pastebin.com Open in urlscan Pro
2606:4700:10::6814:d115  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

• https://edba.brealtime.com/ HTTP 302
• https://s3.amazonaws.com/brt-appnexus-cookie-sync/1x1.gif

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 728x90_custom_safe.php Show response pastebin.com/adserver/	1 KB 1020 B	463ms 433ms	Document text/html	2606:4700:10::6814:d115 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://pastebin.com/adserver/728x90_custom_safe.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6814:d115 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 0bdf1f83ff26a6834a8f829fd313f38c41e9108e9e36a79d7fcfdd508e2f3c92 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers :method GET :authority pastebin.com :scheme https :path /adserver/728x90_custom_safe.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-mode navigate sec-fetch-user ?1 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 sec-fetch-site none accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Response headers status 200 date Sat, 24 Aug 2019 02:43:11 GMT content-type text/html set-cookie __cfduid=d23450912526c24e008961b0ba80509001566614591; expires=Sun, 23-Aug-20 02:43:11 GMT; path=/; domain=.pastebin.com; HttpOnly vary Accept-Encoding x-xss-protection 1; mode=block content-encoding gzip expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 50b1fa2c2c6dcbb0-VIE
GET H/1.1	200 OK	024e069d-525f-46a7-911a-7c59471d8c75.js Show response d2na2p72vtqyok.cloudfront.net/client-embed/	77 KB 19 KB	1117ms 26ms	Script application/javascript	13.35.254.59 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js Requested by Host: pastebin.com URL: https://pastebin.com/adserver/728x90_custom_safe.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.35.254.59 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-35-254-59.fra6.r.cloudfront.net Software AmazonS3 / Resource Hash 8960d42e4e244d872dff0d3f298f7565cb0161f95e899458462633bcc6edcfda Request headers Sec-Fetch-Mode no-cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 09:54:28 GMT Content-Encoding gzip Connection keep-alive Last-Modified Thu, 22 Aug 2019 09:54:25 GMT Server AmazonS3 Age 146926 Vary Accept-Encoding X-Cache Hit from cloudfront x-amz-version-id DxqLVIaUNFIsd3YUql98wMcfAwujE2Cm Via 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront) Cache-Control max-age=31536000,public Transfer-Encoding chunked X-Amz-Cf-Pop FRA6-C1 Content-Type application/javascript X-Amz-Cf-Id 60XA-NP1mLosweOFd5vJ2TznWV0rWbAU_YZbdDyhhVuOQ2u8xN6heA==
GET H2	200	/ Show response geoip.insticator.com/json/	213 B 255 B	481ms 450ms	XHR application/json	2606:4700:10::6814:190b Cloudflare
General Check archive.org Show headers Download Go to Full URL https://geoip.insticator.com/json/ Requested by Host: d2na2p72vtqyok.cloudfront.net URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6814:190b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash d30591968c6ef8c4e7997f8b362f1cab5b3607f41606f4a3d670f34e4837939a Request headers Sec-Fetch-Mode cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers cf-ray 50b1fa36fa30cba4-VIE date Sat, 24 Aug 2019 02:43:13 GMT via 1.1 vegur server cloudflare status 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Origin content-type application/json access-control-allow-origin https://pastebin.com x-ratelimit-remaining 9995 access-control-allow-credentials true x-ratelimit-reset 1467 x-ratelimit-limit 10000 x-database-date Fri, 23 Aug 2019 12:25:41 GMT content-encoding gzip
GET H2	200	/ Show response geoip.insticator.com/json/	213 B 596 B	455ms 426ms	XHR application/json	2606:4700:10::6814:190b Cloudflare
General Check archive.org Show headers Download Go to Full URL https://geoip.insticator.com/json/ Requested by Host: d2na2p72vtqyok.cloudfront.net URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6814:190b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash d30591968c6ef8c4e7997f8b362f1cab5b3607f41606f4a3d670f34e4837939a Request headers Sec-Fetch-Mode cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers cf-ray 50b1fa36fa31cba4-VIE date Sat, 24 Aug 2019 02:43:13 GMT via 1.1 vegur server cloudflare status 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Origin content-type application/json access-control-allow-origin https://pastebin.com x-ratelimit-remaining 9996 access-control-allow-credentials true x-ratelimit-reset 1467 x-ratelimit-limit 10000 x-database-date Fri, 23 Aug 2019 14:39:52 GMT content-encoding gzip
GET H2	200	usertracking b2c.insticator.com/v4/pages/ Frame F8AA	0 0	467ms 423ms	Document text/html	2606:4700:10::6814:180b Cloudflare
