pastelink.net Open in urlscan Pro
2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

URL:
https://pastelink.net/35yhi
Submission: On August 03 via manual (August 3rd 2021, 2:41:47 pm UTC) from US

Summary HTTP 83 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 33 IPs in 7 countries across 28 domains to perform 83 HTTP transactions. The main IP is 2a01:7e00::f03c:91ff:fe39:1dbe, located in London, United Kingdom and belongs to LINODE-AP Linode, LLC, US. The main domain is pastelink.net.
TLS certificate: Issued by R3 on July 26th 2021. Valid for: 3 months.

This is the only time pastelink.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	2a01:7e00::f0... 2a01:7e00::f03c:91ff:fe39:1dbe	63949 (LINODE-AP...) (LINODE-AP Linode)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3a	20446 (HIGHWINDS3) (HIGHWINDS3)
3	2606:4700:303... 2606:4700:3031::ac43:cab1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	51.77.64.70 51.77.64.70	16276 (OVH) (OVH)
2	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
4	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
14	89.163.211.233 89.163.211.233	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
4	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
2	89.163.211.242 89.163.211.242	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	138.201.64.38 138.201.64.38	24940 (HETZNER-AS) (HETZNER-AS)
1 5	94.130.102.164 94.130.102.164	24940 (HETZNER-AS) (HETZNER-AS)
2 2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
4 4	13.37.72.132 13.37.72.132	16509 (AMAZON-02) (AMAZON-02)
2	185.85.15.31 185.85.15.31	200107 (KL-EXT) (KL-EXT)
5 7	84.200.5.215 84.200.5.215	31400 (ACCELERAT...) (ACCELERATED-IT)
2	5.148.168.135 5.148.168.135	29691 (NINE) (NINE)
1	2600:9000:219... 2600:9000:2190:d000:c:6264:8240:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:219... 2600:9000:2190:b800:13:99a2:1280:93a1	16509 (AMAZON-02) (AMAZON-02)
2	85.114.131.235 85.114.131.235	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	52.58.161.156 52.58.161.156	16509 (AMAZON-02) (AMAZON-02)
1	13.224.96.59 13.224.96.59	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
83	33

7 2a01:7e00::f03c:91ff:fe39:1dbe (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)

pastelink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3031::ac43:cab1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.adligature.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.77.64.70 (Germany)

ASN16276 (OVH, FR)
PTR: de-fra-1.pro.ip-api.com

pro.ip-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 89.163.211.233 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

brain.rvty.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.163.211.242 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

cdn.rvty.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.64.38 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.38.64.201.138.clients.your-server.de

ad.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 94.130.102.164 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.164.102.130.94.clients.your-server.de

ad12.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.37.72.132 (Paris, France) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-13-37-72-132.eu-west-3.compute.amazonaws.com

kaspersky.commander1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.85.15.31 (Russian Federation)

ASN200107 (KL-EXT, RU)

media.kaspersky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 84.200.5.215 (Germany) 5 redirects

ASN31400 (ACCELERATED-IT, DE)

cct.connects.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cct.minischoggi.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tc.connects.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.lacmp.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.148.168.135 (Zurich, Switzerland)

ASN29691 (NINE, CH)
PTR: adresult08.nine.ch

www.adtracker.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:d000:c:6264:8240:93a1 (United States)

ASN16509 (AMAZON-02, US)

htlp.emp-online.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:b800:13:99a2:1280:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.acfrg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.131.235 (Schopfheim, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: srv21039.dus4.fastwebserver.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.58.161.156 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-161-156.eu-central-1.compute.amazonaws.com

www.getback.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-59.zrh50.r.cloudfront.net

static.getback.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	rvty.net brain.rvty.net cdn.rvty.net	98 KB
13	googlesyndication.com pagead2.googlesyndication.com 3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com tpc.googlesyndication.com	196 KB
7	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net	152 KB
7	pastelink.net pastelink.net	238 KB
6	ad-srv.net 1 redirects ad.ad-srv.net ad12.ad-srv.net	15 KB
5	connects.ch 4 redirects cct.connects.ch tc.connects.ch	6 KB
4	commander1.com 4 redirects kaspersky.commander1.com	4 KB
4	google-analytics.com www.google-analytics.com	19 KB
3	google.com adservice.google.com www.google.com	1 KB
3	gstatic.com fonts.gstatic.com	35 KB
3	adligature.com cdn.adligature.com	168 KB
2	getback.ch www.getback.ch static.getback.ch	33 KB
2	contentspread.net cdn.contentspread.net	8 KB
2	adtracker.ch www.adtracker.ch	20 KB
2	kaspersky.com media.kaspersky.com	20 KB
2	awin1.com 2 redirects www.awin1.com	1 KB
2	googletagservices.com www.googletagservices.com	65 KB
2	googletagmanager.com www.googletagmanager.com	107 KB
1	lacmp.net www.lacmp.net	3 KB
1	acfrg.com media.acfrg.com	112 KB
1	emp-online.ch htlp.emp-online.ch	3 KB
1	minischoggi.ch 1 redirects cct.minischoggi.ch	515 B
1	google.de adservice.google.de	165 B
1	googleadservices.com partner.googleadservices.com	421 B
1	google.ch adservice.google.ch	165 B
1	ip-api.com pro.ip-api.com	154 B
1	jquery.com code.jquery.com	30 KB
1	googleapis.com fonts.googleapis.com	808 B
83	28

	Domain	Requested by
14	brain.rvty.net	3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com cdn.rvty.net
7	pastelink.net	pastelink.net
6	pagead2.googlesyndication.com	cdn.adligature.com pagead2.googlesyndication.com www.googletagservices.com tpc.googlesyndication.com
5	ad12.ad-srv.net	1 redirects brain.rvty.net ad12.ad-srv.net
5	tpc.googlesyndication.com	3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com
5	securepubads.g.doubleclick.net	cdn.adligature.com securepubads.g.doubleclick.net pastelink.net
4	cct.connects.ch	4 redirects
4	kaspersky.commander1.com	4 redirects
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	fonts.gstatic.com	fonts.googleapis.com
3	cdn.adligature.com	pastelink.net cdn.adligature.com
2	cdn.contentspread.net	ad12.ad-srv.net
2	www.adtracker.ch	ad12.ad-srv.net
2	media.kaspersky.com	ad12.ad-srv.net
2	www.awin1.com	2 redirects
2	cdn.rvty.net	brain.rvty.net cdn.rvty.net
2	www.googletagservices.com	pagead2.googlesyndication.com 3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
2	www.googletagmanager.com	pastelink.net www.googletagmanager.com
1	www.google.com	tpc.googlesyndication.com
1	static.getback.ch	www.getback.ch
1	www.getback.ch	pastelink.net
1	www.lacmp.net	tc.connects.ch
1	tc.connects.ch	htlp.emp-online.ch
1	media.acfrg.com	brain.rvty.net
1	htlp.emp-online.ch	ad12.ad-srv.net
1	cct.minischoggi.ch	1 redirects
1	ad.ad-srv.net	brain.rvty.net
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	adservice.google.ch	securepubads.g.doubleclick.net
1	pro.ip-api.com	cdn.adligature.com
1	code.jquery.com	pastelink.net
1	fonts.googleapis.com	pastelink.net
83	36

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.googlegenius2021.com

Subject Issuer	Validity	Valid
pastelink.net R3	`2021-07-26` - `2021-10-24`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-01` - `2022-06-30`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA	`2019-11-05` - `2021-11-04`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.google.ch GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.rvty.net Sectigo RSA Domain Validation Secure Server CA	`2020-09-02` - `2021-10-04`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
ad-srv.net R3	`2021-06-21` - `2021-09-19`	3 months	crt.sh
media.kaspersky.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-23` - `2022-04-28`	a year	crt.sh
adtracker.ch R3	`2021-07-22` - `2021-10-20`	3 months	crt.sh
htlp.emp.de Amazon	`2021-03-02` - `2022-03-31`	a year	crt.sh
*.acfrg.com Amazon	`2021-01-14` - `2022-02-12`	a year	crt.sh
contentspread.net R3	`2021-08-03` - `2021-11-01`	3 months	crt.sh
tc.connects.ch R3	`2021-07-23` - `2021-10-21`	3 months	crt.sh
www.lacmp.net R3	`2021-07-23` - `2021-10-21`	3 months	crt.sh
*.getback.ch Amazon	`2021-05-08` - `2022-06-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://pastelink.net/35yhi
Frame ID: F64862A42A1972C4D2740B9B13B0C361
Requests: 37 HTTP requests in this frame

