pastelink.net Open in urlscan Pro
89.35.29.15 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pastelink.net/7hemp0vr
Submission: On April 26 via manual (April 26th 2023, 1:32:13 am UTC) from GB — Scanned from GE

Summary HTTP 356 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 63 IPs in 9 countries across 72 domains to perform 356 HTTP transactions. The main IP is 89.35.29.15, located in London, United Kingdom and belongs to BANDWIDTH-AS, GB. The main domain is pastelink.net. The Cisco Umbrella rank of the primary domain is 62449.
TLS certificate: Issued by R3 on April 1st 2023. Valid for: 3 months.

This is the only time pastelink.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	89.35.29.15 89.35.29.15	25369 (BANDWIDTH-AS) (BANDWIDTH-AS)
3	142.250.181.234 142.250.181.234	15169 (GOOGLE) (GOOGLE)
1	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.132 142.250.185.132	15169 (GOOGLE) (GOOGLE)
2	142.250.185.168 142.250.185.168	15169 (GOOGLE) (GOOGLE)
7	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	142.250.185.131 142.250.185.131	15169 (GOOGLE) (GOOGLE)
4	142.250.184.227 142.250.184.227	15169 (GOOGLE) (GOOGLE)
3	216.239.38.178 216.239.38.178	15169 (GOOGLE) (GOOGLE)
1	104.26.7.139 104.26.7.139	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
2	104.26.3.70 104.26.3.70	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
10	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
1	64.227.38.224 64.227.38.224	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	172.67.75.241 172.67.75.241	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	34.248.219.195 34.248.219.195	16509 (AMAZON-02) (AMAZON-02)
1	104.18.3.114 104.18.3.114	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	34.107.148.139 34.107.148.139	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6 27	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
4	213.19.162.31 213.19.162.31	26667 (RUBICONPR...) (RUBICONPROJECT)
4 7	185.89.210.46 185.89.210.46	29990 (ASN-APPNEX) (ASN-APPNEX)
1	185.255.84.151 185.255.84.151	200271 (IGUANE-) (IGUANE-)
1	178.250.7.10 178.250.7.10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	81.17.55.99 81.17.55.99	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
3	35.241.34.106 35.241.34.106	15169 (GOOGLE) (GOOGLE)
9	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
50	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1	142.250.184.225 142.250.184.225	15169 (GOOGLE) (GOOGLE)
12	172.217.18.97 172.217.18.97	15169 (GOOGLE) (GOOGLE)
19 37	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
4	213.19.162.27 213.19.162.27	26667 (RUBICONPR...) (RUBICONPROJECT)
4 8	146.20.132.173 146.20.132.173	27357 (RACKSPACE) (RACKSPACE)
12 22	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2	178.250.7.2 178.250.7.2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
19	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
10	23.56.202.187 23.56.202.187	16625 (AKAMAI-AS) (AKAMAI-AS)
3	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
8 16	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 8	52.46.128.147 52.46.128.147	16509 (AMAZON-02) (AMAZON-02)
2 3	67.220.226.232 67.220.226.232	16509 (AMAZON-02) (AMAZON-02)
6 6	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1 2	34.248.79.190 34.248.79.190	16509 (AMAZON-02) (AMAZON-02)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.66.147.40 18.66.147.40	16509 (AMAZON-02) (AMAZON-02)
4	2.19.228.187 2.19.228.187	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
3	34.149.40.38 34.149.40.38	15169 (GOOGLE) (GOOGLE)
1	23.35.236.188 23.35.236.188	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	185.183.112.148 185.183.112.148	60350 (VP) (VP)
1 5	185.86.139.101 185.86.139.101	201081 (SMARTADSE...) (SMARTADSERVER)
5	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 2	37.157.4.23 37.157.4.23	198622 (ADFORM) (ADFORM)
4 4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2 2	52.50.252.9 52.50.252.9	16509 (AMAZON-02) (AMAZON-02)
3 3	185.29.134.248 185.29.134.248	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 3	185.86.138.153 185.86.138.153	201081 (SMARTADSE...) (SMARTADSERVER)
3 5	185.64.190.79 185.64.190.79	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5 7	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
2 4	3.77.118.156 3.77.118.156	16509 (AMAZON-02) (AMAZON-02)
1	34.249.56.197 34.249.56.197	() ()
1	185.86.138.154 185.86.138.154	201081 (SMARTADSE...) (SMARTADSERVER)
1	54.165.190.143 54.165.190.143	() ()
4 4	216.52.2.39 216.52.2.39	() ()
1 3	23.35.228.23 23.35.228.23	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	18.198.82.46 18.198.82.46	() ()
1 1	185.64.189.110 185.64.189.110	() ()
2 2	52.51.235.201 52.51.235.201	() ()
1 1	185.255.84.153 185.255.84.153	() ()
356	63

13 89.35.29.15 (London, United Kingdom)

ASN25369 (BANDWIDTH-AS, GB)
PTR: 15.29.35.89.baremetal.zare.com

pastelink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.181.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.132 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.168 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

cdn4.buysellads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.239.38.178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.7.139 (None, )

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.3.70 (None, )

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.38 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.227.38.224 (London, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: srv-eu-ldn-17.buysellads.com

srv.buysellads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.75.241 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 34.248.219.195 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-219-195.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.3.114 (None, )

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.148.139 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 51.89.9.251 (London, United Kingdom) 6 redirects

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.19.162.31 (United Kingdom)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.89.210.46 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.151 (France)

ASN200271 (IGUANE-, FR)

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 81.17.55.99 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.241.34.106 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 106.34.241.35.bc.googleusercontent.com

c.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

adservice.google.ge	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

50 216.58.212.130 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.225 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f1.1e100.net

10f9d7e471e06f01770b163f75fe6dc3.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.217.18.97 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 142.250.186.34 (United States) 19 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.19.162.27 (United Kingdom)

ASN26667 (RUBICONPROJECT, US)

beacon-ams3.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 146.20.132.173 (United States) 4 redirects

ASN27357 (RACKSPACE, US)

cs.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 185.80.39.216 (Canada) 12 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.7.2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.186.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.56.202.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-202-187.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 69.173.144.138 (Frankfurt am Main, Germany) 8 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.46.128.147 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 67.220.226.232 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 15.197.193.217 (United States) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.248.79.190 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-79-190.eu-west-1.compute.amazonaws.com

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-40.fra60.r.cloudfront.net

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.19.228.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-228-187.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.149.40.38 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 38.40.149.34.bc.googleusercontent.com

u.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.188 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-188.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.183.112.148 (Meaux, France) 1 redirects

ASN60350 (VP, FR)

sync.adotmob.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.86.139.101 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.23 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.50.252.9 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-252-9.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.134.248 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.86.138.153 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync-global.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.190.79 (United Kingdom) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.75.62.37 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.77.118.156 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-77-118-156.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.56.197 (None, )

ASN- ()

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.154 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.165.190.143 (None, )

ASN- ()

cs-server-s2s.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.52.2.39 (None, ) 4 redirects

ASN- ()

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.35.228.23 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-23.deploy.static.akamaitechnologies.com

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.82.46 (None, ) 2 redirects

ASN- ()

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (None, ) 1 redirects

ASN- ()

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.51.235.201 (None, ) 2 redirects

ASN- ()

ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.153 (None, ) 1 redirects

ASN- ()

visitor.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
63	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 129 10f9d7e471e06f01770b163f75fe6dc3.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 177	366 KB
56	doubleclick.net 19 redirects ad.doubleclick.net — Cisco Umbrella Rank: 201 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 269 googleads.g.doubleclick.net — Cisco Umbrella Rank: 67 cm.g.doubleclick.net — Cisco Umbrella Rank: 313 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 394	306 KB
34	rubiconproject.com 8 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 677 beacon-ams3.rubiconproject.com — Cisco Umbrella Rank: 8004 eus.rubiconproject.com — Cisco Umbrella Rank: 798 pixel.rubiconproject.com — Cisco Umbrella Rank: 447 token.rubiconproject.com — Cisco Umbrella Rank: 795 pixel-eu.rubiconproject.com — Cisco Umbrella Rank: 3036 secure-assets.rubiconproject.com Failed	85 KB
27	onetag-sys.com 6 redirects onetag-sys.com — Cisco Umbrella Rank: 1124	13 KB
22	casalemedia.com 12 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 876 ssum-sec.casalemedia.com	17 KB
19	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 373	4 MB
14	smartadserver.com 2 redirects prg.smartadserver.com — Cisco Umbrella Rank: 2029 rtb-csync.smartadserver.com — Cisco Umbrella Rank: 774 ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 2556 ssbsync.smartadserver.com — Cisco Umbrella Rank: 1052	13 KB
13	pastelink.net pastelink.net — Cisco Umbrella Rank: 62449	230 KB
12	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 3698 public.servenobid.com — Cisco Umbrella Rank: 6602	8 KB
11	amazon-adsystem.com 4 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 376 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 994	7 KB
11	pubmatic.com 4 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 729 ads.pubmatic.com — Cisco Umbrella Rank: 725 image8.pubmatic.com — Cisco Umbrella Rank: 1002 image6.pubmatic.com Failed image2.pubmatic.com	25 KB
9	yahoo.com 6 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 689 ups.analytics.yahoo.com — Cisco Umbrella Rank: 402	2 KB
9	4dex.io script.4dex.io — Cisco Umbrella Rank: 2474 mp.4dex.io — Cisco Umbrella Rank: 2960 c.4dex.io — Cisco Umbrella Rank: 9172 u.4dex.io — Cisco Umbrella Rank: 5135	27 KB
8	lkqd.net 4 redirects cs.lkqd.net — Cisco Umbrella Rank: 4185	4 KB
8	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 319 acdn.adnxs.com — Cisco Umbrella Rank: 806 secure.adnxs.com Failed	24 KB
7	media.net 1 redirects prebid.media.net — Cisco Umbrella Rank: 1912 contextual.media.net — Cisco Umbrella Rank: 838 hbx.media.net cs.media.net — Cisco Umbrella Rank: 2272 c21lg-d.media.net Failed	16 KB
7	buysellads.net cdn4.buysellads.net — Cisco Umbrella Rank: 28904	186 KB
6	adsrvr.org 6 redirects match.adsrvr.org — Cisco Umbrella Rank: 451	3 KB
5	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 1007
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 238	219 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	218 KB
4	lijit.com 4 redirects ce.lijit.com ap.lijit.com	2 KB
4	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 427	801 B
4	openx.net 4 redirects eu-u.openx.net — Cisco Umbrella Rank: 3173 us-u.openx.net — Cisco Umbrella Rank: 707	1 KB
4	criteo.com bidder.criteo.com — Cisco Umbrella Rank: 803 gum.criteo.com — Cisco Umbrella Rank: 442 dis.criteo.com Failed	7 KB
3	mathtag.com 3 redirects sync.mathtag.com — Cisco Umbrella Rank: 744	2 KB
3	btloader.com btloader.com — Cisco Umbrella Rank: 1542 api.btloader.com — Cisco Umbrella Rank: 1745	8 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 91	21 KB
3	google.com www.google.com — Cisco Umbrella Rank: 16 adservice.google.com — Cisco Umbrella Rank: 130	2 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119	2 KB
2	avct.cloud 2 redirects ads.avct.cloud	1 KB
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 825	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 908	1 KB
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 763	59 KB
2	omnitagjs.com 1 redirects hb-api.omnitagjs.com — Cisco Umbrella Rank: 4211 visitor.omnitagjs.com	1 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1707	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	146 KB
1	yellowblue.io cs-server-s2s.yellowblue.io	558 B
1	gumgum.com g2.gumgum.com usersync.gumgum.com Failed	2 KB
1	adotmob.com 1 redirects sync.adotmob.com — Cisco Umbrella Rank: 2233	712 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 733	515 B
1	google.ge adservice.google.ge — Cisco Umbrella Rank: 48171	531 B
1	buysellads.com srv.buysellads.com — Cisco Umbrella Rank: 29984	664 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 344	1 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 997	30 KB
0	creativecdn.com Failed creativecdn.com Failed
0	admanmedia.com Failed cs.admanmedia.com Failed
0	socdm.com Failed tg.socdm.com Failed
0	everesttech.net Failed sync-tm.everesttech.net Failed
0	contextweb.com Failed bh.contextweb.com Failed
0	360yield.com Failed ad.360yield.com Failed
0	deepintent.com Failed match.deepintent.com Failed
0	technoratimedia.com Failed sync.technoratimedia.com Failed
0	ipredictive.com Failed sync.ipredictive.com Failed
0	stackadapt.com Failed sync.srv.stackadapt.com Failed
0	outbrain.com Failed sync.outbrain.com Failed
0	brand-display.com Failed dmp.brand-display.com Failed
0	taboola.com Failed sync.taboola.com Failed
0	adgrx.com Failed cm.adgrx.com Failed
0	smaato.net Failed s.ad.smaato.net Failed
0	mfadsrvr.com Failed rtb.mfadsrvr.com Failed
0	zemanta.com Failed b1sync.zemanta.com Failed
0	betweendigital.com Failed ads.betweendigital.com Failed
0	sharethrough.com Failed match.sharethrough.com Failed
0	disqus.com Failed ssp.disqus.com Failed
0	a-mo.net Failed prebid.a-mo.net Failed
0	sonobi.com Failed sync.go.sonobi.com Failed
0	rfihub.com Failed p.rfihub.com Failed
0	1rx.io Failed sync.1rx.io Failed
0	adkernel.com Failed sync.adkernel.com Failed
0	minutemedia-prebid.com Failed cs-rtb.minutemedia-prebid.com Failed
356	72