General Check archive.org Show headers Download Go to Full URL https://b2c.insticator.com/v4/pages/usertracking Requested by Host: d2na2p72vtqyok.cloudfront.net URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6814:180b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash Request headers :method GET :authority b2c.insticator.com :scheme https :path /v4/pages/usertracking pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-mode nested-navigate accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 sec-fetch-site cross-site referer https://pastebin.com/adserver/728x90_custom_safe.php accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode nested-navigate Referer https://pastebin.com/adserver/728x90_custom_safe.php Response headers status 200 date Sat, 24 Aug 2019 02:43:13 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d4b719cf4ae6b4b33f8251aa18f4f10a51566614593; expires=Sun, 23-Aug-20 02:43:13 GMT; path=/; domain=.insticator.com; HttpOnly vary Accept-Encoding,Origin pragma max-age=3600 cache-control max-age=3600 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 50b1fa371e52cbc4-VIE content-encoding gzip
GET H2	200	instbid_1_34_release_20190807.js Show response df80k0z3fi8zg.cloudfront.net/files/	218 KB 66 KB	35ms 7ms	Script application/javascript	2600:9000:2057:f400:10:3422:3f00:21 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://df80k0z3fi8zg.cloudfront.net/files/instbid_1_34_release_20190807.js Requested by Host: d2na2p72vtqyok.cloudfront.net URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:9000:2057:f400:10:3422:3f00:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash 8075fe09e142b517a80252d1befdd7c1d6f4938ada76218ad6a2ac25d7aea997 Request headers Sec-Fetch-Mode no-cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id ZyO56HU_sYG3L.Nf3MAtxCLO1RTIEG4J content-encoding gzip last-modified Mon, 05 Aug 2019 21:52:22 GMT server AmazonS3 age 12850 date Fri, 23 Aug 2019 23:17:21 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-pop FRA6-C1 x-amz-cf-id 9QzkSPjxf5rtKRm6P2H0Ux7nFi3vJm0pg-1A4FENSRFexm7Vrk7cvQ== via 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
GET H2	200	apstag.js Show response c.amazon-adsystem.com/aax2/	69 KB 20 KB	91ms 38ms	Script application/javascript	99.86.1.198 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/aax2/apstag.js Requested by Host: d2na2p72vtqyok.cloudfront.net URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.86.1.198 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-99-86-1-198.fra6.r.cloudfront.net Software Server / Resource Hash 781c5596f9a65325ecfa652e4fe12760d429b1cf3070be38eb5d42ce6d83eb6d Request headers Sec-Fetch-Mode no-cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 23 Aug 2019 21:32:36 GMT content-encoding gzip server Server age 18636 etag 2651fa4bf4c1a481572051f7f35c8f68 x-cache Hit from cloudfront content-type application/javascript status 200 cache-control public, max-age=86400 x-amz-cf-pop FRA6-C1 accept-ranges bytes timing-allow-origin * x-amz-cf-id ULTGKte1YzekxDPyX26zkL4oKJb_xaFIvi-noQsH83w4uwuLDLzrYw== via 1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
POST		v1 dmx.districtm.io/b/	0 0
GET		header hb.aralego.com/	0 0
POST H/1.1	200 OK	prebid Show response ib.adnxs.com/ut/v3/	19 B 707 B	58ms 18ms	XHR application/json	185.33.223.80 AppNexus
General Check archive.org Show headers Download Go to Full URL https://ib.adnxs.com/ut/v3/prebid Requested by Host: df80k0z3fi8zg.cloudfront.net URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_1_34_release_20190807.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US), Reverse DNS 251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.13.4 / Resource Hash 2544182fb9a0a2f65dac966c91bcbcb8239798c4c5d8278f0fd6d9f4056d301e Security Headers Name Value X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Type text/plain Response headers Pragma no-cache Date Sat, 24 Aug 2019 02:43:15 GMT X-Proxy-Origin 82.102.19.132; 82.102.19.132; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.80:80 AN-X-Request-Uuid 27ee7bb2-24d9-432e-9c66-70706dc5d55c Server nginx/1.13.4 P3P policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin https://pastebin.com Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json; charset=utf-8 Content-Length 19 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
POST H/1.1	200 OK	prebid Show response ib.adnxs.com/ut/v3/	144 B 1 KB	91ms 32ms	XHR application/json	185.33.223.80 AppNexus
General Check archive.org Show headers Download Go to Full URL https://ib.adnxs.com/ut/v3/prebid Requested by Host: df80k0z3fi8zg.cloudfront.net URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_1_34_release_20190807.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US), Reverse DNS 251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.13.4 / Resource Hash 3d7058473c3e974c7fa9af0b94bd015c5e033e53012bbd08383c7e13eb0ad5f6 Security Headers Name Value X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Type text/plain Response headers Pragma no-cache Date Sat, 24 Aug 2019 02:43:15 GMT X-Proxy-Origin 82.102.19.132; 82.102.19.132; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.45:80 AN-X-Request-Uuid 9e0d14c0-5146-47bb-ae59-d8e6dba65472 Server nginx/1.13.4 P3P policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin https://pastebin.com Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json; charset=utf-8 Content-Length 144 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	trinity.json Show response apex.go.sonobi.com/	51 B 666 B	1359ms 24ms	XHR application/json	178.162.133.150 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://apex.go.sonobi.com/trinity.json?key_maker=%7B%221087553906d1b21%22%3A%224c4c920a6cf262ee66db%7C728x90%22%7D&ref=https%3A%2F%2Fpastebin.com%2Fadserver%2F728x90_custom_safe.php&s=34c6c567-effe-48d7-bf81-6ba030315e9d&pv=6096c151-01ef-4a9f-9697-96b7e6b470a5&vp=desktop&lib_name=prebid&lib_v=1.34.0&us=5& Requested by Host: df80k0z3fi8zg.cloudfront.net URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_1_34_release_20190807.