pastelink.net Open in urlscan Pro
178.79.155.87  Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

• https://ad5.ad-srv.net/request.php?zone=zr646oidn2r7&nw=14&renderingType=javascript&namespace=33e9f0bf04&subid=&uid=ac4834effbdd0027&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D195002%2526t%253D1633026757892%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D615602c5-0006-3bcc-0a77-a1c2d80c488a%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2558269640031&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
• https://ad5.ad-srv.net/request.php?zone=zr646oidn2r7&nw=14&renderingType=javascript&namespace=33e9f0bf04&subid=&uid=ac4834effbdd0027&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D195002%2526t%253D1633026757892%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D615602c5-0006-3bcc-0a77-a1c2d80c488a%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2558269640031&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 53

• https://www.awin1.com/cshow.php?s=2470167&v=11354&q=371933&r=278235&pv=1&pref1=20434400213707803260108011733005&gdpr=-1&gdpr_consent= HTTP 302
• https://www.zenaps.com/cshow.php?pvr=c9d1a0b1-221c-11ec-855b-692d0ae1a3be&v=11354&r=278235&q=371933&s=2470167&viewref=20434400213707803260108011733005&pv=1&gdpr=-1&gdpr_consent= HTTP 302
• https://www.conrad.de/ztpv.php?awc=11354_278235_1633026758_c9d1a0b1-221c-11ec-855b-692d0ae1a3be&insert=AW

Request Chain 63

• https://www.awin1.com/cshow.php?s=2548147&v=14098&q=379099&r=278235&pv=0&pref1=20434400213707803260108011733005&gdpr=-1&gdpr_consent= HTTP 302
• https://media.kaspersky.com/de/affiliates/21_Q3_B2C_EU_DACH_DE_KIS-promo_20-euros_Affiliates_120x60.png

Request Chain 64

• https://www.awin1.com/cshow.php?s=2470167&v=11354&q=371933&r=278235&pref1=20434400213707803260108011733005&gdpr=-1&gdpr_consent= HTTP 302
• https://www.zenaps.com/cshow.php?pvr=c9e06dc0-221c-11ec-a5f3-692d0d349c1f&v=11354&r=278235&q=371933&s=2470167&viewref=20434400213707803260108011733005&gdpr=-1&gdpr_consent= HTTP 302
• https://asset.conrad.com/media10/isa/160267/c1/-/de/Bosch2021_120x60?format=gif

76 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 3idm3 Show response pastelink.net/	15 KB 6 KB	96ms 58ms	Document text/html	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://pastelink.net/3idm3 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 804ed1193e7cc5f70ba79204c21dbaff8dad7feb2c7a303ba78a52fc99209d98 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :method GET :authority pastelink.net :scheme https :path /3idm3 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers server nginx date Thu, 30 Sep 2021 18:32:36 GMT content-type text/html; charset=UTF-8 set-cookie PHPSESSID=pl4f1th0399nh894bjbrghjr22; secure; HttpOnly expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip
GET H2	200	css2 fonts.googleapis.com/	5 KB 1 KB	80ms 31ms	Stylesheet text/css	142.250.185.170 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap Requested by Host: pastelink.net URL: https://pastelink.net/3idm3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.170 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s51-in-f10.1e100.net Software ESF / Resource Hash 2c243eeac8e9c04aaddb3a8d759ab9b535faf21f7b292e61458ee5e45cb8a02a Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Thu, 30 Sep 2021 18:24:15 GMT server ESF date Thu, 30 Sep 2021 18:32:36 GMT x-frame-options SAMEORIGIN report-to {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cross-origin-opener-policy-report-only same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU" expires Thu, 30 Sep 2021 18:32:36 GMT
GET H2	200	styles.css pastelink.net/assets/css/	204 KB 205 KB	35ms 34ms	Stylesheet text/css	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://pastelink.net/assets/css/styles.css?q=11 Requested by Host: pastelink.net URL: https://pastelink.net/3idm3 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 786a262a3e8d693266fef93aac0809d2a71fa7a21bf92265cc92adbeffaa520e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/css/styles.css?q=11 pragma no-cache cookie PHPSESSID=pl4f1th0399nh894bjbrghjr22 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority pastelink.net referer https://pastelink.net/3idm3 :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/3idm3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT last-modified Wed, 29 Sep 2021 17:20:37 GMT server nginx etag "6154a065-33155" strict-transport-security max-age=31536000; includeSubDomains content-type text/css accept-ranges bytes content-length 209237
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 30 KB	45ms 15ms	Script application/javascript	69.16.175.42 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: pastelink.net URL: https://pastelink.net/3idm3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 69.16.175.42 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS tlb.hwcdn.net Software nginx / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Request headers Referer https://pastelink.net/ Origin https://pastelink.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT content-encoding gzip last-modified Tue, 02 Mar 2021 17:27:20 GMT server nginx etag W/"603e7578-15d9d" vary Accept-Encoding x-hw 1633026756.dop204.am5.t,1633026756.cds285.am5.hn,1633026756.cds007.am5.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30875
GET H2	200	script.min.js Show response pastelink.net/assets/js/	28 KB 28 KB	17ms 17ms	Script application/javascript	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://pastelink.net/assets/js/script.min.js?q=11 Requested by Host: pastelink.net URL: https://pastelink.net/3idm3 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 2b2e8ad8a0b06bf9d1d6ced93dffc2699fb7c7f241c8ed45a662934988a30899 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/js/script.min.js?q=11 pragma no-cache cookie PHPSESSID=pl4f1th0399nh894bjbrghjr22 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority pastelink.net referer https://pastelink.net/3idm3 :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/3idm3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT last-modified Wed, 29 Sep 2021 17:08:16 GMT server nginx etag "61549d80-7019" strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript accept-ranges bytes content-length 28697
GET H2	200	js.cookie.min.js Show response cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/	2 KB 2 KB	141ms 25ms	Script application/javascript	104.16.18.94 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/js.cookie.min.js Requested by Host: pastelink.net URL: https://pastelink.net/3idm3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 4795326 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 772 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:49 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec5-6d7" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O2tzjD7Ri1Bis886r2Pdku2fsufjmlXSeOdDtpcI2Mc2vwo4dajLAy5hYp9phCMpVE8ahe63IqNnT8G2QUrqK2iJe4ule8VSIIiEq85MTEQ9QBZ4EhrCDtq%2FhS4pn%2FUBl%2FvkuxWZ"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 696f88ee2b558745-DUS expires Tue, 20 Sep 2022 18:32:36 GMT
GET H2	200	rules.js Show response cdn.adligature.com/pl/prod/	10 KB 3 KB	74ms 26ms	Script application/javascript	172.67.202.177 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.adligature.com/pl/prod/rules.js Requested by Host: pastelink.net URL: https://pastelink.net/3idm3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.202.177 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f18593001268185c09b17ddcde4473f6e1d53784a2106c947c12d820c9b42164 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-goog-hash crc32c=tgozrA==, md5=AnaMM6+JGnRpWysQgZU+QQ== date Thu, 30 Sep 2021 18:32:36 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 335 cf-polished origSize=18166 x-guploader-uploadid ADPycdu1jWGXMHkiNP0-zU2ckwtSosfEHbSzgZlAi1DCbVjR0Wcl8w3o54kMPX7pbdJf7A6EE0syXtq5qVbLfQVw5wLPNPPbVA x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding identity cf-bgj minify alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Wed, 29 Sep 2021 13:35:41 GMT server cloudflare etag W/"02768c33af891a74695b2b1081953e41" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iO5NSQ1fNArU6GBlHRixXlpLypP%2BRsatYb5d23mPNkUh%2FgHdXBcqbaYr2kIcGXwZaD8W%2B5M62jGXHgyAzJceu40e0nvZd7DfUoIU8AX6uiKtVe98sF1MTQBVNSB11kWNZJQclW4%3D"}],"group":"cf-nel","max_age":604800} x-goog-generation 1632922541848632 content-type application/javascript cache-control public, max-age=1800, s-maxage=600, must-revalidate x-goog-stored-content-length 18166 cf-ray 696f88edbed3047a-CDG expires Thu, 30 Sep 2021 18:37:01 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/	850 B 986 B	102ms 51ms	Script text/javascript	142.250.186.68 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: pastelink.net URL: https://pastelink.net/3idm3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.68 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f4.1e100.net Software GSE / Resource Hash 88c349655965378a1ae1ddab992925241eb9fcc60d9aa44f7ba5c6737862ab2a Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 552 x-xss-protection 1; mode=block expires Thu, 30 Sep 2021 18:32:36 GMT
