl-YQOBQlPwRm6ayz_t90JpchP0OwnxCNY3adqcNyGWdZVL0ZpRlY7ujApeKqhwE-XHuip5YBpSLmt7U3ByGUU2clHMAN1yagkgewtxzHexWfiLwWotAaYzuXxYyPUViv1GHgARLor5fiduFakS3Fzz6PSKXNGGCE0FCQTezg&sig=Cg0ArKJSzIAPSP7ic8zjEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=366&cbvp=1&cstd=363&cisv=r20211207.55932&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 10 Dec 2021 14:00:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 503 doubleclick.gif
data.withcubed.com/c-a-hertz-uk/ Frame C08E 0
0 174ms
51ms Image
application/json 99.81.33.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.withcubed.com/c-a-hertz-uk/doubleclick.gif?campaignid=25530054&placementid=297439714&adid=495357832&siteid=2631704&advertiserid=5525017
Requested by: Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.33.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-33-101.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

request.php Show response
hal900019.redintelligence.net/ Frame C750
Redirect Chain

https://hal900019.redintelligence.net/request.php?zone=74omlawhsoy3&nw=20&renderingType=javascript&namespace=46fc13822d&subid=&uid=cd54cbcc5a7cb069&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900019.redintelligence.net/request.php?zone=74omlawhsoy3&nw=20&renderingType=javascript&namespace=46fc13822d&subid=&uid=cd54cbcc5a7cb069&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

613 B
936 B

149ms
87ms

Script
application/x-javascript

78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request.php?zone=74omlawhsoy3&nw=20&renderingType=javascript&namespace=46fc13822d&subid=&uid=cd54cbcc5a7cb069&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChnx4mV2zYZK-GMzJgAeur6P4DILfmZBh0IK23a0K8C4QASD7mLVCYP2CkYToEcgBCakCuz1NvuDysj6oAwGqBOABT9DM3Zemb8MueKu5eqgK-BEeBQvZrMZ_cH6V-Xbm_0qCV1_HwAC6nS0deTLBAi1jRt7tj9fro3BX0Ty8puEzbTFyDgreJWDIwIxY2WA6J-uEWOvdzlyASBkxl7c_QftH7N0ypaeiwIbNJEvKfx9QHYau-iT5-ToWKAMOjehqm9wDkMZ17ZE87DudZ_hYGXpiavvfoQegZyJCsRO0PzoflteJ0dTCFco96AB1cHeyjF3jbT3CDUZS9F04tgmcc-bd-6CG6C1M5WeNm3m3Miodc-l7QG6a9NuOVD_aOopf2jvABNbpmI3HAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMjcyNzA5ODE1MDg1NzM1MoAKA5gLAcgLAYAMAbATlIOzCtATANgTA4gUAdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRodkLB2jBVU4HXhkgrDeBuTnG7ZQ%26sig%3DAOD64_1iFrkj6-VEPEGZv2SR1oI89aQmXQ%26client%3Dca-pub-9070629843129312%26dbm_c%3DAKAmf-Axct6iEqjFK8a-ec-wQ4T5lYf0jwd97u_XZ7qmcHar6wLSfVjnVeNo7PeK5neQGWCLqs7O-kPkvRRN9LdJ2ler1C3IS9stsad3KXOmHiZ7TVh3MpLUYrwJ4x6nJXXzNpEbjtsChyVDoTOXdwnjE-uWjMUOxw%26cry%3D1%26dbm_d%3DAKAmf-DyYdsctWYjvXHzKerY7ESfx05rA8_T6Ljsw9mjc3ionm05Ti5YOxGzaMomePp8RZcQqJnxcNBKcOWvI5bixP2hV-AUHeJz9JrG54Ak1qA6tcw7d73WnvugnImMmzJDkPYT6E81oU06dPsXyXPDzNVgC-zoUzeku6U2wL6yPfl6ricUyyF80eIcUPPtBizWmKefWwLmUdaz079jfHoPpOvBrZx2VDCuVvbdatPUYVhXyhgFYH4EiPsZ33aUIWvt0-y8DwqRXZdH5diT2QFGsYueIEPtBnGpKLIWITaa4j_KPj_Ui7K9p4BLtpZXMvgI2eC_kIvZwaNAiTOJYaNr8_mBjFr7lDSZ1efYe6JLDKTypKNsvlecZwUr5JkoMzn4iYT-0Ghnv5uDgShluhGTzi4fo9qGHdv4P8SmVnST2CKJVXJVEGT_ZefO1qpHzNhyAM4KGUX_%26adurl%3D&documentReferer=https%3A%2F%2Fpastelink.net%2F&ancestorOrigins=https%3A%2F%2Fpastelink.net&random=6253576651689&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 7fb8e31a0d819803a63cffdaf450f4ec86aa885418b8148551a2b1bf35b77614

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:59 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 46443900095948000707896011804019
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 330
Expires: Fri, 10 Dec 2021 14:00:59 +0100

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=74omlawhsoy3&nw=20&renderingType=javascript&namespace=46fc13822d&subid=&uid=cd54cbcc5a7cb069&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChnx4mV2zYZK-GMzJgAeur6P4DILfmZBh0IK23a0K8C4QASD7mLVCYP2CkYToEcgBCakCuz1NvuDysj6oAwGqBOABT9DM3Zemb8MueKu5eqgK-BEeBQvZrMZ_cH6V-Xbm_0qCV1_HwAC6nS0deTLBAi1jRt7tj9fro3BX0Ty8puEzbTFyDgreJWDIwIxY2WA6J-uEWOvdzlyASBkxl7c_QftH7N0ypaeiwIbNJEvKfx9QHYau-iT5-ToWKAMOjehqm9wDkMZ17ZE87DudZ_hYGXpiavvfoQegZyJCsRO0PzoflteJ0dTCFco96AB1cHeyjF3jbT3CDUZS9F04tgmcc-bd-6CG6C1M5WeNm3m3Miodc-l7QG6a9NuOVD_aOopf2jvABNbpmI3HAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMjcyNzA5ODE1MDg1NzM1MoAKA5gLAcgLAYAMAbATlIOzCtATANgTA4gUAdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRodkLB2jBVU4HXhkgrDeBuTnG7ZQ%26sig%3DAOD64_1iFrkj6-VEPEGZv2SR1oI89aQmXQ%26client%3Dca-pub-9070629843129312%26dbm_c%3DAKAmf-Axct6iEqjFK8a-ec-wQ4T5lYf0jwd97u_XZ7qmcHar6wLSfVjnVeNo7PeK5neQGWCLqs7O-kPkvRRN9LdJ2ler1C3IS9stsad3KXOmHiZ7TVh3MpLUYrwJ4x6nJXXzNpEbjtsChyVDoTOXdwnjE-uWjMUOxw%26cry%3D1%26dbm_d%3DAKAmf-DyYdsctWYjvXHzKerY7ESfx05rA8_T6Ljsw9mjc3ionm05Ti5YOxGzaMomePp8RZcQqJnxcNBKcOWvI5bixP2hV-AUHeJz9JrG54Ak1qA6tcw7d73WnvugnImMmzJDkPYT6E81oU06dPsXyXPDzNVgC-zoUzeku6U2wL6yPfl6ricUyyF80eIcUPPtBizWmKefWwLmUdaz079jfHoPpOvBrZx2VDCuVvbdatPUYVhXyhgFYH4EiPsZ33aUIWvt0-y8DwqRXZdH5diT2QFGsYueIEPtBnGpKLIWITaa4j_KPj_Ui7K9p4BLtpZXMvgI2eC_kIvZwaNAiTOJYaNr8_mBjFr7lDSZ1efYe6JLDKTypKNsvlecZwUr5JkoMzn4iYT-0Ghnv5uDgShluhGTzi4fo9qGHdv4P8SmVnST2CKJVXJVEGT_ZefO1qpHzNhyAM4KGUX_%26adurl%3D&documentReferer=https%3A%2F%2Fpastelink.net%2F&ancestorOrigins=https%3A%2F%2Fpastelink.net&random=6253576651689&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Fri, 10 Dec 2021 14:00:59 +0100

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 21F8 22 KB
8 KB 37ms
36ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 71714
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6D31 22 KB
8 KB 37ms
37ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 71714
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enabler_01_239.js Show response
s0.2mdn.net/879366/ Frame B551 106 KB
36 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_239.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0f60934841b0571563e838119e38f8cf5fb22aacf8ff77cfe8e6086bd7f5015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:04:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71802
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36666
x-xss-protection: 0
last-modified: Tue, 01 Oct 2019 16:55:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 18:04:17 GMT

GET
H3 200 tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame B551 105 KB
35 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35824
x-xss-protection: 0
last-modified: Fri, 09 Oct 2015 14:01:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 14:00:59 GMT