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS ams-1-apex.go.sonobi.com Software sonobi-go / Resource Hash e2373b98ecc2dd77e9f9787d7c2c0408e088371f33164036f3295a348c401029 Security Headers Name Value X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Type text/plain Response headers Pragma no-cache Date Sat, 24 Aug 2019 02:43:14 GMT Content-Encoding gzip Server sonobi-go Vary negotiate,Accept-Encoding X-Go-Server apex-ams-1-6-129 P3p CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Access-Control-Allow-Origin https://pastebin.com Cache-Control no-cache, no-store, private Access-Control-Allow-Credentials true Tcn Choice Content-Type application/json Content-Length 79 X-Xss-Protection 0 Expires Sat, 26 Jul 1997 05:00:00 GMT
GET		imp g2.gumgum.com/hbid/	0 0
POST		/ hb.emxdgt.com/	0 0
POST H/1.1	200 OK	prebid Show response ib.adnxs.com/ut/v3/	19 B 708 B	107ms 18ms	XHR application/json	185.33.223.80 AppNexus
General Check archive.org Show headers Download Go to Full URL https://ib.adnxs.com/ut/v3/prebid Requested by Host: df80k0z3fi8zg.cloudfront.net URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_1_34_release_20190807.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US), Reverse DNS 251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.13.4 / Resource Hash 2544182fb9a0a2f65dac966c91bcbcb8239798c4c5d8278f0fd6d9f4056d301e Security Headers Name Value X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Type text/plain Response headers Pragma no-cache Date Sat, 24 Aug 2019 02:43:15 GMT X-Proxy-Origin 82.102.19.132; 82.102.19.132; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.249:80 AN-X-Request-Uuid 3f561760-3218-4690-aa99-bd640e28552e Server nginx/1.13.4 P3P policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin https://pastebin.com Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json; charset=utf-8 Content-Length 19 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	aps_csm.js Show response c.amazon-adsystem.com/bao-csm/aps-comm/	6 KB 3 KB	6133ms 48ms	XHR application/javascript	99.86.1.198 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.86.1.198 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-99-86-1-198.fra6.r.cloudfront.net Software AmazonS3 / Resource Hash 6d6f482982f8f1a1814e279ff50df4ccc301533ca9655e4d080d6b90ec69d69e Request headers Sec-Fetch-Mode cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 23 Aug 2019 07:07:30 GMT content-encoding gzip vary Origin age 70550 x-cache Hit from cloudfront status 200 access-control-allow-origin * last-modified Fri, 24 Aug 2018 07:13:51 GMT server AmazonS3 access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript via 1.1 7ce1191b390045e05b9cc74f7514b77b.cloudfront.net (CloudFront) cache-control public, max-age=86400 x-amz-cf-pop FRA6-C1 x-amz-cf-id mNcqm5O_GsTY3sOTt9598EAc2rbsDuTKEcnvke0580GEUvujmhK6Fg==
POST H2	201	event Show response event.insticator.com/v1/	0 135 B	131ms 131ms	XHR text/plain	2606:4700:10::6814:190b Cloudflare
General Check archive.org Show headers Download Go to Full URL https://event.insticator.com/v1/event?event_name=event_pageview Requested by Host: d2na2p72vtqyok.cloudfront.net URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6814:190b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Access-Control-Allow-Origin * Sec-Fetch-Mode cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-type application/json Response headers date Sat, 24 Aug 2019 02:43:14 GMT server cloudflare status 201 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Origin access-control-allow-origin https://pastebin.com access-control-allow-credentials true cf-ray 50b1fa3def64cba4-VIE content-length 0
GET H2	200	gpt.js Show response www.googletagservices.com/tag/js/	35 KB 12 KB	38ms 38ms	Script text/javascript	2a00:1450:4001:80b::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/tag/js/gpt.js Requested by Host: d2na2p72vtqyok.cloudfront.net URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 3b64b78ea3c5e5404dac9635035b7bc1b8396dc5ccfdffcb0f363a93175bee02 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 24 Aug 2019 02:43:15 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "258 / 299 of 1000 / last-modified: 1566588896" vary Accept-Encoding content-type text/javascript status 200 cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39" content-length 12448 x-xss-protection 0 expires Sat, 24 Aug 2019 02:43:15 GMT
