pastelink.net Open in urlscan Pro
2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

URL:
https://pastelink.net/3249c
Submission: On July 12 via manual (July 12th 2021, 7:58:09 pm UTC) from US

Summary HTTP 74 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 24 IPs in 5 countries across 23 domains to perform 74 HTTP transactions. The main IP is 2a01:7e00::f03c:91ff:fe39:1dbe, located in London, United Kingdom and belongs to LINODE-AP Linode, LLC, US. The main domain is pastelink.net.
TLS certificate: Issued by R3 on May 5th 2021. Valid for: 3 months.

This is the only time pastelink.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	2a01:7e00::f0... 2a01:7e00::f03c:91ff:fe39:1dbe	63949 (LINODE-AP...) (LINODE-AP Linode)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
7	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
13	2606:4700:303... 2606:4700:3039::6815:c045	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	91.228.74.226 91.228.74.226	16509 (AMAZON-02) (AMAZON-02)
1 1	99.80.199.35 99.80.199.35	16509 (AMAZON-02) (AMAZON-02)
6	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1 1	35.157.140.213 35.157.140.213	16509 (AMAZON-02) (AMAZON-02)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2606:4700:303... 2606:4700:3032::6815:57ae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
3	46.236.13.147 46.236.13.147	24931 (DEDIPOWER) (DEDIPOWER)
1	13.224.99.121 13.224.99.121	16509 (AMAZON-02) (AMAZON-02)
1	81.29.72.47 81.29.72.47	24931 (DEDIPOWER) (DEDIPOWER)
2	54.72.233.75 54.72.233.75	16509 (AMAZON-02) (AMAZON-02)
74	24

7 2a01:7e00::f03c:91ff:fe39:1dbe (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)

pastelink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:3039::6815:c045 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.226 (United Kingdom)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.80.199.35 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-199-35.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.140.213 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-140-213.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::6815:57ae (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.236.13.147 (United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.99.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-99-121.zrh50.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.29.72.47 (Brixton, United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 81-29-72-47.servers.dedipower.net

diapi.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.72.233.75 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-233-75.eu-west-1.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	ad4m.at ad4m.at as.ad4m.at assets.ad4m.at	631 KB
11	doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	14 KB
11	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	179 KB
7	pastelink.net pastelink.net	168 KB
4	webgains.com track.webgains.com diapi.webgains.com	99 KB
4	google.com adservice.google.com www.google.com	1 KB
3	webgains.io analytics.webgains.io api.webgains.io	60 KB
3	google-analytics.com www.google-analytics.com	19 KB
3	gstatic.com fonts.gstatic.com	43 KB
2	awin1.com www.awin1.com	1 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	openx.net 2 redirects rtb.openx.net	759 B
2	ad4mat.net prod-rtb.ad4mat.net static-de.ad4mat.net	4 KB
2	googletagservices.com www.googletagservices.com	65 KB
2	google.de adservice.google.de	975 B
2	googletagmanager.com www.googletagmanager.com	88 KB
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	461 B
1	agkn.com 1 redirects d.agkn.com	759 B
1	everesttech.net 1 redirects pixel.everesttech.net	376 B
1	quantserve.com cms.quantserve.com	463 B
1	googleadservices.com partner.googleadservices.com	660 B
1	jquery.com code.jquery.com	30 KB
1	googleapis.com fonts.googleapis.com	804 B
74	23

	Domain	Requested by
7	pagead2.googlesyndication.com	pastelink.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
7	pastelink.net	pastelink.net
6	assets.ad4m.at	as.ad4m.at
6	cm.g.doubleclick.net	googleads.g.doubleclick.net
5	ad4m.at	googleads.g.doubleclick.net ad4m.at
5	googleads.g.doubleclick.net	pagead2.googlesyndication.com pastelink.net
4	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
3	track.webgains.com	as.ad4m.at analytics.webgains.io
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	fonts.gstatic.com	fonts.googleapis.com
2	api.webgains.io	analytics.webgains.io
2	www.awin1.com	as.ad4m.at
2	as.ad4m.at	ad4m.at as.ad4m.at
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
2	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.googletagmanager.com	pastelink.net www.googletagmanager.com
1	diapi.webgains.com	track.webgains.com
1	analytics.webgains.io	track.webgains.com
1	static-de.ad4mat.net	ad4m.at
1	pixel.rubiconproject.com	1 redirects
1	d.agkn.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	prod-rtb.ad4mat.net	pastelink.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	code.jquery.com	pastelink.net
1	fonts.googleapis.com	pastelink.net
74	31

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
eduzabawy.com
topbryk.pl

Subject Issuer	Validity	Valid
pastelink.net R3	`2021-05-05` - `2021-08-03`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-06-22` - `2021-09-14`	3 months	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.ad4mat.net AlphaSSL CA - SHA256 - G2	`2019-08-06` - `2021-09-08`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-08` - `2022-07-07`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-20`	a year	crt.sh
*.webgains.io Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh

This page contains 12 frames:

Primary Page: https://pastelink.net/3249c
Frame ID: C26F6F291CBED8F3B4A6AEB5501445F7
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210708/r20190131/zrt_lookup.html
Frame ID: C1DC32B9AC727E3920FBC898EF727627
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&adk=1812271804&adf=3025194257&lmt=1626119869&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpastelink.net%2F3249c&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626119869800&bpp=3&bdt=155&idt=84&shv=r20210708&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5625658410894&frm=20&pv=2&ga_vid=1524733376.1626119870&ga_sid=1626119870&ga_hid=633136956&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975%2C31061747&oid=3&pvsid=2578164719563388&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=102
Frame ID: 7AA78842224CB40972A09582C2633323
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&h=600&slotname=3281081373&adk=930862125&adf=2758691483&pi=t.ma~as.3281081373&w=239&fwrn=4&fwrnh=100&lmt=1626119869&rafmt=1&psa=0&format=239x600&url=https%3A%2F%2Fpastelink.net%2F3249c&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626119869803&bpp=1&bdt=159&idt=104&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5625658410894&frm=20&pv=1&ga_vid=1524733376.1626119870&ga_sid=1626119870&ga_hid=633136956&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1074&ady=323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975%2C31061747&oid=3&pvsid=2578164719563388&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=K5YqChIT9I&p=https%3A//pastelink.net&dtd=108
Frame ID: E1EDBF7E5C8E8F5F85B399479A72A6ED
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&h=90&adk=859397159&adf=2689116385&pi=t.aa~a.442988064~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1626119870&rafmt=1&to=qs&pwprc=9483415292&psa=0&format=1140x90&url=https%3A%2F%2Fpastelink.net%2F3249c&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626119870000&bpp=1&bdt=356&idt=1&shv=r20210708&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3ef5cdd57f2a3c77-22cef8e76ac90043%3AT%3D1626119869%3ART%3D1626119869%3AS%3DALNI_Mbh0w1WHK8n92vPQtBY4IiI75ubJw&prev_fmts=0x0%2C239x600&nras=2&correlator=5625658410894&frm=20&pv=1&ga_vid=1524733376.1626119870&ga_sid=1626119870&ga_hid=633136956&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975%2C31061747&oid=3&pvsid=2578164719563388&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=mzHWuQHxRp&p=https%3A//pastelink.net&dtd=13
Frame ID: 98FCE30D8A8611FC133C764D804A8DED
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CtPLNvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEnwFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkFgFWIsXgDBVitIsdmFP_Iwq1mABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcYChYSFHB1Yi0xNzUwODU2MjM5MjA0NDE0&sigh=QId0DRPrrpU
Frame ID: A8447B76E66264EE77BCE9BCE732F117
Requests: 8 HTTP requests in this frame

Frame: https://ad4m.at/ad/dr?ed=1hw31e2y91rg5qv723vvybgra8rxzyed6qy6ybebgcszwegfyg4yjs5gge4yck06fgag0v55axz9rdq883bgsd4dn2w75sqxyn0wtasz1nv8yc76t44f69r7ftes6mfm91ma370ewpmpaw7mqf0k75nfmvf059kbez99x5hp50yc06da3yfrek6xt7e3qjte10asxntrwfw27t0sj2rasfckqepeq6n62xvc5ja293wekxqc0a4033m0vr94rr1z89bb08mgnn5p1kmejj5y10vynyppqxbzw6xn63nyrydx7jg4813tgvbneba30vkk4b2t55hv2317d1tfyk0jhbvsq1rdn88fedejy2g2svh6jemysgrvrysec4mbm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%26client%3Dca-pub-1750856239204414%26adurl%3D
Frame ID: C52FA3B87B83716BD7708D6D88C6E4DF
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1AEA91331DE7FCF93B587C6D5E24383B
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 26E46D44805DC1E68BBA43AA0E118C26
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0
Frame ID: AB7DBC5387F52E1CC1C49BFE541419D9
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: ABB0340D8AE60077AAE6A3EE191212C0
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8628C94A42E580DCF7EB3CC308C2CFA6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

74
Requests

99 %
HTTPS

54 %
IPv6

23
Domains

31
Subdomains

24
IPs

5
Countries

1405 kB
Transfer

2221 kB
Size

7
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer/sharer.php?u=https://pastelink.net/3249c

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://pastelink.net/3249c

Search URL Search Domain Scan URL

URL: https://eduzabawy.com/wp-content/uploads/2017/08/nauka-godzin-napisz-godzine51-560x376.jpg%22
Title: https://eduzabawy.com/wp-content/uploads/2017/08/nauka-godzin-napisz-godzine51-560x376.jpg"

Search URL Search Domain Scan URL

URL: https://topbryk.pl/artykul/14289/sprawdzian-starozytnosc-polski-liceum
Title: https://topbryk.pl/artykul/14289/sprawdzian-starozytnosc-polski-liceum