GET
H2 200 URLUtil.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_82_0_0/ Frame F626 7 KB
2 KB 48ms
48ms Script
application/javascript 23.53.42.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_82_0_0/URLUtil.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_215_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-65.deploy.static.akamaitechnologies.com
Software: / ARR/2.5
Resource Hash: 269bd69d6c1d25e848132ecfb48ec214040e49fd45e444760c3e226ca5fd7962

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:59 GMT
content-encoding: gzip
last-modified: Wed, 01 Dec 2021 15:34:18 GMT
server
x-powered-by: ARR/2.5
etag: "66d782e7c8e6d71:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 1985
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 index.html Show response
secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/ Frame 9F57 101 KB
26 KB 51ms
51ms Document
text/html 23.53.42.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/index.html?v=_2_144_1_0&n=1&sHost=secure-ds.serving-sys.com
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_215_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-65.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: 35b5e2d70b5619c516ed7e6e497c525382bf4709a5c3ba987660959440b8ab8f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

content-encoding: gzip
content-type: text/html
etag: "3f6c284356cdeef27efaf9f3363877c1-df"
last-modified: Fri, 01 Oct 2021 16:25:15 GMT
server: ATS/7.1.0
vary: Accept-Encoding
x-amz-id-2: a2ppLKm7PfC0lUVIWWfsMQiU5uoHfqDHMWUKkPjqVfR8Ea8FOVdTlkA+WjNMSh0bRAvQcTNjvpQ=
x-amz-replication-status: COMPLETED
x-amz-request-id: W29RGNJ129JMGG2T
x-amz-version-id: K_8rA_cbAl6ij9hOxPk5sz6l.X92PMFZ
content-length: 26187
expires: Mon, 31 Dec 2035 00:00:00 GMT
date: Fri, 10 Dec 2021 14:00:59 GMT
access-control-allow-origin: *
accept-ranges: bytes

GET
H2 200 IntersectionObserverVisibilityProvider.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_82_0_0/ Frame F626 10 KB
3 KB 48ms
48ms Script
application/javascript 23.53.42.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_82_0_0/IntersectionObserverVisibilityProvider.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_215_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-65.deploy.static.akamaitechnologies.com
Software: / ARR/2.5
Resource Hash: 34db11d23b1b71496d67661f658d3f0e00bd9537b98c02c32f5b621f838be247

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:59 GMT
content-encoding: gzip
last-modified: Wed, 01 Dec 2021 15:34:17 GMT
server
x-powered-by: ARR/2.5
etag: "362d46e7c8e6d71:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 3012
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 876E 43 B
260 B 38ms
36ms Image
image/gif 23.202.53.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&ra=1&pxm=6&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=https%3A%2F%2Fs0.2mdn.net%2F6977787%2FCDpacorabanne_prpromotionalcampaigns_pacoxmas2021_conversion_DP_hub_mediumrectangle_TBC_0_EN_SPR-20432_PSD-packshot.jpg&i=PUBLICIS_ES_PUIG_DCM1&ol=815673037&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%3AxkrG%3D01%60%3CY%24d!K%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-6E9t5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-0muc80RvHCbFpA%3D%3D&sc=1&os=1-0w%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=300&qe=250&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=250&w=300&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fpastelink.net%2F&id=0&ii=3&f=1&j=https%3A%2F%2Fpastelink.net&lp=https%3A%2F%2Fpastelink.net&t=1639144859226&de=28595408773&cu=1639144859226&m=89&ar=cc97a930ec1-clean&iw=3c4b5c9&cb=0&ym=0&ll=2&lm=1&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=254&le=1&gm=1&io=1&vv=3&vw=0%3A3%3A0&vp=-&vx=-%3A-%3A-&pe=0%3A-%3A-%3A0%3A450&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&ic=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=71&cd=0&ah=71&am=0&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=6977787%3A26861060%3A321914950%3A162239681&bo=3415378&bd=pastelink.net&gw=publicisespuigdcm372604918178&zMoatOrigSlicer1=3415378&zMoatOrigSlicer2=N%2FA&zMoatENV=-&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=sframe&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&jh=-1&jm=-1&tc=0&fs=195926&na=1810050061&cs=0
Requested by: Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.202.53.245 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-202-53-245.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 10 Dec 2021 14:00:59 GMT

GET
H3 200 b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame AD77 35 KB
13 KB 34ms
33ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:13:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6437
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13622
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 12:13:42 GMT

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame D4E5 236 KB
63 KB 147ms
42ms Script
text/javascript 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8808549699446519882/300x250/300x250.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:59 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Fri, 10 Dec 2021 14:15:59 GMT

GET
H3 200 300x250.js Show response
s0.2mdn.net/sadbundle/8808549699446519882/300x250/ Frame D4E5 38 KB
9 KB 27ms
26ms Script
application/x-javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8808549699446519882/300x250/300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8808549699446519882/300x250/300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d1dc5a0315c29368da5013b12285d0be3d84583620ead17b4f04d363b831f72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8808549699446519882/300x250/300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 18:12:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 330517
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8787
x-xss-protection: 0
last-modified: Wed, 05 May 2021 15:28:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 18:12:22 GMT

GET
H3 200 b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame D794 35 KB
13 KB 32ms
31ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:13:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6437
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13622
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 12:13:42 GMT

GET
H3 200 b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 9672 35 KB
13 KB 33ms
33ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:13:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6437
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13622
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 12:13:42 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C5EE 0
23 B 67ms
66ms Ping
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu0NyTHQRG3pEyS6Xv884udMRD6DdBorHoUz2S2x0CsHElWFkI4xlyVzbX-Ts3uoOFp-cWT6vCFnsej6s27roxF4X6Iw-0gScjEXivBcTEhtoRVbuEdqsyKK-HgeLHOI6W-Cne3PxwNETrexbaNOV90s5h5dR2VOweNeZqheONkoRcSZhshi1DWvkDaCaLDBHHFWRWofEJiMJzwn1x72Zl3WftRSkoXob4FljPa-tovK1DA8FkE10FYMFZDFuYAojcFfP4np_Zyx69vFWg4E39OVG8Os6XQR1mwA7BP0WJsAOVUZ1vWZ7Hrk04ZeNIUZIw4j0lhG-27VjTDV1Du_jmbGhlto9wRWybO2DRq2qXLs3HutS4AN4qC2RxjhEZPzxcb4decaTlkwI29xoEXwUvjHyAgqzXzSxwKGsmeyByTuZgYSlsM6sWSs9DYYeZHhu_6nEV9ZaZnc81wutHo6XorQB0olB5t3tvQ7RupS-qo836M-1zkh2KHv_3Q7BJA7_sDGC78chasAq0F1oqItWdAKXlvbPQwaqq82MMUEmhATS54qrAVwdrT1FS0OqRAH22O-jwCFoNQVLWeht0aqyaxVmXXPGEZTjbme91nvnG5mAGMMniTJVJIUz7CicjDhGWeUlLZIq-IDX37rDrswMn_eNnUOFFz69312jhsW3DZZkH5s4ioH3QYpDZTiArNFNaKeyVpuk3XEOumSqyoQYtB7q2OfQMnzzkRgrOiDrVJJUaVWLknozpH52XjSW_Wqq2XQ2pLm8AMmX2suxQmq0b7bV5dYs7zE0WvXW7oEoEZWl-O5MgwBVJuf68aKBjU31VwYPweIEt8XMJ6uiRzjNqQkOvbag_dluIIY7HZUey_eFM6MMrHWn3_uW-CtEPVl_mbMYsMnqVNsINZc5z3RCtCfg_fZO32rKTBO-SOto8OjXNlvrihskESTmhEQoqCZGVdWoe6ML9BTILD_jH26DVy1crAosUShVxRam3Bp1rm9EUckf-FvJKayMYMIs8r2VYfD63P15IUz3lra9W0KYlqDxwtAjp9X8C8SZeyxS1IVBCnSPU60FmXJkRHC0ZRkpIW0I4yjRpgMBi-sy1t8wn5YKTt5y5X6wUX4dY7LQ8XrGjuzkprz4-l_ibb3N6UFM8&sai=AMfl-YSCsqmG9LIZomNx-3EFCQUa-oec6STXvEllwZ3amdH-LjrQ3-pjTmMpY5pq4myE-Tx6zU2fkqrWhkIDkMp955OXZQYZ2WkLayRuDjgx_XWsaAwxP5NlMtvWO0dQZ9w-V5OZwfUMOfyd2infVLJYuzJiP4Emw-ttWppGmBc&sig=Cg0ArKJSzKrbLJMUS-ivEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=528&vt=11&dtpt=255&dett=3&cstd=266&cisv=r20211207.56557&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 14:00:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 css
fonts.googleapis.com/ Frame 9F57 3 KB
575 B 39ms
39ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:700,regular