GET H2	200	728x90_backfill.php Show response pastebin.com/adserver/ Frame 5CF8	702 B 505 B	140ms 139ms	Document text/html	2606:4700:10::6814:d115 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://pastebin.com/adserver/728x90_backfill.php Requested by Host: d2na2p72vtqyok.cloudfront.net URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6814:d115 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 5eade3c21e172f24282870997a849787ca96c92dc3c750e6c106640fc1a678d7 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers :method GET :authority pastebin.com :scheme https :path /adserver/728x90_backfill.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-mode nested-navigate accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 sec-fetch-site same-origin referer https://pastebin.com/adserver/728x90_custom_safe.php accept-encoding gzip, deflate, br cookie __cfduid=d23450912526c24e008961b0ba80509001566614591; InstiSession={"id":"de8ea4b2-b8a3-41cf-a973-ae0158defa75","referrer":"","campaign":{"source":null,"medium":null,"campaign":null,"term":null,"content":null}}; visitorGeo=DE; Insticator.geoBlockAds-024e069d-525f-46a7-911a-7c59471d8c75=false; Insticator.geoBlockedEmbeds-024e069d-525f-46a7-911a-7c59471d8c75=[]; visitorFloorTier=1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode nested-navigate Referer https://pastebin.com/adserver/728x90_custom_safe.php Response headers status 200 date Sat, 24 Aug 2019 02:43:15 GMT content-type text/html vary Accept-Encoding x-xss-protection 1; mode=block content-encoding gzip expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 50b1fa435f25cbb0-VIE
GET H2	200	integrator.js Show response adservice.google.de/adsid/	109 B 171 B	15ms 15ms	Script application/javascript	2a00:1450:4001:80b::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=pastebin.com Requested by Host: d2na2p72vtqyok.cloudfront.net URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash 0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers timing-allow-origin * date Sat, 24 Aug 2019 02:43:15 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." status 200 cache-control private, no-cache, no-store content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39" content-length 104 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	109 B 171 B	14ms 14ms	Script application/javascript	2a00:1450:4001:80b::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=pastebin.com Requested by Host: d2na2p72vtqyok.cloudfront.net URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash 0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers timing-allow-origin * date Sat, 24 Aug 2019 02:43:15 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." status 200 cache-control private, no-cache, no-store content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39" content-length 104 x-xss-protection 0
GET H2	200	pubads_impl_2019082201.js Show response securepubads.g.doubleclick.net/gpt/	158 KB 58 KB	69ms 68ms	Script text/javascript	216.58.207.34 Google LLC
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019082201.js Requested by Host: d2na2p72vtqyok.cloudfront.net URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.58.207.34 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra16s24-in-f2.1e100.net Software sffe / Resource Hash f8e8baebac4f64ee22208b08a36fa7bb4996b541e95b03f978e7318bf2c8b362 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://pastebin.com/adserver/728x90_custom_safe.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 24 Aug 2019 02:43:15 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 22 Aug 2019 13:08:19 GMT server sffe vary Accept-Encoding content-type text/javascript status 200 cache-control private, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 59542 x-xss-protection 0 expires Sat, 24 Aug 2019 02:43:15 GMT
GET		pastebin.min.css pastebin.com/i/ Frame 5CF8	0 0
GET H2	200	chrome_banner.png pastebin.com/i/ Frame 5CF8	18 KB 18 KB	18ms 18ms	Image image/png	2606:4700:10::6814:d115 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://pastebin.com/i/chrome_banner.png Requested by Host: pastebin.com URL: https://pastebin.com/adserver/728x90_backfill.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6814:d115 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash a4f94e8b16daab342f76fb5444963d0c1ab64a8be1157d3ba7de481841d06345 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers Sec-Fetch-Mode no-cors Referer https://pastebin.com/adserver/728x90_backfill.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 24 Aug 2019 02:43:15 GMT cf-cache-status HIT age 1929518 status 200 content-length 18226 x-xss-protection 1; mode=block last-modified Thu, 24 May 2018 09:39:14 GMT server cloudflare etag "5b068842-4732" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png cache-control public, max-age=7776000 accept-ranges bytes cf-ray 50b1fa445fddcbb0-VIE expires Fri, 22 Nov 2019 02:43:15 GMT
GET		1x1.gif s3.amazonaws.com/brt-appnexus-cookie-sync/ Redirect Chain https://edba.brealtime.com/ https://s3.amazonaws.com/brt-appnexus-cookie-sync/1x1.gif	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