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKmOqXg-MdQcW-gsKWa8dOFkgYAoA6lv2JkimsewYFE5oESwQWB9oBKuSdRynx_igIi2HVufWAxLjBi8se_WLKXayWO-XI-&google_gid=CAESEOZNxUDr2Q-N0zioN_hLAQM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WU95ZXZnQUFBQ0VtdWpoRg&google_push=AYg5qPKmOqXg-MdQcW-gsKWa8dOFkgYAoA6lv2JkimsewYFE5oESwQWB9oBKuSdRynx_igIi2HVufWAxLjBi8se_WLKXayWO-XI-

Request Chain 38

https://d.agkn.com/pixel/2175/?google_gid=CAESEFSGzLaly1coD0Q4QPA3zFI&google_cver=1&google_push=AYg5qPLW1ysoHZ_qDJbVQjGl_O4RMXKfZZKna2AifEpp5p-zM8Ph6Z6sgMPJmWcKVY6uzn28xfZxjFtLl6-wV3MaK1YKaTTqy-Qg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLW1ysoHZ_qDJbVQjGl_O4RMXKfZZKna2AifEpp5p-zM8Ph6Z6sgMPJmWcKVY6uzn28xfZxjFtLl6-wV3MaK1YKaTTqy-Qg&google_hm=Q0FFU0VGU0d6TGFseTFjb0QwUTRRUEEzekZJ

Request Chain 39

https://rtb.openx.net/sync/dds?google_gid=CAESEK0fyTMsWMBA7UGlJnsZPEQ&google_cver=1&google_push=AYg5qPLYa0Rc9OSEGDqM4ic9bo7P0_fPMlMx_LUmX5kI2wNdwUOh9w2wTuPyOsBRKccDJVR9ubYyh-0CIG7xDAAOO590fvkxul0 HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEK0fyTMsWMBA7UGlJnsZPEQ&google_cver=1&google_push=AYg5qPLYa0Rc9OSEGDqM4ic9bo7P0_fPMlMx_LUmX5kI2wNdwUOh9w2wTuPyOsBRKccDJVR9ubYyh-0CIG7xDAAOO590fvkxul0&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLYa0Rc9OSEGDqM4ic9bo7P0_fPMlMx_LUmX5kI2wNdwUOh9w2wTuPyOsBRKccDJVR9ubYyh-0CIG7xDAAOO590fvkxul0&google_hm=prZQ5ysOxeACU-zhDD6ncA==

Request Chain 40

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEF9Z6IQbKz7vZPfOr1ekbtk&google_cver=1&google_push=AYg5qPIsyvrF6JvWV48Oi-cYWAFx5qU11szoAAghK48NpveuWveaaN2iZlqPoB-mZJ7oRqfkQ-yBx1x9CMdnb7nUK0uiGgKxBW4 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEF9Z6IQbKz7vZPfOr1ekbtk&google_cver=1&google_push=AYg5qPIsyvrF6JvWV48Oi-cYWAFx5qU11szoAAghK48NpveuWveaaN2iZlqPoB-mZJ7oRqfkQ-yBx1x9CMdnb7nUK0uiGgKxBW4&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ovNBDXJeQHusOZM6XVOEMw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIsyvrF6JvWV48Oi-cYWAFx5qU11szoAAghK48NpveuWveaaN2iZlqPoB-mZJ7oRqfkQ-yBx1x9CMdnb7nUK0uiGgKxBW4

Request Chain 41

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBFvFVvg--jC4yYS2AJm0WY&google_cver=1&google_push=AYg5qPJTg7hKvIQvoR7M_W2GAtf7H5Iap2RaLHFa9p5HV2MgXr7qi3Ys5BX7eW30BiBOH4J-Sqw04HhY9-qlNCrxWI3MA2CZxPQH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1IxMVNBMVotMVMtNlpLUA==&google_push=AYg5qPJTg7hKvIQvoR7M_W2GAtf7H5Iap2RaLHFa9p5HV2MgXr7qi3Ys5BX7eW30BiBOH4J-Sqw04HhY9-qlNCrxWI3MA2CZxPQH

Request Chain 42

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_cver=1&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g

74 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 3249c Show response
pastelink.net/ 17 KB
7 KB 72ms
25ms Document
text/html 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://pastelink.net/3249c
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: eb7f1a3c1bb026a6749c8283a43307eacea70eb4f39387861bb8293bf0cb914c

Request headers

:method: GET
:authority: pastelink.net
:scheme: https
:path: /3249c
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 Jul 2021 19:57:49 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=ffa3it8n2qglsioj1aqn1uip6q; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
804 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/3249c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5314e2831216e18c4ff39e8f8a8b2202958310ce42913c75edb0daa9064bfa46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 19:50:53 GMT
server: ESF
date: Mon, 12 Jul 2021 19:57:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 12 Jul 2021 19:57:49 GMT

GET
H2 200 styles.css
pastelink.net/assets/css/ 125 KB
125 KB 21ms
20ms Stylesheet
text/css 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://pastelink.net/assets/css/styles.css
Requested by: Host: pastelink.net
URL: https://pastelink.net/3249c
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: eac3033c19c844c6c80848a212d52dbdce97c244fce3dbbd97f89ecac33adada

Request headers

:path: /assets/css/styles.css
pragma: no-cache
cookie: PHPSESSID=ffa3it8n2qglsioj1aqn1uip6q
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: pastelink.net
referer: https://pastelink.net/3249c
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/3249c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
last-modified: Fri, 02 Jul 2021 15:49:11 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "60df3577-1f4de"
content-length: 128222
content-type: text/css

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 27ms
8ms Script
application/javascript 2001:4de0:ac18::1:a:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/3249c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Origin: https://pastelink.net
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
content-encoding: gzip
last-modified: Tue, 02 Mar 2021 17:27:20 GMT
server: nginx
etag: W/"603e7578-15d9d"
vary: Accept-Encoding
x-hw: 1623512283.151.139.85.215.-.t,1626119869.cds268.fr8.hn,1626119869.cds280.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 script.min.js Show response
pastelink.net/assets/js/ 14 KB
15 KB 26ms
25ms Script
application/javascript 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://pastelink.net/assets/js/script.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/3249c
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e09e11efa5d7d536dd53c9b4b08ec9736c76971ab3a0309d30b9f5423325a98f

Request headers

:path: /assets/js/script.min.js
pragma: no-cache
cookie: PHPSESSID=ffa3it8n2qglsioj1aqn1uip6q
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pastelink.net
referer: https://pastelink.net/3249c
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/3249c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
last-modified: Fri, 02 Jul 2021 15:49:11 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "60df3577-39ca"
content-length: 14794
content-type: application/javascript

GET
H2 200 pastelinknet4.jpg
pastelink.net/assets/images/ 12 KB
12 KB 21ms
20ms Image
image/jpeg 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pastelink.net/assets/images/pastelinknet4.jpg
Requested by: Host: pastelink.net
URL: https://pastelink.net/3249c
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 262b2a0bae52d6afe2f44127d9e9bf02205ad9d02d6be840f0b8440a45db0f19

Request headers

:path: /assets/images/pastelinknet4.jpg
pragma: no-cache
cookie: PHPSESSID=ffa3it8n2qglsioj1aqn1uip6q
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pastelink.net
referer: https://pastelink.net/3249c
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/3249c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
last-modified: Thu, 27 May 2021 10:51:09 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "60af799d-2ffc"
content-length: 12284
content-type: image/jpeg

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 135 KB
48 KB 52ms
29ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/3249c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d396e0ef356abb23c37f8aa1c8035d5ca45ae91c6d7745f7aa2678258408466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48646
x-xss-protection: 0
server: cafe
etag: 8392143565435842737
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 12 Jul 2021 19:57:49 GMT

GET
H2 200 public.png
pastelink.net/assets/images/ 609 B
742 B 20ms
20ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pastelink.net/assets/images/public.png
Requested by: Host: pastelink.net
URL: https://pastelink.net/3249c
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 04bcd86676a40009fe53606bce88edf13537b712f218f9c6057e97c612513092

Request headers

:path: /assets/images/public.png
pragma: no-cache
cookie: PHPSESSID=ffa3it8n2qglsioj1aqn1uip6q
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pastelink.net
referer: https://pastelink.net/3249c
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/3249c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
last-modified: Thu, 27 May 2021 10:51:10 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "60af799e-261"
content-length: 609
content-type: image/png

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 121 KB
41 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/3249c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0c8294539e26ea6cba307df83c91eb8e82e967084577d67575f57d191cee87e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41499
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 12 Jul 2021 19:57:49 GMT

GET
H2 200 debut_light.png
pastelink.net/assets/images/ 4 KB
4 KB 20ms
20ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pastelink.net/assets/images/debut_light.png
Requested by: Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce

Request headers

:path: /assets/images/debut_light.png
pragma: no-cache
cookie: PHPSESSID=ffa3it8n2qglsioj1aqn1uip6q
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pastelink.net
referer: https://pastelink.net/assets/css/styles.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/assets/css/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
last-modified: Thu, 27 May 2021 10:51:09 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "60af799d-10c8"
content-length: 4296
content-type: image/png

GET
H2 200 sprites.png
pastelink.net/assets/images/ 4 KB
4 KB 20ms
20ms Image
image/png 2a01:7e00::f03c:91ff:fe39:1dbe
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pastelink.net/assets/images/sprites.png
Requested by: Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7e00::f03c:91ff:fe39:1dbe London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 736e1679b341206c435156f566998d48ad309ec22e277c12da51973bb42671c3

Request headers

:path: /assets/images/sprites.png
pragma: no-cache
cookie: PHPSESSID=ffa3it8n2qglsioj1aqn1uip6q
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pastelink.net
referer: https://pastelink.net/assets/css/styles.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pastelink.net/assets/css/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
last-modified: Thu, 27 May 2021 10:51:10 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "60af799e-e11"
content-length: 3601
content-type: image/png