Requested by

Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/index.html?v=_2_144_1_0&n=1&sHost=secure-ds.serving-sys.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

162a3eebb385684e99a8b624b77189f9b5c38cb51d1b814c1c3a84fc17c324a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 10 Dec 2021 12:14:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 10 Dec 2021 14:00:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 10 Dec 2021 14:00:59 GMT

GET
H2 200 EBLoader.js Show response
secure-ds.serving-sys.com/BurstingScript/ Frame 9F57 13 KB
4 KB 48ms
48ms Script
application/javascript 23.53.42.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingScript/EBLoader.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/index.html?v=_2_144_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-65.deploy.static.akamaitechnologies.com
Software: / ARR/2.5
Resource Hash: 0a838ff67b58fd38793950650a963eed495ef3b337d0dcfee532b51777a75a7b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/index.html?v=_2_144_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
content-encoding: gzip
last-modified: Thu, 25 Mar 2021 16:55:58 GMT
server
x-powered-by: ARR/2.5
etag: "0634bba9721d71:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 3705
expires: Fri, 10 Dec 2021 14:00:59 GMT

GET
H2 200 MM_mcJS_HTML5_INIT_STANDARD_BANNER.js Show response
secure-ds.serving-sys.com/burstingres/CustomScripts/ Frame 9F57 8 KB
2 KB 293ms
292ms Script
application/javascript 23.53.42.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/burstingres/CustomScripts/MM_mcJS_HTML5_INIT_STANDARD_BANNER.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/index.html?v=_2_144_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-65.deploy.static.akamaitechnologies.com
Software: / ARR/2.5
Resource Hash: 0b7d1ccc71a663f3413622098177e9aa60552203e1155718cfde875fbfb6033f

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/index.html?v=_2_144_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:59 GMT
content-encoding: gzip
last-modified: Wed, 09 Aug 2017 15:47:39 GMT
server
x-powered-by: ARR/2.5
etag: "b35178d42611d31:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=534
accept-ranges: bytes
content-length: 2252

GET
H3 200 Enabler.js Show response
s0.2mdn.net/ads/studio/ Frame 9F57 134 KB
45 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/Enabler.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86441c9a21f4c77dcbb2a4f020d904179f15c8e9b35f3f85d5d053ee62c13232

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 802
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46298
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 14:02:37 GMT

GET
H3 200 b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 21F8 35 KB
13 KB 32ms
32ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:13:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6437
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13622
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 12:13:42 GMT

GET
H3 200 b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 6D31 35 KB
13 KB 32ms
32ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:13:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6437
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13622
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 12:13:42 GMT

GET
H3 200 main.css
s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/ Frame B551 9 KB
2 KB 27ms
26ms Stylesheet
text/css 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/main.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7bc25656f5ebefd13eae9d704d23affaded6daf7feb00e98202f0144f9b408a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 17:39:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73260
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1829
x-xss-protection: 0
last-modified: Wed, 30 Oct 2019 10:03:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 17:39:59 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/ Frame B551 28 KB
5 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a761f7014b9456efbc4c3ea5e0a9a88e90076886460b6c6201b1cc68a34d83e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 17:39:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73260
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5105
x-xss-protection: 0
last-modified: Wed, 30 Oct 2019 10:03:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 17:39:59 GMT

GET
H2 200 EB.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/HTML5Res_2_144_1_0/ Frame 9F57 80 KB
29 KB 50ms
50ms XHR
application/javascript 23.53.42.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/HTML5Res_2_144_1_0/EB.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingScript/EBLoader.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-65.deploy.static.akamaitechnologies.com
Software: / ARR/2.5
Resource Hash: ca91fc2d2db7215cea9e1b04758801c79ffea7e5330d44c42395937e107eebd9

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/index.html?v=_2_144_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 14:00:59 GMT
content-encoding: gzip
last-modified: Wed, 01 Dec 2021 15:34:18 GMT
server
x-powered-by: ARR/2.5
etag: "d822b0e7c8e6d71:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 29060
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H3 200 300x250_atlas_1.png
s0.2mdn.net/sadbundle/8808549699446519882/300x250/images/ Frame D4E5 80 KB
80 KB 27ms
27ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8808549699446519882/300x250/images/300x250_atlas_1.png

Requested by

Host: 910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
URL: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bfcbc31517dc3120e5f562b5ebc1566cecfc8d48f8ab712c0b9506d5e09ff21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8808549699446519882/300x250/300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:08:15 GMT
x-content-type-options: nosniff
age: 6764
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81546
x-xss-protection: 0
last-modified: Wed, 05 May 2021 15:28:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Dec 2022 12:08:15 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C08E 0
23 B 66ms
66ms Ping
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssSDjoqeragwnenGHzoP1m6_zTWJmLc8fDfllFVibSIAC1ozrWhQHRpSXt4WcPooOAb5flqG7oXOgrvsTZrSEN9sB4v7n8pWRvUTix3lKeNs3lovpvtsB7sh21odk4IlzEgpe-lmTbzfmteA8yjvmkd18t3WIaeB48JSVriQMONae8IiLwOQyq-5oiPoegzD1xwVFs6Yk6sMOEqjm_dlRVbaRXOQcMUlPY-joJoax7CtHhaLkwx6vKgwylQ8pX5z2zbbV0LHvsWBBrG1HiqsU_Ib8kSfmgJp5x_XMftQsGoIdAGNySIgmj_xSURdfRloLoyex9RlG_nUWxujOx7cdXVbMeY0sRCLbyHZx_en8xeWmirTi99AjgAQEhhHlT4vV1GVvZsWEOn8aTWAYXn_HaW3_SIo_185lZ-O1Z_QAr-SQPcSMUa8ClVlev_aTy9v_stzedWI8L8jiOdo53TnZ9rBSYkN9uQ-Mr19Q7NO2pYVROVytql_Fgvpxk_6Px9VNqWJooMEMzy5FPe_sT6RfublYbPWnwo-rIO20Xqr9ebK5h9RxSek_TpejEL0vNZF6IlnRmmoUbN9o7U_TPQvpPW0-sbOv5vmMW079CYB6pwnRo0hcTMRD1t6EzwZNTmxz5XwMYVb2UzrMAfoP_iaZ-zw2BJKFjeoxUAza4ThQgelN5LbXFmgPTFjxkpxkpku4tc3A8KJ8rrLKezyeTEzabSBxsHk-kPzZqKwNENg1Z2aM_D0xLjkwM6kDqbUuLNepOt1uwp8cjqdAiXtyhsiUi1Q34Tmbkdfpb24TBJ1MiTzXIuSBaOq8bfYwizPp1D9ZhB4nIHWTbPe2JrOpNw9jwP_37OPW6NNBH04_B0VhnPVDDpRUuEs4qh_35KcsrGb5VMNstTd8qVahdKf9S21qD8cC3CAXxT1pjYk8bNm4Uw3JZub8jlZkULzTHbeV2S3hx5vy4P9DnloK1sUzTYY61tvZ_ppOQV0VkHXiSMJcCU2vN0R_zbX8GVdD64GCw9ZXaJ4x_TWq34j2TOBSVkL3bzpkwPS7G2au8lNHLTAmYN_aDnDe9nrWOwForvY_xBDqN87YLQJOeUwNHxYTt02mlHdATJ9y909Ju3j4FrzUcQgmlIqVTZXMKf16QM51sy-rVzV2td8p4vUjWh24exGPXtSbyEDoMvpg&sai=AMfl-YQOBQlPwRm6ayz_t90JpchP0OwnxCNY3adqcNyGWdZVL0ZpRlY7ujApeKqhwE-XHuip5YBpSLmt7U3ByGUU2clHMAN1yagkgewtxzHexWfiLwWotAaYzuXxYyPUViv1GHgARLor5fiduFakS3Fzz6PSKXNGGCE0FCQTezg&sig=Cg0ArKJSzIAPSP7ic8zjEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=682&vt=11&dtpt=316&dett=3&cstd=363&cisv=r20211207.55932&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/j4sx6af6