dmx.districtm.io

URL

https://dmx.districtm.io/b/v1

Domain

hb.aralego.com

URL

https://hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&host=pastebin.com&u=https%3A%2F%2Fpastebin.com%2Fadserver%2F728x90_custom_safe.php&ru=&adid=ad-9A2AA8292BBD6B2214E967E797738492&w=728&h=90&

Domain

g2.gumgum.com

URL

https://g2.gumgum.com/hbid/imp?si=18045&pi=3&gdprApplies=true&gdprConsent=null&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fpastebin.com%2Fadserver%2F728x90_custom_safe.php&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain

hb.emxdgt.com

URL

https://hb.emxdgt.com/?t=3000&ts=1566614593154

Domain

pastebin.com

URL

https://pastebin.com/i/pastebin.min.css

Domain

s3.amazonaws.com

URL

https://s3.amazonaws.com/brt-appnexus-cookie-sync/1x1.gif

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Insticator object| InsticatorApp object| googletag object| instBid number| insticatorVideoLoopCount object| insticatorQueue undefined| embedUUID function| checkAndConfirmEmbedUUID function| embedLoad function| appendEmbedElements object| ads_list object| embeds_list boolean| isPageviewSent boolean| instcatorIframeLoaded object| apstag function| instBidChunk object| __core-js_shared__ object| _clrm object| insticatorUserTrackingMessage object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken undefined| google_measure_js_timing boolean| google_noFetch number| __google_ad_urls_id