Frame: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B300866E0A720DF9765FBBFCB79FDE2A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210729/r20190131/zrt_lookup.html
Frame ID: FAC94BBCF030022201888362B7270DA8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&adk=1812271804&adf=3025194257&lmt=1628001686&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpastelink.net%2F35yhi&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628001686634&bpp=3&bdt=419&idt=67&shv=r20210729&mjsv=m202107290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6074872694106&frm=20&pv=2&ga_vid=400922086.1628001686&ga_sid=1628001687&ga_hid=1604661540&ga_fc=0&ga_cid=1510149956.1628001686&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061972%2C20211866%2C31062064&oid=3&pvsid=57496431888417&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=84
Frame ID: B3EBE4031228D897D6D65CEC1C343AB2
Requests: 1 HTTP requests in this frame

Frame: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 98FA674479C727068000A6675950F47B
Requests: 8 HTTP requests in this frame

Frame: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
Frame ID: EC4867F91E2AE34E9B7D86B736990636
Requests: 5 HTTP requests in this frame

Frame: https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
Frame ID: 078C0EA4D6C24244F61851ACC6AC6103
Requests: 1 HTTP requests in this frame

Frame: https://www.adtracker.ch/upload/1x1.gif?x=1&lea_source=2021080316412753817275341X117581V1422143551MS30024900107582102757758011675012
Frame ID: BEEDC793DF2C335600907C5F089734A8
Requests: 1 HTTP requests in this frame

Frame: https://htlp.emp-online.ch/htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View%20Partner_._WWWWW_.&lea_source=2021080316412753817275207X117581V1541143261MS30024900107582102757758011675012
Frame ID: 1C2CB99448294B2F8C1ECE51537FB4A0
Requests: 5 HTTP requests in this frame

Frame: https://ad12.ad-srv.net/request_content.php?s=30024900107582102757758011675012&a=9d67b7e6
Frame ID: D02FF2FADDA905CE77B13E7A4C6E5FDC
Requests: 7 HTTP requests in this frame

Frame: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Frame ID: 4F6467EDA31EB5CD36D39373338B561C
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: AFBA1D6297B24072F69C491758BFE4C9
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 523C2B66133D9B75FF692639E29AC7D4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

83
Requests

100 %
HTTPS

56 %
IPv6

28
Domains

36
Subdomains

33
IPs

7
Countries

1327 kB
Transfer

2869 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer/sharer.php?u=https://pastelink.net/35yhi

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://pastelink.net/35yhi

Search URL Search Domain Scan URL

URL: https://www.googlegenius2021.com/
Title: https://www.googlegenius2021.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

https://ad12.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=7f0a95baff&subid=&uid=37ff690abdf328f6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1628001686887%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61095596-000a-b576-0a7b-850295079241%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2082508420761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://ad12.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=7f0a95baff&subid=&uid=37ff690abdf328f6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1628001686887%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61095596-000a-b576-0a7b-850295079241%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2082508420761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 47

https://www.awin1.com/cshow.php?s=2528696&v=13872&q=368718&r=278235&pref1=30024900107582102757758011675012&gdpr=&gdpr_consent= HTTP 302
https://kaspersky.commander1.com/v3/?tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg HTTP 302
https://kaspersky.commander1.com/v3/?firsttime=1&tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg HTTP 302
https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg

Request Chain 48

https://cct.connects.ch/tpv.php?t=117581V1422143551M&subid=30024900107582102757758011675012&gdpr=&gdpr_consent= HTTP 302
https://cct.minischoggi.ch/tpv.php?t=117581V1422143551M&subid=30024900107582102757758011675012&gdpr=&gdpr_consent=&sdtr=1 HTTP 302
https://www.adtracker.ch/upload/1x1.gif?x=1&lea_source=2021080316412753817275341X117581V1422143551MS30024900107582102757758011675012

Request Chain 49

https://cct.connects.ch/tpv.php?t=117581V1541143261M&subid=30024900107582102757758011675012&gdpr=&gdpr_consent= HTTP 302
https://htlp.emp-online.ch/htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View%20Partner_._WWWWW_.&lea_source=2021080316412753817275207X117581V1541143261MS30024900107582102757758011675012

Request Chain 51

https://cct.connects.ch/tb.php?t=117581V1541144909B&subid=30024900107582102757758011675012&gdpr=&gdpr_consent= HTTP 302
https://media.acfrg.com/banner/fr/black_premium/160x600_bp.gif

Request Chain 55

https://www.awin1.com/cshow.php?s=2528696&v=13872&q=368718&r=278235&pref1=30024900107582102757758011675012&gdpr=&gdpr_consent= HTTP 302
https://kaspersky.commander1.com/v3/?tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg HTTP 302
https://kaspersky.commander1.com/v3/?firsttime=1&tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg HTTP 302
https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg

Request Chain 56

https://cct.connects.ch/tb.php?t=117581V1422140455B&subid=30024900107582102757758011675012&gdpr=&gdpr_consent= HTTP 302
https://www.adtracker.ch/upload/miniSchoggi/Banner/min_ad_234x60_v2_08032017_de.gif

83 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 35yhi Show response
pastelink.net/ 11 KB
5 KB 72ms
26ms Document
text/html 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://pastelink.net/35yhi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 9018173ca54b3c7651d3dc7e7111d64a636403c503637fa64351454afe2afc97

Request headers

:method: GET
:authority: pastelink.net
:scheme: https
:path: /35yhi
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Tue, 03 Aug 2021 14:41:26 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=kg647htil0lq2mtk494hc4g1jd; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
808 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/35yhi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5314e2831216e18c4ff39e8f8a8b2202958310ce42913c75edb0daa9064bfa46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 14:41:26 GMT
server: ESF
date: Tue, 03 Aug 2021 14:41:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 03 Aug 2021 14:41:26 GMT

GET
H2 200 styles.css
pastelink.net/assets/css/ 184 KB
184 KB 22ms
21ms Stylesheet
text/css 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://pastelink.net/assets/css/styles.css
Requested by: Host: pastelink.net
URL: https://pastelink.net/35yhi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 90aeea50e3b111046b102972465d72fea46a5fc00d99432869d1c35e21e8deb8

Request headers

:path: /assets/css/styles.css
pragma: no-cache
cookie: PHPSESSID=kg647htil0lq2mtk494hc4g1jd
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: pastelink.net
referer: https://pastelink.net/35yhi
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/35yhi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
last-modified: Fri, 30 Jul 2021 11:29:52 GMT
server: nginx
accept-ranges: bytes
etag: "6103e2b0-2df9c"
content-length: 188316
content-type: text/css

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 25ms
11ms Script
application/javascript 2001:4de0:ac18::1:a:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/35yhi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Origin: https://pastelink.net
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
last-modified: Tue, 02 Mar 2021 17:27:20 GMT
server: nginx
etag: W/"603e7578-15d9d"
vary: Accept-Encoding
x-hw: 1628001686.dop052.fr8.t,1628001686.cds230.fr8.hc,1628001686.cds144.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 rules.js Show response
cdn.adligature.com/pl/prod/ 12 KB
4 KB 60ms
34ms Script
application/javascript 2606:4700:3031::ac43:cab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/rules.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/35yhi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:cab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 857d2b553978183f2d9d05574792fe91239d09522e6bd1651d2984a33eb4cb87

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=5vbfZw==, md5=y8vpKREY17mkLigoINAV8g==
date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 558
cf-polished: origSize=19493
x-guploader-uploadid: ADPycdu7c2NZYjNhpVZ9G91Pmtxxv_iM74mkLtc8cGHc-VtjbaND-piFMTaZMFuBKCOCaGWSa17SW6r14i7teYz5DLysFZdRQg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 30 Jul 2021 17:00:09 GMT
server: cloudflare
etag: W/"cbcbe9291118d7b9a42e282820d015f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HhAVavmH4V5sR3K3ESMa%2Fr3x6VRVD0k0cXKmhSMGofC6yegNEhrN6Bl59TJDEXKuVKSU62Kb0Ygb3atF%2F2WEfG5CHFYBOBYaNBEeiIHaRwp7cmaamp6JfdxnahxgpfEqiuUYcA9W2IIDCburt2D%2F2qU%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1627664409837685
content-type: application/javascript
expires: Tue, 03 Aug 2021 14:42:08 GMT
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
x-goog-stored-content-length: 19493
cf-ray: 67904e8b0ffd4ea9-FRA
cf-bgj: minify

GET
H2 200 script.min.js Show response
pastelink.net/assets/js/ 28 KB
28 KB 23ms
22ms Script
application/javascript 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://pastelink.net/assets/js/script.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/35yhi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 71befde092beb1f869db33533a14b88e10cff1ec72094f39f68b6f5b56f2d53d