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 14:00:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK request_content.php Show response
hal900019.redintelligence.net/ Frame A480 4 KB
2 KB 93ms
31ms Document
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request_content.php?s=46443900095948000707896011804019&a=14afae71
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=74omlawhsoy3&nw=20&renderingType=javascript&namespace=46fc13822d&subid=&uid=cd54cbcc5a7cb069&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChnx4mV2zYZK-GMzJgAeur6P4DILfmZBh0IK23a0K8C4QASD7mLVCYP2CkYToEcgBCakCuz1NvuDysj6oAwGqBOABT9DM3Zemb8MueKu5eqgK-BEeBQvZrMZ_cH6V-Xbm_0qCV1_HwAC6nS0deTLBAi1jRt7tj9fro3BX0Ty8puEzbTFyDgreJWDIwIxY2WA6J-uEWOvdzlyASBkxl7c_QftH7N0ypaeiwIbNJEvKfx9QHYau-iT5-ToWKAMOjehqm9wDkMZ17ZE87DudZ_hYGXpiavvfoQegZyJCsRO0PzoflteJ0dTCFco96AB1cHeyjF3jbT3CDUZS9F04tgmcc-bd-6CG6C1M5WeNm3m3Miodc-l7QG6a9NuOVD_aOopf2jvABNbpmI3HAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMjcyNzA5ODE1MDg1NzM1MoAKA5gLAcgLAYAMAbATlIOzCtATANgTA4gUAdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRodkLB2jBVU4HXhkgrDeBuTnG7ZQ%26sig%3DAOD64_1iFrkj6-VEPEGZv2SR1oI89aQmXQ%26client%3Dca-pub-9070629843129312%26dbm_c%3DAKAmf-Axct6iEqjFK8a-ec-wQ4T5lYf0jwd97u_XZ7qmcHar6wLSfVjnVeNo7PeK5neQGWCLqs7O-kPkvRRN9LdJ2ler1C3IS9stsad3KXOmHiZ7TVh3MpLUYrwJ4x6nJXXzNpEbjtsChyVDoTOXdwnjE-uWjMUOxw%26cry%3D1%26dbm_d%3DAKAmf-DyYdsctWYjvXHzKerY7ESfx05rA8_T6Ljsw9mjc3ionm05Ti5YOxGzaMomePp8RZcQqJnxcNBKcOWvI5bixP2hV-AUHeJz9JrG54Ak1qA6tcw7d73WnvugnImMmzJDkPYT6E81oU06dPsXyXPDzNVgC-zoUzeku6U2wL6yPfl6ricUyyF80eIcUPPtBizWmKefWwLmUdaz079jfHoPpOvBrZx2VDCuVvbdatPUYVhXyhgFYH4EiPsZ33aUIWvt0-y8DwqRXZdH5diT2QFGsYueIEPtBnGpKLIWITaa4j_KPj_Ui7K9p4BLtpZXMvgI2eC_kIvZwaNAiTOJYaNr8_mBjFr7lDSZ1efYe6JLDKTypKNsvlecZwUr5JkoMzn4iYT-0Ghnv5uDgShluhGTzi4fo9qGHdv4P8SmVnST2CKJVXJVEGT_ZefO1qpHzNhyAM4KGUX_%26adurl%3D&documentReferer=https%3A%2F%2Fpastelink.net%2F&ancestorOrigins=https%3A%2F%2Fpastelink.net&random=6253576651689&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 7a6e086ee7f96ebe70258094dbb569ef6ac788d1f485cbc0e67951dfeeba7016

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/

Response headers

Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Fri, 10 Dec 2021 14:00:59 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1527
Connection: close
Content-Type: text/html; charset=utf-8

GET
DATA 200
OK truncated
/ Frame C750 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f744ee31123425cf27713405cb90e62381d461b72a781a6a773a9fea26aca0e2

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 863827042_1566469714.png_1569572582855_863827042_1566469714.png
s0.2mdn.net/dynamic/2/10594415/myproview.io/proview/proviewimg/template/ Frame B551 22 KB
22 KB 27ms
27ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10594415/myproview.io/proview/proviewimg/template/863827042_1566469714.png_1569572582855_863827042_1566469714.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcb546a7d05dcf0a62441d6fca17d8b9d799746a519e3434943ed59279877f1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 17:36:44 GMT
x-content-type-options: nosniff
age: 73455
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22522
x-xss-protection: 0
last-modified: Fri, 27 Sep 2019 08:23:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 17:36:44 GMT

GET
H3 200 435918143_1637078081.jpg_1637190105933_435918143_1637078081.jpg
s0.2mdn.net/dynamic/2/10594415/myproview.io/proview/proviewimg/template/ Frame B551 250 KB
250 KB 32ms
31ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10594415/myproview.io/proview/proviewimg/template/435918143_1637078081.jpg_1637190105933_435918143_1637078081.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b00d7e38fe9bb8e8eed10ea1f208885b84b0c8a1ed0f6ac62f50518cbfb24c03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 17:37:11 GMT
x-content-type-options: nosniff
age: 73428
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255642
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 23:02:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 17:37:11 GMT

GET
H3 200 939102645_1637183191.jpg_1637190105933_939102645_1637183191.jpg
s0.2mdn.net/dynamic/2/10594415/myproview.io/proview/proviewimg/template/ Frame B551 19 KB
19 KB 29ms
29ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10594415/myproview.io/proview/proviewimg/template/939102645_1637183191.jpg_1637190105933_939102645_1637183191.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab9f4a71df9f2ce80c8eac36947d38dfa892510524d3a2c7f1242d591e55083d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/index.html?e=69&leftOffset=0&topOffset=0&c=mXtzuSviRx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 17:37:22 GMT
x-content-type-options: nosniff
age: 73417
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19775
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 23:02:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 17:37:22 GMT

GET
H3 200 subset-Tahoma.woff2
s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/font/ Frame B551 28 KB
28 KB 34ms
34ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/font/subset-Tahoma.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

059dc3e7a408fa4a4b0eb3f2781fb2042338fda144e45bbf000c417a2592de28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/main.css
Origin: https://s0.2mdn.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 17:43:47 GMT
x-content-type-options: nosniff
age: 73032
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28988
x-xss-protection: 0
last-modified: Wed, 30 Oct 2019 10:03:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 17:43:47 GMT

GET
H3 200 subset-HappinessV_TTF.woff2
s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/font/ Frame B551 15 KB
16 KB 41ms
41ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/font/subset-HappinessV_TTF.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acf5ecbbdb7ed4cf43ba55a2ed4544d8c9634ed24c31b58c898b618518c9d234

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61258259/20191030030338949/main.css
Origin: https://s0.2mdn.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 17:43:47 GMT
x-content-type-options: nosniff
age: 73032
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15856
x-xss-protection: 0
last-modified: Wed, 30 Oct 2019 10:03:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 17:43:47 GMT

GET
H/1.1 200
OK 300x250_OMAC_2016_Launch%20(1).jpg
cdn.contentspread.net/24i/advertiser/14265/creativesup/ Frame A480 53 KB
53 KB 144ms
37ms Image
image/jpeg 51.75.147.170
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/14265/creativesup/300x250_OMAC_2016_Launch%20(1).jpg
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=46443900095948000707896011804019&a=14afae71
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3133977.ip-51-75-147.eu
Software: nginx /
Resource Hash: e7c099c985ec85158ceffa3995db2225fe41c5a1676c7b189ce2ad0511d9c42d

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 14:00:59 GMT
Last-Modified: Tue, 16 Feb 2016 10:13:15 GMT
Server: nginx
ETag: "56c2f63b-d397"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 54167

POST
H/1.1 200
OK evt Show response
lm.serving-sys.com/lm/ Frame F626 0
230 B 438ms
103ms XHR
text/plain 3.215.216.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/evt
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_215_3_0/ebHtml5Banner.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.215.216.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-215-216-54.compute-1.amazonaws.com
Software: LogModule 0.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
Access-Control-Allow-Credentials: true
Server: LogModule 0.4
Content-Length: 0
Content-Type: text/plain

GET
H2 200 Serving Show response
bs.serving-sys.com/ Frame F626 24 B
631 B 29ms
29ms XHR
text/html 3.120.90.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving?cn=display&c=40&sessionid=5363855057899102640&ai=1084992934&usercookie=u2=529ffed9-8d1d-46fc-b216-b58c9810519d&oo=0&clsrc=2&clbv=_2_215_3_0&gdprpurposes=1023&dg=1076467955&sdg=1077127289&ctick=561&ord=0.479753682392593
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_215_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.90.180 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-90-180.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 2e7778c6ed3c31a131da378d6e573a1b3b6723037cdeea4c4832da83e60c9399

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
cache-control: private
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
content-length: 24
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H3 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ Frame 9F57 20 KB
20 KB 27ms
27ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:700,regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://secure-ds.serving-sys.com
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:18:02 GMT
x-content-type-options: nosniff
age: 2577
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:44 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 10 Dec 2022 13:18:02 GMT

GET
H3 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ Frame 9F57 19 KB
19 KB 30ms
30ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:700,regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://secure-ds.serving-sys.com
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 07:59:11 GMT
x-content-type-options: nosniff
age: 280908
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 07 Dec 2022 07:59:11 GMT

GET
H/1.1 200
OK viewability Show response
hal900019.redintelligence.net/ Frame A480 0
150 B 95ms
32ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/viewability?s=46443900095948000707896011804019&a=2b379ecb&vb=m
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=46443900095948000707896011804019&a=14afae71
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://hal900019.redintelligence.net/request_content.php?s=46443900095948000707896011804019&a=14afae71
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 14:00:59 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame A480 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