	Domain	Requested by
50	pagead2.googlesyndication.com	securepubads.g.doubleclick.net pastelink.net tpc.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
29	cm.g.doubleclick.net	19 redirects googleads.g.doubleclick.net pastelink.net onetag-sys.com g2.gumgum.com
27	onetag-sys.com	6 redirects cdn4.buysellads.net onetag-sys.com public.servenobid.com u.4dex.io
20	dsum-sec.casalemedia.com	12 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com
19	s0.2mdn.net	pastelink.net s0.2mdn.net
13	pastelink.net	pastelink.net
12	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com pastelink.net
11	ads.servenobid.com	cdn4.buysellads.net public.servenobid.com onetag-sys.com ssbsync.smartadserver.com ssum-sec.casalemedia.com g2.gumgum.com cs-server-s2s.yellowblue.io
10	eus.rubiconproject.com	pastelink.net eus.rubiconproject.com cdn4.buysellads.net
10	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net pastelink.net
9	pixel.rubiconproject.com	3 redirects pastelink.net onetag-sys.com
8	s.amazon-adsystem.com	2 redirects onetag-sys.com ssbsync.smartadserver.com ssum-sec.casalemedia.com
8	googleads4.g.doubleclick.net	pastelink.net
8	cs.lkqd.net	4 redirects googleads.g.doubleclick.net
8	googleads.g.doubleclick.net	pastelink.net pagead2.googlesyndication.com
7	ups.analytics.yahoo.com	5 redirects onetag-sys.com
7	ib.adnxs.com	4 redirects cdn4.buysellads.net acdn.adnxs.com
7	cdn4.buysellads.net	pastelink.net
6	match.adsrvr.org	6 redirects
5	image8.pubmatic.com	3 redirects onetag-sys.com
5	id.rlcdn.com	onetag-sys.com ssbsync.smartadserver.com
5	rtb-csync.smartadserver.com	1 redirects
5	prg.smartadserver.com	cdn4.buysellads.net
5	www.googletagservices.com	cdn4.buysellads.net securepubads.g.doubleclick.net pastelink.net
4	x.bidswitch.net	2 redirects onetag-sys.com
4	ads.pubmatic.com	cdn4.buysellads.net public.servenobid.com contextual.media.net g2.gumgum.com
4	token.rubiconproject.com	4 redirects
4	beacon-ams3.rubiconproject.com	pastelink.net
4	fastlane.rubiconproject.com	cdn4.buysellads.net
4	fonts.gstatic.com	fonts.googleapis.com
3	ssbsync-global.smartadserver.com	1 redirects onetag-sys.com
3	pixel-eu.rubiconproject.com	1 redirects onetag-sys.com
3	sync.mathtag.com	3 redirects
3	u.4dex.io	cdn4.buysellads.net onetag-sys.com u.4dex.io
3	contextual.media.net	cdn4.buysellads.net contextual.media.net
3	aax-eu.amazon-adsystem.com	2 redirects
3	gum.criteo.com	static.criteo.net gum.criteo.com contextual.media.net
3	c.4dex.io	pastelink.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	fonts.googleapis.com	pastelink.net securepubads.g.doubleclick.net
2	ads.avct.cloud	2 redirects
2	pm.w55c.net	2 redirects
2	cs.media.net	contextual.media.net
2	us-u.openx.net	2 redirects
2	ap.lijit.com	2 redirects
2	ce.lijit.com	2 redirects
2	ssum-sec.casalemedia.com	public.servenobid.com ssum-sec.casalemedia.com g2.gumgum.com
2	match.prod.bidr.io	2 redirects
2	eu-u.openx.net	2 redirects
2	c1.adform.net	2 redirects g2.gumgum.com
2	pr-bh.ybp.yahoo.com	1 redirects ssum-sec.casalemedia.com
2	static.criteo.net	cdn4.buysellads.net static.criteo.net
2	script.4dex.io	cdn4.buysellads.net script.4dex.io
2	api.btloader.com	btloader.com
2	ad-delivery.net	pastelink.net
2	www.googletagmanager.com	pastelink.net www.googletagmanager.com
2	www.google.com	pastelink.net tpc.googlesyndication.com
1	visitor.omnitagjs.com	1 redirects
1	image2.pubmatic.com	1 redirects
1	hbx.media.net	1 redirects
1	cs-server-s2s.yellowblue.io	public.servenobid.com
1	ssbsync.smartadserver.com	public.servenobid.com
1	g2.gumgum.com	public.servenobid.com
1	sync.adotmob.com	1 redirects
1	acdn.adnxs.com	cdn4.buysellads.net
1	public.servenobid.com	cdn4.buysellads.net
1	px.ads.linkedin.com	pastelink.net
1	10f9d7e471e06f01770b163f75fe6dc3.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.ge	securepubads.g.doubleclick.net
1	bidder.criteo.com	cdn4.buysellads.net
1	hb-api.omnitagjs.com	cdn4.buysellads.net
1	prebid.media.net	cdn4.buysellads.net
1	hbopenbid.pubmatic.com	cdn4.buysellads.net
1	mp.4dex.io	cdn4.buysellads.net
1	srv.buysellads.com	cdn4.buysellads.net
1	ad.doubleclick.net	pastelink.net
1	btloader.com	cdn4.buysellads.net
1	www.gstatic.com	www.google.com
1	cdnjs.cloudflare.com	pastelink.net
1	code.jquery.com	pastelink.net
0	creativecdn.com Failed	g2.gumgum.com
0	cs.admanmedia.com Failed	g2.gumgum.com
0	tg.socdm.com Failed	g2.gumgum.com
0	sync-tm.everesttech.net Failed	g2.gumgum.com
0	bh.contextweb.com Failed	g2.gumgum.com
0	ad.360yield.com Failed	g2.gumgum.com
0	match.deepintent.com Failed	g2.gumgum.com
0	sync.technoratimedia.com Failed	g2.gumgum.com
0	sync.ipredictive.com Failed	g2.gumgum.com
0	sync.srv.stackadapt.com Failed	g2.gumgum.com
0	usersync.gumgum.com Failed	g2.gumgum.com
0	sync.outbrain.com Failed	g2.gumgum.com
0	dmp.brand-display.com Failed	ssum-sec.casalemedia.com
0	sync.taboola.com Failed	ssum-sec.casalemedia.com
0	cm.adgrx.com Failed	ssum-sec.casalemedia.com
0	secure.adnxs.com Failed	ssum-sec.casalemedia.com g2.gumgum.com
0	s.ad.smaato.net Failed	ssbsync.smartadserver.com
0	c21lg-d.media.net Failed	contextual.media.net
0	rtb.mfadsrvr.com Failed	contextual.media.net
0	b1sync.zemanta.com Failed	contextual.media.net g2.gumgum.com
0	ads.betweendigital.com Failed	contextual.media.net
0	dis.criteo.com Failed	contextual.media.net
0	match.sharethrough.com Failed	public.servenobid.com ssbsync.smartadserver.com
0	ssp.disqus.com Failed	public.servenobid.com
0	prebid.a-mo.net Failed	public.servenobid.com
0	sync.go.sonobi.com Failed	public.servenobid.com contextual.media.net
0	p.rfihub.com Failed	public.servenobid.com contextual.media.net
0	sync.1rx.io Failed	public.servenobid.com contextual.media.net
0	sync.adkernel.com Failed	public.servenobid.com g2.gumgum.com
0	cs-rtb.minutemedia-prebid.com Failed	public.servenobid.com
0	secure-assets.rubiconproject.com Failed	public.servenobid.com contextual.media.net g2.gumgum.com
0	image6.pubmatic.com Failed	ads.pubmatic.com
356	113

This site contains links to these domains. Also see Links.

Domain
writeablog.net
www.facebook.com
twitter.com
t.me
api.whatsapp.com
www.reddit.com
www.pinterest.com
www.tumblr.com
www.blogger.com
profitquery.com
www.linkedin.com
share.flipboard.com
social-plugins.line.me
www.meneame.net
diasp.org
go.nordvpn.net

Subject Issuer	Validity	Valid
pastelink.net R3	`2023-04-01` - `2023-06-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
cdn4.buysellads.net R3	`2023-03-23` - `2023-06-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2023-04-14` - `2023-07-13`	3 months	crt.sh
*.buysellads.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-09` - `2023-06-09`	a year	crt.sh
script.4dex.io Cloudflare Inc ECC CA-3	`2022-11-23` - `2023-11-22`	a year	crt.sh
ads.servenobid.com Amazon RSA 2048 M02	`2023-02-09` - `2023-06-27`	5 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.media.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-06` - `2023-05-04`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-28` - `2024-01-28`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-21` - `2023-07-21`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
c.4dex.io GTS CA 1D4	`2023-03-06` - `2023-06-04`	3 months	crt.sh
*.google.com.ge GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-24` - `2023-06-18`	3 months	crt.sh
*.servenobid.com Amazon RSA 2048 M02	`2023-02-21` - `2024-02-05`	a year	crt.sh
u.4dex.io GTS CA 1D4	`2023-03-05` - `2023-06-03`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2022-10-21` - `2023-10-22`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
gumgum.com Amazon RSA 2048 M01	`2023-02-14` - `2023-10-05`	8 months	crt.sh
casalemedia.com Go Daddy Secure Certificate Authority - G2	`2022-12-13` - `2024-01-13`	a year	crt.sh
*.yellowblue.io Amazon RSA 2048 M01	`2023-03-24` - `2024-04-21`	a year	crt.sh
s.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-03` - `2024-02-19`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-04-04` - `2023-09-27`	6 months	crt.sh

This page contains 58 frames:

Primary Page: https://pastelink.net/7hemp0vr
Frame ID: BE30A5A3F010F42C0C3142C246CD299E
Requests: 78 HTTP requests in this frame

Frame: https://10f9d7e471e06f01770b163f75fe6dc3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 9897BEC0601941CF4022116CF641B66C
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvbt2TQflRpdbPy3SncH1zgf62FQV8z7qVfM_7jWDrYzNVFwQL75GyUg2zRikZJn_VMQqFX2Dv-YvjEAZxH9_Tws_fqMRNmnQ_xAkRPy--C8xLb7D1fKvdT_hwvww1eNkdu4qsbHZl9sw4imUU3CMK15EaaXp4W-3Ajmq4uv0Cd6xH40sn_7PGnOoV6m975E4TY4caVSjYWiebYxYLUHZqKOC7emV2qpvRcuE7N1bS5bGCuC7snBYcvEDjEH-MyoYLVVQ13yRcOSyO0pOz2iGYWMRDhVlZGwOTPmNuOLeWYhm8pweoCYagFrlgNStwCoDd-jkmfdCbpV26clIkvy-iD5TU&sai=AMfl-YS_hG18gj5LraMbxwuH8gWSr05bhJ4-Nq5cvgB4mfdJkVU5VMr_-bjkr6bv9PKHo6K1kM8uxZSp4kZ9QYuq_UMLaRZ-_C1EjSdmyQaPQ7_Ik9OIpISMnNSrnBmRepFb5Wdol-GS-UAjVuLwHmOF&sig=Cg0ArKJSzIqb6C1lAZfjEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 513E1EBAE156FAA80B43BCFF2B2DA0EA
Requests: 21 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvM2niiQQrwBCwb8d4EFevbIXAVry1c8eok9JokArk4hZ1c3YMMa0rQ_CxYQ1WjUiNEuqGBVQS6HkOWmyfDD6T3GcG5cF_2GIMhR2VE4GMnrfs48j8zgBcj2YhaTtOImNarELOlEGLQnB8z2OpZ5Ecsh1uhUC04yCWRXSZYEF0QN8--pYv2lKirD3AGH-Un40W1olFSevENGhoCCZdaGJNGixAuEHZ3U0cH4osK-1XdDzwj4gYVnO5ecZ4JBVA2qwom6d5N6DyekoL7w1jWijOZ1S3hbLDcVEwaENwGqepli5z0bX9H8q4IFLV84uyGJgszu-_-YRTrw8EF0f_4pQ04a4GF9vA&sai=AMfl-YTrP-489Ppc-jKjr_lavXDBskdDZSVBjo2WqmvOnUq1ejMVQC_U_pAxxvr5HCegwgLK-taylCNV0GIRKtEfNDIAXNJ7-z1Gc6fDYRRWIpKG-L4AUnRh3qgyXN6cpPV0SRUgCsV0HS-NedJksngI&sig=Cg0ArKJSzHNmwwSgyZeaEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 39933D65D4D519EEE1392FDC97B5C17D
Requests: 21 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst3h7IDEbvW2MThygljf8-cH3gVuDOy8IXxvsqVDf4vnkqGXCf5P1pyikzu1Z3lZfkFZnHVBVVCr2j5NL4dxxH-RuooW0y7e9d68ef_1wHuoreL7F50NpdKZQvLbjnBgTkpnrfrCAsQlzypZrANbp3ZdMh5BvfFZS_2FchVIrOJ3j6r-cSUPJiMTY6DrvWKue93tLWc83jOvO7eBFNXEXKxtPT29XQHmYiK0iyShQLxm3UGudRBXohQ3wikf_1aFEyWiqGthv8YomlrgQvoUKLfVQtJL6DXdh_GEI3HOr-eFBaNBB15urS82g8affpBBnAeeHGVPX9Am6aQ6xU4tw&sai=AMfl-YRJ8Uqd_-ND3JDZKIijJwoUumd1hOXttz3oAbJ2DHq2-PRYLKj5AH1cSJinZcTTTKJycsZfrsNtaiMvH2DRX4-XiR-bh6SAwYrJH6nT1cAm8lwb4_Hh-lGB3ALqEFR43YeYsdM63hs4cbsBO58n&sig=Cg0ArKJSzLDfgqewaQkKEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: B885E11EFE7CE54465681329F1BD3AC8
Requests: 21 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Frame ID: A60B089376B5C83884E9412F8C6E561C
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJf7lc4DEPq2460EGKm24OEBMAE&v=APEucNVJQWkaEH0cwrcNJkLcF6eGVeaaSujmx3sgZhjssg5mtXXBCNuc3sH5mN8fRy8VgANIxT35U1L2EHUKREaj0ht_xJMTPQ
Frame ID: 78026D7113791A5C8AEC7C65C4D94B88
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMHbuOYBMAE&v=APEucNWI766zqTCI-u24NYgg-p3S1AjxdvPs2NMYGiWqwzr1iPyr1tjuK1Bx0lncIZbuxw3kZxvJo_pnTankj4WeJjZWZww5qg
Frame ID: 8F7111893815788151BD4BD6080EA907
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMn8ueYBMAE&v=APEucNWVG6YaKEDA-w75ox4rPTl7Vy_XpClulo1fFpZXR6QDHwV5evXvw3KqITJy3ke7m3DKoqVGgY_aGvac6hT82mul3GzoVA
Frame ID: C8AEE73E27A5280A9A47817F8F2D1991
Requests: 5 HTTP requests in this frame

Frame: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Frame ID: 0AC5758EFF1733D5F362DA865F35F58D
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIbDg9IDEILBqJAEGIvb7-cBMAE&v=APEucNU5mqLvWwO9hiJJeNCzF_-32CDFe9qPIiJXUTA51gm-m6NCl8gc-ZLiB6nogjR_BgECoHhwgz87N26W_WR3byLwXP47wA
Frame ID: 0D6962A114DEA555F71EDEF32DA20471
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DC2DBCB2628F214CF04D872138CEB212
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B4A7658148F4D48BD14162D9D06F6472
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Frame ID: BEC0CA481441BF834911254647B50C38
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Frame ID: FC104656E476186B4348111B9EA48797
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Frame ID: 937E6A24581BB4AC53CCAEAC9062991A
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Frame ID: 51CC8B61868D73823BE160C1507099D6
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 619F3983E1F64199B89262797D3F0330
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FEF38DA579F23EB0185FE4E05BFA17AD
Requests: 3 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=pastelink.net
Frame ID: 0DAFF17B0792209F76B19AD4A49AA512
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BD6B5F6FE8007316B690C86D8C4F6B92
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 49C2C7F9C334FD5F15FC7AB1F3A40451
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/684995563204999026/index.html
Frame ID: 76B37ED3ABC089A77B9C49F632369865
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16134537147512073695/index.html
Frame ID: 5DB5DA68CA4556F6FDFF4F372531F140
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4538274646488672192/index.html
Frame ID: 531AAAEA98CC6BE86A942A47BC0A46C5
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15736253756977826551/index.html
Frame ID: 89DBAEF0A480A678431C9F90A06BBB31
Requests: 7 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 2CB5E47DCAFC80ED84642C83B42DF606
Requests: 13 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Frame ID: 0B88987CDD0110299F49682ADD6D38AD
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Frame ID: 34D2FCF15C4D4BB9F443DEBA0F4AB5AE
Requests: 13 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 91A95C6C189AC386F66B0EAB580A20D7
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1682472727314
Frame ID: 061A2FEFA47C4F10B23F1E7B97774E73
Requests: 14 HTTP requests in this frame

Frame: https://u.4dex.io/usync.html
Frame ID: 01A80CC4C96474B60B52280770DC1FEB
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 07B189B784A44A0FF7F181DAE652B7C0
Requests: 3 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 55F65BC28F293718C85894E9EF9C01A6
Requests: 15 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 6044F682E46E1EB1CBB70456DBEBD052
Requests: 15 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: C0C2BF614A3F483E10408B01FF004991
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: BD90CA256DF9D460585E609A884372E5
Requests: 10 HTTP requests in this frame

Frame: https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=duration_media&endpoint=us-east
Frame ID: B79112EDC475993379581F2AB7623355
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Frame ID: B14C5B744DD415A6C50E7F793A17AA6B
Requests: 1 HTTP requests in this frame

Frame: https://cs-rtb.minutemedia-prebid.com/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D348%26uid%3D%7BpartnerId%7D
Frame ID: 20B2854741FAF203738995517B2BCE3B
Requests: 1 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=181225&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D152%26uid%3D%7BUID%7D&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Frame ID: 73F7407A0D800088842D0A83A3C2FDAC
Requests: 1 HTTP requests in this frame

Frame: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D352%26uid%3D%7BpartnerId%7D
Frame ID: 8841A6C92C5CD20D5D1D37EB715314D3
Requests: 2 HTTP requests in this frame

Frame: https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=medianet
Frame ID: 03EC7196DF5984C2EE87825B04630780
Requests: 1 HTTP requests in this frame

Frame: https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3254743314264952000V10%26type%3Drkt%26refUrl%3D%26vid%3D24727314023254743314264952000V10%26ovsid%3D%7Buserid%7D
Frame ID: 0CA2F0C0DB7E209E0D2973038C263D6A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159463&userIdMacro=PM_UID&predirect=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254743314264952000V10%26type%3Dpba%26refUrl%3D%26vid%3D24727314023254743314264952000V10%26ovsid%3DPM_UID
Frame ID: D60352C0E79B9DFDBB0A576F8BB1C5A8
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe
Frame ID: 86FCB1D3DCEB765019E4163C87FE079C
Requests: 15 HTTP requests in this frame

Frame: https://u.4dex.io/setuid?bidder=adyoulike&uid=34cbf41e78f4c9620ca50b6619426013
Frame ID: 5E63A4A6838FAA08F9951645739B7A40
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=mmh&i=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=0&gdpr_consent=
Frame ID: 3EDF699B6884A2CA6F79D5273755A508
Requests: 1 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=181093&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dmdp%26i%3D%5BUID%5D&gdpr=0&gdpr_consent=&ccpa=1---
Frame ID: 6007B4685073090B584A2B7C4B6001D9
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
Frame ID: E44772ECAE34EF76C608485F059E37F9
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8xZTQ3ZTk2NC01MTE3LTQ5YzUtYWQ1YS01ZWY2NDRiY2MzZWU=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: 5BC88886117E7BEB3080B7D886E9E5FC
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 5029123B403C00F024E58679207D573E
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=ttd&i=80bf9871-e16f-474f-93fb-ade652fb06dc
Frame ID: 65395DC2CE15C214756D2033A3AE376B
Requests: 1 HTTP requests in this frame