Request headers

:path: /assets/js/script.min.js
pragma: no-cache
cookie: PHPSESSID=kg647htil0lq2mtk494hc4g1jd
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pastelink.net
referer: https://pastelink.net/35yhi
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/35yhi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
last-modified: Fri, 30 Jul 2021 11:29:52 GMT
server: nginx
accept-ranges: bytes
etag: "6103e2b0-6f8d"
content-length: 28557
content-type: application/javascript

GET
H2 200 pastelinknet4.jpg
pastelink.net/assets/images/ 12 KB
12 KB 21ms
21ms Image
image/jpeg 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pastelink.net/assets/images/pastelinknet4.jpg
Requested by: Host: pastelink.net
URL: https://pastelink.net/35yhi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 262b2a0bae52d6afe2f44127d9e9bf02205ad9d02d6be840f0b8440a45db0f19

Request headers

:path: /assets/images/pastelinknet4.jpg
pragma: no-cache
cookie: PHPSESSID=kg647htil0lq2mtk494hc4g1jd
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pastelink.net
referer: https://pastelink.net/35yhi
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/35yhi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
last-modified: Thu, 27 May 2021 10:51:09 GMT
server: nginx
accept-ranges: bytes
etag: "60af799d-2ffc"
content-length: 12284
content-type: image/jpeg

GET
H2 200 public.png
pastelink.net/assets/images/ 609 B
729 B 22ms
21ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pastelink.net/assets/images/public.png
Requested by: Host: pastelink.net
URL: https://pastelink.net/35yhi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 04bcd86676a40009fe53606bce88edf13537b712f218f9c6057e97c612513092

Request headers

:path: /assets/images/public.png
pragma: no-cache
cookie: PHPSESSID=kg647htil0lq2mtk494hc4g1jd
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pastelink.net
referer: https://pastelink.net/35yhi
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/35yhi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
last-modified: Thu, 27 May 2021 10:51:10 GMT
server: nginx
accept-ranges: bytes
etag: "60af799e-261"
content-length: 609
content-type: image/png

GET
H3-29 200 advally-4.5.3.js Show response
cdn.adligature.com/rules.js/ 87 KB
24 KB 36ms
24ms Script
application/javascript 2606:4700:3031::ac43:cab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:cab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f5e5ab67d9c0e96ebd2724024092f05b737c1ef366ed31583113fbb5ce27916

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=yMA6yA==, md5=7psFAYrhh9W21Y+ZH/Qbsw==
date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6045
cf-polished: origSize=147533
x-guploader-uploadid: ADPycdup8OSvlpaorO1TFbywZhqTdfW2dIoRezB_ts_VRwU87n2HcpvPk-ghazcT8B1OdHJsBgXi1RXI_eT0IrAl8be8RlN8sA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 13 Jul 2021 18:02:19 GMT
server: cloudflare
etag: W/"ee9b05018ae187d5b6d58f991ff41bb3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5JzVbdFRAIYwE7XA%2FMQpM%2F7MjkMQcHVfQOZTVsMWQ9AS3jQXKqSrnEsYAtE1TL0i5FV4v5SMsI1fy%2FA2R%2FAQ9Z9GNR6lJ5BhlgGBV6CEeuD0HPE9rj0LR3OKVH20NZXA0kSRZ5xRQT1gUSylS2R4GY%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1626199339467859
content-type: application/javascript
expires: Tue, 03 Aug 2021 14:41:04 GMT
cache-control: public, max-age=7200, s-maxage=7200, must-revalidate
x-goog-stored-content-length: 147533
cf-ray: 67904e8b89eadfb7-FRA
cf-bgj: minify

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 168 KB
57 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/35yhi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6fd10d685d42c8c93bb5e7c802e42e8d646949c52da47bdde7b5f34a94f5a414

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58693
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 03 Aug 2021 14:41:26 GMT

GET
H2 200 debut_light.png
pastelink.net/assets/images/ 4 KB
4 KB 21ms
21ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pastelink.net/assets/images/debut_light.png
Requested by: Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce

Request headers

:path: /assets/images/debut_light.png
pragma: no-cache
cookie: PHPSESSID=kg647htil0lq2mtk494hc4g1jd
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pastelink.net
referer: https://pastelink.net/assets/css/styles.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/assets/css/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
last-modified: Thu, 27 May 2021 10:51:09 GMT
server: nginx
accept-ranges: bytes
etag: "60af799d-10c8"
content-length: 4296
content-type: image/png

GET
H2 200 sprites.png
pastelink.net/assets/images/ 4 KB
4 KB 21ms
21ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pastelink.net/assets/images/sprites.png
Requested by: Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 736e1679b341206c435156f566998d48ad309ec22e277c12da51973bb42671c3

Request headers

:path: /assets/images/sprites.png
pragma: no-cache
cookie: PHPSESSID=kg647htil0lq2mtk494hc4g1jd
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pastelink.net
referer: https://pastelink.net/assets/css/styles.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/assets/css/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
last-modified: Thu, 27 May 2021 10:51:10 GMT
server: nginx
accept-ranges: bytes
etag: "60af799e-e11"
content-length: 3601
content-type: image/png

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pastelink.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 19:08:26 GMT
x-content-type-options: nosniff
age: 70380
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 19:08:26 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ 19 KB
19 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pastelink.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 05:41:48 GMT
x-content-type-options: nosniff
age: 32378
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19264
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:13:07 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 05:41:48 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pastelink.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 07:49:38 GMT
x-content-type-options: nosniff
age: 456708
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Jul 2022 07:49:38 GMT

GET
H/1.1 200
OK / Show response
pro.ip-api.com/csv/ 6 B
154 B 61ms
18ms XHR
text/plain 51.77.64.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/csv/?key=ZxSSLwZtxrKxQbv&fields=countryCode,region
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.77.64.70 , Germany, ASN16276 (OVH, FR),
Reverse DNS: de-fra-1.pro.ip-api.com
Software: /
Resource Hash: 55cf21bd8ff6ccfc5992b9fe72dadcbbe277599d29e3a28a0576a9b574a1cbb6

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 03 Aug 2021 14:41:26 GMT
Content-Length: 6
Content-Type: text/plain; charset=utf-8

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 70 KB
24 KB 27ms
26ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

eaef7318763f1b2b04f86fd3ab0ee028f8ce31f53f3e2eaf8f098bdb0fce0897

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "947 / 385 of 1000 / last-modified: 1627988914"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24727
x-xss-protection: 0
expires: Tue, 03 Aug 2021 14:41:26 GMT

GET
H3-29 200 prebid-4.32.0.js Show response
cdn.adligature.com/prebid/ 468 KB
141 KB 37ms
36ms Script
application/javascript 2606:4700:3031::ac43:cab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/prebid/prebid-4.32.0.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:cab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85df1d0cd9e4307922b0baf60a8e7916611ecd37356646c641b3a84768b5b711

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=Hm80RQ==, md5=KYAHD2Tg+R4W7uldz/G54w==
date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 229
cf-polished: origSize=479793
x-guploader-uploadid: ABg5-UyolwBwmS5Cj1PikfFoBH7umZvgc85V0nZd1v4V3T3Ljzg3CkCXXyHwy6ePdr6pSIgRH3AjD31BeG3-KuDh6-8
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 30 Mar 2021 15:47:28 GMT
server: cloudflare
etag: W/"2980070f64e0f91e16eee95dcff1b9e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CJWf1luMauGZeUZSGNAwEyy7BRIqaXv2FlteJlQPNzpfYhWiMY0KVz6P9sNqrIyOWgB8F%2Bef3Nee8nGX6hTpFA4GewbXRmszg7OzS5sFkqALNc4HBb8Y1arUDcbN7a%2Fl78IP%2FcgEKWD%2BJ33moagbp8E%3D"}],"group":"cf-nel","max_age":604800}
content-language: en
x-goog-generation: 1617119248965294
content-type: application/javascript
expires: Tue, 03 Aug 2021 14:47:37 GMT
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
x-goog-stored-content-length: 479793
cf-ray: 67904e8c2aefdfb7-FRA
cf-bgj: minify

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f0fb58557b7752dc05ef5acded706317339ebfa03b49db0e24ab4fa9665943c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51174
x-xss-protection: 0
expires: Tue, 03 Aug 2021 14:41:26 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 3892
date: Tue, 03 Aug 2021 13:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Tue, 03 Aug 2021 15:36:34 GMT

GET
H3-29 200 pubads_impl_2021072901.js Show response
securepubads.g.doubleclick.net/gpt/ 325 KB
113 KB 41ms
34ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072901.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

93a5aff7973bd2b1639e0499d27018a88782692ddb340169b27fac0d37dc6a66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 29 Jul 2021 08:44:06 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116135
x-xss-protection: 0
expires: Tue, 03 Aug 2021 14:41:26 GMT