POST
H2 200 adServer.bs
bs.serving-sys.com/Serving/ Frame F626 0
500 B 32ms
32ms Ping
text/html 3.120.90.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&int=1084992934~~0~~1076467955~~5363855057899102640^VsR~0~0~01020~563^VsRAg~0~0~01020~563^AdStart~0~0~01020~667&usercookie=u2=529ffed9-8d1d-46fc-b216-b58c9810519d&rnd=0.09169053872662558&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_215_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.90.180 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-90-180.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 4B3A 42 B
64 B 67ms
66ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstw9U4Hqgt8fRnAx3-1PAp3u16DcrCi1dNfZ5V2z5LLP6FUh6XYG2dc2AonivpCHfUSgpjePcZHGgFUq-FLXJumGGp8ov1jJz8NSUgBdptAZYhQfXXcPw&sai=AMfl-YSHk_P0yP30gcubFDXldsHQqGxwJe2BbDJwUUoU9RBEOX7rVHgDzuShcabKKfuMCLFh4QAp_zqig_bctEzXGJKrXYFlrEu-SNhtt8ezfY9AIK4ShB7WsimLgSPOI_w&sig=Cg0ArKJSzINwJe5WZtp2EAE&id=ampim&o=310,315&d=600,250&ss=1600,1200&bs=1600,1200&mcvt=1057&mtos=0,0,1057,1057,1057&tos=0,0,1057,0,0&tfs=163&tls=1220&g=100&h=100&tt=1220&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=1666686559

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adServer.bs Show response
bs.serving-sys.com/Serving/ Frame F626 0
407 B 29ms
29ms XHR
text/html 3.120.90.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&interactionsStr=$$1084992934~~0~~1076467955~~5363855057899102640%5EActualSize~160x600x0x1x0000x1x1x160x600~0~01020~753$$&usercookie=u2=529ffed9-8d1d-46fc-b216-b58c9810519d&rnd=0.7119340728556671&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_215_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.90.180 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-90-180.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F626 42 B
64 B 62ms
62ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssJw6GSk8JWWdq7rbIvboYNTnT6cbjJkFKTcnjEfH8xuQ2d6sonlkn4Vs7Fatl69evJqSb7F4a9t1yVnn1bA8LoqsgGIFigD2BlCRMRh9VgZD_3UE525g&sai=AMfl-YQyJt8mOq2OH6GNIJU_9ZNiTWbMn4LGQXC8zBeNlk6VOoqgcul3k0GSXlgv2j_zF90GrhT8_2Yssaq8Nt1H2HzfjR08cIbLjM0sRg50nuA-4gDX1b24CilQXI8gWgk&sig=Cg0ArKJSzC0Lo4uNcuzvEAE&cid=CAASFeRomRDqC93N4bBax5IJO5b_UlNgRw&id=lidar2&mcvt=1023&p=575,1190,615,1231&mtos=1023,1023,1023,1023,1023&tos=1023,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2108190548&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639144858634&rpt=465&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C5EE 42 B
64 B 61ms
61ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvgkweKFaPBHVllu9oDU8mMxqVYGup15XrhIgquhE7iYAXkU26mwzw2QpKALmc2Nor5LffFeFumQYa3YkR_IWOqioCKJ-PnOd9ZPTod1bFys5L9B8qxkg&sai=AMfl-YTIE0vnK5qlrF8a7hK1VV826c1IUkxPad5Gu5D0MWoUQlVy-VxonHR1a5BTogZeKoSP07mjgTdRDw1ZmfB7rjSiO4wgZg6KZhvY4bHJYu58SRI58ulwF4N7SLKMMAY&sig=Cg0ArKJSzIqDHCERqLQWEAE&cid=CAASFeRozI_jT5W1s1rrxLiu0-i2w11QKw&id=lidar2&mcvt=1025&p=1105,436,1195,1164&mtos=1025,1025,1025,1025,1025&tos=1025,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3402602959&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639144858594&rpt=527&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AD77 0
20 B 69ms
68ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B-Bhoml2zYcq8Gu-V7_UPgNapuA4AAAAAOAHgBAI&bg=!ISKlImbNAAZKWFskSlg7ACkAdvg8Whmzqk7NYUGhBQfc08W0iB39vPKqvXJ4zBnpCpASN8QOq8h-WwIAAAIpUgAAAFFoAQcKAL2JdW5aue9rHDE0G_hWQxW5sbsQaRFGu60FKdopIWpsd_MmsVwvKHsqU3L4Cgmu0XN1B7ZHCZdszqA-I9vPh4fv8Vmy8bGoKKphmKqv36U1Rol1yB5caq5UcYn14hAuOlcm25oR-A9QxY57_NkqL_uDDxKcMqPZdwTprgdksfzc72olubFBsWJ6eASPa4CF6EL65Jfq81e590KLOQWTOY5mK0k8pPaAY154fVo4zS8GTODq7hh_Phrma0PPElyZAsVJ8ngTzaiAvy7Olq89toLtyAytPksLoC25yrOZ2zqggbMO4-qZYm83xNlDij2wdZ-kmw6SsOPFW9XNULOHIAPqBbWmqt9emZBWpXn89SEczpf_Da19_Ubqm9dJRBy6tsanjxg9HBXUROgCMCIOeQMnSYnUhr08jToc-o7yeiJs2OKyq0bOVhdQ0vBF62t3nybKp2jnJfeUqX8wVna4S_TuMP2EeckLBJ-HK91ILh39OAgwMyXxQ7aKDVTvTbHcIHXtPE47A_rtcQLgsfkiT6vjIxkeX40Xpjc5hbGH0wRHlwIpyUp-H9iZfa4nENmEgKnrBbxvoF5SmKVWPGrbFLylyXQkbfEHj6CteOc24ro7FmCYUcAL57d6CklmG75jYuEnAV7dRaYzapfTf9rhilGIZJWXso3fc7Ct2FDRnHlWi44fJGct_p0cRc3MMWCPEbpnIkLZT-UFURxSzLvE0CmcUY3N_UlgJ7VYWEAyU20ZREimt5aAY65cO4H0TWuTF3_bEvnR4CwWggjsRwOTTqSGkra9a1O9qhrsMZCY4WDrvP8DoqDEruowKKUZl3d0VG55hMh6XnlPGpwJXsdi-fODJPhGP1mena6xDqlArltPp2ijhghK76MISBjhA6gp4R6PQXiEndAvMN6L3a_xoMqPHhNkkwH2nUahwmi_fhB83FKNsR266jnzYRMwKxLhhIpN2rN6u3Yecbyhn7bkHWe0uaPfJstLsLrh77oinfenxWVN8pHGZROx1P8pEV0q6VxKAa26fdDC7LLlXxJ9JO141VW_uxAs8NTKQrj8kAXrW8Dh7vOR7MP7NqieuCttZ9hfTqql_R2lld9GgC_xwEC4qSmKijdUKbn709A2KrWvSdIAd-zEw-xlFfHxs5tBZ9WeNJbLK8ugj4HllFhFL3XTTHlenGW1hbsLQCRcxCLwKkTGX9_V