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pastelink.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 08:28:21 GMT
x-content-type-options: nosniff
age: 559768
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:28:21 GMT

GET
H3-29 200 JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ 19 KB
19 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pastelink.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:52:57 GMT
x-content-type-options: nosniff
age: 292
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19264
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:13:07 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Jul 2022 19:52:57 GMT

GET
H3-29 200 JTURjIg1_i6t8kCHKm45_bZF3gfD_u50.woff2
fonts.gstatic.com/s/montserrat/v15/ 17 KB
17 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_bZF3gfD_u50.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61697412cc59989e4eee0d73b88388554d608bf9f9fd9217818245794c7ce13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pastelink.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 20:45:26 GMT
x-content-type-options: nosniff
age: 601943
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16984
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 20:45:26 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 122 KB
47 KB 23ms
22ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4c0ad0422729529764cebf5a89b77270e20a63df2368f2b7a1e07f6a50d9cfbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48404
x-xss-protection: 0
expires: Mon, 12 Jul 2021 19:57:49 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 423
date: Mon, 12 Jul 2021 19:50:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Mon, 12 Jul 2021 21:50:46 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107080101/ 240 KB
89 KB 52ms
38ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1750856239204414&plah=pastelink.net&amaexp=1&bust=exp%3D31061747

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9346d626912694d5ce3d903186eba5c133d05750655f3e067b4904079a3094d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91198
x-xss-protection: 0
server: cafe
etag: 5157446891761623126
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 12 Jul 2021 19:57:49 GMT

GET
H3-29 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210708/r20190131/ Frame C1DC 10 KB
4 KB 22ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210708/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20b3bad1427e2212dd847357841f993f025b5061c4af1d382dcc727e102cc1e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210708/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 12 Jul 2021 00:54:05 GMT
expires: Mon, 26 Jul 2021 00:54:05 GMT
content-type: text/html; charset=UTF-8
etag: 15579341980913220427
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4579
x-xss-protection: 0
age: 68624
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 14ms
14ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=633136956&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F3249c&ul=en-us&de=UTF-8&dt=J%C4%99zyk%20Angielski%20-%20Przedszkole%20Samorz%C4%85dowe%20Nr%204%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1246968069&gjid=2068811816&cid=1524733376.1626119870&tid=UA-55088947-2&_gid=1634780083.1626119870&_r=1&gtm=2wg77055WHPWQ&z=1375061908

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 19:57:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 collect
www.google-analytics.com/g/ 0
17 B 13ms
13ms Ping
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oe770&_p=633136956&sr=1600x1200&ul=en-us&cid=1524733376.1626119870&_s=1&dl=https%3A%2F%2Fpastelink.net%2F3249c&dt=J%C4%99zyk%20Angielski%20-%20Przedszkole%20Samorz%C4%85dowe%20Nr%204%20-%20Pastelink.net&sid=1626119869&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 19:57:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 203 B
660 B 61ms
33ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=pastelink.net&callback=_gfp_s_&client=ca-pub-1750856239204414

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1750856239204414&plah=pastelink.net&amaexp=1&bust=exp%3D31061747

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

052745ac9533edaeeb46d02397919864f41642700f1dd36d4775b1f5287bd97b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 37ms
14ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=pastelink.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Jul 2021 19:57:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 38ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Jul 2021 19:57:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7AA7 2 KB
599 B 81ms
81ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&adk=1812271804&adf=3025194257&lmt=1626119869&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpastelink.net%2F3249c&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626119869800&bpp=3&bdt=155&idt=84&shv=r20210708&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5625658410894&frm=20&pv=2&ga_vid=1524733376.1626119870&ga_sid=1626119870&ga_hid=633136956&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975%2C31061747&oid=3&pvsid=2578164719563388&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=102

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84e1430c29f56aa89214ecec6614c175a4b6b032ac75d2bc9aa37b83b87012c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1750856239204414&output=html&adk=1812271804&adf=3025194257&lmt=1626119869&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpastelink.net%2F3249c&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626119869800&bpp=3&bdt=155&idt=84&shv=r20210708&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5625658410894&frm=20&pv=2&ga_vid=1524733376.1626119870&ga_sid=1626119870&ga_hid=633136956&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975%2C31061747&oid=3&pvsid=2578164719563388&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=102
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 12 Jul 2021 19:57:49 GMT
server: cafe
content-length: 575
x-xss-protection: 0
set-cookie: IDE=AHWqTUkMFm4yW56qQf3sLUgPcLTDUcTmQdQMCIpeXvAfWT9c6YZb-7hMa07zenifBjs; expires=Sat, 06-Aug-2022 19:57:49 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 12 Jul 2021 19:57:49 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 48ms
27ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff43600c228c39295ac3c0768717186ef6d68e1358a325b310a757bf53d265b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:49 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1625830134516437"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27897
x-xss-protection: 0
expires: Mon, 12 Jul 2021 19:57:49 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E1ED 16 KB
7 KB 153ms
152ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&h=600&slotname=3281081373&adk=930862125&adf=2758691483&pi=t.ma~as.3281081373&w=239&fwrn=4&fwrnh=100&lmt=1626119869&rafmt=1&psa=0&format=239x600&url=https%3A%2F%2Fpastelink.net%2F3249c&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626119869803&bpp=1&bdt=159&idt=104&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5625658410894&frm=20&pv=1&ga_vid=1524733376.1626119870&ga_sid=1626119870&ga_hid=633136956&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1074&ady=323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975%2C31061747&oid=3&pvsid=2578164719563388&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=K5YqChIT9I&p=https%3A//pastelink.net&dtd=108

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b5bd7873b5493abf56970fd4878852eb1616e6ebba9cb192a13cf7e1b644efc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1750856239204414&output=html&h=600&slotname=3281081373&adk=930862125&adf=2758691483&pi=t.ma~as.3281081373&w=239&fwrn=4&fwrnh=100&lmt=1626119869&rafmt=1&psa=0&format=239x600&url=https%3A%2F%2Fpastelink.net%2F3249c&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626119869803&bpp=1&bdt=159&idt=104&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5625658410894&frm=20&pv=1&ga_vid=1524733376.1626119870&ga_sid=1626119870&ga_hid=633136956&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1074&ady=323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975%2C31061747&oid=3&pvsid=2578164719563388&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=K5YqChIT9I&p=https%3A//pastelink.net&dtd=108
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 12 Jul 2021 19:57:50 GMT
server: cafe
content-length: 7180
x-xss-protection: 0
set-cookie: IDE=AHWqTUkew4PHIIb2SQ3-i5LZ_Q8X1LDsBGwTYyr3OWJqzmgZi6BmL_ZJHe_SFp7_4aM; expires=Sat, 06-Aug-2022 19:57:49 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 12 Jul 2021 19:57:50 GMT
cache-control: private

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 31ms
14ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=pastelink.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Jul 2021 19:57:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 31ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Jul 2021 19:57:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 98FC 436 B
234 B 101ms
101ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&h=90&adk=859397159&adf=2689116385&pi=t.aa~a.442988064~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1626119870&rafmt=1&to=qs&pwprc=9483415292&psa=0&format=1140x90&url=https%3A%2F%2Fpastelink.net%2F3249c&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626119870000&bpp=1&bdt=356&idt=1&shv=r20210708&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3ef5cdd57f2a3c77-22cef8e76ac90043%3AT%3D1626119869%3ART%3D1626119869%3AS%3DALNI_Mbh0w1WHK8n92vPQtBY4IiI75ubJw&prev_fmts=0x0%2C239x600&nras=2&correlator=5625658410894&frm=20&pv=1&ga_vid=1524733376.1626119870&ga_sid=1626119870&ga_hid=633136956&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975%2C31061747&oid=3&pvsid=2578164719563388&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=mzHWuQHxRp&p=https%3A//pastelink.net&dtd=13

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aa07f7ae03823db9270b194410184e549895123ae7e396213a6cfcab32260191

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1750856239204414&output=html&h=90&adk=859397159&adf=2689116385&pi=t.aa~a.442988064~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1626119870&rafmt=1&to=qs&pwprc=9483415292&psa=0&format=1140x90&url=https%3A%2F%2Fpastelink.net%2F3249c&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626119870000&bpp=1&bdt=356&idt=1&shv=r20210708&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3ef5cdd57f2a3c77-22cef8e76ac90043%3AT%3D1626119869%3ART%3D1626119869%3AS%3DALNI_Mbh0w1WHK8n92vPQtBY4IiI75ubJw&prev_fmts=0x0%2C239x600&nras=2&correlator=5625658410894&frm=20&pv=1&ga_vid=1524733376.1626119870&ga_sid=1626119870&ga_hid=633136956&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975%2C31061747&oid=3&pvsid=2578164719563388&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=mzHWuQHxRp&p=https%3A//pastelink.net&dtd=13
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkMFm4yW56qQf3sLUgPcLTDUcTmQdQMCIpeXvAfWT9c6YZb-7hMa07zenifBjs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 12 Jul 2021 19:57:50 GMT
server: cafe
content-length: 214
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame A844 0
0 21ms
20ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CtPLNvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEnwFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkFgFWIsXgDBVitIsdmFP_Iwq1mABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcYChYSFHB1Yi0xNzUwODU2MjM5MjA0NDE0&sigh=QId0DRPrrpU

