pastelink.net Open in urlscan Pro
2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

URL:
https://pastelink.net/35cwe
Submission: On July 30 via manual (July 30th 2021, 11:27:27 pm UTC) from US

Summary HTTP 83 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 31 IPs in 7 countries across 27 domains to perform 83 HTTP transactions. The main IP is 2a01:7e00::f03c:91ff:fe39:1dbe, located in London, United Kingdom and belongs to LINODE-AP Linode, LLC, US. The main domain is pastelink.net.
TLS certificate: Issued by R3 on July 26th 2021. Valid for: 3 months.

This is the only time pastelink.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	2a01:7e00::f0... 2a01:7e00::f03c:91ff:fe39:1dbe	63949 (LINODE-AP...) (LINODE-AP Linode)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (HIGHWINDS3) (HIGHWINDS3)
3	2606:4700:303... 2606:4700:3031::ac43:cab1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	51.77.64.70 51.77.64.70	16276 (OVH) (OVH)
12	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
14	89.163.211.233 89.163.211.233	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
5	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
2	89.163.211.242 89.163.211.242	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	138.201.84.245 138.201.84.245	24940 (HETZNER-AS) (HETZNER-AS)
1 5	176.9.26.250 176.9.26.250	24940 (HETZNER-AS) (HETZNER-AS)
2 2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
4 4	13.37.72.132 13.37.72.132	16509 (AMAZON-02) (AMAZON-02)
2	185.85.15.31 185.85.15.31	200107 (KL-EXT) (KL-EXT)
5 7	84.200.5.215 84.200.5.215	31400 (ACCELERAT...) (ACCELERATED-IT)
1	2600:9000:21f... 2600:9000:21f3:8600:c:6264:8240:93a1	16509 (AMAZON-02) (AMAZON-02)
2	5.148.168.135 5.148.168.135	29691 (NINE) (NINE)
1	2600:9000:21f... 2600:9000:21f3:b600:13:99a2:1280:93a1	16509 (AMAZON-02) (AMAZON-02)
2	51.75.147.170 51.75.147.170	16276 (OVH) (OVH)
1	18.196.166.90 18.196.166.90	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	13.225.87.84 13.225.87.84	16509 (AMAZON-02) (AMAZON-02)
83	31

7 2a01:7e00::f03c:91ff:fe39:1dbe (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)

pastelink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3031::ac43:cab1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.adligature.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.77.64.70 (Germany)

ASN16276 (OVH, FR)
PTR: de-fra-1.pro.ip-api.com

pro.ip-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 89.163.211.233 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

brain.rvty.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.163.211.242 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

cdn.rvty.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.84.245 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.245.84.201.138.clients.your-server.de

ad.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 176.9.26.250 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.250.26.9.176.clients.your-server.de

ad14.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.37.72.132 (Paris, France) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-13-37-72-132.eu-west-3.compute.amazonaws.com

kaspersky.commander1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.85.15.31 (Russian Federation)

ASN200107 (KL-EXT, RU)

media.kaspersky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 84.200.5.215 (Germany) 5 redirects

ASN31400 (ACCELERATED-IT, DE)

cct.connects.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cct.minischoggi.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tc.connects.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.lacmp.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:8600:c:6264:8240:93a1 (United States)

ASN16509 (AMAZON-02, US)

htlp.emp-online.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.148.168.135 (Zurich, Switzerland)

ASN29691 (NINE, CH)
PTR: adresult08.nine.ch

www.adtracker.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:b600:13:99a2:1280:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.acfrg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.75.147.170 (France)

ASN16276 (OVH, FR)
PTR: ns3133977.ip-51-75-147.eu

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.196.166.90 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-166-90.eu-central-1.compute.amazonaws.com

www.getback.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.87.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-84.fra2.r.cloudfront.net

static.getback.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	rvty.net brain.rvty.net cdn.rvty.net	98 KB
13	googlesyndication.com pagead2.googlesyndication.com 23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com tpc.googlesyndication.com	196 KB
7	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net	150 KB
7	pastelink.net pastelink.net	239 KB
6	ad-srv.net 1 redirects ad.ad-srv.net ad14.ad-srv.net	15 KB
5	connects.ch 4 redirects cct.connects.ch tc.connects.ch	6 KB
4	commander1.com 4 redirects kaspersky.commander1.com	4 KB
4	google-analytics.com www.google-analytics.com	19 KB
3	google.com adservice.google.com www.google.com	1 KB
3	gstatic.com fonts.gstatic.com	34 KB
3	adligature.com cdn.adligature.com	168 KB
2	getback.ch www.getback.ch static.getback.ch	33 KB
2	contentspread.net cdn.contentspread.net	8 KB
2	adtracker.ch www.adtracker.ch	20 KB
2	kaspersky.com media.kaspersky.com	20 KB
2	awin1.com 2 redirects www.awin1.com	1 KB
2	googletagservices.com www.googletagservices.com	65 KB
2	google.ch adservice.google.ch	975 B
2	googletagmanager.com www.googletagmanager.com	107 KB
1	lacmp.net www.lacmp.net	3 KB
1	acfrg.com media.acfrg.com	112 KB
1	minischoggi.ch 1 redirects cct.minischoggi.ch	515 B
1	emp-online.ch htlp.emp-online.ch	3 KB
1	googleadservices.com partner.googleadservices.com	270 B
1	ip-api.com pro.ip-api.com	154 B
1	jquery.com code.jquery.com	30 KB
1	googleapis.com fonts.googleapis.com	781 B
83	27

	Domain	Requested by
14	brain.rvty.net	23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com cdn.rvty.net
7	pastelink.net	pastelink.net
6	pagead2.googlesyndication.com	cdn.adligature.com pagead2.googlesyndication.com www.googletagservices.com tpc.googlesyndication.com
5	ad14.ad-srv.net	1 redirects brain.rvty.net ad14.ad-srv.net
5	tpc.googlesyndication.com	23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com
5	securepubads.g.doubleclick.net	cdn.adligature.com securepubads.g.doubleclick.net pastelink.net
4	cct.connects.ch	4 redirects
4	kaspersky.commander1.com	4 redirects
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	fonts.gstatic.com	fonts.googleapis.com
3	cdn.adligature.com	pastelink.net cdn.adligature.com
2	cdn.contentspread.net	ad14.ad-srv.net
2	www.adtracker.ch	ad14.ad-srv.net
2	media.kaspersky.com	ad14.ad-srv.net
2	www.awin1.com	2 redirects
2	cdn.rvty.net	brain.rvty.net cdn.rvty.net
2	www.googletagservices.com	pagead2.googlesyndication.com 23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
2	adservice.google.ch	securepubads.g.doubleclick.net pagead2.googlesyndication.com
2	www.googletagmanager.com	pastelink.net www.googletagmanager.com
1	static.getback.ch	www.getback.ch
1	www.google.com	tpc.googlesyndication.com
1	www.getback.ch	pastelink.net
1	www.lacmp.net	tc.connects.ch
1	tc.connects.ch	htlp.emp-online.ch
1	media.acfrg.com	brain.rvty.net
1	cct.minischoggi.ch	1 redirects
1	htlp.emp-online.ch	ad14.ad-srv.net
1	ad.ad-srv.net	brain.rvty.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	pro.ip-api.com	cdn.adligature.com
1	code.jquery.com	pastelink.net
1	fonts.googleapis.com	pastelink.net
83	35

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.ggongworld.com

Subject Issuer	Validity	Valid
pastelink.net R3	`2021-07-26` - `2021-10-24`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-07-05` - `2021-09-27`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-01` - `2022-06-30`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-05` - `2021-09-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA	`2019-11-05` - `2021-11-04`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.google.ch GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.rvty.net Sectigo RSA Domain Validation Secure Server CA	`2020-09-02` - `2021-10-04`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
ad-srv.net R3	`2021-06-21` - `2021-09-19`	3 months	crt.sh
media.kaspersky.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-23` - `2022-04-28`	a year	crt.sh
htlp.emp.de Amazon	`2021-03-02` - `2022-03-31`	a year	crt.sh
adtracker.ch R3	`2021-07-22` - `2021-10-20`	3 months	crt.sh
*.acfrg.com Amazon	`2021-01-14` - `2022-02-12`	a year	crt.sh
contentspread.net R3	`2021-06-04` - `2021-09-02`	3 months	crt.sh
tc.connects.ch R3	`2021-07-23` - `2021-10-21`	3 months	crt.sh
www.lacmp.net R3	`2021-07-23` - `2021-10-21`	3 months	crt.sh
*.getback.ch Amazon	`2021-05-08` - `2022-06-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://pastelink.net/35cwe
Frame ID: CCA627729AD4ACD9ADD437EFBA3C6EAD
Requests: 37 HTTP requests in this frame

Frame: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 08E000C2F60393A5765F8F363BF851E6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210728/r20190131/zrt_lookup.html
Frame ID: 38AAE118EDC2BEEFA3D0FF4806AF22E2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&adk=1812271804&adf=3025194257&lmt=1627687627&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpastelink.net%2F35cwe&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627687627213&bpp=3&bdt=662&idt=75&shv=r20210728&mjsv=m202107290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=436731305926&frm=20&pv=2&ga_vid=1133778185.1627687627&ga_sid=1627687627&ga_hid=1520672214&ga_fc=0&ga_cid=1924360346.1627687627&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866&oid=3&pvsid=4064883822685211&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=90
Frame ID: A1B8B678A32716C5EEDBCC1B0C207C94
Requests: 1 HTTP requests in this frame