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D794 0
20 B 67ms
67ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BtVr2ml2zYbHxGu-U7_UP6KCA8AYAAAAAOAHgBAI&bg=!RkWlRQHNAAZKWFskSlg7ACkAdvg8WvLngxlq7pK9HLvVv3miY5DjSKmWt9TZHNDToNpmve4UE3CVXQIAAAIkUgAAAE5oAQeZAtLRAhWedqdk_pwbcCoBn-l1uDGNTkXuK_XfKmd2_vxmK5m7uW2LuFCpM67FZd0qc8Oy3Ojv4OX1ghBk_z2wMtzkP0ibO8rcODPogdudoko1YBmCJDtUPDh5UmlqkVz87yjrpKfJFTY4RhOldI-dyzmbaFxlcVg73KPxEaSwCDmp9aE_b6jI-Z1qS4N91__Rvn4gcFKMLrE6a8vxQglsh868wPWRVXod-P7bxsLT5SeyiRQzQR8MiSDCnn4hlfrBRFg8GItGIFZgci1qG6n_NVzO0GmHQlEcn-9SrFRCOUIzjlAPycTf-VGJy8YJFsStjBMHsUWlKlpukbORVsXPl1UbqP4LQdZZrhjaNpa9fkh-E3RWKNThRBIi0A7FiaHXnajEl6ZlR-2L8_1xu10RbWzYgv2u5boVvOqBVXIlqVVbREhulYwZnTXfQOIeCnjeyvrT3qZ1btfB1Hp7sKakPhyefL7Tw4o-DsZ1xcw80D55FNCqfoMdoGgOf9EA-jwn0pKaeCIwfWowEPt5QcleKXsVAzKuP9dEeiwDZ2JoMGN0lVCXDdPNz3KR2pKwYlSejKcMnr7Pe_FiM_SpUXue_i8a93k-AEc-iuwfZPGeS5O0kCw7qeF_iG52umEo6Y3b2qXOkiZstEQGuo7YjWOyPHqDcENTvh9J8C8Nxmn7LgKvt8e4Hkg89nEO5jvV0b6cniahF3l_T3Gf08FAyFt5pe7nNEx3pKZm7DG8edTLJPlcptA28O2qCqbDJs-CCxctGkL9FFdHYLp_LFqXUp8lVrH4fCdNMrz_crIdH_pXYoe9F7M_Iaa_r8rstK_fdAtqqwD5o48-t8Hg8z0OtYhLYOq9o1RTu4PXBvuXcfqX-llBP37DlhnMSPP2b9Gz2EpJ8_Vqh3fC4HdlcYcd2SOXgR_s83EjZ5CU3b76_ZgVbk-6ZJNHPi-aEOakddjr0-_2WPsJbQ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9672 0
20 B 66ms
66ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bh9Lpml2zYYS5G8LX7gOwxbqQCAAAAAA4AeAEAg&bg=!iomlic3NAAZKWFskSlg7ACkAdvg8Wtdy_Kv8v93iQ9bdwP-E_RLq0t3vw0aUCEBrepwxjNqMVPHQ4wIAAAIeUgAAAC9oAQcKACJMOQVwb8vmGiVqCLRDTvKTYTkr5eRLtGro7BMqx3fbZm6imQK-xS6AbKs3C0JGh4SLIc0wm4oP8NcpCgbGXtPgcYJRvr2eLfM18cRDMb4g53P_1-kmHDsPd_7PQOyzYjJ_l6tUrp2RqJj04jGD8bhYdHEnVOGZsOhUL0Au4V8L9-XffZkoUxx8MEW1CmB-L_tuJvUhUXMdwc7OHQhHL_OL2qq3RB1Md1oJMntdFNZE6nMoF355xnoTriXatcD45XbXYSv8n87_xKTparSrmF25NC9rEIaDqWR43oS299xpIS96amybISOHpph_mgV1gUwhPHH0LLR74mo6486m60mEQK64xjwojwhnF5pznfoIeQ-a4T5RSJrZ8aUdXDzUUPT-0-y1ac_GIVoseXIC3PXYU63GTFmIxr4fYH__pHQse65CAUfAGXthTLRfCJJd-vJbaBEMAZxAgg0BoeAQxsoG7GzlcC6C373xx_OEDQ4dDHDTbylq_wiCyG5VHkR6cu9yOWa-PeccwZQO_O5LMiuqcdDLbM_o52Qe8Wy0YLOxuMbvO78EKHpnYpljuePkpcA6zYRKVRX1TO71Bn6XzLX9qDf88lzQv9xxsYSeZVS1LXH7F5DL7xcsDZW2QksDV21E_S00P0byHs3HoLrvJdZkKbflEkDIF1O7Crzaz7d4lrpTlDTQIfqNmKNatV0GQIxDv6kbOaCMWJrvoLGTRAUgKS2rB2V-DtNk_BfLi2vi-k4DEO7rn6Drq94nsSjqOa3tspViMAvGD5joAUzt9QZuNFo8bTamBjSShOdxub48tHCQU5YS_mNheXQQ9Wy_ikARxxO3MYG2lnmZxwCRNU6qAgyQyL1lYsepjBD75ktRcoGTJ8hmFg6NIf0WbIffW_luJRAYSyWFWObhZqC4ZkiLPBcSJY1WHz-UUS8st-im1ngYZhhZdUAZDd70QoKnOHwBHJM2r1We-pI_C2Y6-QSRZCYr

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C08E 42 B
64 B 60ms
60ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssuuZnaObMmETnSV7-1J4SjTFLpI9ajfa2XZAmnKr9G603oscFJnzupUKf5PDn1CymdrRmsZeaUIYFih5KlCcvRxXyNCs7oNCAyiH2BCl7W1LH4to937A&sai=AMfl-YSKfsBxdXQIarRQ3fOdhLPI0LoCsonPNgj0VCHtL59qIqu0kpDicL8BXs-mtyK8L-j8gGOIQCH6NuYpcc3DNAUMlqRNV9JsJI6oqb0YFAfMQyuEg8LprddhuKZjCpM&sig=Cg0ArKJSzDZmUBPtqXjiEAE&cid=CAASFeRoguT8zH21jjQ7QuulCjE1p75WnQ&id=lidar2&mcvt=1008&p=972,513,1222,813&mtos=0,1008,1008,1008,1008&tos=0,1008,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=0.91&if=1&app=0&itpl=20&adk=2365527928&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639144858620&rpt=560&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 21F8 0
20 B 67ms
66ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJI84ml2zYcHxGpXR7_UPluCTmAUAAAAAOAHgBAI&bg=!ra6lrurNAAZKWFskSlg7ACkAdvg8WqQhzbD0ofx1JlH0nXQoVesLjSrht-rk6J8Yl04Rtj3dCT91-gIAAAHzUgAAABJoAQeZAsUYXIxffofupwKvI6zMr27TIaIluIJl1JsmYBed1p43xRCZi5-K65YDdgeAh6-tsdzflShKJox2aHFSJa7wr3k2UuTQH2H36sBg1QrWrlNCu6c8NKNUj885cnqKL_HWyf-XfhbatD6KUD75vDLBL9Fg2jPQB33z9kjBafyF17IxTWk983ztLaRJc1Hx80e5liaCLB8POp1NHdIuFIrAcNwJLb0vU8bj72iRQVDYk77xD_x4Yu7wdzN-XR-r0MSJydr425mXOzC71FLJ7NUNrF7AZEpp2yI9qUmBHiA-2G9YpMLssmpYTux-RcN8VSLBBKH1gIKPcPY9Mczi1uFIEA3odUhTZs3HEW0SSV93iclcmkw78GSmUfADnd0hDfwalbNvCX-xpivHUX8cNLjWiePhCDbJvhvoLp8xyRvqDxpuwtlQsxS1oshvhRFyO2iPnmYLDpySqwza-EeZKFJStFo2Q3tKC92NOOPRIWM2QkuLKXAwvpq5r06mAoOQQChXx6a0hT_C39NRpecH-HYymZfmvMKJA06ZjxAg9FnnXFXVaguBnfPoynl_KLFXWZsN9xxkLXq-zVSATkdFh_lRo9dQWtQkvXkpBsjKPHVNQoqktzQLhkcYpuZL57B0mRoGuQCb96wyMRBGpYeuO4n4srZ6ZX5qepe__paeWQTh3w4aWf9VgIt9Wfqzb7G0RTKi6QCq_KtRR6RXOMgMsfxwqZiYWehUnwUHwyrqy88L6uwMhID-2OyETnpSRS04sL4ig1bmvS6LkLqg9LULrrJQNQkBW0_B2vwj8WBcKfdd1Kv16OotMDBxKaX_0zcGFMjHySM4WV7Dw9yLFYBOIIVrG9AO-Y7s8FsIuO-qgYxkrh1DmeRDIPMGQVrXgMlFUKh9uVLjmy2jXNIsISe2_N-UssEYPpFIUBkI3rwwGP9o7eUCFzj-UdAI