Frame: https://tg.socdm.com/aux/idsync?proto=gumgum
Frame ID: 840FCEDD8822F98C0BADFB89B4E9BAFC
Requests: 1 HTTP requests in this frame

Frame: https://cs.admanmedia.com/sync/gumgum?puid=e_1e47e964-5117-49c5-ad5a-5ef644bcc3ee&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Daad%26i%3D%5BDSP_USER_ID%5D&gdpr=0&gdpr_consent=&ccpa=1---
Frame ID: DA1863EBD8EED1DA6E63909F31ACA7E4
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatchredir?s=189872&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D
Frame ID: 9635ED9E625879AE84E1B280824F5FD6
Requests: 1 HTTP requests in this frame

Frame: https://creativecdn.com/cm-notify?pi=gumgum
Frame ID: D053EEA915505FCB42CC4FBBB0DEB596
Requests: 1 HTTP requests in this frame

Frame: https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
Frame ID: F72CED51ADFF6862B69F2CB016146CC6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

How Adding A Electrician Hertfordshire To Your Life's Journey Will Make The The - Pastelink.net

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

356
Requests

69 %
HTTPS

0 %
IPv6

72
Domains

113
Subdomains

63
IPs

9
Countries

6114 kB
Transfer

9907 kB
Size

69
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://writeablog.net/beatoboe8/15-things-to-give-your-electrician-in-hertfordshire-lover-in-your-life
Title: https://writeablog.net/beatoboe8/15-things-to-give-your-electrician-in-hertfordshire-lover-in-your-life

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://pastelink.net/7hemp0vr

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=%20https://pastelink.net/7hemp0vr

Search URL Search Domain Scan URL

URL: https://t.me/share/url?url=%20%0Ahttps://pastelink.net/7hemp0vr

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=%20https://pastelink.net/7hemp0vr

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://https://pastelink.net/7hemp0vr&title=%20

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/button/?url=https://pastelink.net/7hemp0vr&description=%20&media=https://pastelink.net/assets/images/pastelink-logo-square.png

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share?v=3&u=https://pastelink.net/7hemp0vr&t=%20&posttype=link

Search URL Search Domain Scan URL

URL: https://www.blogger.com/blog-this.g?u=https://pastelink.net/7hemp0vr&n=%20

Search URL Search Domain Scan URL

URL: https://profitquery.com/add-to/livejournal/?url=https://pastelink.net/7hemp0vr&title=%20

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://pastelink.net/7hemp0vr

Search URL Search Domain Scan URL

URL: https://share.flipboard.com/bookmarklet/popout?v=2&title=%20&url=https://pastelink.net/7hemp0vr

Search URL Search Domain Scan URL

URL: https://social-plugins.line.me/lineit/share?url=https://pastelink.net/7hemp0vr&text=%20

Search URL Search Domain Scan URL

URL: https://www.meneame.net/submit?url=https://pastelink.net/7hemp0vr

Search URL Search Domain Scan URL

URL: https://diasp.org/bookmarklet?url=https://pastelink.net/7hemp0vr&title=%20&jump=doclose

Search URL Search Domain Scan URL

URL: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=85567&url_id=902

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm HTTP 302
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1

Request Chain 106

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=enhHc2ZYRko1STA

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1

Request Chain 108

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEh-GQUKbEXQbwlN2AwdBgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1

Request Chain 109

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm HTTP 302
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1

Request Chain 110

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=S21OeUlDUjZ5YWM

Request Chain 111

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1

Request Chain 112

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEh-GeOWmeGxwDt7SWaCOAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1

Request Chain 113

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm HTTP 302
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1

Request Chain 114

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=Y0RQMHJ2WC1oX00

Request Chain 115

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1

Request Chain 116

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEh-GeOWmeGxwDt7SWaCOAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1

Request Chain 117

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm HTTP 302
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1

Request Chain 118

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=TnVvbUVkdndvcWs

Request Chain 119

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1

Request Chain 120

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEh-GbJTEEkVbYhHBFXLOgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1

Request Chain 188

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESENut_Zbm-xyG8Wli2vXaXMM&google_cver=1

Request Chain 189

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEdYMFRLWTUtVC1FVDlI HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEARyC233WUZXP-kMVZ84SKA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdYMFRLWTUtVC1FVDlI&google_push=

Request Chain 190

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Cfu-xVKuR3KvJM_PFa7nsA&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Cfu-xVKuR3KvJM_PFa7nsA

Request Chain 191

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=snBCVmydRouoys62q7BXxw&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=snBCVmydRouoys62q7BXxw

Request Chain 192

https://match.adsrvr.org/track/cmf/rubicon HTTP 302
https://match.adsrvr.org/track/cmb/rubicon HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=&expires=30

Request Chain 193

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/GqGBRw7jnEu-r0U8As5INQ?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-GWhI715E2oIrNG.X5mI634vkTi2QNkqULhXrXQ--~A

Request Chain 194

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LGX0TKY5-T-ET9H

Request Chain 195

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzJjYzZiMzVlMmNmNDNhNjdhMTMxYWJjNGNkYmQyNDVmNzY5YWE2Zg

Request Chain 211

https://sync.adotmob.com/cookie/smart?r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D66%26partneruserid%3D%7Bamob_user_id%7D&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=0902220400449a44f9749cc6&gdpr=0&gdpr_consent=

Request Chain 213

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=530242754212321200&gdpr=0&gdpr_consent=

Request Chain 214

https://eu-u.openx.net/w/1.0/cm?id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D100%26partneruserid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://eu-u.openx.net/w/1.0/cm?cc=1&id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D100%26partneruserid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=100&partneruserid=60fc9243-23e3-06f1-0f7a-a1f70cad900c

Request Chain 215

https://match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAGhG07IkP4AACAAN06IYQ&gdpr=0

Request Chain 220

https://sync.mathtag.com/sync/img?mt_exid=75&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D1%26uid%3D%5BMM_UUID%5D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://onetag-sys.com/match/?int_id=1&uid=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=1&gdpr_consent=

Request Chain 222

https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D1%26gdpr_consent%3D%26uid%3D$UID HTTP 302
https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=5517930712341661683

Request Chain 224

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7swghudZqjgSpIennGQypFUXWsy4xjtZg

Request Chain 227

https://onetag-sys.com/match/?int_id=113&gdpr=1&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=GIxqJX0iHlQowKDqs4nkc8apRhs-iT6ZgeLx3OXrMsc

Request Chain 229

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm HTTP 302
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEPmFhDAqWL8Cs-GrJAr3X7c&google_cver=1

Request Chain 231

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=29&uid=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=

Request Chain 256

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=5517930712341661683

Request Chain 257

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1 HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=Giu8vRZHhsF9uT_CQ_iJk-M1

Request Chain 258

https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://ads.servenobid.com/sync?pid=310&uid=Giu8vLZHEbPf1gzQSXGUM4MI

Request Chain 263

https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58559/occ?verify=true HTTP 302
https://ads.servenobid.com/sync?pid=337&uid=y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A

Request Chain 264

https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID HTTP 302
https://ce.lijit.com/merge?pid=279534&3pid=ua-367b9236-709b-35d1-81f8-a0aea72d596a&gdpr=&gdpr_consent=&us_privacy=&location=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D12%26buyeruid%3D%5BSOVRNID%5D%26r%3DCid1YS0zNjdiOTIzNi03MDliLTM1ZDEtODFmOC1hMGFlYTcyZDU5NmEQ____________ASpTaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzQ2JnVpZD11YS0zNjdiOTIzNi03MDliLTM1ZDEtODFmOC1hMGFlYTcyZDU5NmEyAgwOOAE= HTTP 302
https://ce.lijit.com/merge?pid=279534&3pid=ua-367b9236-709b-35d1-81f8-a0aea72d596a&gdpr=&gdpr_consent=&us_privacy=&location=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D12%26buyeruid%3D%5BSOVRNID%5D%26r%3DCid1YS0zNjdiOTIzNi03MDliLTM1ZDEtODFmOC1hMGFlYTcyZDU5NmEQ____________ASpTaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzQ2JnVpZD11YS0zNjdiOTIzNi03MDliLTM1ZDEtODFmOC1hMGFlYTcyZDU5NmEyAgwOOAE%3D&dnr=1 HTTP 302
https://ssp.disqus.com/match?bidder=12&buyeruid=Giu8vRZHO7uMqrZsTzOwEBOy&r=Cid1YS0zNjdiOTIzNi03MDliLTM1ZDEtODFmOC1hMGFlYTcyZDU5NmEQ____________ASpTaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzQ2JnVpZD11YS0zNjdiOTIzNi03MDliLTM1ZDEtODFmOC1hMGFlYTcyZDU5NmEyAgwOOAE=

Request Chain 265

https://ups.analytics.yahoo.com/ups/58632/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58632/occ?verify=true HTTP 302
https://ads.servenobid.com/sync?pid=339&uid=y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A

Request Chain 267

https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D353%26uid%3D%3Cvsid%3E HTTP 302
https://ads.servenobid.com/sync?pid=353&uid=3254743314264952000V10

Request Chain 273

https://us-u.openx.net/w/1.0/cm?id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3254743314264952000V10%26type%3Dopx%26refUrl%3D%26vid%3D24727314023254743314264952000V10%26ovsid%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3254743314264952000V10%26type%3Dopx%26refUrl%3D%26vid%3D24727314023254743314264952000V10%26ovsid%3D HTTP 302
https://contextual.media.net/cksync.html?cs=8&vsid=3254743314264952000V10&type=opx&refUrl=&vid=24727314023254743314264952000V10&ovsid=7a9b7525-c6a7-0383-02f7-3a0b9c0091e2

Request Chain 275

https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=MzI1NDc0MzMxNDI2NDk1MjAwMFYxMA%3D%3D&google_sc=1 HTTP 302
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEMRsJKQnGxplACkxpP07Iy4&google_cver=1

Request Chain 276

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254743314264952000V10%26type%3Ddxu%26refUrl%3D%26vid%3D24727314023254743314264952000V10%26ovsid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254743314264952000V10%26type%3Ddxu%26refUrl%3D%26vid%3D24727314023254743314264952000V10%26ovsid%3D_wfivefivec_ HTTP 302
https://contextual.media.net/cksync.php?cs=8&vsid=3254743314264952000V10&type=dxu&refUrl=&vid=24727314023254743314264952000V10&ovsid=s8LxiQgS1PRu0Y5

Request Chain 278

https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D0%26gdpr_consent%3D&crf=1

Request Chain 281

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=80bf9871-e16f-474f-93fb-ade652fb06dc

Request Chain 284

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7swg-llpeuEGt1Bv9uGOcDHQgkOSYWzEA

Request Chain 285

https://sync.mathtag.com/sync/img?mt_exid=75&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D1%26uid%3D%5BMM_UUID%5D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://onetag-sys.com/match/?int_id=1&uid=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=0&gdpr_consent=

Request Chain 286

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag&gdpr=0&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=2&uid=LGX0TKY5-T-ET9H&gdpr=0

Request Chain 287

https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D0%26gdpr_consent%3D%26uid%3D$UID HTTP 302
https://onetag-sys.com/match/?int_id=98&gdpr=0&gdpr_consent=&uid=5517930712341661683

Request Chain 289

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=1YN-&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid] HTTP 302
https://onetag-sys.com/match/?int_id=107&uid=8078455939417259124

Request Chain 291

https://onetag-sys.com/match/?int_id=113&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=Cp0g7vbwpZfA9NCmib-qfOMjrJ1itrIpqnCGJAJVlys

Request Chain 292

https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=0&gdpr_consent=&us_privacy=1YN-&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26uid%3D%23PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=0&gdpr_consent=&us_privacy=1YN-&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26uid%3D%23PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MzhCMjRFRjAtNjNCQy00ODczLUIyNUMtQUREM0U4Mzg2OTJG&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=114&uid=38B24EF0-63BC-4873-B25C-ADD3E838692F

Request Chain 293

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm HTTP 302
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEPmFhDAqWL8Cs-GrJAr3X7c&google_cver=1

Request Chain 294

https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=0&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=92&uid=y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A

Request Chain 295

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=29&uid=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=

Request Chain 296

https://x.bidswitch.net/sync?ssp=onetag&gdpr=0&gdpr_consent= HTTP 302
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Donetag HTTP 307
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Donetag HTTP 302
https://x.bidswitch.net/sync?dsp_id=59&user_id=4b45454e-7ffc-4eda-93d5-ef47cfeace44&ssp=onetag HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=6bd7a558-d246-47c6-96e1-a500ce3d8c93&gdpr=&gdpr_consent=&us_privacy=

Request Chain 299

https://sync.mathtag.com/sync/img?mt_exid=75&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D1%26uid%3D%5BMM_UUID%5D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://onetag-sys.com/match/?int_id=1&uid=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=1&gdpr_consent=

Request Chain 302

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7swhAHXnVV_7__Aww0ShJZ8dfyaO4VyRQ

Request Chain 304

https://onetag-sys.com/match/?int_id=113&gdpr=1&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=3zf8hX2cpanNSyqx_Xi_DzDbIqkzhDywkzYxZ6orVO4

Request Chain 305

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm HTTP 302
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEPmFhDAqWL8Cs-GrJAr3X7c&google_cver=1

Request Chain 307

https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D1%26gdpr_consent%3D%26uid%3D$UID HTTP 302
https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=5517930712341661683

Request Chain 311

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=29&uid=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=

Request Chain 314

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=139&partneruserid=0&redirurl=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3D98KUz37ype9D3X2sf9ovgeTt%26source_user_id%3DSMART_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://match.sharethrough.com/sync/v1?source_id=98KUz37ype9D3X2sf9ovgeTt&source_user_id=8078455939417259124&gdpr=0&gdpr_consent=

Request Chain 316

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=8078455939417259124&gdpr=0&gdpr_consent=

Request Chain 322

https://visitor.omnitagjs.com/visitor/bsync?uid=bc65ac468bfc90e6260132832a3bc684&name=ADAGIO&url=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dadyoulike%26uid%3D%24UID HTTP 307
https://u.4dex.io/setuid?bidder=adyoulike&uid=34cbf41e78f4c9620ca50b6619426013

Request Chain 324

https://match.adsrvr.org/track/cmf/casale HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=80bf9871-e16f-474f-93fb-ade652fb06dc&expiration=1685064732&gdpr=0&gdpr_consent=

Request Chain 326

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZEh_GbtLmO1KKrl7azIwMAAADT0AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEMluIy0tl_QVg_ypqK4UYro&google_cver=1

Request Chain 334

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_1e47e964-5117-49c5-ad5a-5ef644bcc3ee&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2

Request Chain 336

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=opx&i=458ab8ca-45b2-0135-06c3-5488e6bf0278

Request Chain 338

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=oth&i=y-gc9FAjdE2pcdV58HX0hSAYkv16Qz4QcRdbR9~A

Request Chain 345

https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=sad&i=8078455939417259124

Request Chain 347

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://usersync.gumgum.com/usersync?b=mmh&i=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=0&gdpr_consent=

Request Chain 352

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=ttd&i=80bf9871-e16f-474f-93fb-ade652fb06dc

356 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 7hemp0vr Show response
pastelink.net/ 32 KB
9 KB 510ms
201ms Document
text/html 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

9564ada993ad8b18f7d1c0647682d9f923eb410b8d9410b65e989b95806d4a12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 26 Apr 2023 01:32:03 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: SAMEORIGIN

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 507ms
145ms Stylesheet
text/css 142.250.181.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f10.1e100.net

Software

ESF /

Resource Hash

50fb7a74467a7c8eff5584b3c0ef64577cf0e84e3256387a0e3f17a1a1be0f7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 26 Apr 2023 01:32:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 26 Apr 2023 01:32:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 26 Apr 2023 01:32:04 GMT

GET
H2 200 styles.css
pastelink.net/assets/css/ 121 KB
121 KB 176ms
173ms Stylesheet
text/css 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/css/styles.css?q=36