Requested by

Host: pastelink.net
URL: https://pastelink.net/3249c

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&h=600&slotname=3281081373&adk=930862125&adf=2758691483&pi=t.ma~as.3281081373&w=239&fwrn=4&fwrnh=100&lmt=1626119869&rafmt=1&psa=0&format=239x600&url=https%3A%2F%2Fpastelink.net%2F3249c&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626119869803&bpp=1&bdt=159&idt=104&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5625658410894&frm=20&pv=1&ga_vid=1524733376.1626119870&ga_sid=1626119870&ga_hid=633136956&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1074&ady=323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975%2C31061747&oid=3&pvsid=2578164719563388&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=K5YqChIT9I&p=https%3A//pastelink.net&dtd=108
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 12 Jul 2021 19:57:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame A844 0
0 865ms
850ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1hfz1tbhyc9wna56xqfknty8ce0kyp81emww9dz63tb9fqd4k8p5xwnjp0jr6wn1aqbxzd7ek9bd1fte2kwve6bcvfv09mj23p28p9m1z71w2bvk1naqh5p5wdse8131vvmh9745xjajpmakee79hgbg61bm5ac0tk5mf62srrhgcmsh26dwrtffea0mph1nd31ssq6qznche1hkap4t5xdtgcr4jkqqkcb09rh466qgmmhg1kdtspfgyqnyc1f41kh6yv1fgbxf2jtme6wedj9xra54fdn9j6becpgdm5h3yhf3qr3savgtaq39fmxq73s41kmbfqr8pwej229td7482ymd7emx3zhsrfqzjc072m5q3dw4pnsdhdxbdad5z39g2dhj&b=YOyevQAOKA8I9kEwAAK8o89TGpO1sTPeGtGDPg
Requested by: Host: pastelink.net
URL: https://pastelink.net/3249c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 12 Jul 2021 19:57:50 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
ad4m.at/ad/ Frame C52F 2 KB
2 KB 55ms
34ms Document
text/html 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dr?ed=1hw31e2y91rg5qv723vvybgra8rxzyed6qy6ybebgcszwegfyg4yjs5gge4yck06fgag0v55axz9rdq883bgsd4dn2w75sqxyn0wtasz1nv8yc76t44f69r7ftes6mfm91ma370ewpmpaw7mqf0k75nfmvf059kbez99x5hp50yc06da3yfrek6xt7e3qjte10asxntrwfw27t0sj2rasfckqepeq6n62xvc5ja293wekxqc0a4033m0vr94rr1z89bb08mgnn5p1kmejj5y10vynyppqxbzw6xn63nyrydx7jg4813tgvbneba30vkk4b2t55hv2317d1tfyk0jhbvsq1rdn88fedejy2g2svh6jemysgrvrysec4mbm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%26client%3Dca-pub-1750856239204414%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&h=600&slotname=3281081373&adk=930862125&adf=2758691483&pi=t.ma~as.3281081373&w=239&fwrn=4&fwrnh=100&lmt=1626119869&rafmt=1&psa=0&format=239x600&url=https%3A%2F%2Fpastelink.net%2F3249c&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626119869803&bpp=1&bdt=159&idt=104&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5625658410894&frm=20&pv=1&ga_vid=1524733376.1626119870&ga_sid=1626119870&ga_hid=633136956&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1074&ady=323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975%2C31061747&oid=3&pvsid=2578164719563388&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=K5YqChIT9I&p=https%3A//pastelink.net&dtd=108

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0a7474a875c2940fd8b3d1c478c797d47849a020f82be9bdc6fac2e4aa3020b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dr?ed=1hw31e2y91rg5qv723vvybgra8rxzyed6qy6ybebgcszwegfyg4yjs5gge4yck06fgag0v55axz9rdq883bgsd4dn2w75sqxyn0wtasz1nv8yc76t44f69r7ftes6mfm91ma370ewpmpaw7mqf0k75nfmvf059kbez99x5hp50yc06da3yfrek6xt7e3qjte10asxntrwfw27t0sj2rasfckqepeq6n62xvc5ja293wekxqc0a4033m0vr94rr1z89bb08mgnn5p1kmejj5y10vynyppqxbzw6xn63nyrydx7jg4813tgvbneba30vkk4b2t55hv2317d1tfyk0jhbvsq1rdn88fedejy2g2svh6jemysgrvrysec4mbm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%26client%3Dca-pub-1750856239204414%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Mon, 12 Jul 2021 19:57:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-wmp3
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 66dcd7c42d9ed6bd-FRA
content-encoding: br

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210708/r20110914/client/ Frame A844 3 KB
1 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210708/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 308
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Jul 2021 19:52:42 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1AEA 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 12 Jul 2021 03:09:05 GMT
expires: Tue, 13 Jul 2021 03:09:05 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 60525
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A844 123 KB
37 KB 30ms
15ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dfc6963fb114588887432268114a1bb0a5e4692eaeafc9e755c7d4ad92546e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:50 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1625830140585725"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37948
x-xss-protection: 0
expires: Mon, 12 Jul 2021 19:57:50 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210708/r20110914/client/ Frame A844 14 KB
7 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210708/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e5e8d7a52cffab98c6c3957e1c30af475c697d4d50ba91aeab0b11eea32a166

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6198
x-xss-protection: 0
server: cafe
etag: 11976405653130873325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Jul 2021 19:57:26 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame A844 0
0 18ms
17ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSSYhsliFxw8Erm6jwTpslolt2RtQZYbDIHrkW_XRU04ViS-KiR1ZZfIXMAlZtE8jjDpgPEq0xXWQgIwb_4VOFRwa0_Tg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1750856239204414&output=html&h=600&slotname=3281081373&adk=930862125&adf=2758691483&pi=t.ma~as.3281081373&w=239&fwrn=4&fwrnh=100&lmt=1626119869&rafmt=1&psa=0&format=239x600&url=https%3A%2F%2Fpastelink.net%2F3249c&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626119869803&bpp=1&bdt=159&idt=104&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5625658410894&frm=20&pv=1&ga_vid=1524733376.1626119870&ga_sid=1626119870&ga_hid=633136956&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1074&ady=323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060975%2C31061747&oid=3&pvsid=2578164719563388&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=K5YqChIT9I&p=https%3A//pastelink.net&dtd=108
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 dpixel
cms.quantserve.com/ Frame 1AEA 35 B
463 B 373ms
20ms Image
image/gif 91.228.74.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEMga2hqEV0GTquCqJOKoMhg&google_cver=1&google_push=AYg5qPJglCETXD6K60NP0xzXFN9BVZiHXDXNmJ3lszWxDNRM9c0U4Kny-o77Kueru7UciKOapTJe7j92mjsmaTR41agHRBSBlvXZ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.226 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 19:57:50 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 1AEA
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKmOqXg-MdQcW-gsKWa8dOFkgYAoA6lv2Jkims...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WU95ZXZnQUFBQ0VtdWpoRg&google_push=AYg5qPKmOqXg-MdQcW-gsKWa8dOFkgYAoA6lv2JkimsewYFE5oESwQWB9oBKuSdRynx_igIi2HVufWAxLjBi8se_WLKXayWO-XI-

170 B
188 B

21ms
20ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WU95ZXZnQUFBQ0VtdWpoRg&google_push=AYg5qPKmOqXg-MdQcW-gsKWa8dOFkgYAoA6lv2JkimsewYFE5oESwQWB9oBKuSdRynx_igIi2HVufWAxLjBi8se_WLKXayWO-XI-

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 19:57:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WU95ZXZnQUFBQ0VtdWpoRg&google_push=AYg5qPKmOqXg-MdQcW-gsKWa8dOFkgYAoA6lv2JkimsewYFE5oESwQWB9oBKuSdRynx_igIi2HVufWAxLjBi8se_WLKXayWO-XI-
Date: Mon, 12 Jul 2021 19:57:50 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 1AEA
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEFSGzLaly1coD0Q4QPA3zFI&google_cver=1&google_push=AYg5qPLW1ysoHZ_qDJbVQjGl_O4RMXKfZZKna2AifEpp5p-zM8Ph6Z6sgMPJmWcKVY6uzn28xfZxjFtLl6-wV3MaK1YKaTTqy-Qg
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLW1ysoHZ_qDJbVQjGl_O4RMXKfZZKna2AifEpp5p-zM8Ph6Z6sgMPJmWcKVY6uzn28xfZxjFtLl6-wV3MaK1YKaTTqy-Qg&google_hm=Q0FFU0VGU0d6TGFseTFjb...

170 B
188 B

35ms
20ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLW1ysoHZ_qDJbVQjGl_O4RMXKfZZKna2AifEpp5p-zM8Ph6Z6sgMPJmWcKVY6uzn28xfZxjFtLl6-wV3MaK1YKaTTqy-Qg&google_hm=Q0FFU0VGU0d6TGFseTFjb0QwUTRRUEEzekZJ

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 19:57:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 12 Jul 2021 19:57:49 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLW1ysoHZ_qDJbVQjGl_O4RMXKfZZKna2AifEpp5p-zM8Ph6Z6sgMPJmWcKVY6uzn28xfZxjFtLl6-wV3MaK1YKaTTqy-Qg&google_hm=Q0FFU0VGU0d6TGFseTFjb0QwUTRRUEEzekZJ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 1AEA
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEK0fyTMsWMBA7UGlJnsZPEQ&google_cver=1&google_push=AYg5qPLYa0Rc9OSEGDqM4ic9bo7P0_fPMlMx_LUmX5kI2wNdwUOh9w2wTuPyOsBRKccDJVR9ubYyh-0CIG7xDAAOO590fvkxul0
https://rtb.openx.net/sync/dds?google_gid=CAESEK0fyTMsWMBA7UGlJnsZPEQ&google_cver=1&google_push=AYg5qPLYa0Rc9OSEGDqM4ic9bo7P0_fPMlMx_LUmX5kI2wNdwUOh9w2wTuPyOsBRKccDJVR9ubYyh-0CIG7xDAAOO590fvkxul0&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLYa0Rc9OSEGDqM4ic9bo7P0_fPMlMx_LUmX5kI2wNdwUOh9w2wTuPyOsBRKccDJVR9ubYyh-0CIG7xDAAOO590fvkxul0&google_hm=prZQ5ysOxeACU-zhDD6ncA==