GET
H3-29 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 70 B
97 B 39ms
34ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

39c0b8be3e2bd4ecc61b4a789ac1e94d6a6812a15499181634db22e64fe7221c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72
x-xss-protection: 0
expires: Tue, 03 Aug 2021 14:41:26 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
24 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1604661540&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F35yhi&ul=en-us&de=UTF-8&dt=Charlie%20Sheen%27s%20Guide%20To%20%EA%B5%AC%EA%B8%80%20%EB%A7%88%EC%BC%80%ED%8C%85%20%EC%97%85%EC%B2%B4%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=23945237&gjid=1823901796&cid=400922086.1628001686&tid=UA-55088947-2&_gid=1510149956.1628001686&_r=1&gtm=2wg82055WHPWQ&z=430247017

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 03 Aug 2021 14:41:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 collect
www.google-analytics.com/g/ 0
20 B 13ms
13ms Ping
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oe820&_p=1604661540&sr=1600x1200&ul=en-us&cid=400922086.1628001686&_s=1&dl=https%3A%2F%2Fpastelink.net%2F35yhi&dt=Charlie%20Sheen%27s%20Guide%20To%20%EA%B5%AC%EA%B8%80%20%EB%A7%88%EC%BC%80%ED%8C%85%20%EC%97%85%EC%B2%B4%20-%20Pastelink.net&sid=1628001686&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 03 Aug 2021 14:41:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 136 KB
49 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

951a39578447c900897fb1c1a5228bcfaa75ae369f88a491d9365a72fe373eb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49342
x-xss-protection: 0
server: cafe
etag: 13910504330065982742
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 03 Aug 2021 14:41:26 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
25 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=1604661540&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F35yhi&ul=en-us&de=UTF-8&dt=Charlie%20Sheen%27s%20Guide%20To%20%EA%B5%AC%EA%B8%80%20%EB%A7%88%EC%BC%80%ED%8C%85%20%EC%97%85%EC%B2%B4%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=587924496&gjid=2065438018&cid=400922086.1628001686&tid=UA-197326395-9&_gid=1510149956.1628001686&_r=1&_slc=1&z=1573313893

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 03 Aug 2021 14:41:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 16ms
16ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 172ms
172ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=57496431888417&correlator=276301599823068&output=ldjh&impl=fifs&eid=31062078%2C20211866%2C31062064&vrg=2021072901&ptt=17&sc=1&sfv=1-0-38&ecs=20210803&iu_parts=22405481091%2Cpastelink.net%2CSidebar_MPU&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600&eri=1&cust_params=testsegment%3Dfalse&cookie_enabled=1&bc=31&abxe=1&lmt=1628001686&dt=1628001686606&dlt=1628001686215&idt=351&frm=20&biw=1600&bih=1200&oid=3&adxs=1113&adys=323&adks=2108190548&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fpastelink.net%2F35yhi&vis=1&dmc=8&scr_x=0&scr_y=0&psz=239x652&msz=160x-1&ga_vid=400922086.1628001686&ga_sid=1628001687&ga_hid=1604661540&ga_fc=false&ga_cid=1510149956.1628001686&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072901.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

7514e7280f28ceb42e56bb76ea0bad00f3c1f2b23c46248e9ee37bc767b0e44b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4678
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B300 6 KB
3 KB 61ms
16ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 03 Aug 2021 14:41:26 GMT
expires: Wed, 03 Aug 2022 14:41:26 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/ 250 KB
93 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1750856239204414&plah=pastelink.net&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21161526e04840490e533e0233cabdd93eb1fe6632c84622e192c023c3bcc21b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95278
x-xss-protection: 0
server: cafe
etag: 7939706070626844053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 03 Aug 2021 14:41:26 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210729/r20190131/ Frame FAC9 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210729/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1310353e02e0a006b79b7d607131cb6d9411543a8957b772f565816fdf3ce4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210729/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 03 Aug 2021 01:18:02 GMT
expires: Tue, 17 Aug 2021 01:18:02 GMT
content-type: text/html; charset=UTF-8
etag: 4389807852502320046
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4579
x-xss-protection: 0
age: 48204
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 251 B
421 B 29ms
28ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=pastelink.net&callback=_gfp_s_&client=ca-pub-1750856239204414&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1750856239204414&plah=pastelink.net&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e222a4c78186709458f3602bb4f28f09d026bd9e2411debfbbb763f857afa03f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 213
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 16ms
15ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=pastelink.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 26ms
23ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B3EB 11 KB
5 KB 186ms
186ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&adk=1812271804&adf=3025194257&lmt=1628001686&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpastelink.net%2F35yhi&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628001686634&bpp=3&bdt=419&idt=67&shv=r20210729&mjsv=m202107290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6074872694106&frm=20&pv=2&ga_vid=400922086.1628001686&ga_sid=1628001687&ga_hid=1604661540&ga_fc=0&ga_cid=1510149956.1628001686&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061972%2C20211866%2C31062064&oid=3&pvsid=57496431888417&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=84

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84e52c04865187ff3ae3d3d3d1ba6502d63f6db1a8e0b5f9a417eac73beda161

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1750856239204414&output=html&adk=1812271804&adf=3025194257&lmt=1628001686&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpastelink.net%2F35yhi&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628001686634&bpp=3&bdt=419&idt=67&shv=r20210729&mjsv=m202107290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6074872694106&frm=20&pv=2&ga_vid=400922086.1628001686&ga_sid=1628001687&ga_hid=1604661540&ga_fc=0&ga_cid=1510149956.1628001686&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31061972%2C20211866%2C31062064&oid=3&pvsid=57496431888417&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=84
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 03 Aug 2021 14:41:26 GMT
server: cafe
content-length: 4598
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 03-Aug-2021 14:56:26 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 03 Aug 2021 14:41:26 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e3da77a5939fbc06cb620cc93ee888978121a1dcd5cdb746deeb936a4cd92f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627903448373927"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27995
x-xss-protection: 0
expires: Tue, 03 Aug 2021 14:41:26 GMT

GET
H3-29 200 container.html Show response
3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 98FA 6 KB
3 KB 21ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072901.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 03 Aug 2021 14:41:26 GMT
expires: Wed, 03 Aug 2022 14:41:26 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 98FA 0
0 54ms
54ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CiULCllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBMoBT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bWlrDkbtgoRtq31HuAFKPKJ_O-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAYAKAfoLAggBgAwB0BUBgBcBshcYChYSFHB1Yi0xNzUwODU2MjM5MjA0NDE0&sigh=664X2T_Pwpk
Requested by: Host: pastelink.net
URL: https://pastelink.net/35yhi
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200 Cookie set ShowAd Show response
brain.rvty.net/RTB/ Frame EC48 2 KB
2 KB 69ms
24ms Document
text/html 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
Requested by: Host: 3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com
URL: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: 1dca4fb80740090bea9e84e9f0742d2606e284a13acee3608cf562b30bfc79d6

Request headers

Host: brain.rvty.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/

Response headers

Server: nginx/1.13.4
Date: Tue, 03 Aug 2021 14:41:26 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: RTBUserId=2399ec00-c0d0-414d-a87f-c937b1fafca6; path=/; SameSite=None; secure; Expires=Wed, 03 Aug 2022 16:41:26 CEST RTBUserId-Old=2399ec00-c0d0-414d-a87f-c937b1fafca6; path=/; secure; Expires=Wed, 03 Aug 2022 16:41:26 CEST RTBUserId-Plain=2399ec00-c0d0-414d-a87f-c937b1fafca6; path=/; Expires=Wed, 03 Aug 2022 16:41:26 CEST
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Encoding: gzip

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/ Frame 98FA 2 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com
URL: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:39:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 95
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Aug 2021 14:39:51 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 98FA 124 KB
37 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com
URL: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c430c267231b0171372bc7daa045e7293403f2744255796e9121c320760f191a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:26 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627903459924584"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38134
x-xss-protection: 0
expires: Tue, 03 Aug 2021 14:41:26 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/ Frame 98FA 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com
URL: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:36:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 282
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Aug 2021 14:36:44 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 98FA 22 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com
URL: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 15:20:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84045
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 15:20:41 GMT

GET
DATA 200
OK truncated
/ Frame 98FA 221 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef3f0e77c7fb2301c06d4b9236580dbf7c5d11079de310f318b1a6855786738b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK ads_view.js Show response
cdn.rvty.net/view/ Frame EC48 3 KB
4 KB 70ms
23ms Script
application/javascript 89.163.211.242
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.rvty.net/view/ads_view.js
Requested by: Host: brain.rvty.net
URL: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.242 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: 00bb2f69ab06efff6555f6ccae10902e87bb6aea861e83de082a45a07e525054

Request headers

Referer: https://brain.rvty.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Aug 2021 14:41:26 GMT
Last-Modified: Fri, 20 Dec 2019 09:27:25 GMT
Server: nginx/1.13.4
ETag: "5dfc93fd-d40"
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3392

GET
H/1.1 200
OK n7o9ps86e2pq Show response
ad.ad-srv.net/zone/ Frame EC48 11 KB
4 KB 69ms
23ms Script
text/html 138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/zone/n7o9ps86e2pq?subid=&gdpr=&gdpr_consent=[EXTVARS_QUERYPARAMS]&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1628001686887%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61095596-000a-b576-0a7b-850295079241%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D
Requested by: Host: brain.rvty.net
URL: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 51d46c68727797d6a403728ede460a040e4f3d836f1fddce28205c8c0f5c6e29

Request headers

Referer: https://brain.rvty.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Aug 2021 14:41:27 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3405
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

request.php Show response
ad12.ad-srv.net/ Frame EC48
Redirect Chain

https://ad12.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=7f0a95baff&subid=&uid=37ff690abdf328f6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x6...
https://ad12.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=7f0a95baff&subid=&uid=37ff690abdf328f6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x6...