GET H2	200	pastelinknet4.jpg pastelink.net/assets/images/	12 KB 12 KB	18ms 17ms	Image image/jpeg	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://pastelink.net/assets/images/pastelinknet4.jpg Requested by Host: pastelink.net URL: https://pastelink.net/3idm3 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 262b2a0bae52d6afe2f44127d9e9bf02205ad9d02d6be840f0b8440a45db0f19 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/images/pastelinknet4.jpg pragma no-cache cookie PHPSESSID=pl4f1th0399nh894bjbrghjr22 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority pastelink.net referer https://pastelink.net/3idm3 :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/3idm3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT last-modified Thu, 27 May 2021 10:51:09 GMT server nginx etag "60af799d-2ffc" strict-transport-security max-age=31536000; includeSubDomains content-type image/jpeg accept-ranges bytes content-length 12284
GET H2	200	public.png pastelink.net/assets/images/	609 B 775 B	18ms 17ms	Image image/png	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://pastelink.net/assets/images/public.png Requested by Host: pastelink.net URL: https://pastelink.net/3idm3 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 04bcd86676a40009fe53606bce88edf13537b712f218f9c6057e97c612513092 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/images/public.png pragma no-cache cookie PHPSESSID=pl4f1th0399nh894bjbrghjr22 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority pastelink.net referer https://pastelink.net/3idm3 :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/3idm3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT last-modified Thu, 27 May 2021 10:51:10 GMT server nginx etag "60af799e-261" strict-transport-security max-age=31536000; includeSubDomains content-type image/png accept-ranges bytes content-length 609
GET H2	200	gtm.js Show response www.googletagmanager.com/	184 KB 63 KB	100ms 48ms	Script application/javascript	142.250.184.232 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ Requested by Host: pastelink.net URL: https://pastelink.net/3idm3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.232 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s12-in-f8.1e100.net Software Google Tag Manager / Resource Hash 6826205cc863243f5948d8df7ea33f6e40fbebbc0341a3421a164504050bb495 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 64450 x-xss-protection 0 last-modified Thu, 30 Sep 2021 18:16:57 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 30 Sep 2021 18:32:36 GMT
GET H2	200	advally-4.9.0.js Show response cdn.adligature.com/rules.js/	90 KB 24 KB	26ms 25ms	Script application/javascript	172.67.202.177 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.adligature.com/rules.js/advally-4.9.0.js Requested by Host: cdn.adligature.com URL: https://cdn.adligature.com/pl/prod/rules.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.202.177 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f25ed4c338ba6446a9c49918a9e28319ed82b6f4a0e3c5fb786dd24bf15d910c Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-goog-hash crc32c=cvAFKA==, md5=l6UculQb/yE/5uQ56cMXbw== date Thu, 30 Sep 2021 18:32:36 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2726 cf-polished origSize=153474 x-guploader-uploadid ADPycdtKw_WLZmsJ5pA7P_12MDQx8BMa6OtXteQUVjjJiVR8O3DbPkJJr1dneu3oCuF4Hlo1bv5vlCqpstI8rLnTDaD5CVPvsg x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding identity cf-bgj minify alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Tue, 28 Sep 2021 18:01:38 GMT server cloudflare etag W/"97a51cba541bff213fe6e439e9c3176f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yxBL%2B2JYUfV5Pp4nTkTvWiTO53MLBuSBo3jXcpbJ6pWDDOBC1kTn%2B5y8bATxcZa5SOrRzIuHNXOMkmt3yMJTyTDPUyuR1nbM6LDSBewhkgr95kgLb%2FLSyblxWgAIRmAVOEel%2BTk%3D"}],"group":"cf-nel","max_age":604800} x-goog-generation 1632852098714888 content-type application/javascript cache-control public, max-age=7200, s-maxage=7200, must-revalidate x-goog-stored-content-length 153474 cf-ray 696f88ee5f82047a-CDG expires Thu, 30 Sep 2021 19:47:10 GMT
GET H2	200	debut_light.png pastelink.net/assets/images/	4 KB 4 KB	17ms 17ms	Image image/png	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://pastelink.net/assets/images/debut_light.png Requested by Host: pastelink.net URL: https://pastelink.net/assets/css/styles.css?q=11 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/images/debut_light.png pragma no-cache cookie PHPSESSID=pl4f1th0399nh894bjbrghjr22 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority pastelink.net referer https://pastelink.net/assets/css/styles.css?q=11 :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/assets/css/styles.css?q=11 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT last-modified Thu, 27 May 2021 10:51:09 GMT server nginx etag "60af799d-10c8" strict-transport-security max-age=31536000; includeSubDomains content-type image/png accept-ranges bytes content-length 4296
GET H2	200	flag-sprite.png pastelink.net/assets/images/Sprited/	2 KB 2 KB	17ms 17ms	Image image/png	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://pastelink.net/assets/images/Sprited/flag-sprite.png Requested by Host: pastelink.net URL: https://pastelink.net/assets/css/styles.css?q=11 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 75c9229eaae99e45db8d475cb5adebde4c5ed7457d2dfcc43060129e4dff8c7f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/images/Sprited/flag-sprite.png pragma no-cache cookie PHPSESSID=pl4f1th0399nh894bjbrghjr22 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority pastelink.net referer https://pastelink.net/assets/css/styles.css?q=11 :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/assets/css/styles.css?q=11 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT last-modified Wed, 29 Sep 2021 15:26:32 GMT server nginx etag "615485a8-623" strict-transport-security max-age=31536000; includeSubDomains content-type image/png accept-ranges bytes content-length 1571
GET H2	200	arrow-down-blue.svg pastelink.net/assets/images/	239 B 409 B	17ms 17ms	Image image/svg+xml	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://pastelink.net/assets/images/arrow-down-blue.svg Requested by Host: pastelink.net URL: https://pastelink.net/assets/css/styles.css?q=11 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/images/arrow-down-blue.svg pragma no-cache cookie PHPSESSID=pl4f1th0399nh894bjbrghjr22 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority pastelink.net referer https://pastelink.net/assets/css/styles.css?q=11 :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/assets/css/styles.css?q=11 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT last-modified Wed, 29 Sep 2021 15:26:32 GMT server nginx etag "615485a8-ef" strict-transport-security max-age=31536000; includeSubDomains content-type image/svg+xml accept-ranges bytes content-length 239
GET H2	200	sprites.png pastelink.net/assets/images/	4 KB 4 KB	17ms 17ms	Image image/png	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://pastelink.net/assets/images/sprites.png Requested by Host: pastelink.net URL: https://pastelink.net/assets/css/styles.css?q=11 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 736e1679b341206c435156f566998d48ad309ec22e277c12da51973bb42671c3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/images/sprites.png pragma no-cache cookie PHPSESSID=pl4f1th0399nh894bjbrghjr22 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority pastelink.net referer https://pastelink.net/assets/css/styles.css?q=11 :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/assets/css/styles.css?q=11 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT last-modified Thu, 27 May 2021 10:51:10 GMT server nginx etag "60af799e-e11" strict-transport-security max-age=31536000; includeSubDomains content-type image/png accept-ranges bytes content-length 3601
GET H2	200	pxiEyp8kv8JHgFVrJJfecg.woff2 fonts.gstatic.com/s/poppins/v15/	8 KB 8 KB	53ms 17ms	Font font/woff2	172.217.23.99 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.23.99 , United States, ASN15169 (GOOGLE, US), Reverse DNS mil04s23-in-f3.1e100.net Software sffe / Resource Hash 41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://pastelink.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 28 Sep 2021 04:13:09 GMT x-content-type-options nosniff age 224367 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7900 x-xss-protection 0 last-modified Thu, 05 Nov 2020 22:02:01 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 28 Sep 2022 04:13:09 GMT