Frame: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9E29BA391191126CB65D8C3200A3401C
Requests: 8 HTTP requests in this frame

Frame: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
Frame ID: C8C60EF2E281BB5D15890EFFB9203FB8
Requests: 5 HTTP requests in this frame

Frame: https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
Frame ID: 9D9D9D1673AC6F93DA986CFB31DBEE62
Requests: 1 HTTP requests in this frame

Frame: https://htlp.emp-online.ch/htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View%20Partner_._WWWWW_.&lea_source=2021073101270853655562123X117581V1541143261MS29619200005218102757758011672014
Frame ID: 324AB5F8A1D9DD5A690D7A4BBBCF15CD
Requests: 5 HTTP requests in this frame

Frame: https://www.adtracker.ch/upload/1x1.gif?x=1&lea_source=2021073101270853655562151X117581V1422143551MS29619200005218102757758011672014
Frame ID: 4FE421CA832BF8709D5AA1137D57B4E7
Requests: 1 HTTP requests in this frame

Frame: https://ad14.ad-srv.net/request_content.php?s=29619200005218102757758011672014&a=4ea628c7
Frame ID: 538DBFDF60F0BA914FBA8DD0AC253BDA
Requests: 7 HTTP requests in this frame

Frame: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Frame ID: DBDDF5C25767BB1498DA937111A0A085
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 0C2D6C64C941BB56167F57D3B1C71F7B
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A7BBD69BD92B48A9D68DE5B39A25F13A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

83
Requests

100 %
HTTPS

56 %
IPv6

27
Domains

35
Subdomains

31
IPs

7
Countries

1327 kB
Transfer

2863 kB
Size

13
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer/sharer.php?u=https://pastelink.net/35cwe

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://pastelink.net/35cwe

Search URL Search Domain Scan URL

URL: https://www.ggongworld.com/
Title: https://www.ggongworld.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

https://ad14.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=13c9929213&subid=&uid=79f0ae6e2753c602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1627687627461%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61048acb-0004-15c4-0a77-ee89310b9c8e%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2679344892122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://ad14.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=13c9929213&subid=&uid=79f0ae6e2753c602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1627687627461%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61048acb-0004-15c4-0a77-ee89310b9c8e%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2679344892122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 47

https://www.awin1.com/cshow.php?s=2528696&v=13872&q=368718&r=278235&pref1=29619200005218102757758011672014&gdpr=&gdpr_consent= HTTP 302
https://kaspersky.commander1.com/v3/?tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg HTTP 302
https://kaspersky.commander1.com/v3/?firsttime=1&tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg HTTP 302
https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg

Request Chain 48

https://cct.connects.ch/tpv.php?t=117581V1541143261M&subid=29619200005218102757758011672014&gdpr=&gdpr_consent= HTTP 302
https://htlp.emp-online.ch/htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View%20Partner_._WWWWW_.&lea_source=2021073101270853655562123X117581V1541143261MS29619200005218102757758011672014

Request Chain 49

https://cct.connects.ch/tpv.php?t=117581V1422143551M&subid=29619200005218102757758011672014&gdpr=&gdpr_consent= HTTP 302
https://cct.minischoggi.ch/tpv.php?t=117581V1422143551M&subid=29619200005218102757758011672014&gdpr=&gdpr_consent=&sdtr=1 HTTP 302
https://www.adtracker.ch/upload/1x1.gif?x=1&lea_source=2021073101270853655562151X117581V1422143551MS29619200005218102757758011672014

Request Chain 51

https://cct.connects.ch/tb.php?t=117581V1541144909B&subid=29619200005218102757758011672014&gdpr=&gdpr_consent= HTTP 302
https://media.acfrg.com/banner/fr/black_premium/160x600_bp.gif

Request Chain 55

https://www.awin1.com/cshow.php?s=2528696&v=13872&q=368718&r=278235&pref1=29619200005218102757758011672014&gdpr=&gdpr_consent= HTTP 302
https://kaspersky.commander1.com/v3/?tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg HTTP 302
https://kaspersky.commander1.com/v3/?firsttime=1&tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg HTTP 302
https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg

Request Chain 57

https://cct.connects.ch/tb.php?t=117581V1422140455B&subid=29619200005218102757758011672014&gdpr=&gdpr_consent= HTTP 302
https://www.adtracker.ch/upload/miniSchoggi/Banner/min_ad_234x60_v2_08032017_de.gif

83 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 35cwe Show response
pastelink.net/ 13 KB
6 KB 74ms
26ms Document
text/html 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://pastelink.net/35cwe
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4a5d08eeafdeca2b2d0971b92c8e5679071bce93e45bed0718b231b867065699

Request headers

:method: GET
:authority: pastelink.net
:scheme: https
:path: /35cwe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Fri, 30 Jul 2021 23:27:06 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=svi7te8f5scrtkrpc1uva53k82; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
781 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/35cwe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5314e2831216e18c4ff39e8f8a8b2202958310ce42913c75edb0daa9064bfa46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 30 Jul 2021 23:19:36 GMT
server: ESF
date: Fri, 30 Jul 2021 23:27:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 30 Jul 2021 23:27:06 GMT

GET
H2 200 styles.css
pastelink.net/assets/css/ 184 KB
184 KB 22ms
21ms Stylesheet
text/css 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://pastelink.net/assets/css/styles.css
Requested by: Host: pastelink.net
URL: https://pastelink.net/35cwe
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 90aeea50e3b111046b102972465d72fea46a5fc00d99432869d1c35e21e8deb8

Request headers

:path: /assets/css/styles.css
pragma: no-cache
cookie: PHPSESSID=svi7te8f5scrtkrpc1uva53k82
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: pastelink.net
referer: https://pastelink.net/35cwe
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/35cwe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:06 GMT
last-modified: Fri, 30 Jul 2021 11:29:52 GMT
server: nginx
accept-ranges: bytes
etag: "6103e2b0-2df9c"
content-length: 188316
content-type: text/css

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 25ms
8ms Script
application/javascript 2001:4de0:ac18::1:a:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/35cwe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Origin: https://pastelink.net
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:06 GMT
content-encoding: gzip
last-modified: Tue, 02 Mar 2021 17:27:20 GMT
server: nginx
etag: W/"603e7578-15d9d"
vary: Accept-Encoding
x-hw: 1627687626.dop208.fr8.t,1627687626.cds290.fr8.hn,1627687626.cds144.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 rules.js Show response
cdn.adligature.com/pl/prod/ 12 KB
4 KB 29ms
11ms Script
application/javascript 2606:4700:3031::ac43:cab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/pl/prod/rules.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/35cwe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:cab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 857d2b553978183f2d9d05574792fe91239d09522e6bd1651d2984a33eb4cb87

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=5vbfZw==, md5=y8vpKREY17mkLigoINAV8g==
date: Fri, 30 Jul 2021 23:27:06 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 121
cf-polished: origSize=19493
x-guploader-uploadid: ADPycdu7c2NZYjNhpVZ9G91Pmtxxv_iM74mkLtc8cGHc-VtjbaND-piFMTaZMFuBKCOCaGWSa17SW6r14i7teYz5DLysFZdRQg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 30 Jul 2021 17:00:09 GMT
server: cloudflare
etag: W/"cbcbe9291118d7b9a42e282820d015f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sIZlcg1shJMQ656GnjFvOcufOX0VPNVZCBWbNPOlUL07%2FoD8ZnwMyS9ZctbH9eMYlaZtJJ%2FpBgvnEoOyYoMDWZTOm6hG5HFpf5kY4wwaR5OetfuO42hL%2FYg9Za5c%2BTc5MN1QFIxU5c8j6hMw79%2BCMJo%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1627664409837685
content-type: application/javascript
expires: Fri, 30 Jul 2021 23:35:05 GMT
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
x-goog-stored-content-length: 19493
cf-ray: 67725b1219270631-FRA
cf-bgj: minify

GET
H2 200 script.min.js Show response
pastelink.net/assets/js/ 28 KB
28 KB 51ms
51ms Script
application/javascript 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://pastelink.net/assets/js/script.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/35cwe
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 71befde092beb1f869db33533a14b88e10cff1ec72094f39f68b6f5b56f2d53d

Request headers

:path: /assets/js/script.min.js
pragma: no-cache
cookie: PHPSESSID=svi7te8f5scrtkrpc1uva53k82
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pastelink.net
referer: https://pastelink.net/35cwe
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/35cwe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:06 GMT
last-modified: Fri, 30 Jul 2021 11:29:52 GMT
server: nginx
accept-ranges: bytes
etag: "6103e2b0-6f8d"
content-length: 28557
content-type: application/javascript

GET
H2 200 pastelinknet4.jpg
pastelink.net/assets/images/ 12 KB
12 KB 21ms
21ms Image
image/jpeg 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pastelink.net/assets/images/pastelinknet4.jpg
Requested by: Host: pastelink.net
URL: https://pastelink.net/35cwe
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 262b2a0bae52d6afe2f44127d9e9bf02205ad9d02d6be840f0b8440a45db0f19