3 KB
1 KB

234ms
191ms

Script
application/x-javascript

94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad12.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=7f0a95baff&subid=&uid=37ff690abdf328f6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1628001686887%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61095596-000a-b576-0a7b-850295079241%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2082508420761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: brain.rvty.net
URL: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 3407fd87fb6b1236fa5a0301b74f6acedb1202050a302ce53189563dda3d9bea

Request headers

Referer: https://brain.rvty.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 03 Aug 2021 14:41:27 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 30024900107582102757758011675012
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 843
Expires: Tue, 03 Aug 2021 15:41:27 +0200

Redirect headers

Pragma: no-cache
Date: Tue, 03 Aug 2021 14:41:27 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=7f0a95baff&subid=&uid=37ff690abdf328f6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1628001686887%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61095596-000a-b576-0a7b-850295079241%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2082508420761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Tue, 03 Aug 2021 15:41:27 +0200

GET
H2

200

kaspersky_logo_green_120x60_white.jpg
media.kaspersky.com/de/affiliates/ Frame 078C
Redirect Chain

https://www.awin1.com/cshow.php?s=2528696&v=13872&q=368718&r=278235&pref1=30024900107582102757758011675012&gdpr=&gdpr_consent=
https://kaspersky.commander1.com/v3/?tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
https://kaspersky.commander1.com/v3/?firsttime=1&tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg

0
0

252ms
75ms

Document
image/jpeg

185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to

Full URL

https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg

Requested by

Host: ad12.ad-srv.net
URL: https://ad12.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=7f0a95baff&subid=&uid=37ff690abdf328f6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1628001686887%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61095596-000a-b576-0a7b-850295079241%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2082508420761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.85.15.31 , Russian Federation, ASN200107 (KL-EXT, RU),

Reverse DNS

Software

/ Kaspersky Labs Kaspersky Labs

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: media.kaspersky.com
:scheme: https
:path: /de/affiliates/kaspersky_logo_green_120x60_white.jpg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://brain.rvty.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://brain.rvty.net/

Response headers

content-type: image/jpeg
last-modified: Fri, 28 Jun 2019 10:08:41 GMT
accept-ranges: bytes
etag: "8de2876992dd51:0"
server
x-powered-by: Kaspersky Labs Kaspersky Labs
x-frame-options: SAMEORIGIN
x-server: fr2/FRA3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 03 Aug 2021 14:41:27 GMT
content-length: 20612

Redirect headers

Date: Tue, 03 Aug 2021 14:41:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Cache-Control: private, max-age=486000, pre-check=486000
Pragma: private
Expires: Mon, 01 Nov 21 16:41:27 +0100
Set-Cookie: tc_cj_v2=%5B%21%21%24%27%24%7B%2F%20%5B%21%21%24%27%24%29%20%2FZZZ%29%7B4y%7B%29y~%20GLQRLMOZZZKPLRJJKPRQJJJZZZpc_q; expires=Wed, 03-Aug-2022 14:41:27 GMT; path=/; samesite=none; domain=kaspersky.commander1.com; secure tc_cj_v2_cmp=e%7B.%2B%20-.%264; expires=Wed, 03-Aug-2022 14:41:27 GMT; path=/; samesite=none; domain=kaspersky.commander1.com; secure TCID=202108031641277993517778; expires=Wed, 03-Aug-2022 14:41:27 GMT; path=/; samesite=none; domain=.commander1.com; secure
location: https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
Server: web
Access-Control-Allow-Origin: *

GET
H2

200

1x1.gif Show response
www.adtracker.ch/upload/ Frame BEED
Redirect Chain

https://cct.connects.ch/tpv.php?t=117581V1422143551M&subid=30024900107582102757758011675012&gdpr=&gdpr_consent=
https://cct.minischoggi.ch/tpv.php?t=117581V1422143551M&subid=30024900107582102757758011675012&gdpr=&gdpr_consent=&sdtr=1
https://www.adtracker.ch/upload/1x1.gif?x=1&lea_source=2021080316412753817275341X117581V1422143551MS30024900107582102757758011675012

42 B
111 B

13ms
12ms

Document
image/gif

5.148.168.135
NINE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.adtracker.ch/upload/1x1.gif?x=1&lea_source=2021080316412753817275341X117581V1422143551MS30024900107582102757758011675012
Requested by: Host: ad12.ad-srv.net
URL: https://ad12.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=7f0a95baff&subid=&uid=37ff690abdf328f6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1628001686887%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61095596-000a-b576-0a7b-850295079241%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2082508420761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.148.168.135 Zurich, Switzerland, ASN29691 (NINE, CH),
Reverse DNS: adresult08.nine.ch
Software: Apache /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

:method: GET
:authority: www.adtracker.ch
:scheme: https
:path: /upload/1x1.gif?x=1&lea_source=2021080316412753817275341X117581V1422143551MS30024900107582102757758011675012
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://brain.rvty.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://brain.rvty.net/

Response headers

date: Tue, 03 Aug 2021 14:41:27 GMT
server: Apache
last-modified: Tue, 10 Jul 2018 10:21:41 GMT
etag: "2a-570a27efbd740"
accept-ranges: bytes
content-length: 42
content-type: image/gif

Redirect headers

server: nginx
date: Tue, 03 Aug 2021 14:41:27 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID= m8t4ha8sokjhiipd3v8vgl3nhi; SameSite=None; Secure ppv1422=2021080316412753817275341X117581V1422143551MS30024900107582102757758011675012; expires=Thu, 05-Aug-2021 14:41:27 GMT; Max-Age=172800; path=/; domain=cct.minischoggi.ch; SameSite=None; secure; HttpOnly
location: https://www.adtracker.ch/upload/1x1.gif?x=1&lea_source=2021080316412753817275341X117581V1422143551MS30024900107582102757758011675012
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

htlp_c.html Show response
htlp.emp-online.ch/ Frame 1C2C
Redirect Chain

https://cct.connects.ch/tpv.php?t=117581V1541143261M&subid=30024900107582102757758011675012&gdpr=&gdpr_consent=
https://htlp.emp-online.ch/htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View%20Partner_._WWWWW_.&lea_source=2021080316412753817275207X117581V1541143261MS30024900107582102757758011675012

2 KB
3 KB

122ms
61ms

Document
text/html

2600:9000:2190:d000:c:6264:8240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://htlp.emp-online.ch/htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View%20Partner_._WWWWW_.&lea_source=2021080316412753817275207X117581V1541143261MS30024900107582102757758011675012
Requested by: Host: ad12.ad-srv.net
URL: https://ad12.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=7f0a95baff&subid=&uid=37ff690abdf328f6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1628001686887%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61095596-000a-b576-0a7b-850295079241%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2082508420761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:d000:c:6264:8240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d9ccee9255f473e47a7eff4e4dab7449a4b8ca3c88631e91bc3b28af7bec12a4

Request headers

:method: GET
:authority: htlp.emp-online.ch
:scheme: https
:path: /htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View%20Partner_._WWWWW_.&lea_source=2021080316412753817275207X117581V1541143261MS30024900107582102757758011675012
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://brain.rvty.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://brain.rvty.net/

Response headers

content-type: text/html
content-length: 2488
date: Tue, 03 Aug 2021 14:41:28 GMT
last-modified: Mon, 17 Feb 2020 09:11:48 GMT
etag: "2ecc70a226fa7d1a1814eb985fd357a4"
x-amz-version-id: IOWeFwP7sU3esuP4PEVmnQ68vW6IhwwG
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: TnjXlnT0XH6hUnx2Hx7RvDeAyqOR1tscxZsfKUI0uuaqFsbH6EUv2g==