GET H2	200	JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2 fonts.gstatic.com/s/montserrat/v18/	19 KB 19 KB	64ms 28ms	Font font/woff2	172.217.23.99 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.23.99 , United States, ASN15169 (GOOGLE, US), Reverse DNS mil04s23-in-f3.1e100.net Software sffe / Resource Hash 61519deaa156f24ad28ae848179016c7cc741270cb7b30043c24bd30203bdaf3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://pastelink.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 28 Sep 2021 04:00:09 GMT x-content-type-options nosniff age 225147 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19824 x-xss-protection 0 last-modified Tue, 10 Aug 2021 00:20:37 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 28 Sep 2022 04:00:09 GMT
GET H2	200	pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 fonts.gstatic.com/s/poppins/v15/	8 KB 8 KB	55ms 19ms	Font font/woff2	172.217.23.99 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.23.99 , United States, ASN15169 (GOOGLE, US), Reverse DNS mil04s23-in-f3.1e100.net Software sffe / Resource Hash d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://pastelink.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 24 Sep 2021 04:53:27 GMT x-content-type-options nosniff age 567549 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7776 x-xss-protection 0 last-modified Thu, 05 Nov 2020 22:01:55 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 24 Sep 2022 04:53:27 GMT
GET H/1.1	200 OK	/ Show response pro.ip-api.com/csv/	6 B 154 B	38ms 9ms	XHR text/plain	51.77.64.70 OVH
General Check archive.org Show headers Download Go to Full URL https://pro.ip-api.com/csv/?key=ZxSSLwZtxrKxQbv&fields=countryCode,region Requested by Host: cdn.adligature.com URL: https://cdn.adligature.com/rules.js/advally-4.9.0.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.77.64.70 , Germany, ASN16276 (OVH, FR), Reverse DNS de-fra-1.pro.ip-api.com Software / Resource Hash 70eed4ae4f6f16678d18c5a3ffe7fa5ce9fc9595f16dcb1b8f730284d59d7a9d Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Thu, 30 Sep 2021 18:32:36 GMT Content-Length 6 Content-Type text/plain; charset=utf-8
GET H2	200	gpt.js Show response securepubads.g.doubleclick.net/tag/js/	73 KB 26 KB	97ms 36ms	Script text/javascript	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/tag/js/gpt.js Requested by Host: cdn.adligature.com URL: https://cdn.adligature.com/rules.js/advally-4.9.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software sffe / Resource Hash a5edb367071f73bdebe3dfcd48c3d8969d4cf9144f8db16d9f6f98d0f16114ea Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:36 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1002 / 461 of 1000 / last-modified: 1633013494" vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 25727 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Thu, 30 Sep 2021 18:32:36 GMT
GET H3	200	prebid-4.43.4.js Show response cdn.adligature.com/prebid/	444 KB 133 KB	38ms 38ms	Script application/javascript	172.67.202.177 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.adligature.com/prebid/prebid-4.43.4.js Requested by Host: cdn.adligature.com URL: https://cdn.adligature.com/rules.js/advally-4.9.0.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.202.177 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4acafe4daf8d989eec849bdd8c025b2cda63bd1c3a91edaea56f948d04fd98a8 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-goog-hash crc32c=msxAWQ==, md5=z5RQdZzuWEiAct3OzqDEfQ== date Thu, 30 Sep 2021 18:32:36 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 385 cf-polished origSize=454478 x-guploader-uploadid ADPycdsNtVwitsbcOK1AfVBykN7LpiIIROyEyfE_cJLd0kkn_5wZ70Dc8TojGXSHS3mOKGaF1VaFqWO0P9buahWTUBs x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Tue, 24 Aug 2021 12:17:06 GMT server cloudflare etag W/"cf9450759cee58488072ddcecea0c47d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xwWa8NxqYxljQOy4GJjKYrq%2BYAnWZl6KNXjljdmvNw7ji1Zum%2F2GdA0f7P8iIyB%2BMIkQ2B%2Btg5CoMUdHOvFfIcD69hEZrzb%2FZywewAQD6HWgYt4q%2BU7eWF6ePmPcxZqrfxeGZ1U%3D"}],"group":"cf-nel","max_age":604800} content-language en x-goog-generation 1629807426503184 content-type application/javascript expires Thu, 30 Sep 2021 18:36:11 GMT cache-control public, max-age=1800, s-maxage=600, must-revalidate x-goog-stored-content-length 454478 cf-ray 696f88ee9d13ee8d-CDG cf-bgj minify
GET H2	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/-TriQeni1Ls-Mdq_ssN2cUL5/	346 KB 136 KB	92ms 25ms	Script text/javascript	142.250.185.131 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/-TriQeni1Ls-Mdq_ssN2cUL5/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.131 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f3.1e100.net Software sffe / Resource Hash b0236d5c7c5a438a04858e85fe41d24cdcc0cf55a99a45cd2dc36bef08905980 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://pastelink.net/ Origin https://pastelink.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:14:51 GMT content-encoding gzip x-content-type-options nosniff age 1065 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 138353 x-xss-protection 0 last-modified Mon, 27 Sep 2021 04:02:11 GMT server sffe vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="recaptcha" expires Fri, 30 Sep 2022 18:14:51 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	125 KB 49 KB	64ms 36ms	Script application/javascript	142.250.184.232 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.232 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s12-in-f8.1e100.net Software Google Tag Manager / Resource Hash 09a45d9338cbe1ca698c5cc4a0267ac25bec918d6e8a9554e836f6d136911232 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:37 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 49797 x-xss-protection 0 expires Thu, 30 Sep 2021 18:32:37 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	48 KB 20 KB	78ms 23ms	Script text/javascript	142.250.185.78 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f14.1e100.net Software Golfe2 / Resource Hash fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 11 Aug 2021 00:32:57 GMT server Golfe2 age 6340 date Thu, 30 Sep 2021 16:46:57 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19747 expires Thu, 30 Sep 2021 18:46:57 GMT
GET H3	200	pubads_impl_2021092201.js Show response securepubads.g.doubleclick.net/gpt/	336 KB 118 KB	69ms 37ms	Script text/javascript	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062996 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software sffe / Resource Hash 9a9a466cd927c64b4e9b81e29beec7d80422fb985b26a1ec038abea10c74c1eb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:37 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 120420 x-xss-protection 0 last-modified Wed, 22 Sep 2021 08:37:52 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Thu, 30 Sep 2021 18:32:37 GMT
GET H3	200	ppub_config Show response securepubads.g.doubleclick.net/pagead/	70 B 97 B	59ms 31ms	XHR application/json	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pastelink.net Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software cafe / Resource Hash 39c0b8be3e2bd4ecc61b4a789ac1e94d6a6812a15499181634db22e64fe7221c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Thu, 30 Sep 2021 18:32:37 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private, max-age=3600, stale-while-revalidate=3600 cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 72 x-xss-protection 0 expires Thu, 30 Sep 2021 18:32:37 GMT
POST H3	204	collect www.google-analytics.com/g/	0 17 B	71ms 37ms	Ping text/plain	142.250.185.78 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oe9r0&_p=1730393472&sr=1600x1200&ul=en-us&cid=497148142.1633026757&_s=1&dl=https%3A%2F%2Fpastelink.net%2F3idm3&dt=Want%20To%20Step%20Up%20Your%20Upvc%20Door%20Repair%3F%20You%20Need%20To%20Read%20This%20First%20-%20Pastelink.net&sid=1633026757&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f14.1e100.net Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://pastelink.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Thu, 30 Sep 2021 18:32:37 GMT server Golfe2 content-type text/plain access-control-allow-origin https://pastelink.net cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	1 B 21 B	57ms 37ms	XHR text/plain	142.250.185.78 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1730393472&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F3idm3&ul=en-us&de=UTF-8&dt=Want%20To%20Step%20Up%20Your%20Upvc%20Door%20Repair%3F%20You%20Need%20To%20Read%20This%20First%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAAC~&jid=1733593269&gjid=700135467&cid=497148142.1633026757&tid=UA-55088947-2&_gid=1437020280.1633026757&_r=1&gtm=2wg9r055WHPWQ&z=776348646 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f14.1e100.net Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://pastelink.