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

ec237517566b85a5797425cebe748d7248a7d8c698bdb113f9615946b7434a78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/7hemp0vr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Mon, 24 Apr 2023 17:57:18 GMT
server: nginx
etag: "6446c2fe-1e436"
content-type: text/css
accept-ranges: bytes
content-length: 123958

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 509ms
143ms Script
application/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d9d"
vary: Accept-Encoding
x-hw: 1682472724.dop160.fr8.t,1682472724.cds244.fr8.hn,1682472724.cds144.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 script.min.js Show response
pastelink.net/assets/js/ 41 KB
41 KB 155ms
154ms Script
application/javascript 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/js/script.min.js?q=36

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

190d542d8e593c755fd16e67ca62583e183957829dfb69cc2e00c7bf67df237d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/7hemp0vr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 17 Nov 2022 12:00:15 GMT
server: nginx
etag: "6376224f-a225"
content-type: application/javascript
accept-ranges: bytes
content-length: 41509

GET
H2 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/ 2 KB
1 KB 954ms
231ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/js.cookie.min.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 28895965
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 772
last-modified: Mon, 04 May 2020 16:11:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec5-6d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NZkl7j2Xw8iq93lUEOeZjVZHswTAKSmzVDdWdPmjtd2vDu9Ke6OVsZFGs3l0kkdNjgGVSsJOH3%2BS98Qd39Yt17LZ5IN%2FitIPnStrqHBxJKz24oEpq7riaR5Gy7PpAO8om4oMv6%2Bu"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7bdb11e17e6892c9-FRA
expires: Mon, 15 Apr 2024 01:32:04 GMT

GET
H2 200 css2
fonts.googleapis.com/ 439 B
370 B 506ms
147ms Stylesheet
text/css 142.250.181.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Federo:wght@400&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f10.1e100.net

Software

ESF /

Resource Hash

a53b5b78a91df3a9dfab513a287d4fa4c39b01d6db5110ecffd83e8f6c0044ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 26 Apr 2023 01:32:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 26 Apr 2023 01:32:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 26 Apr 2023 01:32:04 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 906 B
893 B 545ms
150ms Script
text/javascript 142.250.185.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=captchaLoaded

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f4.1e100.net

Software

GSE /

Resource Hash

977fec2807d31f9cda9b855a04aec643ed99e64f2d963806aea4221bd4586d98

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 573
x-xss-protection: 1; mode=block
expires: Wed, 26 Apr 2023 01:32:04 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 189 KB
67 KB 425ms
139ms Script
application/javascript 142.250.185.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.168 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

33e0650c01f9a54135d088714593b0149b568cc937327d981ae7dd32a21f0739

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68416
x-xss-protection: 0
last-modified: Wed, 26 Apr 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 26 Apr 2023 01:32:05 GMT

GET
H2 200 pastelink.js Show response
cdn4.buysellads.net/pub/ 538 KB
151 KB 439ms
145ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 54d04e60587e1c0573668e3020db63909de90f1e0adfcadb9b83053995460599

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:05 GMT
content-encoding: gzip
last-modified: Wed, 26 Apr 2023 00:55:16 GMT
server: AmazonS3
x-amz-request-id: Z5HS8DRYECQ0021H
etag: "f5a16a99c256d8fab9d4cbb6c200ed9e"
x-amz-server-side-encryption: AES256
x-hw: 1682472725.cds339.fr8.hn,1682472725.cds003.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 153587
x-amz-id-2: 2cOcSBTMuNFIlDeS4x2pIfzdCU48FhHwFFw36w3pVf3bGnbuFd1YQxta19Tpu9L7OONpiGmQO4c=

GET
H2 200 recaptcha__ka.js Show response
www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/ 442 KB
168 KB 432ms
140ms Script
text/javascript 142.250.185.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/recaptcha__ka.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=captchaLoaded

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f3.1e100.net

Software

sffe /

Resource Hash

e5d563ffd8db6e460ac4a8eba1934c4ca7c5415b34f06f2c65371ad03665bafe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 17:07:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 375904
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 171147
x-xss-protection: 0
last-modified: Fri, 21 Apr 2023 01:25:41 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 20 Apr 2024 17:07:01 GMT

GET
H2 200 debut_light.png
pastelink.net/assets/images/ 4 KB
4 KB 149ms
148ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/debut_light.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-10c8"
content-type: image/png
accept-ranges: bytes
content-length: 4296

GET
H2 200 pastelink-logo.svg
pastelink.net/assets/images/logo/ 3 KB
3 KB 151ms
149ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-d3d"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3389

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 arrow-down-blue.svg
pastelink.net/assets/images/ 239 B
409 B 152ms
151ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/arrow-down-blue.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-ef"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 239

GET
H2 200 moon.svg
pastelink.net/assets/images/ 2 KB
2 KB 153ms
152ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/moon.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-62e"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 1582

GET
H2 200 public-black.svg
pastelink.net/assets/images/ 578 B
749 B 154ms
153ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/public-black.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-242"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 578

GET
H2 200 social-spritesheet.png
pastelink.net/assets/images/ 28 KB
28 KB 159ms
158ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/social-spritesheet.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-70de"
content-type: image/png
accept-ranges: bytes
content-length: 28894

GET
H2 200 logo-bg-90-tl.svg
pastelink.net/assets/images/ 2 KB
2 KB 220ms
219ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-bg-90-tl.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-933"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2355

GET
H2 200 pastelink-logo-contrast.svg
pastelink.net/assets/images/logo/ 4 KB
4 KB 221ms
220ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo-contrast.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

3a73b36061944ebbb33696553917d393280f796e212afcd09057b441c1168606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-e31"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3633

GET
H2 200 logo-symbol-non-white-bg.svg
pastelink.net/assets/images/ 4 KB
5 KB 224ms
222ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-symbol-non-white-bg.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-11c0"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 4544

GET
H2 200 nord-white-trim.png
pastelink.net/assets/images/ 9 KB
9 KB 229ms
228ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/nord-white-trim.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

6f0fef1778678fd7b5436ebd0ba183edb1e28d93136539e8beb4e4d60efdeceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Mon, 24 Apr 2023 17:57:18 GMT
server: nginx
etag: "6446c2fe-2424"
content-type: image/png
accept-ranges: bytes
content-length: 9252

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 524ms
239ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 05:52:39 GMT
x-content-type-options: nosniff
age: 329966
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 05:52:39 GMT

GET
H2 200 iJWFBX-cbD_ETsbWilmf.woff2
fonts.gstatic.com/s/federo/v19/ 26 KB
26 KB 431ms
147ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/federo/v19/iJWFBX-cbD_ETsbWilmf.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Federo:wght@400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

3b011df17e8d9676cbaae47f785b9060a97feb144818eb5770e1d8ae7455dafd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 22:23:45 GMT
x-content-type-options: nosniff
age: 97700
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26604
x-xss-protection: 0
last-modified: Thu, 21 Apr 2022 16:57:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Apr 2024 22:23:45 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 419ms
135ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 06:24:35 GMT
x-content-type-options: nosniff
age: 328050
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 06:24:35 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 538ms
254ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 15:41:35 GMT
x-content-type-options: nosniff
age: 294630
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 15:41:35 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 674ms
136ms Script
text/javascript 216.239.38.178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.38.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 26 Apr 2023 00:27:45 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 3861
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Wed, 26 Apr 2023 02:27:45 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
78 KB 142ms
142ms Script
application/javascript 142.250.185.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.168 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

0f7a0631e44ae2becc0b3d8cc6790d2a62bd8a6cfe8315c71c9768f996a84c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80193
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 26 Apr 2023 01:32:05 GMT

GET
H2 200 tag Show response
btloader.com/ 22 KB
8 KB 421ms
140ms Script
application/javascript 104.26.7.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.139 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88f94fc9bb9bada786c28d661a00855994d18fbeda03d3834cf0c8a55fa79384

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:05 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 26 Apr 2023 01:04:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1601
etag: W/"e03622ac04805a8e06fb6e13744701f4"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y7UsSikSuq%2F6muZrSdzYLAGMquUP0McemqWdqdKfqr%2FEU7vhNCsSwSvzUkMLNg0Ny1wDPK%2BwnYEtUi9U7VUEVJ6aURiBG%2BegL4Wc0WUxdJab7UxsWhneosaWpluJPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray: 7bdb11e8ff109277-FRA

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 74 KB
25 KB 438ms
157ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8110a7b78aad269576f11e8480a21d0b56919b9adccedf7e57b559a877f1e009

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24997
x-xss-protection: 0
server: cafe
etag: 627 / 19473 / m202304200101 / config-hash: 3496528444417690014
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:05 GMT

GET
H2 200 acceptable.gif
cdn4.buysellads.net/ 43 B
236 B 266ms
266ms Image
image/gif 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn4.buysellads.net/acceptable.gif?ch=1&rn=3.810966075561857
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:05 GMT
last-modified: Fri, 19 Jul 2019 16:45:51 GMT
server: AmazonS3
x-amz-request-id: ZV2XCNMCDHZHGS9K
etag: "b4491705564909da7f9eaf749dbbfbb1"
x-hw: 1682472725.cds339.fr8.hn,1682472725.cds230.fr8.sc,1682472725.cds230.fr8.p
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 43
x-amz-id-2: OizZjiS1ezPu52Go2P69G2KOnRpP/WD8PsKvldkpwmNZc9E/6rqQtDdKJSSIQ0y4GY6/izIVXW0=

GET
H2 200 acceptable.gif
cdn4.buysellads.net/ 43 B
278 B 264ms
264ms Image
image/gif 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn4.buysellads.net/acceptable.gif?ch=2&rn=3.810966075561857
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:05 GMT
last-modified: Fri, 19 Jul 2019 16:45:51 GMT
server: AmazonS3
x-amz-request-id: ZV2YYE65X29TP8ZY
etag: "b4491705564909da7f9eaf749dbbfbb1"
x-hw: 1682472725.cds339.fr8.hn,1682472725.cds162.fr8.sc,1682472725.cds162.fr8.p
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 43
x-amz-id-2: rDHkgo5fFG6WK56oiBr/ZnO3ab2yinqNCHyF4RLBNc+hEgpHkASOovTNrVfE3023h9A4cjDCl1Q=

POST
H2 204 collect
www.google-analytics.com/g/ 0
169 B 523ms
236ms Ping
text/plain 216.239.38.178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=45je34j0&_p=1358110108&cid=570099938.1682472726&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682472725&sct=1&seg=0&dl=https%3A%2F%2Fpastelink.net%2F7hemp0vr&dt=How%20Adding%20A%20Electrician%20Hertfordshire%20To%20Your%20Life%27s%20Journey%20Will%20Make%20The%20The%20-%20Pastelink.net&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.38.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
331 B 437ms
146ms Image
image/gif 104.26.3.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:06 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2587398
x-guploader-uploadid: ADPycduyUPEuzBUIKx7fLz8o1gICs6GKx1jKQDp8CwfiatFid6KI9QByNnQXIiZNJcDullDOiy7LeRCk_J2AJKlJXBBEIA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o96ZMktoLmXi%2B6nj66JO%2FZ0aK0NAUN6OQbdMsNvYcwixEjwpLfZ71JVV0kNBXd0n%2FpB8nhEhLM2E2L%2Fs%2FSi%2FhwRbwPn7IByQmEU1ensZiafzTHrKMbRkIDh%2FJHudLWOyoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7bdb11ebbcc830ed-FRA
expires: Mon, 27 Mar 2023 03:17:53 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
571 B 432ms
137ms Image
image/x-icon 142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 22:18:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11615
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 22:18:31 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
927 B 434ms
144ms Image
image/gif 104.26.3.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.19397626245374844
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:06 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2587398
x-guploader-uploadid: ADPycduyUPEuzBUIKx7fLz8o1gICs6GKx1jKQDp8CwfiatFid6KI9QByNnQXIiZNJcDullDOiy7LeRCk_J2AJKlJXBBEIA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IU4v79ej6S7pAXE3nD4TCJVwUM0zeyz7FT0FlGwYuqeaw0a8WyvAvtzjkgw%2BhgzmJfI01iNKo4QU9EhOaeoojfrDtRMBkbodGmDjL9qjW5YuYMKVM4J%2FtTYqYrRsHGsSZg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7bdb11ebbcc930ed-FRA
expires: Mon, 27 Mar 2023 03:17:53 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/ 399 KB
124 KB 418ms
133ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

eebca01c60b315a6937fea6c94dfaa2b2afcb61cd14cdf7e655cefec2fc32017

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 20:45:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126587
x-xss-protection: 0
server: cafe
etag: 1883905843074567667
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 24 Apr 2024 20:45:26 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 72 B
601 B 433ms
148ms XHR
application/json 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pastelink.net

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

9613f838798d1aed5da373796f9180a1531b4670d6762a7db38dde12ae032934

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 59
x-xss-protection: 0
expires: Wed, 26 Apr 2023 01:32:06 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
93 B 148ms
146ms XHR
text/plain 216.239.38.178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1358110108&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F7hemp0vr&ul=en-us&de=UTF-8&dt=How%20Adding%20A%20Electrician%20Hertfordshire%20To%20Your%20Life%27s%20Journey%20Will%20Make%20The%20The%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=595387178&gjid=1712365943&cid=570099938.1682472726&tid=UA-55088947-2&_gid=1946568482.1682472726&_r=1&_slc=1&gtm=45He34j0n8155WHPWQ&z=1974779069

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.38.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 country Show response
api.btloader.com/ 16 B
203 B 532ms
246ms Fetch
application/json 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/country
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 45b5465229b3d2f0348a4cfcd69e52df10b6059122d41cff6f9854a30bf111cf

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:06 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 204 pv Show response
api.btloader.com/ 0
66 B 533ms
248ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=H8WsArtDns&w=5093624318001152&o=5102648370397184&cv=2.1.11-3-gabc8642&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fpastelink.net%2F7hemp0vr&sid=s8HvH54qz&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 26 Apr 2023 01:32:06 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 CWYD627N.json Show response
srv.buysellads.com/ads/ 930 B
664 B 467ms
147ms Fetch
application/json 64.227.38.224
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://srv.buysellads.com/ads/CWYD627N.json?forcebanner=493702&ignoretargeting=yes
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.227.38.224 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: srv-eu-ldn-17.buysellads.com
Software: //srv.buysellads.com /
Resource Hash: e4adee60e5a982b8e77ff2f3e5b746fd22d2d297be8d4d89a0de2c6379151d6f

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 26 Apr 2023 01:32:07 GMT
content-encoding: gzip
server: //srv.buysellads.com
content-length: 551
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ 483 B
1002 B 437ms
144ms Script
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 01:32:07 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 458502
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MpkdzRMLOu%2BVLnWyb49Hqm6VzvP924GF5GZ7%2Bf2GRWcBbWnVHkjuUkEB7KFnnkiufXz2tvIS9YEdjKznACQ5jDfCY%2FwFzYkAIXUJ21akQSkLvXo7Sj896rD4Pwl70Pf0"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 7bdb11f10ca8bb38-FRA

POST
H2 200 adreq Show response
ads.servenobid.com/ 109 B
439 B 489ms
160ms XHR
application/json 34.248.219.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=315
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.219.195 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-219-195.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 28206f4189052daa1630edbe12c03c5e58d4993e7192eaf1629c77759ac6df84

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 26 Apr 2023 01:32:07 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://pastelink.net
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H2 200 prebid Show response
mp.4dex.io/ 173 B
1 KB 429ms
151ms XHR
application/json 104.18.3.114
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.114 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d930e131a2786337b88b420203752e6bedbbe7e027df424561bee3d0947d4b03

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

x-version: 3.0.0-gcp-ams
date: Wed, 26 Apr 2023 01:32:07 GMT
x-err: Shapings: no adunits with size and seat and mapping
via: 1.1 google
cf-cache-status: DYNAMIC
content-encoding: gzip
x-warn: Process Floors. 3 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1675868039084-1_123456, Process Floors. 13 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1675868173958-4_123456, Process Floors. 1 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1675868324828-7_123456, Process Seats Booster. unable to get the seat booster engine for organization: 1116
pragma: no-cache
server: cloudflare
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7bdb11f10eb4049f-FRA
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
114 B 431ms
146ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://pastelink.net
date: Wed, 26 Apr 2023 01:32:05 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
1 KB 599ms
318ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU18831I
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: f57c9b5c6ebd6b9bb4c6f5634c61c2ad35574590e84fc063ddcbe05aea9782b1

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:07 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Wed, 26 Apr 2023 01:32:07 GMT