Request headers

:path: /assets/images/pastelinknet4.jpg
pragma: no-cache
cookie: PHPSESSID=svi7te8f5scrtkrpc1uva53k82
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pastelink.net
referer: https://pastelink.net/35cwe
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/35cwe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:06 GMT
last-modified: Thu, 27 May 2021 10:51:09 GMT
server: nginx
accept-ranges: bytes
etag: "60af799d-2ffc"
content-length: 12284
content-type: image/jpeg

GET
H2 200 public.png
pastelink.net/assets/images/ 609 B
729 B 22ms
21ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pastelink.net/assets/images/public.png
Requested by: Host: pastelink.net
URL: https://pastelink.net/35cwe
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 04bcd86676a40009fe53606bce88edf13537b712f218f9c6057e97c612513092

Request headers

:path: /assets/images/public.png
pragma: no-cache
cookie: PHPSESSID=svi7te8f5scrtkrpc1uva53k82
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pastelink.net
referer: https://pastelink.net/35cwe
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/35cwe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:06 GMT
last-modified: Thu, 27 May 2021 10:51:10 GMT
server: nginx
accept-ranges: bytes
etag: "60af799e-261"
content-length: 609
content-type: image/png

GET
H3-29 200 advally-4.5.3.js Show response
cdn.adligature.com/rules.js/ 87 KB
24 KB 31ms
18ms Script
application/javascript 2606:4700:3031::ac43:cab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:cab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f5e5ab67d9c0e96ebd2724024092f05b737c1ef366ed31583113fbb5ce27916

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=yMA6yA==, md5=7psFAYrhh9W21Y+ZH/Qbsw==
date: Fri, 30 Jul 2021 23:27:06 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1787
cf-polished: origSize=147533
x-guploader-uploadid: ADPycdup8OSvlpaorO1TFbywZhqTdfW2dIoRezB_ts_VRwU87n2HcpvPk-ghazcT8B1OdHJsBgXi1RXI_eT0IrAl8be8RlN8sA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 13 Jul 2021 18:02:19 GMT
server: cloudflare
etag: W/"ee9b05018ae187d5b6d58f991ff41bb3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3jUdEM1IZ49Ov%2FAQwBdPnn37We320j46RItztu%2Fjj3RfP6JNd0n5ABLSLzDKJZHeJOVOhKLc%2F60BDDNwpWqocauPL%2FmEPxMSm%2Fb1C8FYRGJ9s9anc%2FK8PfkuGUD0RvIwkogn8WaArot1aL9WLpUAKaY%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1626199339467859
content-type: application/javascript
expires: Sat, 31 Jul 2021 00:21:28 GMT
cache-control: public, max-age=7200, s-maxage=7200, must-revalidate
x-goog-stored-content-length: 147533
cf-ray: 67725b12aef6c2fe-FRA
cf-bgj: minify

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 168 KB
57 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/35cwe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7385bcea307d7f427a31043f520ddcc7a17622318f2498ace16688c23ea3c604

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58639
x-xss-protection: 0
last-modified: Fri, 30 Jul 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 30 Jul 2021 23:27:06 GMT

GET
H2 200 debut_light.png
pastelink.net/assets/images/ 4 KB
4 KB 21ms
20ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pastelink.net/assets/images/debut_light.png
Requested by: Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce

Request headers

:path: /assets/images/debut_light.png
pragma: no-cache
cookie: PHPSESSID=svi7te8f5scrtkrpc1uva53k82
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pastelink.net
referer: https://pastelink.net/assets/css/styles.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/assets/css/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:06 GMT
last-modified: Thu, 27 May 2021 10:51:09 GMT
server: nginx
accept-ranges: bytes
etag: "60af799d-10c8"
content-length: 4296
content-type: image/png

GET
H2 200 sprites.png
pastelink.net/assets/images/ 4 KB
4 KB 21ms
21ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pastelink.net/assets/images/sprites.png
Requested by: Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx /
Resource Hash: 736e1679b341206c435156f566998d48ad309ec22e277c12da51973bb42671c3

Request headers

:path: /assets/images/sprites.png
pragma: no-cache
cookie: PHPSESSID=svi7te8f5scrtkrpc1uva53k82
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pastelink.net
referer: https://pastelink.net/assets/css/styles.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/assets/css/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:06 GMT
last-modified: Thu, 27 May 2021 10:51:10 GMT
server: nginx
accept-ranges: bytes
etag: "60af799e-e11"
content-length: 3601
content-type: image/png

GET
H3-29 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 25ms
23ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pastelink.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 19:08:26 GMT
x-content-type-options: nosniff
age: 361120
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 19:08:26 GMT

GET
H3-29 200 JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ 19 KB
19 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pastelink.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 05:41:48 GMT
x-content-type-options: nosniff
age: 323118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19264
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:13:07 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 05:41:48 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 22ms
22ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pastelink.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 07:49:38 GMT
x-content-type-options: nosniff
age: 142648
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Jul 2022 07:49:38 GMT

GET
H/1.1 200
OK / Show response
pro.ip-api.com/csv/ 6 B
154 B 156ms
60ms XHR
text/plain 51.77.64.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/csv/?key=ZxSSLwZtxrKxQbv&fields=countryCode,region
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.77.64.70 , Germany, ASN16276 (OVH, FR),
Reverse DNS: de-fra-1.pro.ip-api.com
Software: /
Resource Hash: 55cf21bd8ff6ccfc5992b9fe72dadcbbe277599d29e3a28a0576a9b574a1cbb6

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 30 Jul 2021 23:27:06 GMT
Content-Length: 6
Content-Type: text/plain; charset=utf-8

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 70 KB
25 KB 154ms
53ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

85a1313774c55e722cfcc4148b1203a7707e418cc4ba2389b959226db29fdf50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "944 / 710 of 1000 / last-modified: 1627683143"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24682
x-xss-protection: 0
expires: Fri, 30 Jul 2021 23:27:06 GMT

GET
H3-29 200 prebid-4.32.0.js Show response
cdn.adligature.com/prebid/ 468 KB
141 KB 63ms
62ms Script
application/javascript 2606:4700:3031::ac43:cab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/prebid/prebid-4.32.0.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:cab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85df1d0cd9e4307922b0baf60a8e7916611ecd37356646c641b3a84768b5b711

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=Hm80RQ==, md5=KYAHD2Tg+R4W7uldz/G54w==
date: Fri, 30 Jul 2021 23:27:06 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 293
cf-polished: origSize=479793
x-guploader-uploadid: ABg5-UyolwBwmS5Cj1PikfFoBH7umZvgc85V0nZd1v4V3T3Ljzg3CkCXXyHwy6ePdr6pSIgRH3AjD31BeG3-KuDh6-8
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 30 Mar 2021 15:47:28 GMT
server: cloudflare
etag: W/"2980070f64e0f91e16eee95dcff1b9e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OrHLLC8c6f3vBQWRUL3JmrtHFp9%2B1pa88BhoZkNvBOJXNsXGsjnFhmuMUwv0xqfyQYx3eAlSKr0CY3SUsgCTrLx6nV0aDCqv3SMNvlaDFBW5HcYkUV1dDGSK8wQczuX26XN9GXHRO0tt8AQhEeCHpgw%3D"}],"group":"cf-nel","max_age":604800}
content-language: en
x-goog-generation: 1617119248965294
content-type: application/javascript
expires: Fri, 30 Jul 2021 23:28:42 GMT
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
x-goog-stored-content-length: 479793
cf-ray: 67725b133f74c2fe-FRA
cf-bgj: minify

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
50 KB 44ms
42ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d31c368b4398f42715df4d24699b27eb500e7a6929cc54583dc5d75bb3ba882e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:06 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51113
x-xss-protection: 0
expires: Fri, 30 Jul 2021 23:27:06 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 805
date: Fri, 30 Jul 2021 23:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Sat, 31 Jul 2021 01:13:41 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 13ms
13ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1520672214&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F35cwe&ul=en-us&de=UTF-8&dt=8%20Ways%20To%20Keep%20Your%20%EB%B3%B4%EC%A6%9D%EC%97%85%EC%B2%B4%20%ED%86%A0%ED%86%A0%EC%82%AC%EC%9D%B4%ED%8A%B8%20Growing%20Without%20Burning%20The%20Mid%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=943533364&gjid=2050608944&cid=1133778185.1627687627&tid=UA-55088947-2&_gid=1924360346.1627687627&_r=1&gtm=2wg7s055WHPWQ&z=317794115

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 30 Jul 2021 23:27:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 pubads_impl_2021072701.js Show response
securepubads.g.doubleclick.net/gpt/ 318 KB
111 KB 90ms
37ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072701.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

efd6c3fe040e0780295b2bb958b6cb638b10d68ea13bb0a5d3a4da7efce788a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 27 Jul 2021 08:37:43 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113834
x-xss-protection: 0
expires: Fri, 30 Jul 2021 23:27:07 GMT

GET
H3-29 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 70 B
97 B 89ms
38ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

39c0b8be3e2bd4ecc61b4a789ac1e94d6a6812a15499181634db22e64fe7221c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Jul 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72
x-xss-protection: 0
expires: Fri, 30 Jul 2021 23:27:07 GMT