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Thu, 30 Sep 2021 18:32:37 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://pastelink.net cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	2 B 22 B	37ms 37ms	XHR text/plain	142.250.185.78 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j93&aip=1&a=1730393472&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F3idm3&ul=en-us&de=UTF-8&dt=Want%20To%20Step%20Up%20Your%20Upvc%20Door%20Repair%3F%20You%20Need%20To%20Read%20This%20First%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABAAAAAC~&jid=448659113&gjid=196295624&cid=497148142.1633026757&tid=UA-197326395-9&_gid=1437020280.1633026757&_r=1&_slc=1&z=74801962 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f14.1e100.net Software Golfe2 / Resource Hash a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://pastelink.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Thu, 30 Sep 2021 18:32:37 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://pastelink.net cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET DATA	200 OK	truncated /	346 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ebd635d843d43673dd737988e3383b01614cfca991785e481a47e7bd6b8aea17 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H2	200	integrator.js Show response adservice.google.de/adsid/	107 B 853 B	68ms 25ms	Script application/javascript	172.217.16.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=pastelink.net Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062996 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s46-in-f2.1e100.net Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Thu, 30 Sep 2021 18:32:37 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 570 B	93ms 35ms	Script application/javascript	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=pastelink.net Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062996 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Thu, 30 Sep 2021 18:32:37 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	21 KB 8 KB	524ms 524ms	XHR text/plain	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4044904180936556&correlator=3138086896184617&output=ldjh&impl=fifs&eid=31062996%2C31061165%2C31062931&vrg=2021092201&ptt=17&sc=1&sfv=1-0-38&ecs=20210930&iu_parts=22405481091%2Cpastelink.net%2CBottom_adhesion_banner%2CTop_leaderboard%2CInline_banner%2CSidebar_MPU&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F4%2C%2F0%2F1%2F4%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5&prev_iu_szs=728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C160x600&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1633026757&dt=1633026757234&dlt=1633026756687&idt=475&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C246%2C281%2C281%2C281%2C281%2C1119&adys=1104%2C307%2C609%2C955%2C1324%2C1647%2C355&adks=3402602959%2C2883060502%2C4220404771%2C4220404772%2C4220404773%2C4220404774%2C2108190548&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fpastelink.net%2F3idm3&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1%7C797x270%7C757x90%7C757x90%7C757x90%7C757x90%7C197x652&msz=728x-1%7C797x-1%7C728x-1%7C728x-1%7C728x-1%7C728x-1%7C160x-1&ga_vid=497148142.1633026757&ga_sid=1633026757&ga_hid=1730393472&ga_fc=false&fws=516%2C4%2C4%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600&btvi=0%7C0%7C0%7C0%7C1%7C2%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062996 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software cafe / Resource Hash 920a12cbcc6731a9eaffa86cc3e78ddfab1967cfd48bf1662043cb17a6fd3a75 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:37 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2,-2,-2,-2,-2,-2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8552 x-xss-protection 0 google-lineitem-id -2,-2,-2,-1,-2,-2,-2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2,-2,-2,-1,-2,-2,-2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://pastelink.net cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html Show response a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3DF7	6 KB 4 KB	99ms 32ms	Document text/html	142.250.186.65 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062996 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.65 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f1.1e100.net Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://pastelink.net/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} timing-allow-origin * content-length 3108 date Thu, 30 Sep 2021 18:32:37 GMT expires Fri, 30 Sep 2022 18:32:37 GMT cache-control public, immutable, max-age=31536000 last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	container.html Show response a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6BC0	6 KB 3 KB	57ms 26ms	Document text/html	142.250.186.65 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062996 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.65 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f1.1e100.net Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://pastelink.net/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} timing-allow-origin * content-length 3108 date Thu, 30 Sep 2021 18:32:37 GMT expires Fri, 30 Sep 2022 18:32:37 GMT last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, immutable, max-age=31536000 age 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	osd.js Show response www.googletagservices.com/activeview/js/current/	72 KB 28 KB	89ms 33ms	Script text/javascript	142.250.185.162 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/osd.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062996 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s51-in-f2.1e100.net Software sffe / Resource Hash c72976d3b4c427a85952b5cea1ad2efafcc4b2dc6fdd9ef5a505e5e582e62928 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:37 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 27601 x-xss-protection 0 server sffe etag "1632957222552500" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="active-view-scs-read-write-acl" expires Thu, 30 Sep 2021 18:32:37 GMT
GET H2	200	sodar Show response pagead2.googlesyndication.com/getconfig/	11 KB 9 KB	96ms 37ms	XHR application/json	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021092201&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062996 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software cafe / Resource Hash 41ad80080ae3037c7392634aca46ba78ac4be50556effda7194e03a58c169b47 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Thu, 30 Sep 2021 18:32:37 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8516 x-xss-protection 0
GET H3	200	adview securepubads.g.doubleclick.net/pagead/ Frame 6BC0	0 0	48ms 48ms	Fetch text/html	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/adview?ai=CV_cXxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBMsBT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWeZGyqFilqdflFIR4stAIT8JeTgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItMTc1MDg1NjIzOTIwNDQxNBj63nw&sigh=qhFfSq4dC6M Requested by Host: pastelink.net URL: https://pastelink.net/3idm3 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H/1.1	200	Cookie set ShowAd Show response brain.rvty.net/RTB/ Frame 2849	2 KB 2 KB	39ms 11ms	Document text/html	89.163.211.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= Requested by Host: a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com URL: https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash f623f7e163e7c1715a8f14f951e57afee3b56bcb4dbce50f82579d8558b0588f Request headers Host brain.rvty.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/ Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/ Response headers Server nginx/1.13.4 Date Thu, 30 Sep 2021 18:32:37 GMT Content-Type text/html;charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie RTBUserId=fd9b96d4-e685-43a8-b8bb-02f43e365236; path=/; SameSite=None; secure; Expires=Fri, 30 Sep 2022 20:32:37 CEST RTBUserId-Old=fd9b96d4-e685-43a8-b8bb-02f43e365236; path=/; secure; Expires=Fri, 30 Sep 2022 20:32:37 CEST RTBUserId-Plain=fd9b96d4-e685-43a8-b8bb-02f43e365236; path=/; Expires=Fri, 30 Sep 2022 20:32:37 CEST P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Content-Encoding gzip
GET H2	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 6BC0	3 KB 1 KB	88ms 31ms	Script text/javascript	142.250.184.193 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/window_focus_fy2019.js Requested by Host: a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com URL: https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.193 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f1.1e100.net Software cafe / Resource Hash c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:27:07 GMT content-encoding gzip x-content-type-options nosniff age 330 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1358 x-xss-protection 0 server cafe etag 15351394696698642166 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Thu, 14 Oct 2021 18:27:07 GMT