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
501 B 440ms
146ms XHR
application/json 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://pastelink.net
content-type: application/json
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 975ms
542ms XHR
application/json 213.19.162.31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=2&alt_size_ids=1%2C55&rp_schain=1.0,1!buysellads.com,16898,1,,,&rf=https%3A%2F%2Fpastelink.net%2F7hemp0vr&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2F7hemp0vr&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_FixedFooter_ROS%23bsa-zone_1675868039084-1_123456&tk_flint=pbjs_lite_v7.43.0&x_source.tid=9eab7afa-7719-4fb2-b546-437ffd0730e7&l_pb_bid_id=37b3c4f13915f8&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_FixedFooter_ROS%23bsa-zone_1675868039084-1_123456&slots=1&rand=0.3946953152503494
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.19.162.31 , United Kingdom, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 9a37c1a43b54ee3f2cddea81bbf2b46a05040cae20c7f6c12548388e97bdd89d

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:07 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://pastelink.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 642ms
209ms XHR
application/json 213.19.162.31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=15&alt_size_ids=2%2C1%2C16%2C232&rp_schain=1.0,1!buysellads.com,16898,1,,,&rf=https%3A%2F%2Fpastelink.net%2F7hemp0vr&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2F7hemp0vr&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_TopLeaderboard_ROS%23bsa-zone_1675868173958-4_123456&tk_flint=pbjs_lite_v7.43.0&x_source.tid=0ff13ac5-2d0d-46d0-b2c7-836cf171f0c1&l_pb_bid_id=38ca499cb8d4662&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_TopLeaderboard_ROS%23bsa-zone_1675868173958-4_123456&slots=1&rand=0.5532044096843505
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.19.162.31 , United Kingdom, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 677665c9aa36e5cd681e94aa60e14fa92cf7949c5040ca2bc46e82eed343d6cf

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:07 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://pastelink.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 841ms
409ms XHR
application/json 213.19.162.31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=15&alt_size_ids=9%2C8%2C10%2C16&rp_schain=1.0,1!buysellads.com,16898,1,,,&rf=https%3A%2F%2Fpastelink.net%2F7hemp0vr&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2F7hemp0vr&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_Sidebar_ROS%23bsa-zone_1675868324828-7_123456&tk_flint=pbjs_lite_v7.43.0&x_source.tid=8013eeea-55e5-454a-ae0e-ba59f3f8f998&l_pb_bid_id=393c13308b3cc3f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_Sidebar_ROS%23bsa-zone_1675868324828-7_123456&slots=1&rand=0.33490189777575274
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.19.162.31 , United Kingdom, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 3b69aa747c98f3cbff20d7439431d770dc46a4fafab40c9153b2e6e692bb7fd9

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:07 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://pastelink.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 11 KB
5 KB 776ms
343ms XHR
application/json 213.19.162.31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=15&alt_size_ids=10%2C16%2C53%2C67%2C101%2C102%2C221&rp_schain=1.0,1!buysellads.com,16898,1,,,&rf=https%3A%2F%2Fpastelink.net%2F7hemp0vr&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2F7hemp0vr&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_Interstitial_ROS%23bsa-zone_1675868453109-5_123456&tk_flint=pbjs_lite_v7.43.0&x_source.tid=490d2221-d0d9-4508-b4ce-e1b5e058dce0&l_pb_bid_id=403311278a97e13&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_Interstitial_ROS%23bsa-zone_1675868453109-5_123456&slots=1&rand=0.19599198273140983
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.19.162.31 , United Kingdom, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: d6165e9d2b3a0134993445c944512d598f502a9482f217425969e0f78a25d485

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:07 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://pastelink.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 496 B
2 KB 525ms
242ms XHR
application/json 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.2 /

Resource Hash

a07b2d3f344804ec5e5899074a5422e18b28777db5ce90c694ecea79b20a4499

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:07 GMT
AN-X-Request-Uuid: 77abc017-8790-4262-b358-a09094ebacd2
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://pastelink.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 91.239.206.153; 91.239.206.153; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 496
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 2 KB
943 B 471ms
171ms XHR
application/json 185.255.84.151
IGUANE-

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fpastelink.net%2F7hemp0vr&PageUrl=https%3A%2F%2Fpastelink.net%2F7hemp0vr&PageReferrer=https%3A%2F%2Fpastelink.net%2F7hemp0vr

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.151 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

e87a5e3e670429a28f4590fafffb9bad5a45df4479c95ad247bb1c7bc44a0505

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 26 Apr 2023 01:32:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO PSA OUR"
x-envoy-upstream-service-time: 22
content-length: 483
pragma: no-cache
server: ayl-lb-fra02
access-control-max-age: 3600
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding
access-control-allow-headers: Accept-Encoding, Content-Type
expires: 0

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
311 B 458ms
163ms XHR
application/json 178.250.7.10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.43.0&cb=39830780140&lsavail=1

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 26 Apr 2023 01:32:06 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://pastelink.net
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 553ms
154ms XHR
application/json 81.17.55.99
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.99 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: cc355fb896177685045a25e92a9b891b063232469b4286975e7cbb517ce7f637

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:07 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 559ms
160ms XHR
application/json 81.17.55.99
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.99 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 5d105706136072e68e4f64506fcd85ce53005e96431e4c7b2aff1655cd7acdc0

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:06 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 852 B
2 KB 565ms
162ms XHR
application/json 81.17.55.99
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.99 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 175d2396ffff9c88b106d57937e2548891a098dcf1ff3df867f16e144dcbd257

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:06 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 564ms
160ms XHR
application/json 81.17.55.99
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.99 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: f40c7fbbe780ac0c89f1272e59072315224dc5e09e8dcccec5f87b5e998235e8

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:06 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 566ms
159ms XHR
application/json 81.17.55.99
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.99 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 4c1cd9231c34681700c821a83e97f054589344e4bd0659d3395f4825416d0110

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:06 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ 74 KB
24 KB 416ms
145ms Fetch
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 01:32:07 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 9SQCSNWB13JE4HN0
Age: 2648418
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: 8dWK4PvxwMnq9Anw2/MZuoZaH2mQWArFVgyDGW7YNJdwNJKkYRdCx9kdJX4hgGUTkdhFsmJFxLA=
Last-Modified: Tue, 22 Nov 2022 09:44:15 GMT
Server: cloudflare
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ODy%2BqqM1FwM%2F6MWeIQk7HUMWgHJjWKcxBwjPcbSiXGbKFg0HxjGYFN3%2B2pvgLt3ZZjKp6onySP7A3ela2AgikGi7st%2B50K6MFfk3YZ06gl2Na%2FKFoFEjGpdQ7jLPwBLX"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
CF-RAY: 7bdb11f3ac2b8ffe-FRA

POST
H2 204 bids.gif Show response
c.4dex.io/ 0
254 B 428ms
144ms XHR
text/plain 35.241.34.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.4dex.io/bids.gif?adu_code=bsa-zone_1675868039084-1_123456&evt=init&ts=1682472727810&pv_id=a4f3bb3f-bc7d-467d-b590-569c9898d014&amts=ban&asizes=728x90%7C970x90%7C980x90%7C990x90%7C468x60&url=undefined&auct_id=978a1546-bfda-4751-96a8-556c126ece08&auct_start=1682472726854&auct_end=-1&v=1&js_late=1&js_ts=&navs_ts=1682472723403&partid=2023042601&bidders=nobid%2Cadagio%2Cpubmatic%2Cmedianet%2Conetag%2Crubicon%2Cappnexus%2Cadyoulike%2Ccriteo%2Csmartadserver&cpm=%2C%2C%2C%2C%2C%2C%2C%2C%2C&cpm_adjst_rate=%2C%2C%2C%2C%2C%2C%2C%2C%2C&net_rev=%2C%2C%2C%2C%2C%2C%2C%2C%2C&cur=%2C%2C%2C%2C%2C%2C%2C%2C%2C&cur_rate=%2C%2C%2C%2C%2C%2C%2C%2C%2C&ttr=%2C%2C%2C%2C%2C%2C%2C%2C%2C&bttr=%2C%2C%2C%2C%2C%2C%2C%2C%2C&sts=%2C%2C%2C%2C%2C%2C%2C%2C%2C&w=%2C%2C%2C%2C%2C%2C%2C%2C%2C&h=%2C%2C%2C%2C%2C%2C%2C%2C%2C&deal=%2C%2C%2C%2C%2C%2C%2C%2C%2C&timeout=%2C%2C%2C%2C%2C%2C%2C%2C%2C&won=%2C%2C%2C%2C%2C%2C%2C%2C%2C&no_bid=%2C%2C%2C%2C%2C%2C%2C%2C%2C&crea_id=%2C%2C%2C%2C%2C%2C%2C%2C%2C&mt=%2C%2C%2C%2C%2C%2C%2C%2C%2C&cat=&dvc=2&env=desktop&org_id=1116&pgtyp=&plcmt=Pastelink_S2S_FixedFooter_ROS&site=pastelink-net&subcat=&os=windows&brwsr=chrome&u_ts=1682472726&adgjsv=1.16.2
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.34.106 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 106.34.241.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
via: 1.1 google
server: nginx
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: -1

POST
H2 204 bids.gif Show response
c.4dex.io/ 0
44 B 428ms
144ms XHR
text/plain 35.241.34.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.4dex.io/bids.gif?adu_code=bsa-zone_1675868173958-4_123456&evt=init&ts=1682472727810&pv_id=a4f3bb3f-bc7d-467d-b590-569c9898d014&amts=ban&asizes=728x90%7C468x60%7C728x200%7C580x400%7C750x280%7C760x280%7C690x90%7C675x90%7C670x90%7C650x90%7C630x90%7C600x90%7C580x90%7C570x90%7C300x250%7C336x280&url=undefined&auct_id=978a1546-bfda-4751-96a8-556c126ece08&auct_start=1682472726854&auct_end=-1&v=1&js_late=1&js_ts=&navs_ts=1682472723403&partid=2023042601&bidders=nobid%2Cadagio%2Cpubmatic%2Cmedianet%2Conetag%2Crubicon%2Cappnexus%2Cadyoulike%2Ccriteo%2Csmartadserver&cpm=%2C%2C%2C%2C%2C%2C%2C%2C%2C&cpm_adjst_rate=%2C%2C%2C%2C%2C%2C%2C%2C%2C&net_rev=%2C%2C%2C%2C%2C%2C%2C%2C%2C&cur=%2C%2C%2C%2C%2C%2C%2C%2C%2C&cur_rate=%2C%2C%2C%2C%2C%2C%2C%2C%2C&ttr=%2C%2C%2C%2C%2C%2C%2C%2C%2C&bttr=%2C%2C%2C%2C%2C%2C%2C%2C%2C&sts=%2C%2C%2C%2C%2C%2C%2C%2C%2C&w=%2C%2C%2C%2C%2C%2C%2C%2C%2C&h=%2C%2C%2C%2C%2C%2C%2C%2C%2C&deal=%2C%2C%2C%2C%2C%2C%2C%2C%2C&timeout=%2C%2C%2C%2C%2C%2C%2C%2C%2C&won=%2C%2C%2C%2C%2C%2C%2C%2C%2C&no_bid=%2C%2C%2C%2C%2C%2C%2C%2C%2C&crea_id=%2C%2C%2C%2C%2C%2C%2C%2C%2C&mt=%2C%2C%2C%2C%2C%2C%2C%2C%2C&cat=&dvc=2&env=desktop&org_id=1116&pgtyp=&plcmt=Pastelink_S2S_TopLeaderboard_ROS&site=pastelink-net&subcat=&os=windows&brwsr=chrome&u_ts=1682472726&adgjsv=1.16.2
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.34.106 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 106.34.241.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
via: 1.1 google
server: nginx
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: -1

POST
H2 204 bids.gif Show response
c.4dex.io/ 0
44 B 428ms
145ms XHR
text/plain 35.241.34.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.4dex.io/bids.gif?adu_code=bsa-zone_1675868324828-7_123456&evt=init&ts=1682472727810&pv_id=a4f3bb3f-bc7d-467d-b590-569c9898d014&amts=ban&asizes=120x600%7C160x600%7C300x600%7C300x250%7C336x280%7C240x600&url=undefined&auct_id=978a1546-bfda-4751-96a8-556c126ece08&auct_start=1682472726854&auct_end=-1&v=1&js_late=1&js_ts=&navs_ts=1682472723403&partid=2023042601&bidders=nobid%2Cadagio%2Cpubmatic%2Cmedianet%2Conetag%2Crubicon%2Cappnexus%2Cadyoulike%2Ccriteo%2Csmartadserver&cpm=%2C%2C%2C%2C%2C%2C%2C%2C%2C&cpm_adjst_rate=%2C%2C%2C%2C%2C%2C%2C%2C%2C&net_rev=%2C%2C%2C%2C%2C%2C%2C%2C%2C&cur=%2C%2C%2C%2C%2C%2C%2C%2C%2C&cur_rate=%2C%2C%2C%2C%2C%2C%2C%2C%2C&ttr=%2C%2C%2C%2C%2C%2C%2C%2C%2C&bttr=%2C%2C%2C%2C%2C%2C%2C%2C%2C&sts=%2C%2C%2C%2C%2C%2C%2C%2C%2C&w=%2C%2C%2C%2C%2C%2C%2C%2C%2C&h=%2C%2C%2C%2C%2C%2C%2C%2C%2C&deal=%2C%2C%2C%2C%2C%2C%2C%2C%2C&timeout=%2C%2C%2C%2C%2C%2C%2C%2C%2C&won=%2C%2C%2C%2C%2C%2C%2C%2C%2C&no_bid=%2C%2C%2C%2C%2C%2C%2C%2C%2C&crea_id=%2C%2C%2C%2C%2C%2C%2C%2C%2C&mt=%2C%2C%2C%2C%2C%2C%2C%2C%2C&cat=&dvc=2&env=desktop&org_id=1116&pgtyp=&plcmt=Pastelink_S2S_Sidebar_ROS&site=pastelink-net&subcat=&os=windows&brwsr=chrome&u_ts=1682472726&adgjsv=1.16.2
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.34.106 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 106.34.241.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
via: 1.1 google
server: nginx
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: -1

GET
H2 200 integrator.js Show response
adservice.google.ge/adsid/ 107 B
531 B 440ms
149ms Script
application/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ge/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 425ms
146ms Script
application/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 116 KB
24 KB 373ms
373ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2929864133011834&correlator=967568237134157&eid=31072878&output=ldjh&gdfp_req=1&vrg=202304200101&ptt=17&impl=fifs&iu_parts=22405481091%2CPastelink_S2S_FixedFooter_ROS%2CPastelink_S2S_TopLeaderboard_ROS%2CPastelink_S2S_Sidebar_ROS%2CPastelink_S2S_Interstitial_ROS%2CPastelink_S2S_TopAnchor_ROS&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=728x90%7C970x90%7C980x90%7C990x90%7C468x60%2C320x50%7C728x90%7C468x60%7C728x200%7C580x400%7C750x280%7C760x280%7C690x90%7C675x90%7C670x90%7C650x90%7C630x90%7C600x90%7C580x90%7C570x90%7C300x250%7C336x280%2C320x50%7C120x600%7C160x600%7C300x600%7C300x250%7C336x280%7C240x600%2C1x1%2C1x1&fluid=0%2Cheight%2Cheight%2C0%2C0&ifi=1&adks=840525636%2C3944560474%2C3798138915%2C1897443797%2C1230872867&sfv=1-0-40&ists=3&fas=0%2C0%2C0%2C8%2C2&prev_scp=optimize_ad_unit_id%3Dbsa-zone_1675868039084-1_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D728x90%26hb_pb%3D0.11%26hb_creative%3D2249%253A473439017%26hb_adid%3D70771e265b13541%26hb_bidder%3Drubicon%26_bd%3Dbid%26_pl%3D0.11%26hb_size_rubicon%3D728x90%26hb_pb_rubicon%3D0.11%26hb_adid_rubicon%3D70771e265b13541%26hb_bidder_rubicon%3Drubicon%7Coptimize_ad_unit_id%3Dbsa-zone_1675868173958-4_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D728x90%26hb_pb%3D0.03%26hb_creative%3D2249%253A483274177%26hb_adid%3D67846d03ea3817%26hb_bidder%3Drubicon%26_bd%3Dbid%26_pl%3D0.03%26hb_size_rubicon%3D728x90%26hb_pb_rubicon%3D0.03%26hb_adid_rubicon%3D67846d03ea3817%26hb_bidder_rubicon%3Drubicon%7Coptimize_ad_unit_id%3Dbsa-zone_1675868324828-7_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D160x600%26hb_pb%3D0.04%26hb_creative%3D2249%253A483294793%26hb_adid%3D6953e64a97a9302%26hb_bidder%3Drubicon%26_bd%3Dbid%26_pl%3D0.04%26hb_size_rubicon%3D160x600%26hb_pb_rubicon%3D0.04%26hb_adid_rubicon%3D6953e64a97a9302%26hb_bidder_rubicon%3Drubicon%7Coptimize_ad_unit_id%3Dbsa-zone_1675868453109-5_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D300x600%26hb_pb%3D0.03%26hb_creative%3D2249%253A486272395%26hb_adid%3D689c5fdd531213d%26hb_bidder%3Drubicon%26_bd%3Dbid%26_pl%3D0.03%26hb_size_rubicon%3D300x600%26hb_pb_rubicon%3D0.03%26hb_adid_rubicon%3D689c5fdd531213d%26hb_bidder_rubicon%3Drubicon%7Coptimize_ad_unit_id%3Dbsa-zone_1678879398722-5_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0&eri=1&cust_params=optimize_refreshed%3Dfalse%26optimize_acceptable%3Dfalse%26optimize_adl_debug%3Dfalse%26optimize_ctv_debug%3Dfalse%26optimize_debug%3Dfalse%26optimize%3Dtrue%26optimize_adl_id%3D%26optimize_amp%3Dfalse%26optimize_audience%3Dtech%26optimize_env%3Dprod%26optimize_pub%3Dpastelink%26optimize_xp%3Da&sc=1&cookie_enabled=1&abxe=1&dt=1682472727934&lmt=1682472727&dlt=1682472723921&idt=2905&adxs=-12245933%2C310%2C1091%2C-9%2C-9&adys=-12245933%2C345%2C521%2C-9%2C-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C0%7C0%7C-1%7C-1&ucis=1%7C2%7C3%7C4%7C5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2F7hemp0vr&frm=20&vis=1&psz=1600x-1%7C705x424%7C168x607%7C0x-1%7C0x-1&msz=0x-1%7C705x250%7C120x600%7C0x-1%7C0x-1&fws=644%2C4%2C4%2C2%2C2&ohw=1600%2C1600%2C1600%2C0%2C0&ga_vid=570099938.1682472726&ga_sid=1682472728&ga_hid=1358110108&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

c693fa3a76ae3c886f9178bfb656698f38df8669ff90f4a323c33b588ba08a95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24099
x-xss-protection: 0
google-lineitem-id: 6245483927,6244825807,6244825810,6244825807,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425476193,138425476163,138425476154,138425476193,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 449ms
158ms XHR
application/json 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202304200101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