POST
H3-29 204 collect
www.google-analytics.com/g/ 0
17 B 14ms
13ms Ping
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oe7s0&_p=1520672214&sr=1600x1200&ul=en-us&cid=1133778185.1627687627&_s=1&dl=https%3A%2F%2Fpastelink.net%2F35cwe&dt=8%20Ways%20To%20Keep%20Your%20%EB%B3%B4%EC%A6%9D%EC%97%85%EC%B2%B4%20%ED%86%A0%ED%86%A0%EC%82%AC%EC%9D%B4%ED%8A%B8%20Growing%20Without%20Burning%20The%20Mid%20-%20Pastelink.net&sid=1627687626&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 30 Jul 2021 23:27:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 136 KB
49 KB 49ms
48ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: cdn.adligature.com
URL: https://cdn.adligature.com/pl/prod/rules.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

02cef6b0ac56b383a2964b5534db1d5d3f657f9e724bda95e3e9f2ffe9ee88a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49338
x-xss-protection: 0
server: cafe
etag: 2447873726399958955
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 30 Jul 2021 23:27:07 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=1520672214&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F35cwe&ul=en-us&de=UTF-8&dt=8%20Ways%20To%20Keep%20Your%20%EB%B3%B4%EC%A6%9D%EC%97%85%EC%B2%B4%20%ED%86%A0%ED%86%A0%EC%82%AC%EC%9D%B4%ED%8A%B8%20Growing%20Without%20Burning%20The%20Mid%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=169523779&gjid=1279814299&cid=1133778185.1627687627&tid=UA-197326395-9&_gid=1924360346.1627687627&_r=1&_slc=1&z=48037350

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 30 Jul 2021 23:27:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
853 B 50ms
14ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Jul 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
317 B 15ms
15ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Jul 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 179ms
178ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4064883822685211&correlator=2998045301453304&output=ldjh&impl=fifs&eid=21068767%2C20211866&vrg=2021072701&ptt=17&sc=1&sfv=1-0-38&ecs=20210730&iu_parts=22405481091%2Cpastelink.net%2CSidebar_MPU&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600&eri=1&cust_params=testsegment%3Dfalse&cookie_enabled=1&bc=31&abxe=1&lmt=1627687627&dt=1627687627154&dlt=1627687626552&idt=567&frm=20&biw=1600&bih=1200&oid=3&adxs=1113&adys=323&adks=2108190548&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fpastelink.net%2F35cwe&vis=1&dmc=8&scr_x=0&scr_y=0&psz=239x652&msz=160x-1&ga_vid=1133778185.1627687627&ga_sid=1627687627&ga_hid=1520672214&ga_fc=false&ga_cid=1924360346.1627687627&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

3e68877a2287df89b7b705aafa12a42ea83729efb2ad61770c4c19df5f32ff0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4664
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 08E0 6 KB
3 KB 46ms
13ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Fri, 30 Jul 2021 23:27:07 GMT
expires: Sat, 30 Jul 2022 23:27:07 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/ 250 KB
93 KB 51ms
51ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

c5d563d77160f257e2b60a3e5399e6bf08463ed3b848b1c759ad8c05539462b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95275
x-xss-protection: 0
server: cafe
etag: 9341080468413450683
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jul 2021 23:27:07 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210728/r20190131/ Frame 38AA 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210728/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1310353e02e0a006b79b7d607131cb6d9411543a8957b772f565816fdf3ce4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210728/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 30 Jul 2021 01:35:11 GMT
expires: Fri, 13 Aug 2021 01:35:11 GMT
content-type: text/html; charset=UTF-8
etag: 4389807852502320046
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4579
x-xss-protection: 0
age: 78716
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 203 B
270 B 63ms
61ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=pastelink.net&callback=_gfp_s_&client=ca-pub-1750856239204414

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

ab6d8fb76f88fddd6992959f53271ccf7387e4008bd3e712f0b4da6c4e0b1bd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 195
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
122 B 30ms
15ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=pastelink.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_fy2019.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Jul 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 24ms
22ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_fy2019.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Jul 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A1B8 11 KB
5 KB 120ms
119ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&adk=1812271804&adf=3025194257&lmt=1627687627&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpastelink.net%2F35cwe&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627687627213&bpp=3&bdt=662&idt=75&shv=r20210728&mjsv=m202107290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=436731305926&frm=20&pv=2&ga_vid=1133778185.1627687627&ga_sid=1627687627&ga_hid=1520672214&ga_fc=0&ga_cid=1924360346.1627687627&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866&oid=3&pvsid=4064883822685211&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=90

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_fy2019.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

788f2bc4d6c131292f54f2e0e5559945dc9cb4f0aa231c7dbff0c4c45c16dce9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1750856239204414&output=html&adk=1812271804&adf=3025194257&lmt=1627687627&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpastelink.net%2F35cwe&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627687627213&bpp=3&bdt=662&idt=75&shv=r20210728&mjsv=m202107290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=436731305926&frm=20&pv=2&ga_vid=1133778185.1627687627&ga_sid=1627687627&ga_hid=1520672214&ga_fc=0&ga_cid=1924360346.1627687627&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866&oid=3&pvsid=4064883822685211&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=90
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 30 Jul 2021 23:27:07 GMT
server: cafe
content-length: 4594
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 30-Jul-2021 23:42:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 30 Jul 2021 23:27:07 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

163ad32a13401b1f5387b23c7d749fccac8da49e9914584fe3aca42884532c09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:07 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627644667915703"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27995
x-xss-protection: 0
expires: Fri, 30 Jul 2021 23:27:07 GMT

GET
H3-29 200 container.html Show response
23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9E29 6 KB
3 KB 20ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021072701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Fri, 30 Jul 2021 23:27:07 GMT
expires: Sat, 30 Jul 2022 23:27:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9E29 0
0 66ms
65ms Fetch
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C2buYy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNABT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI4u3acN4A8oC3t6hxuWZlm3ZAOAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAYAKAfoLAggBgAwB0BUBgBcBshcYChYSFHB1Yi0xNzUwODU2MjM5MjA0NDE0&sigh=-2VcYq8uMNs
Requested by: Host: pastelink.net
URL: https://pastelink.net/35cwe
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200 Cookie set ShowAd Show response
brain.rvty.net/RTB/ Frame C8C6 2 KB
2 KB 98ms
34ms Document
text/html 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
Requested by: Host: 23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com
URL: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: 23b6d6fccb9a34e1b43974c5ae8e33b968656c069fdb56dec663985e35d265bc

Request headers

Host: brain.rvty.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/

Response headers

Server: nginx/1.13.4
Date: Fri, 30 Jul 2021 23:27:07 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: RTBUserId=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b; path=/; SameSite=None; secure; Expires=Sun, 31 Jul 2022 01:27:07 CEST RTBUserId-Old=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b; path=/; secure; Expires=Sun, 31 Jul 2022 01:27:07 CEST RTBUserId-Plain=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b; path=/; Expires=Sun, 31 Jul 2022 01:27:07 CEST
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Encoding: gzip

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210728/r20110914/client/ Frame 9E29 2 KB
1 KB 32ms
11ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210728/r20110914/client/window_focus_fy2019.js

Requested by

Host: 23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com
URL: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:18:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 534
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Aug 2021 23:18:13 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9E29 124 KB
37 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com
URL: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0dc0de8e5e96c7703251d73a1804e8558151983afa3a2af5a7dfb29001dbe99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:07 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627644660751711"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38134
x-xss-protection: 0
expires: Fri, 30 Jul 2021 23:27:07 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210728/r20110914/client/ Frame 9E29 14 KB
7 KB 26ms
5ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210728/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com
URL: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d8a9aaecb7cd39329dcfad9a882ce0d174802ded027e150440484e097c73cb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:21:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 340
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 18081889583213459188
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Aug 2021 23:21:27 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 9E29 22 KB
7 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com
URL: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 12:00:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127612
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Jul 2022 12:00:15 GMT

GET
DATA 200
OK truncated
/ Frame 9E29 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d2d7b45bff5fd01853d7e18161eb58421f3ed174d3aaa2ff2a82fde94425602

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK ads_view.js Show response
cdn.rvty.net/view/ Frame C8C6 3 KB
4 KB 126ms
41ms Script
application/javascript 89.163.211.242
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.rvty.net/view/ads_view.js
Requested by: Host: brain.rvty.net
URL: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.242 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: 00bb2f69ab06efff6555f6ccae10902e87bb6aea861e83de082a45a07e525054

Request headers

Referer: https://brain.rvty.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Jul 2021 23:27:07 GMT
Last-Modified: Fri, 20 Dec 2019 09:27:25 GMT
Server: nginx/1.13.4
ETag: "5dfc93fd-d40"
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3392

GET
H/1.1 200
OK n7o9ps86e2pq Show response
ad.ad-srv.net/zone/ Frame C8C6 11 KB
4 KB 108ms
37ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/zone/n7o9ps86e2pq?subid=&gdpr=&gdpr_consent=[EXTVARS_QUERYPARAMS]&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1627687627461%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61048acb-0004-15c4-0a77-ee89310b9c8e%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D
Requested by: Host: brain.rvty.net
URL: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 5511525387b958c9ee33873773011fd643ac361c8c25eb20d003e32d9b9fd936

Request headers

Referer: https://brain.rvty.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Jul 2021 23:27:07 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3416
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

request.php Show response
ad14.ad-srv.net/ Frame C8C6
Redirect Chain

https://ad14.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=13c9929213&subid=&uid=79f0ae6e2753c602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x6...
https://ad14.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=13c9929213&subid=&uid=79f0ae6e2753c602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x6...