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 6BC0	122 KB 37 KB	1173ms 1172ms	Script text/javascript	142.250.185.162 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com URL: https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s51-in-f2.1e100.net Software sffe / Resource Hash eb35e2fc6b44a1ba314358847a3ecffb044ac056ff0b374ec17856062cc75ee3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:39 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37846 x-xss-protection 0 server sffe etag "1632957210746890" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="active-view-scs-read-write-acl" expires Thu, 30 Sep 2021 18:32:39 GMT
GET H2	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 6BC0	14 KB 7 KB	81ms 25ms	Script text/javascript	142.250.184.193 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/qs_click_protection_fy2019.js Requested by Host: a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com URL: https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.193 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f1.1e100.net Software cafe / Resource Hash 4f430df1926f8f2c1211de662c1070de2b98259bfc9bbdd8cf70c7b53d6777cd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:14 GMT content-encoding gzip x-content-type-options nosniff age 23 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6194 x-xss-protection 0 server cafe etag 2541472377268313288 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Thu, 14 Oct 2021 18:32:14 GMT
GET H3	204	l www.google.com/ads/measurement/ Frame 6BC0	0 0	81ms 31ms	Image text/html	142.250.186.68 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/measurement/l?ebcid=ALh7CaTYAyuflOZpSBpLV-A0u3fIsbrin61uCWrQGJy1gWW1xZjGtB441bJGY6235dVMdpiO8ZUDThzWjusRYJCYs1EISdKUVQ Requested by Host: a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com URL: https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.68 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f4.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H2	200	ext.js Show response tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 6BC0	22 KB 7 KB	84ms 28ms	Script text/javascript	142.250.184.193 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js Requested by Host: a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com URL: https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.193 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f1.1e100.net Software sffe / Resource Hash 0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 14:19:38 GMT content-encoding gzip x-content-type-options nosniff age 15179 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7022 x-xss-protection 0 last-modified Tue, 02 Mar 2021 20:17:03 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control public, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Fri, 30 Sep 2022 14:19:38 GMT
GET H2	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 7 KB	69ms 45ms	Script text/javascript	142.250.184.193 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092201.js?31062996 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.193 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f1.1e100.net Software sffe / Resource Hash a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 18:32:37 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1624308425655142" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6467 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" expires Thu, 30 Sep 2021 18:32:37 GMT
GET H/1.1	200 OK	ads_view.js Show response cdn.rvty.net/view/ Frame 2849	3 KB 4 KB	49ms 14ms	Script application/javascript	89.163.211.242 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://cdn.rvty.net/view/ads_view.js Requested by Host: brain.rvty.net URL: https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.242 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash 00bb2f69ab06efff6555f6ccae10902e87bb6aea861e83de082a45a07e525054 Request headers Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Thu, 30 Sep 2021 18:32:37 GMT Last-Modified Fri, 20 Dec 2019 09:27:25 GMT Server nginx/1.13.4 ETag "5dfc93fd-d40" Content-Type application/javascript Access-Control-Allow-Origin * Connection keep-alive Accept-Ranges bytes Content-Length 3392
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/224/ Frame 7B9F	12 KB 5 KB	60ms 26ms	Document text/html	142.250.184.193 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.193 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f1.1e100.net Software sffe / Resource Hash 4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/sodar2/224/runner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://pastelink.net/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-length 5029 date Thu, 30 Sep 2021 16:04:56 GMT expires Fri, 30 Sep 2022 16:04:56 GMT last-modified Wed, 02 Jun 2021 17:09:45 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 8862 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	aframe Show response www.google.com/recaptcha/api2/ Frame CC6A	783 B 535 B	35ms 34ms	Document text/html	142.250.186.68 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.68 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f4.1e100.net Software GSE / Resource Hash 3dd139d0833d0c388f97a51325997993069642c0a2add8ae70ee9ba2004d330b Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-nL/QLuEDIQZQAxDNWzx7LA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/aframe pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://pastelink.net/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy-report-only require-corp; report-to="recaptcha" report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} expires Thu, 30 Sep 2021 18:32:37 GMT date Thu, 30 Sep 2021 18:32:37 GMT cache-control private, max-age=300 content-type text/html; charset=utf-8 content-security-policy script-src 'report-sample' 'nonce-nL/QLuEDIQZQAxDNWzx7LA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 513 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H/1.1	200 OK	zr646oidn2r7 Show response ad.ad-srv.net/zone/ Frame 2849	11 KB 4 KB	42ms 12ms	Script text/html	178.63.52.121 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://ad.ad-srv.net/zone/zr646oidn2r7?subid=&gdpr=-1&gdpr_consent=&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D195002%2526t%253D1633026757892%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D615602c5-0006-3bcc-0a77-a1c2d80c488a%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D Requested by Host: brain.rvty.net URL: https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.121.52.63.178.clients.your-server.de Software Apache / Resource Hash a6b69e5491bd0a0989a718ad4b2f721785c83368cc9989dffad93b14606f9bcc Request headers Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Thu, 30 Sep 2021 18:32:38 GMT Content-Encoding gzip Server Apache Connection close Content-Length 3435 Vary Accept-Encoding Content-Type text/html; charset=UTF-8
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame CC6A	0 0	83ms 52ms	Image text/html	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021092201&jk=4044904180936556&rc= Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H/1.1	200 OK	request.php Show response ad5.ad-srv.net/ Frame 2849 Redirect Chain https://ad5.ad-srv.net/request.php?zone=zr646oidn2r7&nw=14&renderingType=javascript&namespace=33e9f0bf04&subid=&uid=ac4834effbdd0027&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90... https://ad5.ad-srv.net/request.php?zone=zr646oidn2r7&nw=14&renderingType=javascript&namespace=33e9f0bf04&subid=&uid=ac4834effbdd0027&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90...	2 KB 1 KB	65ms 43ms	Script application/x-javascript	138.201.63.165 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://ad5.ad-srv.net/request.php?zone=zr646oidn2r7&nw=14&renderingType=javascript&namespace=33e9f0bf04&subid=&uid=ac4834effbdd0027&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D195002%2526t%253D1633026757892%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D615602c5-0006-3bcc-0a77-a1c2d80c488a%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2558269640031&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1 Requested by Host: brain.rvty.net URL: https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.63.165 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.165.63.201.138.clients.your-server.de Software Apache / Resource Hash 44ba12d77a9886290345d9da7b5074909af870f17ec93061435b2f6082b1b235 Request headers Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Thu, 30 Sep 2021 18:32:38 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Cache-Control no-store, no-cache, must-revalidate, max-age=0 X-NEORY-SubId 20434400213707803260108011733005 Connection close Content-Type application/x-javascript; charset=utf-8 Content-Length 775 Expires Thu, 30 Sep 2021 19:32:38 +0200 Redirect headers Pragma no-cache Date Thu, 30 Sep 2021 18:32:38 GMT Server Apache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Location request.php?zone=zr646oidn2r7&nw=14&renderingType=javascript&namespace=33e9f0bf04&subid=&uid=ac4834effbdd0027&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D195002%2526t%253D1633026757892%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D615602c5-0006-3bcc-0a77-a1c2d80c488a%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2558269640031&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1 Cache-Control no-store, no-cache, must-revalidate, max-age=0 Connection close Content-Type text/html; charset=UTF-8 Content-Length 0 Expires Thu, 30 Sep 2021 19:32:38 +0200