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			pastebin.com/	1970-01-19 03:11:40	Name: Insticator.geoBlockedEmbeds-024e069d-525f-46a7-911a-7c59471d8c75 Value: []
			pastebin.com/	1970-01-19 03:11:40	Name: visitorGeo Value: DE
			.insticator.com/	1970-01-19 11:55:50	Name: __cfduid Value: d4b719cf4ae6b4b33f8251aa18f4f10a51566614593
			pastebin.com/	1970-01-19 03:10:16	Name: InstiSession Value: {"id":"de8ea4b2-b8a3-41cf-a973-ae0158defa75","referrer":"","campaign":{"source":null,"medium":null,"campaign":null,"term":null,"content":null}}
			pastebin.com/	1970-01-19 03:11:40	Name: Insticator.geoBlockAds-024e069d-525f-46a7-911a-7c59471d8c75 Value: false
			.pastebin.com/	1970-01-19 11:55:50	Name: __cfduid Value: d23450912526c24e008961b0ba80509001566614591

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js(Line 1) Message: dom ready!
console-api	log	URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js(Line 1) Message: topFrame:
console-api	log	URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js(Line 1) Message: params:
console-api	log	URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js(Line 1) Message: Cookie enabled, set cookie
console-api	log	URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js(Line 1) Message: session:
console-api	log	URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js(Line 1) Message: Send pageview now
console-api	log	URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js(Line 1) Message: formatedPageview:

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
apex.go.sonobi.com
b2c.insticator.com
c.amazon-adsystem.com
d2na2p72vtqyok.cloudfront.net
df80k0z3fi8zg.cloudfront.net
dmx.districtm.io
event.insticator.com
g2.gumgum.com
geoip.insticator.com
hb.aralego.com
hb.emxdgt.com
ib.adnxs.com
pastebin.com
s3.amazonaws.com
securepubads.g.doubleclick.net
www.googletagservices.com
dmx.districtm.io
g2.gumgum.com
hb.aralego.com
hb.emxdgt.com
pastebin.com
s3.amazonaws.com
13.35.254.59
178.162.133.150
185.33.223.80
216.58.207.34
2600:9000:2057:f400:10:3422:3f00:21
2606:4700:10::6814:180b
2606:4700:10::6814:190b
2606:4700:10::6814:d115
2a00:1450:4001:80b::2002
99.86.1.198
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0bdf1f83ff26a6834a8f829fd313f38c41e9108e9e36a79d7fcfdd508e2f3c92
2544182fb9a0a2f65dac966c91bcbcb8239798c4c5d8278f0fd6d9f4056d301e
3b64b78ea3c5e5404dac9635035b7bc1b8396dc5ccfdffcb0f363a93175bee02
3d7058473c3e974c7fa9af0b94bd015c5e033e53012bbd08383c7e13eb0ad5f6
5eade3c21e172f24282870997a849787ca96c92dc3c750e6c106640fc1a678d7
6d6f482982f8f1a1814e279ff50df4ccc301533ca9655e4d080d6b90ec69d69e
781c5596f9a65325ecfa652e4fe12760d429b1cf3070be38eb5d42ce6d83eb6d
8075fe09e142b517a80252d1befdd7c1d6f4938ada76218ad6a2ac25d7aea997
8960d42e4e244d872dff0d3f298f7565cb0161f95e899458462633bcc6edcfda
a4f94e8b16daab342f76fb5444963d0c1ab64a8be1157d3ba7de481841d06345
d30591968c6ef8c4e7997f8b362f1cab5b3607f41606f4a3d670f34e4837939a
e2373b98ecc2dd77e9f9787d7c2c0408e088371f33164036f3295a348c401029
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f8e8baebac4f64ee22208b08a36fa7bb4996b541e95b03f978e7318bf2c8b362