170 B
188 B

23ms
19ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLYa0Rc9OSEGDqM4ic9bo7P0_fPMlMx_LUmX5kI2wNdwUOh9w2wTuPyOsBRKccDJVR9ubYyh-0CIG7xDAAOO590fvkxul0&google_hm=prZQ5ysOxeACU-zhDD6ncA==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 19:57:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 12 Jul 2021 19:57:49 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLYa0Rc9OSEGDqM4ic9bo7P0_fPMlMx_LUmX5kI2wNdwUOh9w2wTuPyOsBRKccDJVR9ubYyh-0CIG7xDAAOO590fvkxul0&google_hm=prZQ5ysOxeACU-zhDD6ncA==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: e94scdvkenh0skkd7ogn7cipn4gannl0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 1AEA
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ovNBDXJeQHusOZM6XVOEMw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

22ms
19ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ovNBDXJeQHusOZM6XVOEMw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIsyvrF6JvWV48Oi-cYWAFx5qU11szoAAghK48NpveuWveaaN2iZlqPoB-mZJ7oRqfkQ-yBx1x9CMdnb7nUK0uiGgKxBW4

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 19:57:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ovNBDXJeQHusOZM6XVOEMw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIsyvrF6JvWV48Oi-cYWAFx5qU11szoAAghK48NpveuWveaaN2iZlqPoB-mZJ7oRqfkQ-yBx1x9CMdnb7nUK0uiGgKxBW4
date: Mon, 12 Jul 2021 19:57:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 1AEA
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBFvFVvg--jC4yYS2AJm0WY&google_cver=1&google_push=AYg5qPJTg7hKvIQvoR7M_W2GAtf7H5Iap2RaLHFa9p5HV2MgXr7qi3Ys5BX7eW30BiBOH4J-Sqw...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1IxMVNBMVotMVMtNlpLUA==&google_push=AYg5qPJTg7hKvIQvoR7M_W2GAtf7H5Iap2RaLHFa9p5HV2MgXr7qi3Ys5BX7eW30BiBOH4J-Sqw04HhY9-qlNCrxWI3MA2CZxPQH

170 B
188 B

22ms
21ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1IxMVNBMVotMVMtNlpLUA==&google_push=AYg5qPJTg7hKvIQvoR7M_W2GAtf7H5Iap2RaLHFa9p5HV2MgXr7qi3Ys5BX7eW30BiBOH4J-Sqw04HhY9-qlNCrxWI3MA2CZxPQH

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 19:57:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1IxMVNBMVotMVMtNlpLUA==&google_push=AYg5qPJTg7hKvIQvoR7M_W2GAtf7H5Iap2RaLHFa9p5HV2MgXr7qi3Ys5BX7eW30BiBOH4J-Sqw04HhY9-qlNCrxWI3MA2CZxPQH
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 1AEA
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 1AEA 0
253 B 41ms
15ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KrrDk-E9kN28BAcAc1mGVkGjzzAeojkrVnKFlodymHz-AwIfvUrz00rw6PQ2w_eoNCo1a9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:50 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame A844 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56b0826ab31396372369c64c7ee3702c939c93e5f6a7da93829ea0f40079e3c1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 default.css
ad4m.at/0.1.124-320/style/one-ad/ Frame C52F 58 KB
7 KB 34ms
23ms Stylesheet
text/css 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1hw31e2y91rg5qv723vvybgra8rxzyed6qy6ybebgcszwegfyg4yjs5gge4yck06fgag0v55axz9rdq883bgsd4dn2w75sqxyn0wtasz1nv8yc76t44f69r7ftes6mfm91ma370ewpmpaw7mqf0k75nfmvf059kbez99x5hp50yc06da3yfrek6xt7e3qjte10asxntrwfw27t0sj2rasfckqepeq6n62xvc5ja293wekxqc0a4033m0vr94rr1z89bb08mgnn5p1kmejj5y10vynyppqxbzw6xn63nyrydx7jg4813tgvbneba30vkk4b2t55hv2317d1tfyk0jhbvsq1rdn88fedejy2g2svh6jemysgrvrysec4mbm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%26client%3Dca-pub-1750856239204414%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5595a592e5e93a111e8b48e225a826b874b635dc219787efedf806d3aa13f223

Request headers

Referer: https://ad4m.at/ad/dr?ed=1hw31e2y91rg5qv723vvybgra8rxzyed6qy6ybebgcszwegfyg4yjs5gge4yck06fgag0v55axz9rdq883bgsd4dn2w75sqxyn0wtasz1nv8yc76t44f69r7ftes6mfm91ma370ewpmpaw7mqf0k75nfmvf059kbez99x5hp50yc06da3yfrek6xt7e3qjte10asxntrwfw27t0sj2rasfckqepeq6n62xvc5ja293wekxqc0a4033m0vr94rr1z89bb08mgnn5p1kmejj5y10vynyppqxbzw6xn63nyrydx7jg4813tgvbneba30vkk4b2t55hv2317d1tfyk0jhbvsq1rdn88fedejy2g2svh6jemysgrvrysec4mbm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%26client%3Dca-pub-1750856239204414%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=/Fheiw==, md5=iazLgrLD9V76ltPySV8jTQ==
date: Mon, 12 Jul 2021 19:57:50 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1243532
x-guploader-uploadid: ADPycdtkioITd9kON3MDPr-nVhtDYZvM5BcWwBJS7eF-ZszN4EdBaLdVcBmWoP0vGtgvogL9Lz8Tib9QpKYbbvav9lA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6688
last-modified: Mon, 28 Jun 2021 10:31:59 GMT
server: cloudflare
etag: "89accb82b2c3f55efa96d3f2495f234d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=OaZ9GmV2EPqXbuZcde4opJI8a7%2BQklmO2L8iHG3f%2F7xgebI%2F%2BiZtfwU2qDi02Unieb2eoz8WwG%2FGN7hwxiZp0jSENuq%2BITfdfAsC3aCU8EyjKQIUdbpByxexKlCQExAa"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1624876319573767
content-type: text/css
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 6688
accept-ranges: bytes
cf-ray: 66dcd7c4aca7dff7-FRA
expires: Tue, 28 Jun 2022 10:32:18 GMT

GET
H3-29 200 fxpcopuw.js Show response
ad4m.at/ Frame C52F 36 KB
12 KB 52ms
41ms Script
application/javascript 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1hw31e2y91rg5qv723vvybgra8rxzyed6qy6ybebgcszwegfyg4yjs5gge4yck06fgag0v55axz9rdq883bgsd4dn2w75sqxyn0wtasz1nv8yc76t44f69r7ftes6mfm91ma370ewpmpaw7mqf0k75nfmvf059kbez99x5hp50yc06da3yfrek6xt7e3qjte10asxntrwfw27t0sj2rasfckqepeq6n62xvc5ja293wekxqc0a4033m0vr94rr1z89bb08mgnn5p1kmejj5y10vynyppqxbzw6xn63nyrydx7jg4813tgvbneba30vkk4b2t55hv2317d1tfyk0jhbvsq1rdn88fedejy2g2svh6jemysgrvrysec4mbm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%26client%3Dca-pub-1750856239204414%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 980a0ed841d025e07f7ffc83943d26b590abfd96c857a19ac76394099a35c67e

Request headers

Referer: https://ad4m.at/ad/dr?ed=1hw31e2y91rg5qv723vvybgra8rxzyed6qy6ybebgcszwegfyg4yjs5gge4yck06fgag0v55axz9rdq883bgsd4dn2w75sqxyn0wtasz1nv8yc76t44f69r7ftes6mfm91ma370ewpmpaw7mqf0k75nfmvf059kbez99x5hp50yc06da3yfrek6xt7e3qjte10asxntrwfw27t0sj2rasfckqepeq6n62xvc5ja293wekxqc0a4033m0vr94rr1z89bb08mgnn5p1kmejj5y10vynyppqxbzw6xn63nyrydx7jg4813tgvbneba30vkk4b2t55hv2317d1tfyk0jhbvsq1rdn88fedejy2g2svh6jemysgrvrysec4mbm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%26client%3Dca-pub-1750856239204414%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=ndtGUA==, md5=/5LvoHnoxEbm4C/6/XyRVA==
date: Mon, 12 Jul 2021 19:57:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 28113
x-guploader-uploadid: ABg5-Uxp6BLlfFJIDLoI1jFxsoTki2I7AGTqXUpj-woLYZslYRPfPoFvXRWwgy8xINJ55FtpEUTtqu23PiPp_PC-4UA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 14 Jun 2021 12:08:33 GMT
server: cloudflare
etag: W/"ff92efa079e8c446e6e02ffafd7c9154"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=PmGi%2BC%2FmTutRo00uC7sMDxw7ziZlXdVsrymLdBhzc6LWOo1lwrhhrtfULJjPWY7PsVkH0tLiylJSm68hWz%2FaOSLWPSCBYCaCuz7lma3x9QfyKc97MTUakF1%2FWHPdck6Y"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623672513020985
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11953
cf-ray: 66dcd7c4aca8dff7-FRA
expires: Mon, 12 Jul 2021 12:09:17 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame C52F 3 KB
4 KB 63ms
45ms Image
image/png 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: ad4m.at
URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Referer: https://ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Mon, 12 Jul 2021 19:57:50 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2877488
x-guploader-uploadid: ABg5-UzzLZaEcDbjdbhukLGh7tDKAZOMFJOiU4iHwOPl8QLDCjazkiciYkkK8qFWGCtZPjDfwbZeIl1PxPDK-jxIb2s
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5O8ZBByuqQ0yJAESLQ32rrpksKOdCs9OQu1If%2FAl5%2F819c6LF0a43qrsJxf0kxhWoBz6%2BuSC2oIB62dffyFfRuPILwDKTEqdV0Fih5fNRWbfiVuw3k%2BzX1%2FMye4tUxighDC9EuSeKSsBWgndQ2M%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 66dcd7c51b054a85-FRA
expires: Thu, 09 Jun 2022 12:39:42 GMT