GET H3	200	-1aq-589pTXQhIX0O0sr0by93NOseZw7_D6wdr9M3ZU.js Show response pagead2.googlesyndication.com/bg/ Frame 7B9F	35 KB 13 KB	36ms 26ms	Script text/javascript	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/-1aq-589pTXQhIX0O0sr0by93NOseZw7_D6wdr9M3ZU.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software sffe / Resource Hash fb56aafb9f3da535d08485f43b4b2bd1bcbddcd3ac799c3bfc3eb076bf4cdd95 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 30 Sep 2021 14:11:36 GMT content-encoding br x-content-type-options nosniff age 15662 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13400 x-xss-protection 0 last-modified Mon, 20 Sep 2021 23:08:00 GMT server sffe vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="botguard-scs" expires Fri, 30 Sep 2022 14:11:36 GMT
GET H/1.1	200 OK	Cookie set cshow.php Show response www.awin1.com/ Frame A2A9	43 B 704 B	53ms 15ms	Document image/gif	104.111.239.217 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.awin1.com/cshow.php?s=2548147&v=14098&q=379099&r=278235&pv=1&pref1=20434400213707803260108011733005&gdpr=-1&gdpr_consent= Requested by Host: ad5.ad-srv.net URL: https://ad5.ad-srv.net/request.php?zone=zr646oidn2r7&nw=14&renderingType=javascript&namespace=33e9f0bf04&subid=&uid=ac4834effbdd0027&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D195002%2526t%253D1633026757892%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D615602c5-0006-3bcc-0a77-a1c2d80c488a%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2558269640031&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-239-217.deploy.static.akamaitechnologies.com Software / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers Host www.awin1.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://brain.rvty.net/ Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ Response headers Cache-Control no-store, no-cache, max-age=0, must-revalidate Content-Type image/gif Expires 0 Node Helix P3P policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV" Pragma no-cache Content-Length 43 Date Thu, 30 Sep 2021 18:32:38 GMT Connection keep-alive Set-Cookie awpv14098=278235|1633026758|c9d1a0b0-221c-11ec-855b-692d0ae1a3be;domain=.awin1.com;path=/;expires=Thursday, 07-Oct-2021 18:32:38 UTC;Secure;SameSite=None AWSESS=379099:2548147;domain=.awin1.com;path=/;Secure;SameSite=None Strict-Transport-Security max-age=86400 Awin-Akamai-Rule-Set default
GET H2	200	ztpv.php Show response www.conrad.de/ Frame 42A2 Redirect Chain https://www.awin1.com/cshow.php?s=2470167&v=11354&q=371933&r=278235&pv=1&pref1=20434400213707803260108011733005&gdpr=-1&gdpr_consent= https://www.zenaps.com/cshow.php?pvr=c9d1a0b1-221c-11ec-855b-692d0ae1a3be&v=11354&r=278235&q=371933&s=2470167&viewref=20434400213707803260108011733005&pv=1&gdpr=-1&gdpr_consent= https://www.conrad.de/ztpv.php?awc=11354_278235_1633026758_c9d1a0b1-221c-11ec-855b-692d0ae1a3be&insert=AW	0 710 B	95ms 61ms	Document text/html	104.18.126.5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.conrad.de/ztpv.php?awc=11354_278235_1633026758_c9d1a0b1-221c-11ec-855b-692d0ae1a3be&insert=AW Requested by Host: ad5.ad-srv.net URL: https://ad5.ad-srv.net/request.php?zone=zr646oidn2r7&nw=14&renderingType=javascript&namespace=33e9f0bf04&subid=&uid=ac4834effbdd0027&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D195002%2526t%253D1633026757892%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D615602c5-0006-3bcc-0a77-a1c2d80c488a%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2558269640031&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.126.5 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers :method GET :authority www.conrad.de :scheme https :path /ztpv.php?awc=11354_278235_1633026758_c9d1a0b1-221c-11ec-855b-692d0ae1a3be&insert=AW pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://brain.rvty.net/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ Response headers date Thu, 30 Sep 2021 18:32:38 GMT content-type text/html; charset=UTF-8 server-timing intid;desc=7cc12edf61aceda8 intid;desc=ec1e5508dc71cdff cache-control no-cache expires -1 set-cookie HTLP_timestamp=1633026758; expires=Tue, 05-Oct-2021 18:32:38 GMT; Max-Age=432000; path=/; secure; SameSite=None CEAffHA=YD; expires=Tue, 05-Oct-2021 18:32:38 GMT; Max-Age=432000; path=/; secure; SameSite=None __cf_bm=QUkAf_diTrslkJE_e52KPs4n7VBn22LZNTKwR1tk2g8-1633026758-0-AR+wXbEhCrc6GECG/1tvNmPD/v8uL8QF0ywDKBtSZh1WgMdLIeVUop/3LhuHIbsFojaK5rC05+v7lFyreHeaX3c=; path=/; expires=Thu, 30-Sep-21 19:02:38 GMT; domain=.www.conrad.de; HttpOnly; Secure; SameSite=None p3p policyref="http://www.conrad.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR" age 0 strict-transport-security max-age=15552000 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 696f88f75d82faf6-DUS content-encoding br Redirect headers Location https://www.conrad.de/ztpv.php?awc=11354_278235_1633026758_c9d1a0b1-221c-11ec-855b-692d0ae1a3be&insert=AW Node Helix P3P policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV" Content-Length 0 Date Thu, 30 Sep 2021 18:32:38 GMT Connection keep-alive Set-Cookie awpv11354=278235|1633026758|c9d1a0b1-221c-11ec-855b-692d0ae1a3be;domain=.zenaps.com;path=/;expires=Sunday, 03-Oct-2021 18:32:38 UTC;Secure;SameSite=None AWSESS=377133:2470167;domain=.zenaps.com;path=/;Secure;SameSite=None Strict-Transport-Security max-age=86400 Awin-Akamai-Rule-Set default
GET H/1.1	200 OK	request_content.php Show response ad5.ad-srv.net/ Frame 6977	42 KB 8 KB	35ms 13ms	Document text/html	138.201.63.165 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://ad5.ad-srv.net/request_content.php?s=20434400213707803260108011733005&a=4e2111f8 Requested by Host: ad5.ad-srv.net URL: https://ad5.ad-srv.net/request.php?zone=zr646oidn2r7&nw=14&renderingType=javascript&namespace=33e9f0bf04&subid=&uid=ac4834effbdd0027&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D195002%2526t%253D1633026757892%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D615602c5-0006-3bcc-0a77-a1c2d80c488a%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fa9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2558269640031&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.63.165 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.165.63.201.138.clients.your-server.de Software Apache / Resource Hash 45d568f2e119f916b2d42af1f4763e5e56245c7c83111ee2f0acb50e7e6bd46f Request headers Host ad5.ad-srv.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://brain.rvty.net/ Accept-Encoding gzip, deflate, br Cookie kdb0xdq3ls8m_uid=a46f6cd3046ec55b Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ Response headers Date Thu, 30 Sep 2021 18:32:38 GMT Server Apache Cache-Control no-store, no-cache, must-revalidate, max-age=0 Expires Thu, 30 Sep 2021 19:32:38 +0200 Pragma no-cache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Vary Accept-Encoding Content-Encoding gzip Content-Length 8038 Connection close Content-Type text/html; charset=utf-8
GET H/1.1	200 OK	jquery-1.10.2.min.js Show response cdn.rvty.net/_files/js/ Frame 9962	91 KB 91 KB	27ms 27ms	Script application/javascript	89.163.211.242 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js Requested by Host: cdn.rvty.net URL: https://cdn.rvty.net/view/ads_view.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.242 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988 Request headers Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Thu, 30 Sep 2021 18:32:38 GMT Last-Modified Wed, 08 Jan 2020 08:13:37 GMT Server nginx/1.13.4 ETag "5e158f31-16bb3" Content-Type application/javascript Access-Control-Allow-Origin * Connection keep-alive Accept-Ranges bytes Content-Length 93107
GET H/1.1	200 OK	777bd5a420f1e98f95bef35e7975081a Show response pv.medialead.de/trck/epv/ Frame 6977	710 B 2 KB	75ms 16ms	Script application/javascript	145.239.193.130 OVH