3 KB
1 KB

127ms
59ms

Script
application/x-javascript

176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad14.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=13c9929213&subid=&uid=79f0ae6e2753c602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1627687627461%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61048acb-0004-15c4-0a77-ee89310b9c8e%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2679344892122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: brain.rvty.net
URL: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: 15f5b77b50f094aff9a9ff5b9bbbb180ceda3954370c3ce7110b2191153a9a8a

Request headers

Referer: https://brain.rvty.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jul 2021 23:27:07 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 29619200005218102757758011672014
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 850
Expires: Sat, 31 Jul 2021 00:27:07 +0200

Redirect headers

Pragma: no-cache
Date: Fri, 30 Jul 2021 23:27:07 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=13c9929213&subid=&uid=79f0ae6e2753c602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1627687627461%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61048acb-0004-15c4-0a77-ee89310b9c8e%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2679344892122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Sat, 31 Jul 2021 00:27:07 +0200

GET
H2

200

kaspersky_logo_green_120x60_white.jpg
media.kaspersky.com/de/affiliates/ Frame 9D9D
Redirect Chain

https://www.awin1.com/cshow.php?s=2528696&v=13872&q=368718&r=278235&pref1=29619200005218102757758011672014&gdpr=&gdpr_consent=
https://kaspersky.commander1.com/v3/?tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
https://kaspersky.commander1.com/v3/?firsttime=1&tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg

0
0

173ms
74ms

Document
image/jpeg

185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to

Full URL

https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg

Requested by

Host: ad14.ad-srv.net
URL: https://ad14.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=13c9929213&subid=&uid=79f0ae6e2753c602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1627687627461%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61048acb-0004-15c4-0a77-ee89310b9c8e%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2679344892122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.85.15.31 , Russian Federation, ASN200107 (KL-EXT, RU),

Reverse DNS

Software

/ Kaspersky Labs Kaspersky Labs

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: media.kaspersky.com
:scheme: https
:path: /de/affiliates/kaspersky_logo_green_120x60_white.jpg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://brain.rvty.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://brain.rvty.net/

Response headers

content-type: image/jpeg
last-modified: Fri, 28 Jun 2019 10:08:41 GMT
accept-ranges: bytes
etag: "8de2876992dd51:0"
server
x-powered-by: Kaspersky Labs Kaspersky Labs
x-frame-options: SAMEORIGIN
x-server: fr2/FRA2
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 30 Jul 2021 23:27:02 GMT
content-length: 20612

Redirect headers

Date: Fri, 30 Jul 2021 23:27:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Cache-Control: private, max-age=486000, pre-check=486000
Pragma: private
Expires: Fri, 29 Oct 21 01:27:08 +0200
Set-Cookie: tc_cj_v2=%5B%21%21%24%27%24%7B%2F%20%5B%21%21%24%27%24%29%20%2FZZZ%29%7B4y%7B%29y~%20GLQRLMOZZZKPLQPRQPLRJJJZZZpc_q; expires=Sat, 30-Jul-2022 23:27:08 GMT; path=/; samesite=none; domain=kaspersky.commander1.com; secure tc_cj_v2_cmp=e%7B.%2B%20-.%264; expires=Sat, 30-Jul-2022 23:27:08 GMT; path=/; samesite=none; domain=kaspersky.commander1.com; secure TCID=202107310127082892780003; expires=Sat, 30-Jul-2022 23:27:08 GMT; path=/; samesite=none; domain=.commander1.com; secure
location: https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
Server: web
Access-Control-Allow-Origin: *

GET
H2

200

htlp_c.html Show response
htlp.emp-online.ch/ Frame 324A
Redirect Chain

https://cct.connects.ch/tpv.php?t=117581V1541143261M&subid=29619200005218102757758011672014&gdpr=&gdpr_consent=
https://htlp.emp-online.ch/htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View%20Partner_._WWWWW_.&lea_source=2021073101270853655562123X117581V1541143261MS29619200005218102757758011672014

2 KB
3 KB

76ms
30ms

Document
text/html

2600:9000:21f3:8600:c:6264:8240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://htlp.emp-online.ch/htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View%20Partner_._WWWWW_.&lea_source=2021073101270853655562123X117581V1541143261MS29619200005218102757758011672014
Requested by: Host: ad14.ad-srv.net
URL: https://ad14.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=13c9929213&subid=&uid=79f0ae6e2753c602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1627687627461%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61048acb-0004-15c4-0a77-ee89310b9c8e%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2679344892122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:8600:c:6264:8240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d9ccee9255f473e47a7eff4e4dab7449a4b8ca3c88631e91bc3b28af7bec12a4

Request headers

:method: GET
:authority: htlp.emp-online.ch
:scheme: https
:path: /htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View%20Partner_._WWWWW_.&lea_source=2021073101270853655562123X117581V1541143261MS29619200005218102757758011672014
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://brain.rvty.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://brain.rvty.net/

Response headers

content-type: text/html
content-length: 2488
date: Fri, 30 Jul 2021 23:27:09 GMT
last-modified: Mon, 17 Feb 2020 09:11:48 GMT
etag: "2ecc70a226fa7d1a1814eb985fd357a4"
x-amz-version-id: IOWeFwP7sU3esuP4PEVmnQ68vW6IhwwG
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: cMYkVNCCgFhPoXZiBcCsjyvnE6DbArdo_etZkkMslrrR04JPayw7pg==

Redirect headers

server: nginx
date: Fri, 30 Jul 2021 23:27:08 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID= 4v2sci9ssejgm1joo82cuebvet; SameSite=None; Secure ppv1541=2021073101270853655562123X117581V1541143261MS29619200005218102757758011672014; expires=Fri, 06-Aug-2021 23:27:08 GMT; Max-Age=604800; path=/; domain=.connects.ch; SameSite=None; secure; HttpOnly
location: https://htlp.emp-online.ch/htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View Partner_._WWWWW_.&lea_source=2021073101270853655562123X117581V1541143261MS29619200005218102757758011672014
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

1x1.gif Show response
www.adtracker.ch/upload/ Frame 4FE4
Redirect Chain

https://cct.connects.ch/tpv.php?t=117581V1422143551M&subid=29619200005218102757758011672014&gdpr=&gdpr_consent=
https://cct.minischoggi.ch/tpv.php?t=117581V1422143551M&subid=29619200005218102757758011672014&gdpr=&gdpr_consent=&sdtr=1
https://www.adtracker.ch/upload/1x1.gif?x=1&lea_source=2021073101270853655562151X117581V1422143551MS29619200005218102757758011672014

42 B
111 B

23ms
22ms

Document
image/gif

5.148.168.135
NINE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.adtracker.ch/upload/1x1.gif?x=1&lea_source=2021073101270853655562151X117581V1422143551MS29619200005218102757758011672014
Requested by: Host: ad14.ad-srv.net
URL: https://ad14.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=13c9929213&subid=&uid=79f0ae6e2753c602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1627687627461%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61048acb-0004-15c4-0a77-ee89310b9c8e%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2679344892122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.148.168.135 Zurich, Switzerland, ASN29691 (NINE, CH),
Reverse DNS: adresult08.nine.ch
Software: Apache /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

:method: GET
:authority: www.adtracker.ch
:scheme: https
:path: /upload/1x1.gif?x=1&lea_source=2021073101270853655562151X117581V1422143551MS29619200005218102757758011672014
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://brain.rvty.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://brain.rvty.net/

Response headers

date: Fri, 30 Jul 2021 23:27:08 GMT
server: Apache
last-modified: Tue, 10 Jul 2018 10:21:41 GMT
etag: "2a-570a27efbd740"
accept-ranges: bytes
content-length: 42
content-type: image/gif

Redirect headers

server: nginx
date: Fri, 30 Jul 2021 23:27:08 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID= u4rd1cje0t2fqqtrforv38todg; SameSite=None; Secure ppv1422=2021073101270853655562151X117581V1422143551MS29619200005218102757758011672014; expires=Sun, 01-Aug-2021 23:27:08 GMT; Max-Age=172800; path=/; domain=cct.minischoggi.ch; SameSite=None; secure; HttpOnly
location: https://www.adtracker.ch/upload/1x1.gif?x=1&lea_source=2021073101270853655562151X117581V1422143551MS29619200005218102757758011672014
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK request_content.php Show response
ad14.ad-srv.net/ Frame 538D 42 KB
8 KB 103ms
35ms Document
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad14.ad-srv.net/request_content.php?s=29619200005218102757758011672014&a=4ea628c7
Requested by: Host: ad14.ad-srv.net
URL: https://ad14.ad-srv.net/request.php?zone=n7o9ps86e2pq&nw=14&renderingType=javascript&namespace=13c9929213&subid=&uid=79f0ae6e2753c602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=%5BEXTVARS_QUERYPARAMS%5D&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D188770%2526t%253D1627687627461%2526l%253D14601%2526p%253D3%2526appid%253D%2526aa%253D61048acb-0004-15c4-0a77-ee89310b9c8e%2526gdpr%253D0%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=2679344892122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: d8ab97b7e52b38dd2bbef4f665899b50ad9b8da662d641f1b80207bed08dff4d

Request headers

Host: ad14.ad-srv.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://brain.rvty.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: kdb0xdq3ls8m_uid=9806fe8cccafeba9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://brain.rvty.net/

Response headers

Date: Fri, 30 Jul 2021 23:27:08 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 31 Jul 2021 00:27:08 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7932
Connection: close
Content-Type: text/html; charset=utf-8