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame 26E4 2 KB
2 KB 19ms
18ms Document
text/html 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad4m.at/ad/dr?ed=1hw31e2y91rg5qv723vvybgra8rxzyed6qy6ybebgcszwegfyg4yjs5gge4yck06fgag0v55axz9rdq883bgsd4dn2w75sqxyn0wtasz1nv8yc76t44f69r7ftes6mfm91ma370ewpmpaw7mqf0k75nfmvf059kbez99x5hp50yc06da3yfrek6xt7e3qjte10asxntrwfw27t0sj2rasfckqepeq6n62xvc5ja293wekxqc0a4033m0vr94rr1z89bb08mgnn5p1kmejj5y10vynyppqxbzw6xn63nyrydx7jg4813tgvbneba30vkk4b2t55hv2317d1tfyk0jhbvsq1rdn88fedejy2g2svh6jemysgrvrysec4mbm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%26client%3Dca-pub-1750856239204414%26adurl%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad4m.at/ad/dr?ed=1hw31e2y91rg5qv723vvybgra8rxzyed6qy6ybebgcszwegfyg4yjs5gge4yck06fgag0v55axz9rdq883bgsd4dn2w75sqxyn0wtasz1nv8yc76t44f69r7ftes6mfm91ma370ewpmpaw7mqf0k75nfmvf059kbez99x5hp50yc06da3yfrek6xt7e3qjte10asxntrwfw27t0sj2rasfckqepeq6n62xvc5ja293wekxqc0a4033m0vr94rr1z89bb08mgnn5p1kmejj5y10vynyppqxbzw6xn63nyrydx7jg4813tgvbneba30vkk4b2t55hv2317d1tfyk0jhbvsq1rdn88fedejy2g2svh6jemysgrvrysec4mbm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%26client%3Dca-pub-1750856239204414%26adurl%3D

Response headers

date: Mon, 12 Jul 2021 19:57:50 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Mon, 12 Jul 2021 20:57:50 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 1638113
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=U3L8SMhZgj%2BaXqUT8Ddh5SF8EfNgAB44rWjX3dIobBVO2b0kJhdWOsZPLU48%2BzKO1F%2Bi2Q9puWjMRiAWAxVgcUa2IdpJXjMTfriyjJ2LEGx3HSjB8HgIQgvGrQJlsJwX"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 66dcd7c50d4bdff7-FRA
content-encoding: br

POST
H3-29 200 rs Show response
ad4m.at/ Frame C52F 1 KB
2 KB 30ms
30ms XHR
text/plain 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d4500ade0135011844ea3483dc72aed9b77783e9d4fe7f2220dc36a62abb455

Request headers

Referer: https://ad4m.at/ad/dr?ed=1hw31e2y91rg5qv723vvybgra8rxzyed6qy6ybebgcszwegfyg4yjs5gge4yck06fgag0v55axz9rdq883bgsd4dn2w75sqxyn0wtasz1nv8yc76t44f69r7ftes6mfm91ma370ewpmpaw7mqf0k75nfmvf059kbez99x5hp50yc06da3yfrek6xt7e3qjte10asxntrwfw27t0sj2rasfckqepeq6n62xvc5ja293wekxqc0a4033m0vr94rr1z89bb08mgnn5p1kmejj5y10vynyppqxbzw6xn63nyrydx7jg4813tgvbneba30vkk4b2t55hv2317d1tfyk0jhbvsq1rdn88fedejy2g2svh6jemysgrvrysec4mbm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%26client%3Dca-pub-1750856239204414%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 66dcd7c53d7ddff7-FRA
date: Mon, 12 Jul 2021 19:57:50 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NgcWbFaOs4Knh8NXFtS8ePEziuUqUw3Sor5f5cNsrq8HKy3yyeJA6BKija4cGbmgpfp9DyZNO7L43mym55roji%2Ffys%2FISdAlOkjGME9kwxEtqampOse3bXeb32kCDAv0"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://ad4m.at
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: rs-1tg8

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 32ms
18ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210708&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4736f2c9f9d252c0eded8f0c55198bc02e485d34db8984384dd0afa332bc2dba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Jul 2021 19:57:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8490
x-xss-protection: 0

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame AB7D 10 KB
4 KB 45ms
42ms Document
text/html 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a2a42ff5e9edef5ece13310e35ab6f4500725823c8d1e7b951124d3c1726cbb

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:50 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 66dcd7c56936d6bd-FRA
content-encoding: br

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 31ms
15ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Mon, 12 Jul 2021 19:57:50 GMT

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.7/one-ad/ Frame AB7D 64 KB
7 KB 24ms
24ms Stylesheet
text/css 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.7/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c35529095f6b1a1b2f9345e8d7e86532048ffbfdd082f03ed114be88865388df

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:57:50 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 39208
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=3600
cf-ray: 66dcd7c5be8ddff7-FRA
expires: Mon, 12 Jul 2021 20:57:50 GMT

GET
H2 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame AB7D 18 KB
19 KB 29ms
26ms Image
image/webp 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
date: Mon, 12 Jul 2021 19:57:50 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 876396
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ABg5-UwOGp5bgSvwEzU_da1b77w9WducnNtAstYqvxSKIr83PnCr9Z1OUEVynQSlskeHgfZHvWTiqDm_G4ijz27hD2w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 18872
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=B9Ybx9pPZQ4xvINd53b7f1vHio18Js8LfrjAALiXbv6IS4gRAfnxPq6o3btXOW%2FR2uoL%2FBwbRhV3sWhFtSVtWZFl3Tk2TyIth7ygukKDsVM1Qckb08Z5p8kDfgTac0zXMIM5Hh50aw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589805029334103
content-type: image/webp
expires: Tue, 13 Jul 2021 19:57:50 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
cf-ray: 66dcd7c5ba09d6bd-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 00F619D8F00669FB6B148FCA1F359A7CA5A72E81F1698F0435018F83EA02825BEBAFD49E18F13D128B52CB0ABFB8FA7B803272A64A7914A87DB8504414D95994
assets.ad4m.at/product_image/ Frame AB7D 300 KB
301 KB 49ms
47ms Image
image/webp 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/00F619D8F00669FB6B148FCA1F359A7CA5A72E81F1698F0435018F83EA02825BEBAFD49E18F13D128B52CB0ABFB8FA7B803272A64A7914A87DB8504414D95994
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04b1f8cb2f5e15aeddb7c25f1ecd30ec677874fbbc28a43cbae37a32ab5d01e1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EZXtXA==, md5=mgoAJVijZFI0Dr9oP+Il1A==
date: Mon, 12 Jul 2021 19:57:50 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 525071
cf-polished: origFmt=png, origSize=594083
x-guploader-uploadid: ADPycdvWJ381jsUt3c2bnyOhsBN8eT56nGWU8guSKptbqewJ7lWXtv7hCFpR_BhaOadTH3GNJmU2b2YxIsOfzxtQN1GTJaUo4g
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 307160
last-modified: Tue, 22 Jun 2021 13:51:23 GMT
server: cloudflare
etag: "9a0a002558a36452340ebf683fe225d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=noZGC4i2lEzuQaRKd7wV8pe8PJxWy%2FF0rOZLg9ORFs546OwkBd3lAr8ck6W%2FElqIJ6E%2B%2B9TNTHK3MSvxVD9Lx%2BZV12tmobuvwlgLKIsSZP49e3l0AUY4U69QE4Xs3YfybC%2FNCl5kfg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1624369883413081
content-type: image/webp
expires: Tue, 13 Jul 2021 19:57:50 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 594083
accept-ranges: bytes
cf-ray: 66dcd7c5ba0dd6bd-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame AB7D 43 B
702 B 86ms
46ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519575&v=14098&q=379092&r=412871&pv=1&pref3=oneidVx7fwfmfEdghVHbHAtRt8bGU5tzTzQkoneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Jul 2021 19:57:50 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame AB7D 38 KB
39 KB 52ms
51ms Image
image/webp 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Mon, 12 Jul 2021 19:57:50 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 523544
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ADPycduzEsKmHJ9XnazLcgyIST6JAnrdiSfNTGNTLcRjC2_OeQmEIoOlDWqmbWhdU_P8K9SQp2VPTK-eDFCqk-eckddlwWfK9Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 39202
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=8lsQlotqBmTwjACSmSOK15hfaUWdC%2FS%2BrLYP9MidLj2LG0KeShws1sRFN8AypM9CGXGSnIz9PBLeGIwFySXRQ%2BZHHpk71JkE8Hg2OWEIJz2VFHWuWr8By8dS5cc3vI2VSFM4DO0W4w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Tue, 13 Jul 2021 19:57:50 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 66dcd7c5ba10d6bd-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame AB7D 113 KB
113 KB 34ms
32ms Image
image/webp 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Mon, 12 Jul 2021 19:57:50 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 519559
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ADPycds0a9SwZTCzEc33e8SYPnGf46wKHYPGSLocvC9Hkd-remaq7J29nilNwcjqfltvEfedVX9AwqjCcYNYKIL59W_o7khgzQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 115268
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=UbzSrYHCwj4OiKyfuzI6NqIaWUg%2BFC%2BqURy2oY%2Fi6o18bg%2B8dZ4r0pKt0GOYhz6hKmHrQVROcqaTzOZbXdC9BiHxtDIuxXpM1O56lXPhzLaHh43B16LBS5Sx5%2BHteD6e6fLFYBxdUw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Tue, 13 Jul 2021 19:57:50 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 66dcd7c5ba13d6bd-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame AB7D 43 B
705 B 105ms
53ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneidDjeT3fwfe9T3HmH9t1tEjxT4tmTk8roneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Jul 2021 19:57:50 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
assets.ad4m.at/logo/ Frame AB7D 38 KB
38 KB 55ms
54ms Image
image/webp 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d997fba7832cb78b0933a9eb2ce191d53234c978e25c6c8fc50c75923ea8405e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=RkBJ3g==, md5=Kw4C6d3nfjHTjXjXPcaeTw==
date: Mon, 12 Jul 2021 19:57:50 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 526891
cf-polished: origFmt=png, origSize=77267
x-guploader-uploadid: ADPycdu0NdDV6uwVZ6V13FVfdyR8XwOYKSgjjNc0acRxVoEA3EnSDftyN5e9NVmePTjPRBpccOWs0YG6A3qSHVVM05SbZtkZjg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 38696
last-modified: Wed, 22 Jan 2020 13:11:48 GMT
server: cloudflare
etag: "2b0e02e9dde77e31d38d78d73dc69e4f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=BfO4N2reINHlN1G49gICS3aFz0lUd0RrcNE4XIeUSjcxdOC8gDriE4jIXE96j2kouz7q6yJWLKPZA%2F0YwlAMd1hlHPjl1asbTorxK7JUVDFs7nl31vq2eddBkc0E7pKEWSsIc8Hhwg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698708801217
content-type: image/webp
expires: Tue, 13 Jul 2021 19:57:50 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 77267
accept-ranges: bytes
cf-ray: 66dcd7c5ba16d6bd-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
assets.ad4m.at/ Frame AB7D 84 KB
84 KB 32ms
32ms Image
image/jpeg 2606:4700:3039::6815:c045
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c045 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4832f5768a8d71f5e7504a48274d822a72e79b39fe43a071c13852097da8ec6b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=e08Zuw==, md5=psibsHmVB2WUau7aQuE9AQ==
date: Mon, 12 Jul 2021 19:57:50 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1638022
cf-polished: origSize=90165, status=webp_bigger
x-guploader-uploadid: ABg5-UwpHlAtA2qVPfv3ecx4V7j-_tqzuivxuNwBFwB9F0Tqg3buBEkTuErpWsLNYW6yOWM3URGwbMAmc2fRHKIfAFA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 85604
last-modified: Wed, 09 Oct 2019 16:06:53 GMT
server: cloudflare
etag: "a6c89bb079950765946aeeda42e13d01"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=FYotaMq%2BhMK3YrkxroU2XwOaUsy9uXqOq6VN38fwU9WlXCIPB%2BU8boU%2FT9jM2FxzhqQNzqu1CJjRh%2B2y8MGhCuRI%2F%2FoZ14pE%2BiB3CR2KkXbVIUajMc4cSlia5Ws8WQqjbNow3PNrPg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1570637213281727
content-type: image/jpeg
expires: Tue, 13 Jul 2021 19:57:50 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 90165
accept-ranges: bytes
cf-ray: 66dcd7c5ba19d6bd-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame ABB0 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Mon, 12 Jul 2021 19:05:51 GMT
expires: Tue, 12 Jul 2022 19:05:51 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3119
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8628 783 B
531 B 17ms
17ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1f4019ce803f7158dfbf40a32b62581626e33ee2591afc9426e9e17d3af96702