Redirect headers

server: nginx
date: Tue, 03 Aug 2021 14:41:27 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID= 3ulvvjahuakbbvb44atoaooonc; SameSite=None; Secure ppv1541=2021080316412753817275207X117581V1541143261MS30024900107582102757758011675012; expires=Tue, 10-Aug-2021 14:41:27 GMT; Max-Age=604800; path=/; domain=.connects.ch; SameSite=None; secure; HttpOnly
location: https://htlp.emp-online.ch/htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View Partner_._WWWWW_.&lea_source=2021080316412753817275207X117581V1541143261MS30024900107582102757758011675012
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK request_content.php Show response
ad12.ad-srv.net/ Frame D02F 42 KB
8 KB 67ms
24ms Document
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad12.ad-srv.net/request_content.php?s=30024900107582102757758011675012&a=9d67b7e6
Requested by: Host: ad12.ad-srv.net
URL: https://ad12.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=7f0a95baff&subid=&uid=37ff690abdf328f6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1628001686887%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61095596-000a-b576-0a7b-850295079241%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2082508420761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 8d372933bafd0af8e52f4843fdedfb3d40204708d9453f14631e1fcb04a15772

Request headers

Host: ad12.ad-srv.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://brain.rvty.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: kdb0xdq3ls8m_uid=ab2b0e7db9b1be11
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://brain.rvty.net/

Response headers

Date: Tue, 03 Aug 2021 14:41:27 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 03 Aug 2021 15:41:27 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7935
Connection: close
Content-Type: text/html; charset=utf-8

GET
H2

200

160x600_bp.gif
media.acfrg.com/banner/fr/black_premium/ Frame EC48
Redirect Chain

https://cct.connects.ch/tb.php?t=117581V1541144909B&subid=30024900107582102757758011675012&gdpr=&gdpr_consent=
https://media.acfrg.com/banner/fr/black_premium/160x600_bp.gif

111 KB
112 KB

55ms
13ms

Image
image/gif

2600:9000:2190:b800:13:99a2:1280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.acfrg.com/banner/fr/black_premium/160x600_bp.gif
Requested by: Host: brain.rvty.net
URL: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:b800:13:99a2:1280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: d4a36ec2a6ae9961fb9d60002bd5a4e7dac93946fc1b3a648a6dd1ab0e30fc10

Request headers

Referer: https://brain.rvty.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 08:02:54 GMT
via: 1.1 8455bcb2c0203b0c4ee93b610d75e69b.cloudfront.net (CloudFront)
etag: "56aa9d70-1bc78"
last-modified: Thu, 28 Jan 2016 23:00:00 GMT
server: nginx
age: 28260
x-powered-by: PleskLin
x-cache: Hit from cloudfront
content-type: image/gif
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 113784
x-amz-cf-id: ySmT3WYKQJNUdmhNgsq73DlyPHcyzQrWtejz5w6A9MhvkNxGG_F0TA==

Redirect headers

location: https://media.acfrg.com/banner/fr/black_premium/160x600_bp.gif
date: Tue, 03 Aug 2021 14:41:27 GMT
x-content-type-options: nosniff
server: nginx
accept-ranges: bytes
x-xss-protection: 1; mode=block
content-type: image/gif

GET
H/1.1 200
OK jquery-1.10.2.min.js Show response
cdn.rvty.net/_files/js/ Frame 4F64 91 KB
91 KB 31ms
30ms Script
application/javascript 89.163.211.242
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/view/ads_view.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.242 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

Request headers

Referer: https://brain.rvty.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Aug 2021 14:41:27 GMT
Last-Modified: Wed, 08 Jan 2020 08:13:37 GMT
Server: nginx/1.13.4
ETag: "5e158f31-16bb3"
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 93107

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 22ms
22ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:27 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
ad12.ad-srv.net/ Frame D02F 0
150 B 1068ms
23ms Script
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad12.ad-srv.net/viewability?s=30024900107582102757758011675012&a=c7f6930b&vb=m
Requested by: Host: ad12.ad-srv.net
URL: https://ad12.ad-srv.net/request_content.php?s=30024900107582102757758011675012&a=9d67b7e6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad12.ad-srv.net/request_content.php?s=30024900107582102757758011675012&a=9d67b7e6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Aug 2021 14:41:28 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2

200

kaspersky_logo_green_120x60_white.jpg
media.kaspersky.com/de/affiliates/ Frame D02F
Redirect Chain

https://www.awin1.com/cshow.php?s=2528696&v=13872&q=368718&r=278235&pref1=30024900107582102757758011675012&gdpr=&gdpr_consent=
https://kaspersky.commander1.com/v3/?tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
https://kaspersky.commander1.com/v3/?firsttime=1&tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg

20 KB
20 KB

214ms
53ms

Image
image/jpeg

185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg

Requested by

Host: ad12.ad-srv.net
URL: https://ad12.ad-srv.net/request_content.php?s=30024900107582102757758011675012&a=9d67b7e6

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.85.15.31 , Russian Federation, ASN200107 (KL-EXT, RU),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

d75068eff86c3491577fd62a86922f9cca41c89f0d06b6643632dd7a27a63913

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ad12.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 28 Jun 2019 10:08:41 GMT
server
x-powered-by: Kaspersky Labs, Kaspersky Labs
etag: "8de2876992dd51:0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
x-server: fr2/FRA4
accept-ranges: bytes
content-length: 20612
date: Tue, 03 Aug 2021 14:41:27 GMT

Redirect headers

Pragma: private
Date: Tue, 03 Aug 2021 14:41:27 GMT
Server: web
location: https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=486000, pre-check=486000
Connection: keep-alive
Content-Type: text/html
Expires: Mon, 01 Nov 21 16:41:27 +0100

GET
H2

200

min_ad_234x60_v2_08032017_de.gif
www.adtracker.ch/upload/miniSchoggi/Banner/ Frame D02F
Redirect Chain

https://cct.connects.ch/tb.php?t=117581V1422140455B&subid=30024900107582102757758011675012&gdpr=&gdpr_consent=
https://www.adtracker.ch/upload/miniSchoggi/Banner/min_ad_234x60_v2_08032017_de.gif

20 KB
20 KB

79ms
13ms

Image
image/gif

5.148.168.135
NINE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.adtracker.ch/upload/miniSchoggi/Banner/min_ad_234x60_v2_08032017_de.gif
Requested by: Host: ad12.ad-srv.net
URL: https://ad12.ad-srv.net/request_content.php?s=30024900107582102757758011675012&a=9d67b7e6
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.148.168.135 Zurich, Switzerland, ASN29691 (NINE, CH),
Reverse DNS: adresult08.nine.ch
Software: Apache /
Resource Hash: ab5e6e5d8293917e30f7b8f52831106b71c306caf220ba2c09d8f528a6411eda

Request headers

Referer: https://ad12.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:27 GMT
last-modified: Tue, 27 Mar 2018 13:25:30 GMT
server: Apache
accept-ranges: bytes
etag: "5076-56864d306a680"
content-length: 20598
content-type: image/gif

Redirect headers

location: https://www.adtracker.ch/upload/miniSchoggi/Banner/min_ad_234x60_v2_08032017_de.gif
date: Tue, 03 Aug 2021 14:41:27 GMT
x-content-type-options: nosniff
server: nginx
accept-ranges: bytes
x-xss-protection: 1; mode=block
content-type: image/gif

GET
H/1.1 200
OK emp_logo.png
cdn.contentspread.net/oliro/advertiser/54613/creativesup/ Frame D02F 4 KB
4 KB 96ms
23ms Image
image/png 85.114.131.235
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/oliro/advertiser/54613/creativesup/emp_logo.png
Requested by: Host: ad12.ad-srv.net
URL: https://ad12.ad-srv.net/request_content.php?s=30024900107582102757758011675012&a=9d67b7e6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.235 Schopfheim, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21039.dus4.fastwebserver.de
Software: nginx /
Resource Hash: e68191de65ab3388198855a4bf609ec8052da7ab99a3897e789291861c26281c

Request headers

Referer: https://ad12.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Aug 2021 14:41:27 GMT
Last-Modified: Thu, 16 Jul 2020 14:34:40 GMT
Server: nginx
ETag: "5f106580-105d"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 4189

GET
H/1.1 200
OK oba_icon.png
cdn.contentspread.net/oliro/oba/ Frame D02F 3 KB
3 KB 98ms
25ms Image
image/png 85.114.131.235
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/oliro/oba/oba_icon.png
Requested by: Host: ad12.ad-srv.net
URL: https://ad12.ad-srv.net/request_content.php?s=30024900107582102757758011675012&a=9d67b7e6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.235 Schopfheim, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21039.dus4.fastwebserver.de
Software: nginx /
Resource Hash: 2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6