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6D31 0
20 B 67ms
67ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BisFyml2zYbOtG6ak9u8Pw86P0AwAAAAAOAHgBAI&bg=!s7ClsPTNAAZKWFskSlg7ACkAdvg8Wt0rrYWew37uV5Jttuz7b6oq8mhWtA9XHZZ9di_aZFjI_jc_SgIAAAHtUgAAABVoAQcKAH8PFZdG9kq-HbLjl7awQ0qcDD4JfrJcr7YNRtBMXgpsitIz1Zge4JAuMHzJpFW9uLEZePJCX5Oy1o80PY4EIzCAXx0PTJ6q2lxrH9WR1dCYwMyntQC5YOUsYsY_G1PouyDzg2JepCTWCISfehGMeslAurY2AvDsNOz0gIjgUw-ImQLGwhxAE8ZXiNYWUsLYPnAo-nmwKv0N-AWG2i1IodsrqIqugCJsm0GublBoYhcoSBXaJqngsc-jKRF0slgkt-j6H4iwMx7BD4GbaLdSduwiKTNnu6DPq6qp1DGJeoU14mU55UkBXZhzGbDpOL7HWrnyyr3bC6bXiLPgiNcaSq0RJP7qtsdIIdRbRVkwIyBBQDlY18QeHcgAQ9iEIO0r4lMJe7LT1U5ZAz9T4CeOs2DpLzE-cU2MzS62oeiHP6H8OaSF8lR-zEEMIIQn7Zmak_D8De1FckIXhQU8V40aBxcuPjFOImWouwwCUOkf65G4c5ZC20UlirM4Hbhn1AKilLqDuIliRswy1W-zdFx8R1xy1Ero4aGUv8hlcsSCDpVskHAaLLQ-dHMLU3DWB7GPw0VH85ZH4iGooCW-uIfmfoVxiQ7sXxiwdV82mwaEovbl4a28Ua-ufIeAWw4HZlS_H3ksI9PBeh9p03MzBmPlEu5bwH60rm4-HfXBi_yT8YgPR4LMpNMiH6pTbI62FAk2aTO1es4E2KuCfJh5bA7sT4wo0_tcaH7FchN-Wm8jQxuK4_KNi3yu1na1XtjeUZqzeJUTKCsvHNt8FrfAS4PMvd6wwjTIS8G6UNylCXVfI9hYHgsYNQTuCnAFcYmiCT8oPl19CaLmn7FyylgC7w1SxLUWdMGjbmCuDwdZ3K_8t3izC22Xu7EUVLq3NqipeXbgk8fXJZ8ilKM7xjU3Zr7PjJ1JkrjUkFbicE7eeRiwgzn-LSKWh7RePAMbqYATvoJ7SNnw_h5QsWr014EwhZmAGbHSWgIlwlmkXe4PaJruinNXSGx4W0aHYrNSgQZ9jPeB1EJ6YLNbvgt_YbR9jFpUhED0NcufNM7v8fJ7wvExziH3wQFdIjOsmrBF3Gu6lB3SMV-FGF3o7tRZ_2aEkzvpWN3EM96TGhJlHtk

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:00:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 EMPTY_IMG.png
secure-ds.serving-sys.com/BurstingScript/programmatic/liquidhtml5shells/HDV_v1/ASSETS/ Frame 9F57 924 B
1 KB 49ms
48ms Image
image/png 23.53.42.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/BurstingScript/programmatic/liquidhtml5shells/HDV_v1/ASSETS/EMPTY_IMG.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-65.deploy.static.akamaitechnologies.com
Software: / ARR/2.5
Resource Hash: 028c01f2ab478f7791f974e47cc294e3e8b6363bf1d5a90f58af7f61872e05a5

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/index.html?v=_2_144_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:01:00 GMT
last-modified: Mon, 07 Oct 2013 10:19:56 GMT
server
x-powered-by: ARR/2.5
etag: "06ef7c446c3ce1:0"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 924
expires: Fri, 10 Dec 2021 14:01:00 GMT

POST
H2 200 adServer.bs
bs.serving-sys.com/Serving/ Frame F626 0
509 B 28ms
28ms Ping
text/html 3.120.90.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&int=1084992934~~0~~1076467955~~5363855057899102640^VsIAB~0~0~01020~1754&usercookie=u2=529ffed9-8d1d-46fc-b216-b58c9810519d&rnd=0.0554647068692562&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_215_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.90.180 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-90-180.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 14:01:00 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: https://910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2 200 axerve-02_2.png
secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/ Frame 9F57 18 KB
19 KB 51ms
51ms Image
image/png 23.53.42.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/axerve-02_2.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-65.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: 26bd3b1e56b37800f939f4c6682bffe8111d4a27b021d4b0c8f03ccd63a3802a

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/1073745155/20211001/1076182166/65651558544585575/index.html?v=_2_144_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Xbmm3m5Sbgyz8ofEay9b4pBqDAJdMPVJ
last-modified: Fri, 01 Oct 2021 16:25:15 GMT
server: ATS/7.1.0
x-amz-request-id: H105RCK4GW1Z0JQX
etag: "29050bd34efd7f8325bc953193540fe6"
content-type: image/png
access-control-allow-origin: *
date: Fri, 10 Dec 2021 14:01:02 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 18738
x-amz-id-2: pZAYDVaxIBfLIes3prnxGOe6VO90E1Voip64jssYdWfU7AAniRQIV+6uCTYfAZ3siuhd+SWKSCY=
expires: Mon, 31 Dec 2035 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
pastelink.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: leog2ks5rf1bjb1isnojntdebi
pastelink.net/	1970-01-19 23:19:26	Name: AdvallyUserLocation Value: IT,25
.pastelink.net/	1970-01-20 01:28:40	Name: _gcl_au Value: 1.1.1806427459.1639144857
.pastelink.net/	1970-01-19 23:20:31	Name: _gid Value: GA1.2.901904845.1639144858
.pastelink.net/	1970-01-19 23:19:04	Name: _gat_UA-55088947-2 Value: 1
.pastelink.net/	1970-01-20 16:50:16	Name: _ga_S3DKHVPF03 Value: GS1.1.1639144857.1.0.1639144857.0
pastelink.net/	1970-01-19 23:20:31	Name: plTest Value: false
.pastelink.net/	1970-01-20 16:50:16	Name: _ga Value: GA1.2.353030409.1639144858
.pastelink.net/	1970-01-19 23:19:04	Name: _gat_advallyTrackerpl Value: 1
.pastelink.net/	1970-01-20 08:40:40	Name: __gads Value: ID=624684e028e7f57f-226270e303cd0027:T=1639144857:S=ALNI_MbB9ZDM8Psq8WmCmRnJ7dmq2hpmRA
.doubleclick.net/	1970-01-20 08:40:40	Name: IDE Value: AHWqTUkY5SMO3FinAnmqJZd1rdgKwHl_13jvi-FhZMVljee3lXMhQupX4c64UtveMwk
.adnxs.com/	1970-01-20 01:28:40	Name: uuid2 Value: 8243472691221245917
.imrworldwide.com/	1970-01-20 08:40:40	Name: SSCVER Value: v1
.imrworldwide.com/	1970-01-20 08:40:40	Name: IMRID Value: 99e7fac0-59c1-11ec-9ffc-79328914ac36
.casalemedia.com/	1970-01-20 01:28:40	Name: CMPS Value: 326
.adnxs.com/	1970-01-20 01:28:40	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVLlX=)o!]tbPl1M>e)ZlrFUfJ+tGXxpG_%332aUeO[AdZ?VQ.Q8WXn^`<YZRyjF:(?[bpRzqF1`b_Wz/8im
.casalemedia.com/	1970-01-20 08:04:40	Name: CMID Value: YbNdmihoHu9qDakWgEwXNAAA
.casalemedia.com/	1970-01-20 01:28:40	Name: CMPRO Value: 204
.redintelligence.net/	1970-01-20 01:28:40	Name: 8lcfmzhxc8d6_uid Value: 563788a5884a43d7
.casalemedia.com/	1970-01-20 08:04:40	Name: CMRUM3 Value: 2d61b35d9b2760CAESEA_FDyewCHWoTv4-0TKcLbk
.casalemedia.com/	1970-01-19 23:20:31	Name: CMST Value: YbNdmmGzXZsA
.serving-sys.com/	1970-01-20 01:28:22	Name: u2 Value: 529ffed9-8d1d-46fc-b216-b58c9810519d4Er06g
.serving-sys.com/	1970-01-20 01:28:22	Name: eyeblaster Value: RES=32
.serving-sys.com/	1970-01-20 01:28:22	Name: A6 Value: 10GWSCv+Xs1007uV00001v+Xt

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.
javascript	warning	URL: https://z.moatads.com/publicisespuigdcm372604918178/moatad.js(Line 131) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_215_3_0/ebHtml5Banner.js(Line 100) Message: The devicemotion events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_215_3_0/ebHtml5Banner.js(Line 100) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
network	error	URL: https://data.withcubed.com/c-a-hertz-uk/doubleclick.gif?campaignid=25530054&placementid=297439714&adid=495357832&siteid=2631704&advertiserid=5525017 Message: Failed to load resource: the server responded with a status of 503 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