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hAAUO7dTJyclI03n4xrmzw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pastelink.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pastelink.net/

Response headers

expires: Mon, 12 Jul 2021 19:57:50 GMT
date: Mon, 12 Jul 2021 19:57:50 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-hAAUO7dTJyclI03n4xrmzw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame AB7D 12 KB
12 KB 176ms
101ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: d5e7ebf984011b329219fd568f79a9d0384178d19914e9626885d2918f25e9f9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Jul 2021 19:57:50 GMT
Last-Modified: Mon, 12 Jul 2021 19:57:50 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 s-OE46cnkXGFQoo4r8zhnqxzG88VmeLG6mk72mZMPyg.js Show response
pagead2.googlesyndication.com/bg/ Frame ABB0 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/s-OE46cnkXGFQoo4r8zhnqxzG88VmeLG6mk72mZMPyg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3e384e3a727917185428a38afcce19eac731bcf1599e2c6ea693bda664c3f28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 16:05:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 359519
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13247
x-xss-protection: 0
last-modified: Tue, 06 Jul 2021 09:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Jul 2022 16:05:51 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210708&jk=2578164719563388&bg=!QEOlQwfNAAZjFomlYxY7ACkAdvg8WqlDMzJ79NISO7Ql5sPp-8oWAPEANsoGJKno5OD-plXv0ZwjrgIAAABUUgAAAAtoAQcKADcsUEN5L9rzW1gsiNSuJ1HzZLuKR0xwyOLDC25egCBVcoqSGj8yPLJasUo7jMyRvAOyF0pHJjTtmQJzGN2ALn9vjqouuQCP_qI3eg7X3ajtvgSGd6_M2XcCWURT_G-GaeBNw0qTRS7xOMNwWtMh4QuEiUaj8Gzv9YPLGPtkpPOvE3I4NFxXpLsruqnAj7Gq070NZz7nVpp3VhOwNtpJghInTFa5GGisK-0LN1kuCLxGIcMcIzumIPjH0PijwsGEwoHYiPEdzKNleOKcZQWaL0sBr-2lPcK8LSh0jLaXuWZN3tlclpZ9qhNlUcgQTNGcHegmOrl6RefJmKxzYJReOwgH-KkxMkY4MqzOxQeYokkkYI16q3-N8Cx6haZP7KAtUy_OUZec9Qm62KM8c-Wlmvq_98ygCUgo0QMLFYAJS2UGRG31wMeMvLUf5uxajL6qRAY7-oegqdv2kK6ia-7J2yONeD2W8DreO5TbCZKnD6o1DUXjIk0oyGUlkUqONDVLjT3GX5AAdGnDHiMh59MqVtOEr0u1AtOmq5rb3aYW9l52YI1cjUUNzE7-qhmqB0bIpJh0NB4iN6sESvJJQLP9PhHOc4QqLqah8kumE3BNSEno-M7O46rZldaj4qOfCnNRYDHd1jogkmaJpeLmaU7hbGkUEW_emH06LmmROEVgJ0Nc8K2QsGe-aDzjEBiKM43SDpAe3_nIc4JOk-9EjRDj2DtcOFfcA7058uGhBNb5-J2u7rJvXWDrYTCQuUeVQ-YLICdJdxzCgVFot3DmzLlPiA5Qz9QQhW9ieevIytMn3_KiIyw7G3vNdwcL3CNxvujyrMDDiRPOCyTrSNCUabFnmXfu64Bie872ogcCwCwYkBPdT4CeV9ki9Ny76SKj7G_6C3Nye4eKKsXRAA5mQi3q

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 19:57:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame AB7D 59 KB
60 KB 96ms
31ms Script
application/javascript 13.224.99.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.99.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-99-121.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a91a21b8a5843a8d8fac4d3916d5eb926ea4917b7d27dbee00ae068f4dd9d07e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 9gxRQLkEbSwlqYx89yHTPWBPBM9yYdWx
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
last-modified: Mon, 28 Jun 2021 16:00:47 GMT
server: AmazonS3
age: 50997
etag: "edfa65aada7c65cbe3a78f39f8444ab3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 12 Jul 2021 05:47:56 GMT
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 60765
x-amz-cf-id: 5EwBW6n8mH1mF0zlgxgKEugmKzJIjWiWsKm3_TtYUYfq1XCHAtFm_Q==

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame AB7D 79 B
374 B 95ms
35ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=.8a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1V4Aqumkav0iLs2dI_AIQjvEodUW2vqCRc7L1eLY6Refs.BN1eN_D9ctJ9XvjvEnHjnFyxYMJ5tFFg4K1kl1BNlY6RcQpw.1Dq&wgcookie=%7B%22wgifp12607%22%3A%5B%221384975%22%2C%2212607%22%2C%22713569%22%2C%22%22%2C%221626119870%22%2C%22%22%2C%22%22%2C%22%22%2C%221781639870%22%2C%22oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz%22%5D%7D&wgchecksum=8915ae7933106de81ce0feeb6341b8c0&userIP=89.249.64.203&doAffectv=1&wgtime=1626119870
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Brixton, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 81-29-72-47.servers.dedipower.net
Software: Apache /
Resource Hash: 17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Jul 2021 19:57:50 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame AB7D 85 KB
85 KB 61ms
23ms Image
image/png 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=1384975&viewref=oneidP3zUBfbfRbzh7CjHbtMtPzEHbtgtPproneid__asuid7vdcqiX9wN-uvKyfxSNBxcbbjuwSHWE7asuid__webplexmedia_advancedad_300x250&wglinkid=713569
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23567%2C823%2C24673&b=Vx7fwfmfEdghVHbHAtRt8bGU5tzTzQk%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=m3AsefGfJpzSmHZHZtQCEjYsjtwTX8A%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=120&d=600&e=&g=952143c1e8fd562717144ff5fbaf1299%2F592653205059671566&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21sw2bfgbsenx6qqh6hyvjpnjtwkmwbmbcxvzrqxfx9apeyk28c4d82cx8efffadztf4cz9zy1fbqhwt4cb2by4saps43kkswz7xt61s3ywn98s9hxs21w9pjgsqt68snt4zx8sc4zftmcpgm9b8b96e7b61epkqt8t3as7w0g7tsteg8df05wcpj16pk6txxy4gbc68z2cqnf7rdf2gndk5dverwsqtg0gkrna1751yrx8jt0efdtaxr7ah8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe12DvZ7sYI_QOLCC2fcPo_mKwA2Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTE3NTA4NTYyMzkyMDQ0MTSgAcKu6N0DyAEJqQIs3aPEEeizPqgDAaoEogFP0IT0UvUDphEfEshBGjXTPqqgmGBAd3elVcjPsH4sRRUtUZMvfR40JjDxMtJeZHSoSAh-gIV_YG4QeYHw4PNWVk7nnJWjtLZ-pEzlFSU7gdDSqqQAfaSi-Ya4Q7tBG6ZJqngjrYRf99TuvHOMxTayMuHJHefIIEm0MkTUm0DNYbC3drbIRamMCQeUXkEiF2--idVGFuPP-U9fdmDCkk27rnmABv6UqZKnj8n4_gGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_34GVMUjlX6uwv7uTkz0SPt_gdwJw%2526client%253Dca-pub-1750856239204414%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 272d25a3bc4e780b90797dc968a382dbccaa40157d7612ace2f59f2768a6bb86