Request headers

Referer: https://ad12.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Aug 2021 14:41:27 GMT
Last-Modified: Fri, 05 Aug 2016 12:57:49 GMT
Server: nginx
ETag: "57a48d4d-c35"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 3125

GET
H2 200 lila.js Show response
tc.connects.ch/ Frame 1C2C 16 KB
5 KB 93ms
30ms Script
application/javascript 84.200.5.215
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to

Full URL

https://tc.connects.ch/lila.js

Requested by

Host: htlp.emp-online.ch
URL: https://htlp.emp-online.ch/htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View%20Partner_._WWWWW_.&lea_source=2021080316412753817275207X117581V1541143261MS30024900107582102757758011675012

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

84.200.5.215 , Germany, ASN31400 (ACCELERATED-IT, DE),

Reverse DNS

Software

nginx /

Resource Hash

2bbd412bfc6e2aefaee5cf0648ad34e5ae55f21b7baec795169ad9d1a5361883

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://htlp.emp-online.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Oct 2020 13:24:42 GMT
server: nginx
etag: W/"5f7c701a-3f97"
content-type: application/javascript
x-xss-protection: 1; mode=block

GET
H2 200 lila.php Show response
www.lacmp.net/ Frame 1C2C 10 KB
3 KB 96ms
37ms XHR
text/html 84.200.5.215
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lacmp.net/lila.php?id=unk9N5KaFeWSJF0lAiMs&url=https%3A%2F%2Fhtlp.emp-online.ch%2Fhtlp_c.html%3Fwt_mc%3Dpt.connects._117581_._NNNNN_._Post-View%2520Partner_._WWWWW_.%26lea_source%3D2021080316412753817275207X117581V1541143261MS30024900107582102757758011675012&frameit=1&module=HTLP&event=HTLP&checkoutdomain=.emp-online.ch

Requested by

Host: tc.connects.ch
URL: https://tc.connects.ch/lila.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

84.200.5.215 , Germany, ASN31400 (ACCELERATED-IT, DE),

Reverse DNS

Software

nginx /

Resource Hash

71e9dbdd760868abf36c930b0c1a0ccbfa8df0a52d86836230f3379c15f72a3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://htlp.emp-online.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 03 Aug 2021 14:41:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H2 200 1SE1U Show response
www.getback.ch/ Frame 1C2C 270 B
441 B 57ms
18ms Script
application/javascript 52.58.161.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getback.ch/1SE1U
Requested by: Host: pastelink.net
URL: https://pastelink.net/35yhi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.161.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-161-156.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a8d8d04e8c4673231645ec5bcb3cc6496a2ff8cd2819fe0145a6229ad8d0896b

Request headers

Referer: https://htlp.emp-online.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Tue, 03 Aug 2021 14:41:27 GMT
cache-control: max-age=2592000, public
server: nginx
content-type: application/javascript
content-length: 270
expires: Thu, 02 Sep 2021 14:41:27 GMT

GET
H2 200 1SE1U.js Show response
static.getback.ch/clients/ Frame 1C2C 114 KB
32 KB 43ms
16ms Script
application/javascript 13.224.96.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.getback.ch/clients/1SE1U.js
Requested by: Host: www.getback.ch
URL: https://www.getback.ch/1SE1U
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-59.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 376655a0c20744fd53a0b953bf6e47aa3e7712098104dc5e93fba8d0c4f31552

Request headers

Referer: https://htlp.emp-online.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 00:18:33 GMT
content-encoding: gzip
last-modified: Tue, 02 Feb 2021 11:09:44 GMT
server: AmazonS3
age: 138175
etag: W/"be39231ed570c65a9f31c163aa09da76"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 4ee178becf6bd81a5ce90c64ae0621b5.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: cNegdUn6FG4IfQ24VCFbntxGePK36CMEItTNWbpVNMP2t8jtm-NSWg==

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 21ms
21ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:27 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 98FA 42 B
64 B 47ms
47ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuD84wEWgo9KVVHqAqxMApPglbjEXigd2v4_H_1M_nigZnB4TgYr2jQYzo2OvLGKIC8033f7bWDmuGKcaMaeRGe0AvU586S&sig=Cg0ArKJSzNB1jbsJaJWpEAE&id=lidar2&mcvt=1000&p=323,1113,923,1273&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210802&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2108190548&rs=4&met=ie&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1628001686805&dlt=22&rpt=1&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Aug 2021 14:41:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 21ms
21ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:28 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 24ms
24ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210729&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f2f19726d81f347321b3b667ec691dc0aa9a614a0cae70c523cde59443ab991

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 03 Aug 2021 14:41:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8725
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 14:41:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Tue, 03 Aug 2021 14:41:28 GMT

GET
H/1.1 200
OK viewability Show response
ad12.ad-srv.net/ Frame D02F 0
150 B 67ms
23ms Script
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad12.ad-srv.net/viewability?s=30024900107582102757758011675012&a=c7f6930b&vb=v
Requested by: Host: ad12.ad-srv.net
URL: https://ad12.ad-srv.net/request_content.php?s=30024900107582102757758011675012&a=9d67b7e6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad12.ad-srv.net/request_content.php?s=30024900107582102757758011675012&a=9d67b7e6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Aug 2021 14:41:28 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame AFBA 12 KB
5 KB 17ms
14ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Tue, 03 Aug 2021 14:30:01 GMT
expires: Wed, 03 Aug 2022 14:30:01 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 687
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 523C 783 B
764 B 17ms
17ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b7bad4401ad2be305677a5af5049116bb9eaac899ac91c6d85e21fda28e77be1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-b94xHCl/DKwJe8geCf0zNA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

expires: Tue, 03 Aug 2021 14:41:28 GMT
date: Tue, 03 Aug 2021 14:41:28 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-b94xHCl/DKwJe8geCf0zNA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 tBv30B7cEwOfmOtuBIU0RKM2cx09bPxFJYI-bfU5S6g.js Show response
pagead2.googlesyndication.com/bg/ Frame AFBA 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tBv30B7cEwOfmOtuBIU0RKM2cx09bPxFJYI-bfU5S6g.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b41bf7d01edc13039f98eb6e04853444a336731d3d6cfc4525823e6df5394ba8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 15:06:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84914
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13260
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Aug 2022 15:06:14 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210729&jk=57496431888417&bg=!pKelp-PNAAals0SOpbM7ACkAdvg8Wly4bqQ37Qkq29E3YgsrsY5Z37_RpcyxpxwAPM-MsTyMjYh4hAIAAACaUgAAAA1oAQeZAnfYWyrGPAzR_2qpyFpq59x7RXjCLGxzRMMNVF_EcgecrcBzm86MCHBtN7L4n77SsLM2h0A1b_O6hhn0wNEJyK88mtHGLn85_I7lvlLP4RfLcIQ1d_syCBJXmKccEMMou92FzfLaGsPvWyF7u1TyiRy2YmSy-UPg6ZSkKlRxkkHAlTwxJwsg5YSFkTgGRGlgA5reTs6zKI-cLgNKwtya-yecuPhHsHlWHCPTAdG0gpke10ohfGazWiTFGAuG-fHUxO6n-ZONMZzCFxZ1HMrH_0GgQAVF9XIB2JBfH-tFAOCsdFId8LZXGDDd8OAeMYj3VdUeQs8DeU3vD-mUwAgEx3Op6nYsHpR3XnuUeV5JmRTUnA7gTvnt3Z63B93uqY3_3E8AOhzudFOThO-Ld93pXCYX3zXNLXUV1YfljLj3oOq8RaG_q8vkhZzTNHXkvGZ2GIO4t0aQDe5H3XMXYt0jRuodr_oYVYOTCT4lfjTwG7CtpURAjpeOBM3T7IzLIFDL-BTvYRDziXLM_3lyQeYUdwq0E0YUIkM1-wMLCHvKlnLgYlfv0t86GhyeYMwEV0YrZreVK1QOB3iYBevNp80skLkR9MtYKc07v_eJuRwKe5fXivj9vQUm-RXGJcD_Vx2AfoUhGAbjv2BZI7xWMj3p9XObmf7aXmFxX-tSocwSIeecwq2tgnJgHbr1CTYxA93xBNOlRYbgn97WDaxTbtmlO8GLa9oeHlb6Iy2j-4H4SijsLJ6-BqCt0PuGQoE9Q6kS4vZ7LgD_pmqemgKlLmDyPapDQWR9SEPz2QCh5kL8509UQ2rYD7f3WwNx5VRspQSKRH_YMt8VvQ0M