746063f478b2bc5043c3ba6f7df64711ee6741a540febed4f8aecb428f575df4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11273
x-xss-protection: 0

GET
H2 200 container.html Show response
10f9d7e471e06f01770b163f75fe6dc3.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9897 6 KB
3 KB 438ms
143ms Document
text/html 142.250.184.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10f9d7e471e06f01770b163f75fe6dc3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f1.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 01:32:08 GMT
expires: Thu, 25 Apr 2024 01:32:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/ 33 KB
12 KB 133ms
133ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl_page_level_ads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

0e1070ef03510c03bf072fc9acc862eb3e3bc71cd0079472eb0dc10455e9838a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:24:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43629
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11862
x-xss-protection: 0
server: cafe
etag: 16286120947684496633
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 24 Apr 2024 13:24:59 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 513E 0
0 179ms
178ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvbt2TQflRpdbPy3SncH1zgf62FQV8z7qVfM_7jWDrYzNVFwQL75GyUg2zRikZJn_VMQqFX2Dv-YvjEAZxH9_Tws_fqMRNmnQ_xAkRPy--C8xLb7D1fKvdT_hwvww1eNkdu4qsbHZl9sw4imUU3CMK15EaaXp4W-3Ajmq4uv0Cd6xH40sn_7PGnOoV6m975E4TY4caVSjYWiebYxYLUHZqKOC7emV2qpvRcuE7N1bS5bGCuC7snBYcvEDjEH-MyoYLVVQ13yRcOSyO0pOz2iGYWMRDhVlZGwOTPmNuOLeWYhm8pweoCYagFrlgNStwCoDd-jkmfdCbpV26clIkvy-iD5TU&sai=AMfl-YS_hG18gj5LraMbxwuH8gWSr05bhJ4-Nq5cvgB4mfdJkVU5VMr_-bjkr6bv9PKHo6K1kM8uxZSp4kZ9QYuq_UMLaRZ-_C1EjSdmyQaPQ7_Ik9OIpISMnNSrnBmRepFb5Wdol-GS-UAjVuLwHmOF&sig=Cg0ArKJSzIqb6C1lAZfjEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H2 200 prebid-universal-creative.js Show response
cdn4.buysellads.net/pub/ Frame 513E 26 KB
9 KB 143ms
143ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: gzip
last-modified: Mon, 24 Apr 2023 18:51:17 GMT
server: AmazonS3
x-amz-request-id: HN0CTCPMW0ZD5RSF
etag: "6247b34aaaa023705aa5146179ffd119"
x-amz-server-side-encryption: AES256
x-hw: 1682472728.cds339.fr8.hn,1682472728.cds248.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 8892
x-amz-id-2: Or/WK46ET7bA03EEQhE530CTRANDeifs8l2JmqejJLVfdu0hm5SUYNms1Bm7l8RcKKFhAlh5G9k=

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 513E 158 KB
49 KB 150ms
150ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

79159c859ad82bb982f7f91b91d4b50cf81faef5611aca61321908c656ebad6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49532
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1682335668691775"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3993 0
0 178ms
178ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvM2niiQQrwBCwb8d4EFevbIXAVry1c8eok9JokArk4hZ1c3YMMa0rQ_CxYQ1WjUiNEuqGBVQS6HkOWmyfDD6T3GcG5cF_2GIMhR2VE4GMnrfs48j8zgBcj2YhaTtOImNarELOlEGLQnB8z2OpZ5Ecsh1uhUC04yCWRXSZYEF0QN8--pYv2lKirD3AGH-Un40W1olFSevENGhoCCZdaGJNGixAuEHZ3U0cH4osK-1XdDzwj4gYVnO5ecZ4JBVA2qwom6d5N6DyekoL7w1jWijOZ1S3hbLDcVEwaENwGqepli5z0bX9H8q4IFLV84uyGJgszu-_-YRTrw8EF0f_4pQ04a4GF9vA&sai=AMfl-YTrP-489Ppc-jKjr_lavXDBskdDZSVBjo2WqmvOnUq1ejMVQC_U_pAxxvr5HCegwgLK-taylCNV0GIRKtEfNDIAXNJ7-z1Gc6fDYRRWIpKG-L4AUnRh3qgyXN6cpPV0SRUgCsV0HS-NedJksngI&sig=Cg0ArKJSzHNmwwSgyZeaEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H2 200 prebid-universal-creative.js Show response
cdn4.buysellads.net/pub/ Frame 3993 26 KB
9 KB 144ms
144ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: gzip
last-modified: Mon, 24 Apr 2023 18:51:17 GMT
server: AmazonS3
x-amz-request-id: HN0CTCPMW0ZD5RSF
etag: "6247b34aaaa023705aa5146179ffd119"
x-amz-server-side-encryption: AES256
x-hw: 1682472728.cds339.fr8.hn,1682472728.cds248.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 8892
x-amz-id-2: Or/WK46ET7bA03EEQhE530CTRANDeifs8l2JmqejJLVfdu0hm5SUYNms1Bm7l8RcKKFhAlh5G9k=

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3993 158 KB
48 KB 221ms
221ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

79159c859ad82bb982f7f91b91d4b50cf81faef5611aca61321908c656ebad6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49532
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1682335668691775"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B885 0
0 178ms
178ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst3h7IDEbvW2MThygljf8-cH3gVuDOy8IXxvsqVDf4vnkqGXCf5P1pyikzu1Z3lZfkFZnHVBVVCr2j5NL4dxxH-RuooW0y7e9d68ef_1wHuoreL7F50NpdKZQvLbjnBgTkpnrfrCAsQlzypZrANbp3ZdMh5BvfFZS_2FchVIrOJ3j6r-cSUPJiMTY6DrvWKue93tLWc83jOvO7eBFNXEXKxtPT29XQHmYiK0iyShQLxm3UGudRBXohQ3wikf_1aFEyWiqGthv8YomlrgQvoUKLfVQtJL6DXdh_GEI3HOr-eFBaNBB15urS82g8affpBBnAeeHGVPX9Am6aQ6xU4tw&sai=AMfl-YRJ8Uqd_-ND3JDZKIijJwoUumd1hOXttz3oAbJ2DHq2-PRYLKj5AH1cSJinZcTTTKJycsZfrsNtaiMvH2DRX4-XiR-bh6SAwYrJH6nT1cAm8lwb4_Hh-lGB3ALqEFR43YeYsdM63hs4cbsBO58n&sig=Cg0ArKJSzLDfgqewaQkKEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H2 200 prebid-universal-creative.js Show response
cdn4.buysellads.net/pub/ Frame B885 26 KB
9 KB 144ms
143ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: gzip
last-modified: Mon, 24 Apr 2023 18:51:17 GMT
server: AmazonS3
x-amz-request-id: HN0CTCPMW0ZD5RSF
etag: "6247b34aaaa023705aa5146179ffd119"
x-amz-server-side-encryption: AES256
x-hw: 1682472728.cds339.fr8.hn,1682472728.cds248.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 8892
x-amz-id-2: Or/WK46ET7bA03EEQhE530CTRANDeifs8l2JmqejJLVfdu0hm5SUYNms1Bm7l8RcKKFhAlh5G9k=

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B885 158 KB
48 KB 249ms
249ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

79159c859ad82bb982f7f91b91d4b50cf81faef5611aca61321908c656ebad6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49532
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1682335668691775"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame A60B 5 KB
755 B 146ms
145ms Stylesheet
text/css 142.250.181.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f10.1e100.net

Software

ESF /

Resource Hash

831997ce334905a4fc3c7f0673c30bd34701f9810d87b19335aea228804ae38a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 26 Apr 2023 00:58:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/ Frame A60B 19 KB
8 KB 409ms
133ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f1.1e100.net

Software

cafe /

Resource Hash

c5663a1ab2a975aedc88dbbf644d92980a966b614286321a39baac756077b738

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 15:24:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36480
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8167
x-xss-protection: 0
server: cafe
etag: 3140062999518874537
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 15:24:08 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 400ms
148ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304200101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f1.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7802 663 B
518 B 440ms
159ms Document
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJf7lc4DEPq2460EGKm24OEBMAE&v=APEucNVJQWkaEH0cwrcNJkLcF6eGVeaaSujmx3sgZhjssg5mtXXBCNuc3sH5mN8fRy8VgANIxT35U1L2EHUKREaj0ht_xJMTPQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

962d6dea088b031cd44d33f937adb5ba241a9435aa32a8be667d57482b8bbe1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 234
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 01:32:08 GMT
expires: Wed, 26 Apr 2023 01:32:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 513E 78 KB
27 KB 633ms
352ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 513E 42 B
63 B 736ms
456ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Du2tSw5mp5pxxMWYcrbAAAoYrNEPLf2W60G7Y7YLbyWFZ5DE4tfzBy_qlPoPxViglFqBjPnxli_WKvIKykl6xQHMN--XW3kS2y9JSHND_d72S9g6Q

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 513E 0
20 B 735ms
455ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5076272393318275525&x=8&ct=119

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 2e3eebbc-13da-444a-92cd-97bcae8f162f
beacon-ams3.rubiconproject.com/beacon/d/ Frame 513E 43 B
227 B 563ms
140ms Image
image/avif 213.19.162.27
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/2e3eebbc-13da-444a-92cd-97bcae8f162f?oo=0&accountId=18812&siteId=468716&zoneId=2765554&sizeId=2&e=6A1E40E384DA563BE6DD90A8ABA8C9A459AD120C84BB7932BE25C0D49D277040AB650906BBB6B5BEB6C524D152A27903B8B520C669668569DB3A1FC1B63E5C31E4F751495A473E3F58F3483D31C5FB57E858F27454BCF32B2A7D3A2E0E088D978C12627AA6D006BB510B0F4454E1A122269635E32681D14ACF5532AA3113C1E02605645952F6017844A75AD66660128DEF266754965F5C7AB1B229721769319741F20D68DDA6CED16501CE8AE89531941B0AA0638F733BE9E82A954C1004678A

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

213.19.162.27 , United Kingdom, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8F71 663 B
518 B 433ms
160ms Document
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMHbuOYBMAE&v=APEucNWI766zqTCI-u24NYgg-p3S1AjxdvPs2NMYGiWqwzr1iPyr1tjuK1Bx0lncIZbuxw3kZxvJo_pnTankj4WeJjZWZww5qg

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

962d6dea088b031cd44d33f937adb5ba241a9435aa32a8be667d57482b8bbe1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 234
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 01:32:08 GMT
expires: Wed, 26 Apr 2023 01:32:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3993 78 KB
27 KB 521ms
248ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3993 42 B
63 B 729ms
456ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C-V10Z0BOZdNBOfVPPZKM_cnBUFJRVGBUpG1EC0PO0pM2O7LTNi3I3PmS3-uTt0p_LuLIr03Gphx_1dskyNz8kDZoKWeJiS0ucwKS6jJrwdlKqDvc

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3993 0
20 B 728ms
455ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=8452094366671480925&x=8&ct=119

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 9a51a36c-ead6-4ac9-8f30-d37b43c87658
beacon-ams3.rubiconproject.com/beacon/d/ Frame 3993 43 B
75 B 556ms
141ms Image
image/avif 213.19.162.27
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/9a51a36c-ead6-4ac9-8f30-d37b43c87658?oo=0&accountId=18812&siteId=468716&zoneId=2765554&sizeId=2&e=6A1E40E384DA563BB318B5D2DBF913D525057B6934FE6C82CAE2B73E9FAE71E21EC85BDF721B5072BD05DAA53538BC85B8B520C669668569BE88881C334E0A0BE4F751495A473E3F58F3483D31C5FB57CD559C8B88F7B0F56FA7D51D21D0E0B34C77D11B23C2DA16332ABD5F57D16FCE4E316DE09278F99220DDA9D3968E48EF4E6FC96756E5E57152267ECE12F821FB0C85C0CA658AE718C55A19338AA8ADE085C1D4CA33AA36FA284CD63AB20A524F4D2C4660F062F278CDA10306204D320B

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

213.19.162.27 , United Kingdom, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C8AE 663 B
839 B 425ms
155ms Document
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMn8ueYBMAE&v=APEucNWVG6YaKEDA-w75ox4rPTl7Vy_XpClulo1fFpZXR6QDHwV5evXvw3KqITJy3ke7m3DKoqVGgY_aGvac6hT82mul3GzoVA

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

962d6dea088b031cd44d33f937adb5ba241a9435aa32a8be667d57482b8bbe1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 234
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 01:32:08 GMT
expires: Wed, 26 Apr 2023 01:32:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B885 78 KB
27 KB 568ms
299ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B885 42 B
63 B 724ms
456ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D5AyK_As7tWNe7LuetYreX2Q10w3_zmLHu1X2G0cDK7Cp7kCEue9dEOY-v9DK3_B-BcP0VEcIHLbXjHogvBleMLSPa0_fAOv-7dxbptJVfhDb8kQs

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B885 0
20 B 724ms
456ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4067074568466443859&x=8&ct=119

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 46b47ab2-d7d1-4217-96ad-b920abfe9313
beacon-ams3.rubiconproject.com/beacon/d/ Frame B885 43 B
75 B 552ms
141ms Image
image/avif 213.19.162.27
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/46b47ab2-d7d1-4217-96ad-b920abfe9313?oo=0&accountId=18812&siteId=468716&zoneId=2765554&sizeId=9&e=6A1E40E384DA563B65207A00E29DA44B5D8FEB642163E1E12060209C00CB54D0696E8610BB1BE7E7E56B1C268226726BB8B520C669668569A81BA7DFC7EA8267E4F751495A473E3F58F3483D31C5FB57CD559C8B88F7B0F5B1C7C1B6B28B3C258FF09DA4A4C5FC14D21297B632F3343B5AC0660D214BB6C338655183F131E6884E6FC96756E5E5717794B57E95D1F7FF346BD7D7DE2ED993A85B134D9E3ACA8B94C63C84FA2E031DD744FD84208B2F908CE8E20008ADE5D9CDA10306204D320B