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Jul 2021 19:57:50 GMT
Last-Modified: Mon, 12 Jul 2021 19:57:50 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fp_decode.html Show response
track.webgains.com/ Frame AB7D 63 B
270 B 109ms
36ms Fetch
application/json 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/fp_decode.html?wgpayload=s0a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1V4Aqumkmkxf_i.uJtHoqvynx9MsFyxYM914Ve_clrKU.0Y.KI3dlK69WJMSzOyPKyP6rgPuVr914VecL57GY5BNv_2TjV..Vh
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e

Request headers

Accept: application/json
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Jul 2021 19:57:50 GMT
Server: Apache
Connection: close
Keep-Alive: timeout=1, max=100
Content-Length: 63
Content-Type: application/json

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A844 42 B
64 B 15ms
14ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuz8eIQA461HPCj1byM5eOKwIMbcujNbJmXgPOG_dWNByu85le0HhtygrNwH-aexBEOp-nn-xb03j_hGXn7Gj33LPneHefwFQ&sig=Cg0ArKJSzKd_TUIjKnLXEAE&cid=CAASF-RotRQQByFNhUlP-Q0jRsxgwBeAc_Nd&id=lidar2&mcvt=1000&p=323,1074,923,1194&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210709&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=930862125&rs=2&met=ie&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1626119869913&dlt=159&rpt=63&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 19:57:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame AB7D 16 B
232 B 89ms
89ms Fetch
application/json 54.72.233.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.72.233.75 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-72-233-75.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.19

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 12 Jul 2021 19:57:51 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.19
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 102ms
30ms Preflight 54.72.233.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 54.72.233.75 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-233-75.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 12 Jul 2021 19:57:51 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YOyevvwzDhR5NnuBqDWQlAAABHMAAAIB&google_cver=1&google_gid=CAESEKrauGtiktDsIGnm-AN-LTo&google_push=AYg5qPJpzWIzhHqQ1rVBDb4beQ26d_jIn4Pk_v14CJagN3j7upDUZNMj3C9cpqIDsbI6PDb5jNqmPAy69pZmj27d9uoD4zJpg7g

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 05:03:35	Name: IDE Value: AHWqTUkew4PHIIb2SQ3-i5LZ_Q8X1LDsBGwTYyr3OWJqzmgZi6BmL_ZJHe_SFp7_4aM
.pastelink.net/	1970-01-20 13:13:11	Name: _ga Value: GA1.1.1524733376.1626119870
.pastelink.net/	1970-01-20 05:03:35	Name: __gads Value: ID=3ef5cdd57f2a3c77-22cef8e76ac90043:T=1626119869:RT=1626119869:S=ALNI_Mbh0w1WHK8n92vPQtBY4IiI75ubJw
.pastelink.net/	1970-01-20 13:13:11	Name: _ga_S3DKHVPF03 Value: GS1.1.1626119869.1.0.1626119869.0
.pastelink.net/	1970-01-19 19:43:26	Name: _gid Value: GA1.2.1634780083.1626119870
.pastelink.net/	1970-01-19 19:41:59	Name: _gat_UA-55088947-2 Value: 1
pastelink.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: ffa3it8n2qglsioj1aqn1uip6q

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://analytics.webgains.io/pvClk.min.js(Line 1) Message: Webgains [object Object]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad4m.at
adservice.google.com
adservice.google.de
analytics.webgains.io
api.webgains.io
as.ad4m.at
assets.ad4m.at
cm.g.doubleclick.net
cms.quantserve.com
code.jquery.com
d.agkn.com
diapi.webgains.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
image6.pubmatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pastelink.net
pixel.everesttech.net
pixel.rubiconproject.com
prod-rtb.ad4mat.net
rtb.openx.net
static-de.ad4mat.net
tpc.googlesyndication.com
track.webgains.com
www.awin1.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
cm.g.doubleclick.net
104.111.239.217
13.224.99.121
142.250.181.226
142.250.185.66
185.64.189.115
2001:4de0:ac18::1:a:1a
2600:1901:0:76b9::
2606:4700:3032::6815:57ae
2606:4700:3039::6815:c045
2a00:1450:4001:803::2002
2a00:1450:4001:803::2003
2a00:1450:4001:808::200e
2a00:1450:4001:811::2002
2a00:1450:4001:812::2008
2a00:1450:4001:827::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2002
2a00:1450:4001:831::2004
2a01:7e00::f03c:91ff:fe39:1dbe
35.157.140.213
35.186.253.211
46.236.13.147
54.72.233.75
69.173.144.138
81.29.72.47
91.228.74.226
99.80.199.35
04b1f8cb2f5e15aeddb7c25f1ecd30ec677874fbbc28a43cbae37a32ab5d01e1
04bcd86676a40009fe53606bce88edf13537b712f218f9c6057e97c612513092
052745ac9533edaeeb46d02397919864f41642700f1dd36d4775b1f5287bd97b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c8294539e26ea6cba307df83c91eb8e82e967084577d67575f57d191cee87e9
0dfc6963fb114588887432268114a1bb0a5e4692eaeafc9e755c7d4ad92546e2
17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5
1d4500ade0135011844ea3483dc72aed9b77783e9d4fe7f2220dc36a62abb455
1f4019ce803f7158dfbf40a32b62581626e33ee2591afc9426e9e17d3af96702
20b3bad1427e2212dd847357841f993f025b5061c4af1d382dcc727e102cc1e4
262b2a0bae52d6afe2f44127d9e9bf02205ad9d02d6be840f0b8440a45db0f19
272d25a3bc4e780b90797dc968a382dbccaa40157d7612ace2f59f2768a6bb86
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
4736f2c9f9d252c0eded8f0c55198bc02e485d34db8984384dd0afa332bc2dba
4832f5768a8d71f5e7504a48274d822a72e79b39fe43a071c13852097da8ec6b
4c0ad0422729529764cebf5a89b77270e20a63df2368f2b7a1e07f6a50d9cfbd
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5314e2831216e18c4ff39e8f8a8b2202958310ce42913c75edb0daa9064bfa46
54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46
5595a592e5e93a111e8b48e225a826b874b635dc219787efedf806d3aa13f223
56b0826ab31396372369c64c7ee3702c939c93e5f6a7da93829ea0f40079e3c1
6a2a42ff5e9edef5ece13310e35ab6f4500725823c8d1e7b951124d3c1726cbb
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
736e1679b341206c435156f566998d48ad309ec22e277c12da51973bb42671c3
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23
7e5e8d7a52cffab98c6c3957e1c30af475c697d4d50ba91aeab0b11eea32a166
84e1430c29f56aa89214ecec6614c175a4b6b032ac75d2bc9aa37b83b87012c1
84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e
85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa
8d396e0ef356abb23c37f8aa1c8035d5ca45ae91c6d7745f7aa2678258408466
9346d626912694d5ce3d903186eba5c133d05750655f3e067b4904079a3094d0
980a0ed841d025e07f7ffc83943d26b590abfd96c857a19ac76394099a35c67e
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a91a21b8a5843a8d8fac4d3916d5eb926ea4917b7d27dbee00ae068f4dd9d07e
aa07f7ae03823db9270b194410184e549895123ae7e396213a6cfcab32260191
b3e384e3a727917185428a38afcce19eac731bcf1599e2c6ea693bda664c3f28
b5bd7873b5493abf56970fd4878852eb1616e6ebba9cb192a13cf7e1b644efc3
c0a7474a875c2940fd8b3d1c478c797d47849a020f82be9bdc6fac2e4aa3020b
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
c35529095f6b1a1b2f9345e8d7e86532048ffbfdd082f03ed114be88865388df
c61697412cc59989e4eee0d73b88388554d608bf9f9fd9217818245794c7ce13
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa
d5e7ebf984011b329219fd568f79a9d0384178d19914e9626885d2918f25e9f9
d997fba7832cb78b0933a9eb2ce191d53234c978e25c6c8fc50c75923ea8405e
e09e11efa5d7d536dd53c9b4b08ec9736c76971ab3a0309d30b9f5423325a98f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eac3033c19c844c6c80848a212d52dbdce97c244fce3dbbd97f89ecac33adada
eb7f1a3c1bb026a6749c8283a43307eacea70eb4f39387861bb8293bf0cb914c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff43600c228c39295ac3c0768717186ef6d68e1358a325b310a757bf53d265b3

pastelink.net Open in urlscan Pro 2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

74 Requests

99 %HTTPS

54 %IPv6

23 Domains

31 Subdomains

24 IPs

5 Countries

1405 kBTransfer

2221 kBSize

7 Cookies

4 Outgoing links

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pastelink.net Open in urlscan Pro
2a01:7e00::f03c:91ff:fe39:1dbe Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

99 %
HTTPS

54 %
IPv6

23
Domains

31
Subdomains

24
IPs

5
Countries

1405 kB
Transfer

2221 kB
Size

7
Cookies

74 HTTP transactions
1 data transactions