GET
H2

200

160x600_bp.gif
media.acfrg.com/banner/fr/black_premium/ Frame C8C6
Redirect Chain

https://cct.connects.ch/tb.php?t=117581V1541144909B&subid=29619200005218102757758011672014&gdpr=&gdpr_consent=
https://media.acfrg.com/banner/fr/black_premium/160x600_bp.gif

111 KB
112 KB

37ms
10ms

Image
image/gif

2600:9000:21f3:b600:13:99a2:1280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.acfrg.com/banner/fr/black_premium/160x600_bp.gif
Requested by: Host: brain.rvty.net
URL: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:b600:13:99a2:1280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: d4a36ec2a6ae9961fb9d60002bd5a4e7dac93946fc1b3a648a6dd1ab0e30fc10

Request headers

Referer: https://brain.rvty.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 06:08:29 GMT
via: 1.1 784dd167d622737126ee2d76985e7d3c.cloudfront.net (CloudFront)
etag: "56aa9d70-1bc78"
last-modified: Thu, 28 Jan 2016 23:00:00 GMT
server: nginx
age: 62319
x-powered-by: PleskLin
x-cache: Hit from cloudfront
content-type: image/gif
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 113784
x-amz-cf-id: FG1B-gP0cwvUELfYHeTZMgHNiPhUttn4KKFz_QpedGXYRDHMOrUyyw==

Redirect headers

location: https://media.acfrg.com/banner/fr/black_premium/160x600_bp.gif
date: Fri, 30 Jul 2021 23:27:08 GMT
x-content-type-options: nosniff
server: nginx
accept-ranges: bytes
x-xss-protection: 1; mode=block
content-type: image/gif

GET
H/1.1 200
OK jquery-1.10.2.min.js Show response
cdn.rvty.net/_files/js/ Frame DBDD 91 KB
91 KB 62ms
61ms Script
application/javascript 89.163.211.242
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/view/ads_view.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.242 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

Request headers

Referer: https://brain.rvty.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Jul 2021 23:27:08 GMT
Last-Modified: Wed, 08 Jan 2020 08:13:37 GMT
Server: nginx/1.13.4
ETag: "5e158f31-16bb3"
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 93107

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 31ms
31ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:08 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
ad14.ad-srv.net/ Frame 538D 0
150 B 96ms
32ms Script
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad14.ad-srv.net/viewability?s=29619200005218102757758011672014&a=96aee896&vb=m
Requested by: Host: ad14.ad-srv.net
URL: https://ad14.ad-srv.net/request_content.php?s=29619200005218102757758011672014&a=4ea628c7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad14.ad-srv.net/request_content.php?s=29619200005218102757758011672014&a=4ea628c7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Jul 2021 23:27:08 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2

200

kaspersky_logo_green_120x60_white.jpg
media.kaspersky.com/de/affiliates/ Frame 538D
Redirect Chain

https://www.awin1.com/cshow.php?s=2528696&v=13872&q=368718&r=278235&pref1=29619200005218102757758011672014&gdpr=&gdpr_consent=
https://kaspersky.commander1.com/v3/?tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
https://kaspersky.commander1.com/v3/?firsttime=1&tcs=1987&cmp=Kaspersky&chn=AffiliateAffilinet&src=nay_an_de-278235&url=https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg

20 KB
20 KB

143ms
60ms

Image
image/jpeg

185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg

Requested by

Host: ad14.ad-srv.net
URL: https://ad14.ad-srv.net/request_content.php?s=29619200005218102757758011672014&a=4ea628c7

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.85.15.31 , Russian Federation, ASN200107 (KL-EXT, RU),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

d75068eff86c3491577fd62a86922f9cca41c89f0d06b6643632dd7a27a63913

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ad14.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 28 Jun 2019 10:08:41 GMT
server
x-powered-by: Kaspersky Labs, Kaspersky Labs
etag: "8de2876992dd51:0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
x-server: fr2/FRA3
accept-ranges: bytes
content-length: 20612
date: Fri, 30 Jul 2021 23:27:02 GMT

Redirect headers

Pragma: private
Date: Fri, 30 Jul 2021 23:27:08 GMT
Server: web
location: https://media.kaspersky.com/de/affiliates/kaspersky_logo_green_120x60_white.jpg
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=486000, pre-check=486000
Connection: keep-alive
Content-Type: text/html
Expires: Fri, 29 Oct 21 01:27:08 +0200

GET
H/1.1 200
OK emp_logo.png
cdn.contentspread.net/oliro/advertiser/54613/creativesup/ Frame 538D 4 KB
4 KB 124ms
30ms Image
image/png 51.75.147.170
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/oliro/advertiser/54613/creativesup/emp_logo.png
Requested by: Host: ad14.ad-srv.net
URL: https://ad14.ad-srv.net/request_content.php?s=29619200005218102757758011672014&a=4ea628c7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3133977.ip-51-75-147.eu
Software: nginx /
Resource Hash: e68191de65ab3388198855a4bf609ec8052da7ab99a3897e789291861c26281c

Request headers

Referer: https://ad14.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Jul 2021 23:27:08 GMT
Last-Modified: Thu, 16 Jul 2020 14:34:40 GMT
Server: nginx
ETag: "5f106580-105d"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 4189

GET
H2

200

min_ad_234x60_v2_08032017_de.gif
www.adtracker.ch/upload/miniSchoggi/Banner/ Frame 538D
Redirect Chain

https://cct.connects.ch/tb.php?t=117581V1422140455B&subid=29619200005218102757758011672014&gdpr=&gdpr_consent=
https://www.adtracker.ch/upload/miniSchoggi/Banner/min_ad_234x60_v2_08032017_de.gif

20 KB
20 KB

105ms
23ms

Image
image/gif

5.148.168.135
NINE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.adtracker.ch/upload/miniSchoggi/Banner/min_ad_234x60_v2_08032017_de.gif
Requested by: Host: ad14.ad-srv.net
URL: https://ad14.ad-srv.net/request_content.php?s=29619200005218102757758011672014&a=4ea628c7
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.148.168.135 Zurich, Switzerland, ASN29691 (NINE, CH),
Reverse DNS: adresult08.nine.ch
Software: Apache /
Resource Hash: ab5e6e5d8293917e30f7b8f52831106b71c306caf220ba2c09d8f528a6411eda

Request headers

Referer: https://ad14.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:08 GMT
last-modified: Tue, 27 Mar 2018 13:25:30 GMT
server: Apache
accept-ranges: bytes
etag: "5076-56864d306a680"
content-length: 20598
content-type: image/gif

Redirect headers

location: https://www.adtracker.ch/upload/miniSchoggi/Banner/min_ad_234x60_v2_08032017_de.gif
date: Fri, 30 Jul 2021 23:27:08 GMT
x-content-type-options: nosniff
server: nginx
accept-ranges: bytes
x-xss-protection: 1; mode=block
content-type: image/gif

GET
H/1.1 200
OK oba_icon.png
cdn.contentspread.net/oliro/oba/ Frame 538D 3 KB
3 KB 131ms
32ms Image
image/png 51.75.147.170
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/oliro/oba/oba_icon.png
Requested by: Host: ad14.ad-srv.net
URL: https://ad14.ad-srv.net/request_content.php?s=29619200005218102757758011672014&a=4ea628c7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3133977.ip-51-75-147.eu
Software: nginx /
Resource Hash: 2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6

Request headers

Referer: https://ad14.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Jul 2021 23:27:08 GMT
Last-Modified: Fri, 05 Aug 2016 12:57:49 GMT
Server: nginx
ETag: "57a48d4d-c35"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 3125

GET
H2 200 lila.js Show response
tc.connects.ch/ Frame 324A 16 KB
5 KB 151ms
51ms Script
application/javascript 84.200.5.215
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to

Full URL

https://tc.connects.ch/lila.js

Requested by

Host: htlp.emp-online.ch
URL: https://htlp.emp-online.ch/htlp_c.html?wt_mc=pt.connects._117581_._NNNNN_._Post-View%20Partner_._WWWWW_.&lea_source=2021073101270853655562123X117581V1541143261MS29619200005218102757758011672014

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

84.200.5.215 , Germany, ASN31400 (ACCELERATED-IT, DE),

Reverse DNS

Software

nginx /

Resource Hash

2bbd412bfc6e2aefaee5cf0648ad34e5ae55f21b7baec795169ad9d1a5361883

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://htlp.emp-online.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Oct 2020 13:24:42 GMT
server: nginx
etag: W/"5f7c701a-3f97"
content-type: application/javascript
x-xss-protection: 1; mode=block

GET
H2 200 lila.php Show response
www.lacmp.net/ Frame 324A 10 KB
3 KB 155ms
55ms XHR
text/html 84.200.5.215
ACCELERATED-IT

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lacmp.net/lila.php?id=unk9N5KaFeWSJF0lAiMs&url=https%3A%2F%2Fhtlp.emp-online.ch%2Fhtlp_c.html%3Fwt_mc%3Dpt.connects._117581_._NNNNN_._Post-View%2520Partner_._WWWWW_.%26lea_source%3D2021073101270853655562123X117581V1541143261MS29619200005218102757758011672014&frameit=1&module=HTLP&event=HTLP&checkoutdomain=.emp-online.ch

Requested by

Host: tc.connects.ch
URL: https://tc.connects.ch/lila.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