General Check archive.org Show headers Download Go to Full URL https://pv.medialead.de/trck/epv/777bd5a420f1e98f95bef35e7975081a?subid=20434400213707803260108011733005&ctrack=https%3A%2F%2Fad5.ad-srv.net%2Fc%2Fpn3zsl4r55p9b5z%3Ftprde%3D Requested by Host: ad5.ad-srv.net URL: https://ad5.ad-srv.net/request_content.php?s=20434400213707803260108011733005&a=4e2111f8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 145.239.193.130 , France, ASN16276 (OVH, FR), Reverse DNS Software nginx/1.19.7 / PHP/7.2.34 Resource Hash d181a6df4bfcc4bc85e53099b52549d85508a136ed3f55fa8ce730ae205473d8 Security Headers Name Value Strict-Transport-Security max-age=63072000;includeSubdomains;preload, max-age=15768000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ad5.ad-srv.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Thu, 30 Sep 2021 18:32:38 GMT Server nginx/1.19.7 X-IPLB-Request-ID D8836FA8:8392_91EFC182:01BB_615602C6_CAC065F:396B X-Powered-By PHP/7.2.34 X-IPLB-Instance 40027 Transfer-Encoding chunked Access-Control-Allow-Methods GET,PUT,POST,DELETE,OPTIONS Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-control private Access-Control-Allow-Credentials true Strict-Transport-Security max-age=63072000;includeSubdomains;preload, max-age=15768000 Access-Control-Allow-Headers Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization Keep-Alive timeout=20
GET H/1.1	200 OK	viewability Show response ad5.ad-srv.net/ Frame 6977	0 150 B	34ms 12ms	Script text/html	138.201.63.165 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://ad5.ad-srv.net/viewability?s=20434400213707803260108011733005&a=7a2f7633&vb=m Requested by Host: ad5.ad-srv.net URL: https://ad5.ad-srv.net/request_content.php?s=20434400213707803260108011733005&a=4e2111f8 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.63.165 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.165.63.201.138.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ad5.ad-srv.net/request_content.php?s=20434400213707803260108011733005&a=4e2111f8 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Thu, 30 Sep 2021 18:32:38 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8
POST H/1.1	200	Visibility Show response brain.rvty.net/RTB/ Frame 9962	0 119 B	10ms 10ms	XHR text/plain	89.163.211.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://brain.rvty.net/RTB/Visibility Requested by Host: cdn.rvty.net URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept */* Referer https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= X-Requested-With XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Thu, 30 Sep 2021 18:32:38 GMT Server nginx/1.13.4 Connection keep-alive Content-Length 0
GET H3	204	sodar pagead2.googlesyndication.com/pagead/	0 0	54ms 53ms	Image text/html	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gpt_2021092201&jk=4044904180936556&bg=!_f6l_rrNAAZNQyuQTUM7ACkAdvg8Wp_y5j2fxkZnFkWWoSLm0syxf2fmsJUQo7y-4meRQx5M6D5JzwIAAABfUgAAABBoAQeZAoEtfDdnXQtl2TrNw8d3ctqHiwOuoNYiq5Iu9FtxlU0Ub0VPQSw6qu3vFSkt4pdc_8W9MSzL2bHP0wz6a8YrvU_irHxWOXmNXWceJPsaSpT-bxbZhj9VpBkKoL81Gm-Mbkjt7Ji1sRxsPVW8LiW_qq-1yQOcHns94fav1_re8MQY-VCI9sz3FHqtmdg0gCpGUch-Wj7ItO6ecqMGlMb4QfZ7rOAtwNJMO6fV7Avzwo1IMm4gn9YQWrsnwjp38vJVnWGk9qoOvPWSFa6hLMCT0dLUFkz8W5VJ1Ue5kgyi9MlR9_KHSKS6s_iqS_816t28V7zfJ92NXopw94GEHAuriPWGWVXyjERdx2aQKWT4XCmO-wO_j8_7ECcOWy5OWpfpR-j2l3m14Rb0LNtDmZ39IeKAMIenUFo8QlCM4DZNk6Wa9Q_r7qnugztBSbq5PFNZxnf7pOKwm5Qm1bhlnKnD6BuCpWxcMLdt-xfE87jVxZbqgtHrjbHutKi5NKsFNSnDVuGSRfwyxN6_If2tFyZ7jLDmG_afJZ-q_v5N61WbrueiWQrnkDYLXJp2qjR-F8mrkCaNp6VTMnIKNxm-bJQadkjVaPtwSDusPYteWbXg_7xyW_90oE9-PjAc8Z3cxYcbgIj7p_jT0oc5d_pv97Tx6dMQNNrTMTvwY3l09_cljJ_Hf3mBUpic3Qg9JGAnuXQ0wQvVXU4J0gQV28Ea5AtMX-VbVR4n7VJqm_AC7PfI7hVFTaFE0vhFK1S2wekrYqpOEr6YrgWtS2sBEGzl6vU4jFxD2xjTE6NzKEp0JKvZqAsl5o8uIfydMADEaqreAwRJTxskPLs96xWwESWu8zJEVEJASQ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET		view.aspx pb.media01.eu/ Frame BDF8	0 0
GET H/1.1	200 OK	giro_extraplus_234x60.gif www.ad-server.eu/wm/pb/giroextra/standard/ Frame 6977	5 KB 5 KB	159ms 30ms	Image image/gif	54.76.176.197 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.ad-server.eu/wm/pb/giroextra/standard/giro_extraplus_234x60.gif Requested by Host: ad5.ad-srv.net URL: https://ad5.ad-srv.net/request_content.php?s=20434400213707803260108011733005&a=4e2111f8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-76-176-197.eu-west-1.compute.amazonaws.com Software nginx/1.4.6 (Ubuntu) / Resource Hash e0dd593acdbad7a4d6c9f4b378b35e6f26e0f8724647e1e750c05eaa11a12fc3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ad5.ad-srv.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Thu, 30 Sep 2021 18:36:10 GMT Last-Modified Tue, 06 Apr 2021 12:51:31 GMT Server nginx/1.4.6 (Ubuntu) ETag "606c5953-14df" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 5343
GET H2	200	view.aspx Show response pb.media01.eu/ Frame 53BB	0 628 B	68ms 35ms	Document text/html	88.198.250.30 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=50149&dt_subid2=20434400213707803260108011733005&actionid=920184&produktid=giroextraplus&dt_url= Requested by Host: ad5.ad-srv.net URL: https://ad5.ad-srv.net/request_content.php?s=20434400213707803260108011733005&a=4e2111f8 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 88.198.250.30 Schwaig, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.88-198-250-30.clients.your-server.de Software Microsoft-IIS/10.0 / ASP.NET Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers :method GET :authority pb.media01.eu :scheme https :path /view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=50149&dt_subid2=20434400213707803260108011733005&actionid=920184&produktid=giroextraplus&dt_url= pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://ad5.ad-srv.net/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://ad5.ad-srv.net/ Response headers cache-control no-cache, must-revalidate pragma no-cache content-type text/html; charset=UTF-8 expires Mon, 26 Jul 1997 05:00:00 GMT last-modified Thu, 30 Sep 2021 08:32:37 GMT server Microsoft-IIS/10.0 set-cookie ASP.NET_SessionId=kfmo1skd5te22b0lk13iyq1z; path=/; secure; HttpOnly; SameSite=None DTU=617BD6F4D06D6157FC8FD8D6015AFA14; expires=Sat, 30-Sep-2023 18:32:37 GMT; path=/; SameSite=None; secure; HttpOnly; SameSite=None p3p policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA" access-control-allow-origin * access-control-allow-credentials true x-xss-protection 1; mode=block access-control-allow-methods GET,POST access-control-allow-headers Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location x-aspnet-version 4.0.30319 x-powered-by ASP.NET date Thu, 30 Sep 2021 18:32:37 GMT content-length 0
GET H2	200	21_Q3_B2C_EU_DACH_DE_KIS-promo_20-euros_Affiliates_120x60.png media.kaspersky.com/de/affiliates/ Frame 6977 Redirect Chain https://www.awin1.com/cshow.php?s=2548147&v=14098&q=379099&r=278235&pv=0&pref1=20434400213707803260108011733005&gdpr=-1&gdpr_consent= https://media.kaspersky.com/de/affiliates/21_Q3_B2C_EU_DACH_DE_KIS-promo_20-euros_Affiliates_120x60.png	9 KB 9 KB	77ms 44ms	Image image/png	185.85.15.23 KL-EXT
General Check archive.org Show headers Download Go to Show image Full URL https://media.kaspersky.com/de/affiliates/21_Q3_B2C_EU_DACH_DE_KIS-promo_20-euros_Affiliates_120x60.png Requested by Host: ad5.ad-srv.net URL: https://ad5.ad-srv.net/request_content.php?s=20434400213707803260108011733005&a=4e2111f8 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.85.15.23 , Russian Federation, ASN200107 (KL-EXT, RU), Reverse DNS Software / Kaspersky Labs, Kaspersky Labs Resource Hash ab59a64a3401f8ab32fd8b81f81136284cd678e6934934eec5223116d3dd9216 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://ad5.ad-srv.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff last-modified Mon, 27 Sep 2021 12:29:23 GMT server x-powered-by Kaspersky Labs, Kaspersky Labs etag "c0218b4d9bb3d71:0" x-frame-options SAMEORIGIN content-type image/png x-xss-protection 1; mode=block x-server fr1/MSK6 accept-ranges bytes content-length 9123 date Thu, 30 Sep 2021 18:32:37 GMT Redirect headers Date Thu, 30 Sep 2021 18:32:38 GMT Strict-Transport-Security max-age=86400 P3P policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV" Location https://media.kaspersky.com/de/affiliates/21_Q3_B2C_EU_DACH_DE_KIS-promo_20-euros_Affiliates_120x60.png Awin-Akamai-Rule-Set default Node Helix Connection keep-alive Content-Length 0
GET H2	200	Bosch2021_120x60 asset.conrad.com/media10/isa/160267/c1/-/de/ Frame 6977 Redirect Chain https://www.awin1.com/cshow.php?s=2470167&v=11354&q=371933&r=278235&pref1=20434400213707803260108011733005&gdpr=-1&gdpr_consent= https://www.zenaps.com/cshow.php?pvr=c9e06dc0-221c-11ec-a5f3-692d0d349c1f&v=11354&r=278235&q=371933&s=2470167&viewref=20434400213707803260108011733005&gdpr=-1&gdpr_consent= https://asset.conrad.com/media10/isa/160267/c1/-/de/Bosch2021_120x60?format=gif	15 KB 15 KB	124ms 33ms	Image image/gif	178.79.242.245 LLNW