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

213.19.162.27 , United Kingdom, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 prebid-universal-creative.js Show response
cdn4.buysellads.net/pub/ Frame 0AC5 26 KB
9 KB 144ms
144ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: gzip
last-modified: Mon, 24 Apr 2023 18:51:17 GMT
server: AmazonS3
x-amz-request-id: HN0CTCPMW0ZD5RSF
etag: "6247b34aaaa023705aa5146179ffd119"
x-amz-server-side-encryption: AES256
x-hw: 1682472728.cds339.fr8.hn,1682472728.cds248.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 8892
x-amz-id-2: Or/WK46ET7bA03EEQhE530CTRANDeifs8l2JmqejJLVfdu0hm5SUYNms1Bm7l8RcKKFhAlh5G9k=

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0AC5 158 KB
48 KB 150ms
150ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

79159c859ad82bb982f7f91b91d4b50cf81faef5611aca61321908c656ebad6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49532
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1682335668691775"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0D69 663 B
297 B 265ms
158ms Document
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIbDg9IDEILBqJAEGIvb7-cBMAE&v=APEucNU5mqLvWwO9hiJJeNCzF_-32CDFe9qPIiJXUTA51gm-m6NCl8gc-ZLiB6nogjR_BgECoHhwgz87N26W_WR3byLwXP47wA

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

962d6dea088b031cd44d33f937adb5ba241a9435aa32a8be667d57482b8bbe1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 234
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 01:32:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0AC5 78 KB
27 KB 276ms
170ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:08 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0AC5 42 B
63 B 560ms
455ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BomSrGE7TQWPMvKgKacOnMn-iQlbTw8vOItT6062cmHb7ge7Y36B6IT9g72cLnEtVnee0bWfh1F-_Aq_CwKZjvQ9xO98GX2F-puit9MfdtReRKgPQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0AC5 0
20 B 560ms
455ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4835737498075072726&x=8&ct=119

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 f740e6dd-ee15-4e34-b13d-14c31ae445e1
beacon-ams3.rubiconproject.com/beacon/d/ Frame 0AC5 43 B
75 B 389ms
141ms Image
image/avif 213.19.162.27
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/f740e6dd-ee15-4e34-b13d-14c31ae445e1?oo=0&accountId=18812&siteId=468716&zoneId=2765554&sizeId=10&e=6A1E40E384DA563BA7520F71049DD05EB53DB5435CEBE97E632724ED8CA568F6BB7482E81079598BE1715575DABCCD69B8B520C669668569898204A6603EDCFCE4F751495A473E3F58F3483D31C5FB5744961BA839FE5611ECA1DDED476B2FC14668B1E090BF27237AAF9745B2F0DFADCEF9CFE1AFD2960E6E1F3233368339BB2605645952F6017839F5A3AC3CDFB0C8B3CF07F829FC868858DAE887AD6500FF02D0DB66034A1A67896927C130882FF782F93E977FB6EE5ACDA10306204D320B

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

213.19.162.27 , United Kingdom, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:08 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DC2D 13 KB
5 KB 134ms
133ms Document
text/html 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f1.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
age: 24203
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Apr 2023 18:48:45 GMT
expires: Wed, 24 Apr 2024 18:48:45 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B4A7 783 B
919 B 153ms
152ms Document
text/html 142.250.185.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f4.1e100.net

Software

GSE /

Resource Hash

97c319b780c2ab10dc7ef00c16272cebe035cb1d2e3f22ddb2f3ac97306d874f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jg5eM1cFxFkyWJQjr6RIdw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-jg5eM1cFxFkyWJQjr6RIdw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 01:32:08 GMT
expires: Wed, 26 Apr 2023 01:32:08 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

cs
cs.lkqd.net/ Frame C8AE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1

43 B
534 B

540ms
233ms

Image
image/gif

146.20.132.173
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMn8ueYBMAE&v=APEucNWVG6YaKEDA-w75ox4rPTl7Vy_XpClulo1fFpZXR6QDHwV5evXvw3KqITJy3ke7m3DKoqVGgY_aGvac6hT82mul3GzoVA
Protocol: H2
Server: 146.20.132.173 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:09 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 296
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C8AE
Redirect Chain

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=enhHc2ZYRko1STA

170 B
188 B

153ms
152ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=enhHc2ZYRko1STA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMn8ueYBMAE&v=APEucNWVG6YaKEDA-w75ox4rPTl7Vy_XpClulo1fFpZXR6QDHwV5evXvw3KqITJy3ke7m3DKoqVGgY_aGvac6hT82mul3GzoVA

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 26 Apr 2023 01:32:09 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=enhHc2ZYRko1STA
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C8AE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1

43 B
632 B

139ms
133ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMn8ueYBMAE&v=APEucNWVG6YaKEDA-w75ox4rPTl7Vy_XpClulo1fFpZXR6QDHwV5evXvw3KqITJy3ke7m3DKoqVGgY_aGvac6hT82mul3GzoVA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C8AE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEh-GQUKbEXQbwlN2AwdBgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1

43 B
632 B

138ms
138ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMn8ueYBMAE&v=APEucNWVG6YaKEDA-w75ox4rPTl7Vy_XpClulo1fFpZXR6QDHwV5evXvw3KqITJy3ke7m3DKoqVGgY_aGvac6hT82mul3GzoVA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cs
cs.lkqd.net/ Frame 0D69
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1

43 B
534 B

522ms
219ms

Image
image/gif

146.20.132.173
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIbDg9IDEILBqJAEGIvb7-cBMAE&v=APEucNU5mqLvWwO9hiJJeNCzF_-32CDFe9qPIiJXUTA51gm-m6NCl8gc-ZLiB6nogjR_BgECoHhwgz87N26W_WR3byLwXP47wA
Protocol: H2
Server: 146.20.132.173 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:09 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 296
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0D69
Redirect Chain

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=S21OeUlDUjZ5YWM

170 B
188 B

146ms
146ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=S21OeUlDUjZ5YWM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIbDg9IDEILBqJAEGIvb7-cBMAE&v=APEucNU5mqLvWwO9hiJJeNCzF_-32CDFe9qPIiJXUTA51gm-m6NCl8gc-ZLiB6nogjR_BgECoHhwgz87N26W_WR3byLwXP47wA

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 26 Apr 2023 01:32:09 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=S21OeUlDUjZ5YWM
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0D69
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1

43 B
632 B

139ms
133ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIbDg9IDEILBqJAEGIvb7-cBMAE&v=APEucNU5mqLvWwO9hiJJeNCzF_-32CDFe9qPIiJXUTA51gm-m6NCl8gc-ZLiB6nogjR_BgECoHhwgz87N26W_WR3byLwXP47wA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0D69
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEh-GeOWmeGxwDt7SWaCOAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1

43 B
632 B

137ms
136ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIbDg9IDEILBqJAEGIvb7-cBMAE&v=APEucNU5mqLvWwO9hiJJeNCzF_-32CDFe9qPIiJXUTA51gm-m6NCl8gc-ZLiB6nogjR_BgECoHhwgz87N26W_WR3byLwXP47wA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cs
cs.lkqd.net/ Frame 7802
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1

43 B
534 B

516ms
228ms

Image
image/gif

146.20.132.173
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJf7lc4DEPq2460EGKm24OEBMAE&v=APEucNVJQWkaEH0cwrcNJkLcF6eGVeaaSujmx3sgZhjssg5mtXXBCNuc3sH5mN8fRy8VgANIxT35U1L2EHUKREaj0ht_xJMTPQ
Protocol: H2
Server: 146.20.132.173 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:09 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 296
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7802
Redirect Chain

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=Y0RQMHJ2WC1oX00

170 B
188 B

147ms
146ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=Y0RQMHJ2WC1oX00

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJf7lc4DEPq2460EGKm24OEBMAE&v=APEucNVJQWkaEH0cwrcNJkLcF6eGVeaaSujmx3sgZhjssg5mtXXBCNuc3sH5mN8fRy8VgANIxT35U1L2EHUKREaj0ht_xJMTPQ

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 26 Apr 2023 01:32:09 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=Y0RQMHJ2WC1oX00
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7802
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1

43 B
632 B

149ms
136ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJf7lc4DEPq2460EGKm24OEBMAE&v=APEucNVJQWkaEH0cwrcNJkLcF6eGVeaaSujmx3sgZhjssg5mtXXBCNuc3sH5mN8fRy8VgANIxT35U1L2EHUKREaj0ht_xJMTPQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7802
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEh-GeOWmeGxwDt7SWaCOAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1

43 B
632 B

134ms
134ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJf7lc4DEPq2460EGKm24OEBMAE&v=APEucNVJQWkaEH0cwrcNJkLcF6eGVeaaSujmx3sgZhjssg5mtXXBCNuc3sH5mN8fRy8VgANIxT35U1L2EHUKREaj0ht_xJMTPQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cs
cs.lkqd.net/ Frame 8F71
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1

43 B
535 B

502ms
218ms

Image
image/gif

146.20.132.173
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMHbuOYBMAE&v=APEucNWI766zqTCI-u24NYgg-p3S1AjxdvPs2NMYGiWqwzr1iPyr1tjuK1Bx0lncIZbuxw3kZxvJo_pnTankj4WeJjZWZww5qg
Protocol: H2
Server: 146.20.132.173 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:09 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEOO65Zjv3oU8g1hxj47EC_8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 296
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8F71
Redirect Chain

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=TnVvbUVkdndvcWs

170 B
188 B

146ms
146ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=TnVvbUVkdndvcWs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMHbuOYBMAE&v=APEucNWI766zqTCI-u24NYgg-p3S1AjxdvPs2NMYGiWqwzr1iPyr1tjuK1Bx0lncIZbuxw3kZxvJo_pnTankj4WeJjZWZww5qg

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 26 Apr 2023 01:32:09 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=TnVvbUVkdndvcWs
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8F71
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1

43 B
632 B

134ms
134ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMHbuOYBMAE&v=APEucNWI766zqTCI-u24NYgg-p3S1AjxdvPs2NMYGiWqwzr1iPyr1tjuK1Bx0lncIZbuxw3kZxvJo_pnTankj4WeJjZWZww5qg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8F71
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEh-GbJTEEkVbYhHBFXLOgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1

43 B
766 B

134ms
134ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMHbuOYBMAE&v=APEucNWI766zqTCI-u24NYgg-p3S1AjxdvPs2NMYGiWqwzr1iPyr1tjuK1Bx0lncIZbuxw3kZxvJo_pnTankj4WeJjZWZww5qg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHOhhTX9z15EI5-cjgJCfTQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js Show response
pagead2.googlesyndication.com/bg/ Frame DC2D 36 KB
14 KB 222ms
222ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

sffe /

Resource Hash

089573faad72e10708f3a9071a67b4e677bd61e26c8b7a67351057b4812bbbfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 08:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 147900
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14219
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Apr 2024 08:27:09 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B4A7 0
0 222ms
222ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202304200101&jk=2929864133011834&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.58.212.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s21-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0AC5 0
20 B 177ms
176ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9792639872841&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0AC5 0
20 B 175ms
174ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9792639872841&version=m202301230201&ct=119&x=8&cor=4835737498075073000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0AC5 83 KB
35 KB 183ms
183ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A2a0pnhIND1s_k7WMaJCMpMcR1OJPZkrrfGUUfB307d4rq0yZSX2vd-kXCW_85FUdtiNDSelF__t6xgTp0NTNI5rY_MUEA-eWrKf4rllCWvwOzf5USJM007lf35r_NALEEY2PLqVV2liol1xzHfHxXe_Rq4dxDXtj84SVZ3p1nRXhkOIY&cry=1&dbm_d=AKAmf-AYIHHMn3OAOaWKAMMG4R-qcUatkjoOd6KRSS9NPdDnYZrXXw5UAx97Pzqi3nnPGXXWN_NHa3svsFJNUwdjHgCJdrJ1n_-ml825qi7tUp2W2ai0BNboxpTebY3e135b_9v5MMNSJ0wCo_BaYcCJNXIcJYMiswkGulqWrCE65Nj7Aq5jd9mk_P3Wg-8uCKrTcqOKZmA2sXalYvsgymQLBOwmJXSkrMUVJlspnVDs0YeZ3ZjvCa5B36bVd-VeUtPL03dRjIPlhYigYSSGHCTeNx9icAHTnxSkac_qhv3huNWv9PqFPrTRwu8EFRyNWm1Fdr-XTIh5Qqfh5rid1YD-MvQZk8QbG6D20xMcVo1u4n3ecyxPxme6TreuFNCm_Kk4ghTrUpUV7NkM2eD_mTMvqkV6MCKDa6M3uL7R5qhhJz3K-Libnqnsnenz5sNr7p2cLu1y6uO8F2z-juiU1C7XsWf-UCWFfqRUd_hwFbAznDqnNzLK-ED_eb_CQJH35D7mLolL1NVsXigj_WtCs6HdHVc8i2MbQ89e6ZMDWEZzJvfMSjnJdqapN7TGgxeL8gvTK8OMStiqEXUUvOjAgRBOSvvfQfql5xhVRLqIRYj2mFUwISHUnkQSu8O0PtF5HAu-egYZkQW0glcXL2H9KtliEOYBB34AF6ClqDwUb0xhJV2DWj1aPTPPLOEiTTT1w1d3iK1NGgEn-fPQIFts2AuCOUBqdzmUfSG5OxAXJYtoQ65BWcf_Eaon-U0ZlDeEbFRA6V75GS9rIUbrwfrX5uFghmv-vBdv7U6rj2X_hKDhdMar9L5MXNpC999609ivghML1kWp6f06DOqm1usleYdqg7dgw4JGerhKrwx9PY3a9LlPN9mV7-1VHlXTJbWfMJD5tiJxXlC0Ae8ipnrfS6m2Ilaqq-wekBgCpccoW3o5TnFv1GEP5oE5xKsyqOEkfJv1rDOlZtY4XSRMsWgUaozfp_r5E6bXQI6-sSD23h-q7iwidMlncrL4sRi13ItdLNZ9Zs6xp8WbtG7cgOyn2IG2-EgOKBgz-aXhPqe7YG8MMV8ZIZiSAXtg9DvG5DFtaqxk0ZAtzv5FU4gPgyqMjPeISZ5u6NK_dDJiIU91AOL5LKLMF-qMZwDRK7Oe2Vj4_I-fI1pP3iLL0b55TW2L6sm9kqnLWgNqkTmh1u0hfr35mNGo5GCVcNdaQGZv1KMy41biQ1XM_vp4Bo87J566mcqhYSATm6qgOPvLrmjORQmnLSZV7ejLQDM41X4JN2BOS1ZoIjxOnOaY8jYdCoKo3TonlzMNyVK9vi6NGkEmZCxycvP-UBJPapYXn14B9GTYcbvTsYxygjPHCTJIEHjBkfpf26wyxGulF1nzvsnZzwCT-2GDHJzYbK-r6sRccnsyIWWYHsMlxu5Ho0wpZQ4ORvkY4JisEYXT_X29OtA-PhfDR3j5Siuy5nGTl-iIisPzK8WaARNGH-llCTVoBbkw5TB_5XSpLKfD9h0tGGjronS9U_cnmiE37eWmQv8QcBqPU8N2GGGKN47hu0zXJ2xbYx1Xrvpay0Lp54hJ8PBRbl1bdpSZJKAmmEUoGbWLcAHkWqz_YNfgiS0DhcIi2pLIm5vb1S9qt68mFe2nm9ALcnz0DsDQprbPhGKrQ2K6Ve4fQhLNauB6L8o8ZXUK-1uO4hXjr9HnQ24PB-yRd5LoZhhIzEeWdjLrZGuNDan1w9rtg6Qbs5xeM2_Hoj9u8vIQ4Ex3Y1_EuS8vBcLsPLfWvQnnD4XU7lq93SegVz6tZ0Ibs7hDoqYihcv3GWuPjGxddpgaf4hYewvon9HJjFcle93RFS6tXyYdD-lapM3bFfMQYmYyLy_JcAOz8sTxqZgG3YTUx09to95qBmaoSJAHUbf_-3MDvBbWsASVnPT3UR5S4Yh6SDbZBwbXOd28Ut-e0wE_BgrIsPIiIOblUC_NLc2tS82_ABSPoaF2KLTRx1F6XV3yQpp9bulIDpoaqZJqCOHWUhoxYpfpRk_MBxXCGfP5rYB91IDUri9p-eTis554EX6ZUglQ2paNvLutFriIYgGt5sj11S8pXwz6utVB9XyN9EJj1ImdfVHpzL3bEZDZe93IssA9P1MC077iJUroOnyqRPG2DqNq1IZiy-yvqkn8Y1p1ime2Ysviqy4dm_KLlLDex9N-lFDxh3dkUtMYW1obUvSGxX0FXblrUZn__77CcuMEqb36ikJhqYQu7TDQ3ewrh4UDd-O50Sx1-2BZanTSOLz_pdOc2z33WQCVMEcK8an38ZngrebA2nX6aIBwTFaUZPuPSyEF9Ed-eLapAjjR4NosiN8PixVOx-XsffnF6q1UU9tyxyJjI6j8Z3iBZCsV4bER7Y3q0tl-bTQzL9tIazkddCokYP6FMaNoLN4s0owW9FQfVUSQF_bfGKCq5WrDm5oMNWmp2gC9eP_WMFgzvb4Bvo8v9gKlnR2EoOGC8sudk-YLYAbxFM7LZQSEMPqQZMgq-IB2DIhNd1MN0C7VlOoLJqj5VXpL4djK6gM_WgN30198atzYQJdjwC4I3CqrIadHakpqHTBiuIkhL0rLHvdb0I4KsnO3a1scpTjNuGvkpqoUotesm-Y4N43dZRLHBB9mkXFXPzZUbyIbKdXhqGL3cGKK1tiu4PNNktifIdk_h9VikjXuVvDY5pD4aEf1uCG_4uQLaPcgRiQHfVKEiDl83PZgeZwUWk299UihUbEPmVm2eoGbvFOuya255kqxVw9U9Gtv4mIYgQ0YxrmZl7w3cm9aQzQts-OAwshD_v65mBisuo5xH2sdczPYDtLxi0YSVAljFi8i1nWmYVo8WRvTvSTNboNVr8aV_JCJb923RgknP9AQis2OgnJb2P3Tf7tb7X5yJ8SkfBn3q6age-5-1gakJoU5tj9AdwlGn-R2XjBHlUwvUqAFyqxDykBZlWQr4D4FTDJOWkwc1mLqRSXlfLT0Z0NQgE2ng7H4h3JDGXTKy8HGgv4_UTjtWMxH0qQGkKPym-cK6gqAkCCs5Q1jggLjKJKMW-eCkYQrh4wOxAmOUo5rSf2NYf50xfHbFODZCwIqWVPWedgvNLAQdOySI9wPsJcqL14vfcLmcQNG-Lg1UpVAEV_a16G7Wh-eOaH4EZjnff43Ck1GhiBxTxHVKSPuZsvOq0PVNzTct-4MyvNBMzj_ikCENWN3RIa2eIASBzNqJvs3rOhQB0ZZvAH0xqKchjJWfMTb0zlv-ux1BnoxI1A&pr=8%3A8C16271E77AFFBAA&cid=CAQSGwBygQiDNRDoQx9FEJcvLq21SGC45myMcBwffhgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F7hemp0vr&ds=l&xdt=0&iif=1&cor=4835737498075073000&adk=2545910003&idt=517&cac=0&dtd=5