84.200.5.215 , Germany, ASN31400 (ACCELERATED-IT, DE),

Reverse DNS

Software

nginx /

Resource Hash

71e9dbdd760868abf36c930b0c1a0ccbfa8df0a52d86836230f3379c15f72a3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://htlp.emp-online.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 30 Jul 2021 23:27:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9E29 42 B
64 B 62ms
62ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthRN0nSnTSmmo70KtuOCDgsw0bkxN1xF8Yo5rQRL_r5ZnHkM0nK5162FXsBjkRbQKmaVl0BdXO8Ngkk-SMYMvUo1rmFYAF&sig=Cg0ArKJSzN3rwnovnT38EAE&id=lidar2&mcvt=1001&p=323,1113,923,1273&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210730&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2108190548&rs=4&met=ie&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1627687627355&dlt=26&rpt=19&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jul 2021 23:27:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 31ms
31ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:08 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 41ms
41ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210728&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_fy2019.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

221dc448ad7d44d93d996b0775811851a90c59bdd5c5eeabe787ba2e7bc65fce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Jul 2021 23:27:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8446
x-xss-protection: 0

GET
H2 200 1SE1U Show response
www.getback.ch/ Frame 324A 270 B
441 B 98ms
31ms Script
application/javascript 18.196.166.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getback.ch/1SE1U
Requested by: Host: pastelink.net
URL: https://pastelink.net/35cwe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.166.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-166-90.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a8d8d04e8c4673231645ec5bcb3cc6496a2ff8cd2819fe0145a6229ad8d0896b

Request headers

Referer: https://htlp.emp-online.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Fri, 30 Jul 2021 23:27:08 GMT
cache-control: max-age=2592000, public
server: nginx
content-type: application/javascript
content-length: 270
expires: Sun, 29 Aug 2021 23:27:08 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_fy2019.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Jul 2021 23:27:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Fri, 30 Jul 2021 23:27:08 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 0C2D 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Fri, 30 Jul 2021 20:02:23 GMT
expires: Sat, 30 Jul 2022 20:02:23 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 12285
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A7BB 783 B
810 B 19ms
18ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7f09159d7bb027d45549bff9a4011a49b38dc5cc52d9cc2640105b49f3272ca6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-G2aZfo9CD1berpUWi1gg3Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

expires: Fri, 30 Jul 2021 23:27:08 GMT
date: Fri, 30 Jul 2021 23:27:08 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-G2aZfo9CD1berpUWi1gg3Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Y_O2WQQ68U2CiOGiM48gS2ev59GvBpIPMT_iTLKbJ0M.js Show response
pagead2.googlesyndication.com/bg/ Frame 0C2D 35 KB
13 KB 30ms
29ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Y_O2WQQ68U2CiOGiM48gS2ev59GvBpIPMT_iTLKbJ0M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

63f3b659043af14d8288e1a2338f204b67afe7d1af06920f313fe24cb29b2743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 11:59:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 127634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13367
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 29 Jul 2022 11:59:54 GMT

GET
H2 200 1SE1U.js Show response
static.getback.ch/clients/ Frame 324A 114 KB
32 KB 103ms
36ms Script
application/javascript 13.225.87.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.getback.ch/clients/1SE1U.js
Requested by: Host: www.getback.ch
URL: https://www.getback.ch/1SE1U
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-84.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 376655a0c20744fd53a0b953bf6e47aa3e7712098104dc5e93fba8d0c4f31552

Request headers

Referer: https://htlp.emp-online.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 04 Jul 2021 00:23:16 GMT
content-encoding: gzip
last-modified: Tue, 02 Feb 2021 11:09:44 GMT
server: AmazonS3
age: 2329433
etag: W/"be39231ed570c65a9f31c163aa09da76"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 04ce5a607a98db6d08257633417b84d7.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: DvQ4I3Olq_BaevoMn5JXQW2MrQyI_Uhs1eqx8aL_YVOIXQ72jra7Bg==

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 63ms
63ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210728&jk=4064883822685211&bg=!ammlaS3NAAals0SOpbM7ACkAdvg8Wogg9Cok6A_vIfv0VavP2LwXhdHCuHOKzrWqbzuMv_XM_7JKYAIAAABXUgAAAA5oAQcKABGOzxAa2q7f4h7a54MkrQ8PmpkCcUoxrMgsvNxxypF6PAzUj7nMA-cElK-gF2NjmK_EBY6uRUQslAsA2nQEnRqkrRyYuIGX_1sxOKELmmIQiHIBAxW2zEbwNeqKZxKGZaCkVZ-b8pSDOgLuSpLoI23ZgEE3vbS97mKucPClm3bNsNIJj_x-vN2EwPTt1XI3OG_9-GmUWP9xw3qxO7fRXTQsZLgWpwKRKdM5lQqmjEb5AJJPqPonD1pQRy-_T5YBE8UykSn7kNu3GKMiV7BHXh3uCjMLiB7_MqZj5OJRd-SmMfaqjS7g9IYl-coFH5z5l1ZjQqsangjz6nQzzV537cva2urZg9J9xBDx2xCdYmx8FOOEp9_nX7t7x8x1Izo7nV19qlMRvq290FXjz9r2XUH9EL2XuaF9RbJegAvfA6DV-wvUwKLUlDyjD-_nVbz18otbyTz46AZCQvAaTdgalHMeQnWYOn6i1cpQGahVI---LQOCdgAiIbHnFvANYnmlxQv81oobdojc2an3h_bYQCfgSEY7V9C8KBl9hXA1JwxDjmUUlUrJSN5TD4jnQUb---3aMX9Yb24iBrK38Xmc-ukGKKnYglRhZeoM9tR66OQSBmqRafff9N_uHbt6YQ6cZHhNG9mvB-y86L_KzuyVIGb-ZWoSwnXK_Bu173VwUeW_GRPk654yPmzXRGCM31so-KiZuPOQ2CerNTF8ngGMDNp15xbFUT2v1C92IBw9sVMaAa7UmcSoeTSwa_lj1V11EGzZB3XiiSkespRhiiHY2geOHHVP5kKJUNYmFGvs4_RNDjOlt4jnzT8H75Viyeqh4FZMeKUGcS7lSBkdnNeja-4E1a011ls

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jul 2021 23:27:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 42ms
42ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:09 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
ad14.ad-srv.net/ Frame 538D 0
150 B 103ms
35ms Script
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad14.ad-srv.net/viewability?s=29619200005218102757758011672014&a=96aee896&vb=v
Requested by: Host: ad14.ad-srv.net
URL: https://ad14.ad-srv.net/request_content.php?s=29619200005218102757758011672014&a=4ea628c7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad14.ad-srv.net/request_content.php?s=29619200005218102757758011672014&a=4ea628c7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Jul 2021 23:27:09 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 31ms
31ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:09 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 31ms
31ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:10 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 32ms
32ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:10 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 31ms
31ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:11 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 32ms
32ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:11 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 34ms
33ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:12 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 31ms
31ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:12 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 31ms
31ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:15 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 31ms
31ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:18 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 Visibility Show response
brain.rvty.net/RTB/ Frame DBDD 0
119 B 32ms
31ms XHR
text/plain 89.163.211.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://brain.rvty.net/RTB/Visibility
Requested by: Host: cdn.rvty.net
URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx/1.13.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://brain.rvty.net/RTB/ShowAd?adHeight=600&adWidth=160&adFormat=3&adslotId=&siteId=97944753&bannerId=188770&e=3&p=YQSKywADDp4K3qtJAA6-0rFcLp9Tdj44bUV3wQ&penc=&bp=192308&a=61048acb-0004-15c4-0a77-ee89310b9c8e&n=1&geo=14601&rawURL=https%3A%2F%2Fpastelink.net%2F35cwe&rawReferrerURL=&uid=e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b&euid=&encn=N4IgXglgDiBcIgDQgMYHsCuA7ALgJwE84QBhACSRAEMc4AmZAGywHM4AOAOgFZvkUIOIvABaAH7wQUAC0oBnHDQCmxSoxpwALAHZOAZgBsB7QF8gA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-69uy4oEYZ6dDMnW-gbS_broCOb-o_dc7s2U12nAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItMTc1MDg1NjIzOTIwNDQxNMgBCakCt42o__nosz7gAgCoAwGqBNMBT9CTe5QwWNbItOMvGugdqD-F08mV7hYQoQVKe1Jib2WfDaziImdGLSXz30CCdxVfPS4ZSW655G9bncQRnAscbCb0DWcQnoz6ALxNkcE91IJZwAoHr-xLDZOIUPtWY_77IxYcY17zqHnVfWMGrUPfA-NRqt8FkZgYNX3outXHn9Lv_6T2E0OM3wRFXmGQ6UkzHIsBNIrdvMB0GnzTvKOQTK6NNxTSsJdAaiNL88UBvg7VsiEaLbCCcrV7rLAKI8m1ZFHy4gw6IhjoTTu3GZujFHKK2uAEAYAGiPOFj7nioMjIAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAUIiGEQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_SnmyIWQwowtymVQKA-vwlSeEZw%26client%3Dca-pub-1750856239204414%26adurl%3D&gdpr=0&gdpr_consent=
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Fri, 30 Jul 2021 23:27:21 GMT
Server: nginx/1.13.4
Connection: keep-alive
Content-Length: 0