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Aug 2021 14:41:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 24ms
24ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:28 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 22ms
22ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:29 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 23ms
22ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:29 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 24ms
23ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:30 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 23ms
23ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:31 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 21ms
20ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:31 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 23ms
23ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:32 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 24ms
23ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:35 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 21ms
20ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:38 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame 4F64 0
119 B 22ms
22ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQlVlgAJ894K4E5MAAGlLnU2Qpy1CU2cyjAKbg&penc=&bp=192308&a=61095596-000a-b576-0a7b-850295079241&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35yhi&rawReferrerURL=&uid=2399ec00-c0d0-414d-a87f-c937b1fafca6&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoyMLllUJYd7nJ8ycgQeuyobIDub-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakClvhWR6zysz7gAgCoAwGqBM0BT9AbH4TaDM8HQkGyZjLsKq8-KlalrbaX54VdAobW5413csIDzx6Uh2bs3QMukGXCOOljFEkQRcJG8Rrxpop5QbX9BkNQhwCKS_TTgJ5dX7ZMbPQYV3Sz-K1FNHXybCLDxW-hWf_w9hrsR-zpx6M7A4Nx6D__RpyRIpp3QITn7woE4TewRP8c3aM79GJJWeejddSI2HXOnTYL7T7eXiPVw2VvmX7kRU5w8graficyvlXv9qBdi1m6bStpA9RnY0JVV7sOM99ks1QFL7nS9-AEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3bG4yAgL5W0u70ARovYCAjqf_qwQ%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 03 Aug 2021 14:41:41 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

Verdicts & Comments Add Verdict or Comment

92 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.adligature.com/pl/prod/rules.js(Line 1) Message: Advally Wrapper v4.5.3
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js(Line 23) Message: Advally Location: Starting
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js(Line 23) Message: Advally Location: Doing API Lookup
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js(Line 23) Message: Advally Executing 1 Queued Commands
console-api	warning	URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js(Line 24) Message: Advally Page: Site Segment test-segment-195 not found
console-api	warning	URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js(Line 24) Message: Advally Page: Site Segment test-segment-195 not found
console-api	warning	URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js(Line 24) Message: Advally Units: No sizes found
console-api	log	URL: https://static.getback.ch/clients/1SE1U.js(Line 1) Message: no storage support

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3c7cd21965cd727013e26a69f3431811.safeframe.googlesyndication.com
ad.ad-srv.net
ad12.ad-srv.net
adservice.google.ch
adservice.google.com
adservice.google.de
brain.rvty.net
cct.connects.ch
cct.minischoggi.ch
cdn.adligature.com
cdn.contentspread.net
cdn.rvty.net
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
htlp.emp-online.ch
kaspersky.commander1.com
media.acfrg.com
media.kaspersky.com
pagead2.googlesyndication.com
partner.googleadservices.com
pastelink.net
pro.ip-api.com
securepubads.g.doubleclick.net
static.getback.ch
tc.connects.ch
tpc.googlesyndication.com
www.adtracker.ch
www.awin1.com
www.getback.ch
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.lacmp.net
104.111.239.217
13.224.96.59
13.37.72.132
138.201.64.38
142.250.184.226
185.85.15.31
2001:4de0:ac18::1:a:3a
216.58.212.162
2600:9000:2190:b800:13:99a2:1280:93a1
2600:9000:2190:d000:c:6264:8240:93a1
2606:4700:3031::ac43:cab1
2a00:1450:4001:800::2001
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2002
2a00:1450:4001:812::2003
2a00:1450:4001:828::2004
2a00:1450:4001:828::2008
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::200a
2a01:7e00::f03c:91ff:fe39:1dbe
5.148.168.135
51.77.64.70
52.58.161.156
84.200.5.215
85.114.131.235
89.163.211.233
89.163.211.242
94.130.102.164
00bb2f69ab06efff6555f6ccae10902e87bb6aea861e83de082a45a07e525054
04bcd86676a40009fe53606bce88edf13537b712f218f9c6057e97c612513092
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
1dca4fb80740090bea9e84e9f0742d2606e284a13acee3608cf562b30bfc79d6
21161526e04840490e533e0233cabdd93eb1fe6632c84622e192c023c3bcc21b
262b2a0bae52d6afe2f44127d9e9bf02205ad9d02d6be840f0b8440a45db0f19
2bbd412bfc6e2aefaee5cf0648ad34e5ae55f21b7baec795169ad9d1a5361883
2f2f19726d81f347321b3b667ec691dc0aa9a614a0cae70c523cde59443ab991
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6
3407fd87fb6b1236fa5a0301b74f6acedb1202050a302ce53189563dda3d9bea
376655a0c20744fd53a0b953bf6e47aa3e7712098104dc5e93fba8d0c4f31552
39c0b8be3e2bd4ecc61b4a789ac1e94d6a6812a15499181634db22e64fe7221c
3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
4e3da77a5939fbc06cb620cc93ee888978121a1dcd5cdb746deeb936a4cd92f0
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
51d46c68727797d6a403728ede460a040e4f3d836f1fddce28205c8c0f5c6e29
5314e2831216e18c4ff39e8f8a8b2202958310ce42913c75edb0daa9064bfa46
55cf21bd8ff6ccfc5992b9fe72dadcbbe277599d29e3a28a0576a9b574a1cbb6
5d1310353e02e0a006b79b7d607131cb6d9411543a8957b772f565816fdf3ce4
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6fd10d685d42c8c93bb5e7c802e42e8d646949c52da47bdde7b5f34a94f5a414
71befde092beb1f869db33533a14b88e10cff1ec72094f39f68b6f5b56f2d53d
71e9dbdd760868abf36c930b0c1a0ccbfa8df0a52d86836230f3379c15f72a3e
736e1679b341206c435156f566998d48ad309ec22e277c12da51973bb42671c3
7514e7280f28ceb42e56bb76ea0bad00f3c1f2b23c46248e9ee37bc767b0e44b
7f5e5ab67d9c0e96ebd2724024092f05b737c1ef366ed31583113fbb5ce27916
84e52c04865187ff3ae3d3d3d1ba6502d63f6db1a8e0b5f9a417eac73beda161
857d2b553978183f2d9d05574792fe91239d09522e6bd1651d2984a33eb4cb87
85df1d0cd9e4307922b0baf60a8e7916611ecd37356646c641b3a84768b5b711
8d372933bafd0af8e52f4843fdedfb3d40204708d9453f14631e1fcb04a15772
9018173ca54b3c7651d3dc7e7111d64a636403c503637fa64351454afe2afc97
90aeea50e3b111046b102972465d72fea46a5fc00d99432869d1c35e21e8deb8
93a5aff7973bd2b1639e0499d27018a88782692ddb340169b27fac0d37dc6a66
951a39578447c900897fb1c1a5228bcfaa75ae369f88a491d9365a72fe373eb1
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8d8d04e8c4673231645ec5bcb3cc6496a2ff8cd2819fe0145a6229ad8d0896b
ab5e6e5d8293917e30f7b8f52831106b71c306caf220ba2c09d8f528a6411eda
b41bf7d01edc13039f98eb6e04853444a336731d3d6cfc4525823e6df5394ba8
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b7bad4401ad2be305677a5af5049116bb9eaac899ac91c6d85e21fda28e77be1
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
c430c267231b0171372bc7daa045e7293403f2744255796e9121c320760f191a
d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a
d4a36ec2a6ae9961fb9d60002bd5a4e7dac93946fc1b3a648a6dd1ab0e30fc10
d75068eff86c3491577fd62a86922f9cca41c89f0d06b6643632dd7a27a63913
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
d9ccee9255f473e47a7eff4e4dab7449a4b8ca3c88631e91bc3b28af7bec12a4
e222a4c78186709458f3602bb4f28f09d026bd9e2411debfbbb763f857afa03f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e68191de65ab3388198855a4bf609ec8052da7ab99a3897e789291861c26281c
eaef7318763f1b2b04f86fd3ab0ee028f8ce31f53f3e2eaf8f098bdb0fce0897
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3f0e77c7fb2301c06d4b9236580dbf7c5d11079de310f318b1a6855786738b
f0fb58557b7752dc05ef5acded706317339ebfa03b49db0e24ab4fa9665943c3
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

pastelink.net Open in urlscan Pro 2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

83 Requests

100 %HTTPS

56 %IPv6

28 Domains

36 Subdomains

33 IPs

7 Countries

1327 kBTransfer

2869 kBSize

0 Cookies

3 Outgoing links

Redirected requests

83 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pastelink.net Open in urlscan Pro
2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

Screenshot
Live screenshot

Full Image

83
Requests

100 %
HTTPS

56 %
IPv6

28
Domains

36
Subdomains

33
IPs

7
Countries

1327 kB
Transfer

2869 kB
Size

0
Cookies

83 HTTP transactions
1 data transactions