910090d0f54f5334562d84c0d5276e73.safeframe.googlesyndication.com
adservice.google.com
adservice.google.it
bs.serving-sys.com
cdn.adligature.com
cdn.ampproject.org
cdn.contentspread.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.createjs.com
code.jquery.com
data.withcubed.com
dsum-sec.casalemedia.com
encrypted-tbn0.gstatic.com
encrypted-tbn2.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900019.redintelligence.net
ib.adnxs.com
lm.serving-sys.com
mb.moatads.com
pagead2.googlesyndication.com
pastelink.net
pro.ip-api.com
px.moatads.com
s0.2mdn.net
secure-ds.serving-sys.com
secure-gg.imrworldwide.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
z.moatads.com
138.201.63.165
142.250.184.194
142.250.185.130
142.250.185.162
2001:4de0:ac18::1:a:2a
23.195.249.2
23.202.53.245
23.53.42.65
2606:4700:3035::6815:5d0e
2606:4700::6810:135e
2a00:1450:4001:801::2002
2a00:1450:4001:802::2003
2a00:1450:4001:803::2003
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:810::2001
2a00:1450:4001:810::200e
2a00:1450:4001:811::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2006
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2004
2a00:1450:4001:830::2008
2a00:1450:4001:831::2001
2a01:7e00::f03c:91ff:fe39:1dbe
2a02:26f0:6c00::210:ba2a
3.120.90.180
3.215.216.54
37.252.173.38
51.75.147.170
51.77.64.70
52.19.128.14
52.48.241.99
78.46.90.238
99.81.33.101
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d
01566e4443eb97b261da0e01333dd14094bce3e970faadc3fab65fdb77283723
01b2fc741987677ad0f65d0a51da562add03ef2590ea0e3d1b2d26a80aeb65d0
028c01f2ab478f7791f974e47cc294e3e8b6363bf1d5a90f58af7f61872e05a5
045ee283f419dfcf9bc2486f5fab993357266bc8261157d71b7c825bc8c01516
04bcd86676a40009fe53606bce88edf13537b712f218f9c6057e97c612513092
059dc3e7a408fa4a4b0eb3f2781fb2042338fda144e45bbf000c417a2592de28
0837b1844707a57303320b7d8fb2b6ea63d9891612fc8f0cb10cd526ff557e3a
0a838ff67b58fd38793950650a963eed495ef3b337d0dcfee532b51777a75a7b
0affb5f65a6d6507724252ec9e8ec60bcbf12126ae42c974c67fd5b4ca9e025c
0b7d1ccc71a663f3413622098177e9aa60552203e1155718cfde875fbfb6033f
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c7c5562e74c2d98d787d6684c064814359e651d03579340787754a343906d66
10bf9dda8588fecfe664cd03e0fd6f641e25e482f397e3a3f47dc6f72b19ae04
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc
162a3eebb385684e99a8b624b77189f9b5c38cb51d1b814c1c3a84fc17c324a7
16df8c004e0008ff4acd382ae492e5c024d5160c964b450ecc900cd798e2145e
1ad1e1ff4c6fe8b3ba9034712530214390bb42d682cf0f0f00760d9a9d165ba9
1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107
2430dfb4ab6c1281815f9ddff9e1a979d3417cf033aae788c60501fda6d04714
269bd69d6c1d25e848132ecfb48ec214040e49fd45e444760c3e226ca5fd7962
26bd3b1e56b37800f939f4c6682bffe8111d4a27b021d4b0c8f03ccd63a3802a
29d9e84a57a16dfa31898ca631469fc31f813264c7256aa59a3d0b522e649adb
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
2bfcbc31517dc3120e5f562b5ebc1566cecfc8d48f8ab712c0b9506d5e09ff21
2c243eeac8e9c04aaddb3a8d759ab9b535faf21f7b292e61458ee5e45cb8a02a
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
2e7778c6ed3c31a131da378d6e573a1b3b6723037cdeea4c4832da83e60c9399
34db11d23b1b71496d67661f658d3f0e00bd9537b98c02c32f5b621f838be247
35b5e2d70b5619c516ed7e6e497c525382bf4709a5c3ba987660959440b8ab8f
36d87c41f17e0b41cdf547e49226749ad26ac71d7ea87f6ad220568f9cce8c5f
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
394cac9a51a5d167d738d8bb28d52204c66341f8da4abdbf88dcf8cbe841557f
39c0b8be3e2bd4ecc61b4a789ac1e94d6a6812a15499181634db22e64fe7221c
3d1dc5a0315c29368da5013b12285d0be3d84583620ead17b4f04d363b831f72
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
45e537f73c7a61ff6c759efe45464b7c3f450f70d958d7ddfc92026be4a622e9
46548578ca8a2c7fe261de50083676bbe4ad77babe0be4f2acfa783375e0ca91
475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65
4950c70944f5cddc0d3b7694fb170d6cba3a7d3919ebeb233f2557212a46ecd8
4a8067b8906ce0c35ac472d87d2231ce6cf5ee8af11048b722790f684c1c33c3
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5ae91fe13f17bd08dbfa835ba6128d165dba3c87ed1d3d1619e22e458657d681
5c876829b474ffd8910e806b587e0eef7f749ededf0308f73ad155391f529666
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
61519deaa156f24ad28ae848179016c7cc741270cb7b30043c24bd30203bdaf3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6455adf28715e49245364466d0eec20f4b0ef0882055bf49cf58a1e0563ebdea
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
67a2c89788c446376cb2dc5c6b20eae20e930b3bb42a046acdcf5eb02d33a65f
69bd260690cc0b10ee72cf07d456b512faf59d757b8c4672f107450c6840ef53
6a9777d3d83dbfe0ab03d15242cea1d535861cb690f755a92b342c8bd2788315
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764
783a86ac4764c748fd6e22b57b4831896daca7f66f0dc1af78d783e5764f58d7
7a6e086ee7f96ebe70258094dbb569ef6ac788d1f485cbc0e67951dfeeba7016
7fb8e31a0d819803a63cffdaf450f4ec86aa885418b8148551a2b1bf35b77614
83a94ad8a46a35ec117a480b3d9108764d211f2cf9620f895dd990ac8a7c631e
86441c9a21f4c77dcbb2a4f020d904179f15c8e9b35f3f85d5d053ee62c13232
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
880615098e4a8fa71bedc4b510d6b74145e0528eef749bf4127ee6db7989a1fd
88238ba9ddb1bc1d0f5075399928eefe3b6428e99e5cf83b80a5584eec9ad40d
8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
9c45b8cd6c44fb38cb399a1cd975969a9aed8972e043855bf98b88dc7fd9bb75
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0594f92988fceeb8a77920ab9bf998887599822e747c6f7a989303a3a66db67
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a761f7014b9456efbc4c3ea5e0a9a88e90076886460b6c6201b1cc68a34d83e5
ab9f4a71df9f2ce80c8eac36947d38dfa892510524d3a2c7f1242d591e55083d
acf5ecbbdb7ed4cf43ba55a2ed4544d8c9634ed24c31b58c898b618518c9d234
b00d7e38fe9bb8e8eed10ea1f208885b84b0c8a1ed0f6ac62f50518cbfb24c03
b0939d55dff27ea2ca24040d47216c107ba59e2e2414c19ab1ae9fd54acf98bb
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b19558cc8258296c14b00f2ac0eea0b1a48f623e9a98d7ee82c4dc9b7d67062e
b318fc1e5a27af32428f8eb048090034171125daa5fc756dc36054d63ba995dc
b3de8c45717c786a0f570950637e1be46b05d42fc9faeb456ebecc3c0694c368
b4cceddc30059920c0956673d6663b57473083435da239b8db13638ed1dce9ee
b7bc25656f5ebefd13eae9d704d23affaded6daf7feb00e98202f0144f9b408a
bca75b318e180bbff8ac0c4027db00c0194f5b59dccc48ec843a9c1d57e7cd0a
bcb546a7d05dcf0a62441d6fca17d8b9d799746a519e3434943ed59279877f1f
bcf6c79635689a63a0bab926671698fdeb8718d1f8095c403f8ce572bc3fdc6d
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
c5aec13eb55f7a72f29ae7eb7669db1cedebc6e8e53611e002d538bf14304edd
c70812d188585befd817f0768951ca4e030d3afe20ee7cf05fbe98e81090e68d
ca91fc2d2db7215cea9e1b04758801c79ffea7e5330d44c42395937e107eebd9
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0f60934841b0571563e838119e38f8cf5fb22aacf8ff77cfe8e6086bd7f5015
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
d9b5e39ed853660559e07aca1b5a1eb85776268b619f0d482571e64a41bd21b1
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e7c099c985ec85158ceffa3995db2225fe41c5a1676c7b189ce2ad0511d9c42d
ebd635d843d43673dd737988e3383b01614cfca991785e481a47e7bd6b8aea17
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f744ee31123425cf27713405cb90e62381d461b72a781a6a773a9fea26aca0e2
fdbbe9b47d53b06db4b606bacfead067500a7e064b8cfc786854adb8fd374e30
fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

pastelink.net Open in urlscan Pro 2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

202 Requests

90 %HTTPS

57 %IPv6

25 Domains

39 Subdomains

38 IPs

8 Countries

3135 kBTransfer

7003 kBSize

24 Cookies

20 Outgoing links

Redirected requests

202 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pastelink.net Open in urlscan Pro
2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

Screenshot
Live screenshot

Full Image

202
Requests

90 %
HTTPS

57 %
IPv6

25
Domains

39
Subdomains

38
IPs

8
Countries

3135 kB
Transfer

7003 kB
Size

24
Cookies

202 HTTP transactions
9 data transactions