Verdicts & Comments Add Verdict or Comment

92 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.emp-online.ch/	1970-01-19 20:09:34	Name: HtLpTx Value: Connects
.ad-srv.net/	1970-01-19 22:17:43	Name: kdb0xdq3ls8m_uid Value: 9806fe8cccafeba9
.pastelink.net/	1970-01-19 20:08:07	Name: _gat_UA-55088947-2 Value: 1
brain.rvty.net/	1970-01-20 04:53:50	Name: RTBUserId Value: e6d55f1e-5f5c-40a6-8d0f-aeb9356de39b
.doubleclick.net/	1970-01-20 13:39:19	Name: IDE Value: AHWqTUnD-BSkRq6UbYDieuOpalWaxG-7Hva5pjRhumaFC5ZMt6f5L33md2iSe2uY8Y0
.pastelink.net/	1970-01-20 05:29:43	Name: __gads Value: ID=7b51bd134a334925-22fce13090c8006f:T=1627687627:RT=1627687627:S=ALNI_MZUg8cqzG2SoHt3FmN6tBvqiY4AyA
pastelink.net/	1970-01-19 20:08:29	Name: AdvallyUserLocation Value: CH,ZH
.pastelink.net/	1970-01-19 20:08:07	Name: _gat_advallyTrackerpl Value: 1
.pastelink.net/	1970-01-20 13:39:19	Name: _ga_S3DKHVPF03 Value: GS1.1.1627687626.1.0.1627687626.0
.pastelink.net/	1970-01-19 20:09:34	Name: _gid Value: GA1.2.1924360346.1627687627
.pastelink.net/	1970-01-20 13:39:19	Name: _ga Value: GA1.2.1133778185.1627687627
pastelink.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: svi7te8f5scrtkrpc1uva53k82
.pastelink.net/	1970-01-19 22:17:43	Name: _gcl_au Value: 1.1.1921238831.1627687627

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.adligature.com/pl/prod/rules.js(Line 1) Message: Advally Wrapper v4.5.3
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js(Line 23) Message: Advally Location: Starting
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js(Line 23) Message: Advally Location: Doing API Lookup
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js(Line 23) Message: Advally Executing 1 Queued Commands
console-api	warning	URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js(Line 24) Message: Advally Page: Site Segment test-segment-195 not found
console-api	warning	URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js(Line 24) Message: Advally Page: Site Segment test-segment-195 not found
console-api	warning	URL: https://cdn.adligature.com/rules.js/advally-4.5.3.js(Line 24) Message: Advally Units: No sizes found
console-api	log	URL: https://static.getback.ch/clients/1SE1U.js(Line 1) Message: no storage support

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

23d14cfc781c36152ea1e9796d73be26.safeframe.googlesyndication.com
ad.ad-srv.net
ad14.ad-srv.net
adservice.google.ch
adservice.google.com
brain.rvty.net
cct.connects.ch
cct.minischoggi.ch
cdn.adligature.com
cdn.contentspread.net
cdn.rvty.net
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
htlp.emp-online.ch
kaspersky.commander1.com
media.acfrg.com
media.kaspersky.com
pagead2.googlesyndication.com
partner.googleadservices.com
pastelink.net
pro.ip-api.com
securepubads.g.doubleclick.net
static.getback.ch
tc.connects.ch
tpc.googlesyndication.com
www.adtracker.ch
www.awin1.com
www.getback.ch
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.lacmp.net
104.111.239.217
13.225.87.84
13.37.72.132
138.201.84.245
142.250.181.226
176.9.26.250
18.196.166.90
185.85.15.31
2001:4de0:ac18::1:a:2a
2600:9000:21f3:8600:c:6264:8240:93a1
2600:9000:21f3:b600:13:99a2:1280:93a1
2606:4700:3031::ac43:cab1
2a00:1450:4001:800::2003
2a00:1450:4001:802::2002
2a00:1450:4001:803::2002
2a00:1450:4001:803::200e
2a00:1450:4001:808::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::2008
2a00:1450:4001:828::2008
2a00:1450:4001:82a::2002
2a00:1450:4001:830::2001
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::200a
2a01:7e00::f03c:91ff:fe39:1dbe
5.148.168.135
51.75.147.170
51.77.64.70
84.200.5.215
89.163.211.233
89.163.211.242
00bb2f69ab06efff6555f6ccae10902e87bb6aea861e83de082a45a07e525054
02cef6b0ac56b383a2964b5534db1d5d3f657f9e724bda95e3e9f2ffe9ee88a0
04bcd86676a40009fe53606bce88edf13537b712f218f9c6057e97c612513092
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
15f5b77b50f094aff9a9ff5b9bbbb180ceda3954370c3ce7110b2191153a9a8a
163ad32a13401b1f5387b23c7d749fccac8da49e9914584fe3aca42884532c09
1d2d7b45bff5fd01853d7e18161eb58421f3ed174d3aaa2ff2a82fde94425602
221dc448ad7d44d93d996b0775811851a90c59bdd5c5eeabe787ba2e7bc65fce
23b6d6fccb9a34e1b43974c5ae8e33b968656c069fdb56dec663985e35d265bc
262b2a0bae52d6afe2f44127d9e9bf02205ad9d02d6be840f0b8440a45db0f19
2bbd412bfc6e2aefaee5cf0648ad34e5ae55f21b7baec795169ad9d1a5361883
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6
376655a0c20744fd53a0b953bf6e47aa3e7712098104dc5e93fba8d0c4f31552
39c0b8be3e2bd4ecc61b4a789ac1e94d6a6812a15499181634db22e64fe7221c
3e68877a2287df89b7b705aafa12a42ea83729efb2ad61770c4c19df5f32ff0b
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
4a5d08eeafdeca2b2d0971b92c8e5679071bce93e45bed0718b231b867065699
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5314e2831216e18c4ff39e8f8a8b2202958310ce42913c75edb0daa9064bfa46
5511525387b958c9ee33873773011fd643ac361c8c25eb20d003e32d9b9fd936
55cf21bd8ff6ccfc5992b9fe72dadcbbe277599d29e3a28a0576a9b574a1cbb6
5d1310353e02e0a006b79b7d607131cb6d9411543a8957b772f565816fdf3ce4
63f3b659043af14d8288e1a2338f204b67afe7d1af06920f313fe24cb29b2743
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
71befde092beb1f869db33533a14b88e10cff1ec72094f39f68b6f5b56f2d53d
71e9dbdd760868abf36c930b0c1a0ccbfa8df0a52d86836230f3379c15f72a3e
736e1679b341206c435156f566998d48ad309ec22e277c12da51973bb42671c3
7385bcea307d7f427a31043f520ddcc7a17622318f2498ace16688c23ea3c604
788f2bc4d6c131292f54f2e0e5559945dc9cb4f0aa231c7dbff0c4c45c16dce9
7f09159d7bb027d45549bff9a4011a49b38dc5cc52d9cc2640105b49f3272ca6
7f5e5ab67d9c0e96ebd2724024092f05b737c1ef366ed31583113fbb5ce27916
857d2b553978183f2d9d05574792fe91239d09522e6bd1651d2984a33eb4cb87
85a1313774c55e722cfcc4148b1203a7707e418cc4ba2389b959226db29fdf50
85df1d0cd9e4307922b0baf60a8e7916611ecd37356646c641b3a84768b5b711
90aeea50e3b111046b102972465d72fea46a5fc00d99432869d1c35e21e8deb8
9d8a9aaecb7cd39329dcfad9a882ce0d174802ded027e150440484e097c73cb8
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0dc0de8e5e96c7703251d73a1804e8558151983afa3a2af5a7dfb29001dbe99
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8d8d04e8c4673231645ec5bcb3cc6496a2ff8cd2819fe0145a6229ad8d0896b
ab5e6e5d8293917e30f7b8f52831106b71c306caf220ba2c09d8f528a6411eda
ab6d8fb76f88fddd6992959f53271ccf7387e4008bd3e712f0b4da6c4e0b1bd9
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
c5d563d77160f257e2b60a3e5399e6bf08463ed3b848b1c759ad8c05539462b0
d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a
d31c368b4398f42715df4d24699b27eb500e7a6929cc54583dc5d75bb3ba882e
d4a36ec2a6ae9961fb9d60002bd5a4e7dac93946fc1b3a648a6dd1ab0e30fc10
d75068eff86c3491577fd62a86922f9cca41c89f0d06b6643632dd7a27a63913
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
d8ab97b7e52b38dd2bbef4f665899b50ad9b8da662d641f1b80207bed08dff4d
d9ccee9255f473e47a7eff4e4dab7449a4b8ca3c88631e91bc3b28af7bec12a4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e68191de65ab3388198855a4bf609ec8052da7ab99a3897e789291861c26281c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd6c3fe040e0780295b2bb958b6cb638b10d68ea13bb0a5d3a4da7efce788a6
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

pastelink.net Open in urlscan Pro 2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

83 Requests

100 %HTTPS

56 %IPv6

27 Domains

35 Subdomains

31 IPs

7 Countries

1327 kBTransfer

2863 kBSize

13 Cookies

3 Outgoing links

Redirected requests

83 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pastelink.net Open in urlscan Pro
2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

Screenshot
Live screenshot

Full Image

83
Requests

100 %
HTTPS

56 %
IPv6

27
Domains

35
Subdomains

31
IPs

7
Countries

1327 kB
Transfer

2863 kB
Size

13
Cookies

83 HTTP transactions
1 data transactions