General Check archive.org Show headers Download Go to Show image Full URL https://asset.conrad.com/media10/isa/160267/c1/-/de/Bosch2021_120x60?format=gif Requested by Host: ad5.ad-srv.net URL: https://ad5.ad-srv.net/request_content.php?s=20434400213707803260108011733005&a=4e2111f8 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.242.245 , United States, ASN22822 (LLNW, US), Reverse DNS https-178-79-242-245.fra.llnw.net Software Cliplister GmbH / Resource Hash 4a1628ddb7cbd32547af13ed0bcb087a466f681ed2b67413ef9804b437d63d34 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ad5.ad-srv.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=15768000 etag "613b029e-3bf9" last-modified Fri, 10 Sep 2021 07:00:46 GMT server Cliplister GmbH age 40502 date Thu, 30 Sep 2021 18:32:38 GMT content-type image/gif access-control-allow-origin * cache-control max-age=172800 x-server c11 reporting eyJjb25zdW1lcmlkIjoxNjAyNjcsIm93bmVyaWQiOjE2MDI2NywidW5pcXVlaWQiOiIxNjAyNjcwVXdCaE5RUWlQWDl4WXRieWxwaWVZQVQiLCJ1dWlkIjoiYWRmYmEwMjQ2MmMyNDQ3NzU4NmJhNzE5NmE1OTQ0NDM4IiwiYXNzZXR0eXBlIjoicGljdHVyZSJ9 x-llid 77b3a06ce42921f9219bed89c0ab1f2b content-length 15353 accept-ranges bytes expires Sat, 02 Oct 2021 07:17:36 GMT Redirect headers Date Thu, 30 Sep 2021 18:32:38 GMT Strict-Transport-Security max-age=86400 P3P policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV" Location https://asset.conrad.com/media10/isa/160267/c1/-/de/Bosch2021_120x60?format=gif Awin-Akamai-Rule-Set default Node Helix Connection keep-alive Content-Length 0
GET H/1.1	200 OK	oba_icon.png cdn.contentspread.net/oliro/oba/ Frame 6977	3 KB 3 KB	41ms 9ms	Image image/png	51.75.147.170 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.contentspread.net/oliro/oba/oba_icon.png Requested by Host: ad5.ad-srv.net URL: https://ad5.ad-srv.net/request_content.php?s=20434400213707803260108011733005&a=4e2111f8 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 51.75.147.170 , France, ASN16276 (OVH, FR), Reverse DNS ns3133977.ip-51-75-147.eu Software nginx / Resource Hash 2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ad5.ad-srv.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Thu, 30 Sep 2021 18:32:38 GMT Last-Modified Fri, 05 Aug 2016 12:57:49 GMT Server nginx ETag "57a48d4d-c35" Content-Type image/png Connection close Accept-Ranges bytes Content-Length 3125
POST H/1.1	200	Visibility Show response brain.rvty.net/RTB/ Frame 9962	0 119 B	11ms 11ms	XHR text/plain	89.163.211.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://brain.rvty.net/RTB/Visibility Requested by Host: cdn.rvty.net URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept */* Referer https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= X-Requested-With XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Thu, 30 Sep 2021 18:32:38 GMT Server nginx/1.13.4 Connection keep-alive Content-Length 0
GET DATA	200 OK	truncated / Frame 6BC0	215 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash fccd177575d5702b3a72ad2a0a118636e31ffaae5eb634117322da2446d66cd0 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
POST H/1.1	200	Visibility Show response brain.rvty.net/RTB/ Frame 9962	0 119 B	11ms 10ms	XHR text/plain	89.163.211.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://brain.rvty.net/RTB/Visibility Requested by Host: cdn.rvty.net URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept */* Referer https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= X-Requested-With XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Thu, 30 Sep 2021 18:32:39 GMT Server nginx/1.13.4 Connection keep-alive Content-Length 0
GET H/1.1	200 OK	viewability Show response ad5.ad-srv.net/ Frame 6977	0 150 B	34ms 12ms	Script text/html	138.201.63.165 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://ad5.ad-srv.net/viewability?s=20434400213707803260108011733005&a=7a2f7633&vb=v Requested by Host: ad5.ad-srv.net URL: https://ad5.ad-srv.net/request_content.php?s=20434400213707803260108011733005&a=4e2111f8 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.63.165 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.165.63.201.138.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ad5.ad-srv.net/request_content.php?s=20434400213707803260108011733005&a=4e2111f8 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Thu, 30 Sep 2021 18:32:39 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8
POST H/1.1	200	Visibility Show response brain.rvty.net/RTB/ Frame 9962	0 119 B	10ms 10ms	XHR text/plain	89.163.211.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://brain.rvty.net/RTB/Visibility Requested by Host: cdn.rvty.net URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept */* Referer https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= X-Requested-With XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Thu, 30 Sep 2021 18:32:39 GMT Server nginx/1.13.4 Connection keep-alive Content-Length 0
GET H3	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame 6BC0	42 B 64 B	60ms 32ms	Fetch image/gif	142.250.185.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvbiYmBBHnQTpsL25Zc7sfBWK4-BEe68Zo8AE0MRt_K8inS0KaYLsFZsEw_iHSMlstCpjLil2o8ql1T65jGWYSk&sig=Cg0ArKJSzKVkeUpxT4-PEAE&id=lidar2&mcvt=1001&p=955,281,1045,1009&asp=955,281,1045,1009&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210929&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=4220404772&rs=4&met=ie&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1633026757786&rpt=1296&isd=0&lsd=0 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f2.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://a9083fbcbb0407b4055956755be07b88.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Thu, 30 Sep 2021 18:32:40 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H/1.1	200	Visibility Show response brain.rvty.net/RTB/ Frame 9962	0 119 B	11ms 10ms	XHR text/plain	89.163.211.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://brain.rvty.net/RTB/Visibility Requested by Host: cdn.rvty.net URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept */* Referer https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= X-Requested-With XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Thu, 30 Sep 2021 18:32:40 GMT Server nginx/1.13.4 Connection keep-alive Content-Length 0
POST H/1.1	200	Visibility Show response brain.rvty.net/RTB/ Frame 9962	0 119 B	10ms 10ms	XHR text/plain	89.163.211.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://brain.rvty.net/RTB/Visibility Requested by Host: cdn.rvty.net URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept */* Referer https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= X-Requested-With XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Thu, 30 Sep 2021 18:32:40 GMT Server nginx/1.13.4 Connection keep-alive Content-Length 0
POST H/1.1	200	Visibility Show response brain.rvty.net/RTB/ Frame 9962	0 119 B	10ms 10ms	XHR text/plain	89.163.211.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://brain.rvty.net/RTB/Visibility Requested by Host: cdn.rvty.net URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept */* Referer https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= X-Requested-With XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Thu, 30 Sep 2021 18:32:41 GMT Server nginx/1.13.4 Connection keep-alive Content-Length 0
POST H/1.1	200	Visibility Show response brain.rvty.net/RTB/ Frame 9962	0 119 B	10ms 10ms	XHR text/plain	89.163.211.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://brain.rvty.net/RTB/Visibility Requested by Host: cdn.rvty.net URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept */* Referer https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= X-Requested-With XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Thu, 30 Sep 2021 18:32:41 GMT Server nginx/1.13.4 Connection keep-alive Content-Length 0
POST H/1.1	200	Visibility Show response brain.rvty.net/RTB/ Frame 9962	0 119 B	11ms 11ms	XHR text/plain	89.163.211.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://brain.rvty.net/RTB/Visibility Requested by Host: cdn.rvty.net URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept */* Referer https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=195002&e=3&p=YVYCxQAEpvkKd_hBAA97aY6jGs7osKeY7U8-0Q&penc=&bp=76923&a=615602c5-0006-3bcc-0a77-a1c2d80c488a&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F3idm3&rawReferrerURL=&uid=fd9b96d4-e685-43a8-b8bb-02f43e365236&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLjVwBsSBzOABwA6BAIDMY3Hghka8AGIUWJANYAzIhTIACFgFttAWRYQSzAM5k2AU1oAJa+fPWz3NnBRIhARm8IA7AC+QA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7OghxQJWYfnNEsHw3wPp9r34Beb-o_dc7ousiF_AjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakC5BqKJ11xsz7gAgCoAwGqBM4BT9Bzu4gLSZA38d_MC5XqrJlqxWM82T-Uo0Zx9oKbI9SeKCfV7MRiwLEWrm9xVlqxxY9MSr3LrjTuDwrPzqUnKpViME8DdqMhHjzwe1abM2AiNlabHK-rEJbMn8IVsOaYBb7-kQeD0vzwH9iu4RNynkDMqnJQmFCj8c5AovEugVa30vKWsbRcDxUN_PXn1Dkw3Np2NJmkzD_Xk_9lA84GWMklQtR-YNm4BpbymJkcs8NIIDGs8z-MwWfbGScXALtbRq2ODgDzLgsKX_BZd_jgBAGABs-R3fv23pmF6AGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1dBnmNdoVbDx9OtyKwoOqi-Tnzog%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=1&gdpr_consent= X-Requested-With XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Thu, 30 Sep 2021 18:32:42 GMT Server nginx/1.13.4 Connection keep-alive Content-Length 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

pb.media01.eu

URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=50149&dt_subid2=20434400213707803260108011733005&actionid=920184&produktid=giroextraplus&dt_url=