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

373c0c718e68909d14e20fbae24f443c23845f906c53f6c407d5ff86f5a6e2fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35605
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3993 0
20 B 173ms
172ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7605896528638&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3993 0
20 B 173ms
173ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7605896528638&version=m202301230201&ct=119&x=8&cor=8452094366671481000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3993 82 KB
35 KB 189ms
189ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ASuYUGYyF_1bq-Si4JtLO8aIcD50tnbcYi4xTm1FQq5kWMAfw9Gx3LRAUld3c9RKxr1WAzHVZmTq_R0273c-BgmTIA2n9AR54mUo6yo86NID7ruaUqObxNoZErcUS9uAcjGwh9POvnYZMQSW3FP1xjqaUP-KN8S98A-QPWRTFsFMAXo-w&cry=1&dbm_d=AKAmf-Ba4omBQbXi3NRwNtl1F366LjE4LAaK7hdXuiNNt0aWlLKWjj_iMWZMoed5o-uAz_R_W7fpUvz5znI197toxD0G_A9g7ufRMVSbsjctcRFcZcBL8IeAP6T7XkTS4q-YU-5SxAS93mT-ZVZjvhZu80-uniOqi6lk7XUQwmeMa9UDOgh-GTBYD1xk2WtAxP8nkqdt2akQyRdB5X0BMtYm1qMyy6g8pE6mHorzlcs17UfMwQpFIeSoscLrvnDv7ka_j7CtKpIsnqbmZ-9LOhC7z3eUSQfx-hvMSOhaIpXACxjV8xdwmOMQW1SHjjXsX9kpZLXX8P0QfQxCopRQgzjdNCXHMyfg7wTfQLHqKhHxaEbLSlpI3aZJZHZAGg1Z3_xRawnK3XrFtYdYA3ISxUj1n8KEivq-2G1ED0t_sLLxF-ZMzh-lP2ziIT1JZkqDGb2rRemGPI_Tx6994Kn7mCF9URGY6DH_GV2O7EIfwHy3rxicD8R29tx4DUBtWrl9uHyeliAHnXby3WZTNDnnobjVCsv-GnIeLR07dlNQuMnTGMfJVqcmeXFI13SgqgA1VEOZeW4QKYNKyUctteNOD300mQtRAb7bqOKm2WND8qtKJpB5aNo17NZzojvj1XZ-LKNXdqxpQTDMhPXqtgPZkpN6Hrm1pehYcCiaF0evqcT0eOhvKI8GC92rsxHvRkx905MO4QhOHy7BC0FidsvnqYzs9RlBiVNntAH7s9PJKKi1KGtkQaKxTivmVLX8yf5kyb2BuDudTnDV9b3bwFciSIAXOjxnxuBIrITuKNb2mao5v5hnHCegZSEAlC-4Dopa8buNzr6qCu9uVo9NcBMOCp-ktYKgHsNZ6TbZR-y8-iusFfxrYDQHnoXvsICUWsjm8ZXR-T3SiiT1QgCUWVFkgTVj_323lZfh-Gy3qP8Mx_4FDG6g77MiiwTkDA5ihsKhYmW5fYDB1lRCSUUdsHGfat9kMgf5J4G3Kw3tIQzi5OT-pD2VqfZLWDZ0ylNAPI2BNKOxtgkHDI3pSsMzS-FeJBEQ7bQ5M049GVTSMp8zJKiB8pAt-Q3J2dtNPnOBJtrolrcXq4Bm5Q3OyAbpU0BgE9zgSR4ZeAEbOiaEQjHSMcEG19sAtCdZ0MJrhVT3vwXNOE8KqsTCw36ZGKgfJ92npHG5O8nsQGagKmQFYaptB7o0zyIEwyvZ-sus86xk0YQtjd7EXU2SYAv4a__INYvJhghcZhMfwS6QpllPsAPb0uLGNQ04o7zaxZUc4zl3B6ZCchQKfqUKbCGfN5HnlgwGDNIu0xgZAgS8AYhVt7DfEteTBR0bZDUh7r1U7rDhc49OVMrhqPCRHXEINhiblkkmNj5r_E-NZlXlOxG33gfkpH9fj9o0cIPWibTrEHQdoWvQbsmNyWkRDMz5Tqul2FlJrZQ2u9JMDEUgqIYPjqU7TLTJUe_A6gR79NIkywYl2zRldEc5erVJ-I64XKEgnW5npOW96NgCtOV9hh3BR2UtMp-S8PR3T3lRYLhcpH6WM3Lpty3E2K40pynz36sah9W_VqEBdzrO_lprnnYRC1E8PE1kL4tmY39yy8Gb6AmyHD-mRk-l08J2QMnUsiYEKXz_k1NEWGCkREGg9m3Tu4JLXEv7QVnZxSDVbKE8pnAMn6dXbV_U2soot8yBZy-h28SYsLvXMhLktl31FLDPejmANsufj2TbbiZZd29277tNqXae8rfyWt6OKH9f14HyWCUGIII8PeqH-8-tirtH0BRk2fzMY2apqGwigyaZbHXgPx2Gm_AXujrDdf38gCmjKWZTJVIMrwmvMRsQbne0IismQNAP0P3TIbDrRO2MNiB43084-VK9VGyTYnav6c6MPoBd1oQ9TMudVx-LUeZdFof5JULJYxBQrIOjG5y7V4ZtmQ5MweEgQqn0ZabsEtbL-ZSxzJAXPVNe2Nu5rRfxxMdtXO7oXV2TU0LVlF5EL8cf9SEBiBMttIC9rFyaGpdzFAk6ai1xEVRhhTIiMiU2Rtwhcz8SW_FX-OI9PWgOHKI5eLpHxc_JMqnMOxXrW7OwSTOZYIXNwT1c3OdvCMUpnsChj0oIg8LWWfb0yowhA0toyYIsWCJpvDEIUUoqr28GyYM_g7M8C5Cm_AyhfOCOA28w4mW2K9C03l6nPdBGgyhYka14nvWd_u9OxKCsqDxTGUs9G2IwKIH2g7sjiqaiJAcYIDeRR8UMf8P4qcHmHjG96CIQAcPd131JXoD1OgTuD1_uDgydoD-77SDO3shSc9fS4A5qIpB-nZaCUCrWo34bm3fb9E7oIGXlZqL7tLj1Ytelvcqlzfp57ApaTHzD9qZMWqGgJlnMD1tFYfl-PyIjEHZYG-h-kdXL7Qozyh6ukcQhyE0o2HZE3EyefCJwHyocQgdByp7lmYA67h0K14n_0r8nzqVopUa0-JTIfg0zBzNQeW-qLbA_dFYb-2yLpfPlaWVzh8opYB5YGTh1LQ3EDsmphVNqoHQzTvR5hMV3c2mOKSOa4AEyfl6d7Afo6mGMnmeg2SpTeOWBgkAblR2gY11V70_KG8qXFIyzghBCbu_pA-tVzWW11p9hqDmYqbsIrxhb-iu4MFegnklXUO2v9XIIFjOOfQ_wIESbbGjBxt2buG2o0WO8cHZpLfAwFH1YGN37HfDgPq6AW6hr0lYu2cdE4TMiLImHUK-p92RXh8uA3Hk3-AXghcokgKjAhmnQbxKFrmB2SKJpkI7yAlMGtN5paP1V-aNxBpiSSXPvcPtVu3RcBMpQoxB3x8Ki58CjxboTqQKs0mEfR7vvsUhDIX1AGT6BBRpnvFYKeEhI8h_SIMXY34DRNSNOgPii-scDnK64xvd6UahMkEvn5jgeWdQhMwdQEQF5RbjGgIxs-OH-sK-1wRgR3JhkuESGIqA5WsycXJJxH_3rXfwAsrRhk06tAl2J1p3MLw6hPwtprKVAKrX2jlI50OdXwvlXhEjBi9H1TKkPd5nv_uxYHghHGmBkjjHxQOdGX-uw0o9RYRxlBzUYxqQgdBx0hKrNZOi3iJ10lVlhNziRJ4jMVPVTbcMrDBQQKkp_oZuqPec5oLl7OQkhidiVklIxP9Oay19dGkFEf0FShxFXEOW3ZhZ-Y0n4aciyXaT5rtZe6zqhcoNOn8vWBQqBMg41-r3LLd92mxdDrD35yKMen8g90FEXztNIr2eaSKgLkA0lCtHXYRj04MGjiG2KRgq1u7rIE0WN-U01-8cwSgK3ec92pujMfeQFhFddFsEFwZfR-7dJxKngtridMfqN8VdEWuRF4AyBL0Yvu0RX9cndFlXiUm0wgUuzIeEcyATjrVVd&pr=8%3A20346306D5A119BA&cid=CAQSGwBygQiDySTDit4RzcaSIrZahWPZpHXTGnHcLhgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F7hemp0vr&ds=l&xdt=0&iif=1&cor=8452094366671481000&adk=2403728479&idt=701&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

801b8dd8e96368cd4aaf11dff088dd542e2a0adc1677376621b1dfdd01cb5270

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35416
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B885 0
20 B 173ms
173ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2679293779858&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B885 0
20 B 174ms
174ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2679293779858&version=m202301230201&ct=119&x=8&cor=4067074568466444000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B885 82 KB
35 KB 257ms
256ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BbPBWBSE5P4yE94Kk4dKvC2z36HUGOtZnU_rrR96nvDhdJGBtep_43MaWifRf1KcKc7lg879wnm4wkITbzrJTgiX-BP8cQhayHSEL-LPing2AnTTxNc2VKdMYrhP3RWVp2KT8KxOewN2QnrZaN_2Lp9AS9zQLCNB0Ix007Pte0brli33lPJjUN2FEFFaaGCR0XXZKV&cry=1&dbm_d=AKAmf-AS6rL_5FEifkYfzCyr0_i0wOaj8YX-LzKDGb8Vl-L8305-3wAHdv0pqdv3fQvU6JxQyiPlS9pyDyrF3nIOF4eMdusmfKY0_I4JxH36uAecTNO86AyYioiIHJCMH7rslJyBaCzmP3uyDAnLszrSI2DVlqfaviIe8jcOxpmNnEWkcqzJ0XpuawewVccAnyMHV21Fvr53pYCYWzPDkF4Nd6UTwO4xyL21hmJyXMfbjaj1qoQP_MfUheTX7HvLz1YCzBf84R1jaRn66y-0s-jMd23ZFdc42pN70aSuYnsdfgtOFmpD-23ECUEHLK1uTimhCLjNrmh7qNC1tTxImWyvs6Ps8vbDHQOtA7_qzjngAd4E-X-dXN-N91nZuOCAXI5G02UP624KxB347wVnx-pPSUUUY1w7LhP3msNHq8sX-RnoNqU9U2g-wH8ktQjag8n7nFX7XaQnrYZoxqRHTVX0TD1hk9qoXFS5weAU5PvXW7wAldG5mIEOnNsyKSQwsV5MPwI-E7aIcQukumIIOOnIv8FzLQom2q3HNNdBYBx1Clueuv3lg-x1r9P97m6-SJIXfSub20Ju3N4wC22p6GO1lOueFkPoQbDMs3ZvTcG3sH0PkkWngo2MCtS7kAGyz5h3hFDOU6jpz7N-M7huapUnT96-9oQDdKydRI0RGp4lf_rl51Gtf8DmJ_1RucxuVsMVqSfzoZTqQmhEjIJ3-waURKBUvkIjAaku9bltkWHK3ZlMbVzaa1S6ER9MtM1sqV6NmTaOkHJ85F0DtOqggm9FpEpyLym2XCkvilSOW6hGMXgmbcgNljL-uPaOp2puVvBLT57CReoJEMEvW2AntCDRdg1jaCxrnHgcgTcVYz9HVvUm7oi1hg_DC3OgHzFPRWvuKM5iNIQt28-t-0jKTKF5htvDBMWx1lFcz6DgHB1YXM_J5vUFL5trD7umeSwelir-_R-xArfXNGEDZoBGtGgn5q9u52t_VJ3NtuaDAg4OfKp9xK2pj8K67EusUWeEERWooKCZFjlJKdusbGs0Sg4XUBQq9ia3tapYL_HGL5tCMjGsPbfZDKoEauzel1_xyR7nLqv8NQyqk5egpXXy1YUk6Du1cqeah69qQ3LhEmiXST8HUt_e47ABX5XaNerHaXuTPqr0XMLnYx3-ofo8p-NkjQ8GAIHmEt3W7XZ4BTucHi5kjHM4KD8BCnouIrKuSLThYiASwesirJJpW3fbnyQChPb2i0SwRmSNQ4EEDhug_dC7a8IEtRbworZBIaghG-NBW7wHO11Zd0cgOWUEnkkfrQw5jTdnEPNgXGL_S20s_Jsd9EHp-OXkE_6naRGJy6Wsd1mpInaquv6LK9hDmmS__rbTyoQHJKM9VqLAvGsfosF2y2dM6kBwdwjXvPg-GJmliQ55y25uxRmdorKpd9L7fRzaBJB3pOf6zUYSMX1-qBnKfkbma_YG8rnkUsV1YVZ4yjEba1ipjqdpeZofXhUm053FXycT4GKdDp0nQdBJhrCUbc4Bqdaq1gvxIZcfkpqAmA_Krd6xi5PLFO9JBIWTJrOaX6hLsRqtSCRmlZkAutBp5thKz2U0yxxTOzlleJfZz91kulP49xDzDoUgpt_ciUmWrthRIOZwu3rvztOAD6bUflNz7ojzECZh-GwMkIrzJsUlexs2VwoJSgkXfw3Ku965-4aJ_hIUslh35JpT4R7ZfqLb42h_Um7pGBLPI4LKMDSNPye0-SLW-rKzYVTevKeOmvAc6QeMNw_UblCgfwDwpAbNdNpRiQhMSq97ngcLeqAnYpLVi-o03Orrs7vFWiB4opUgivXZvy1-MkHkeQJpevTQfDbkvG6T5N42Zm3hlpBcYcx_-7m9Cl0pMCM-SfyfnSwNwA6_k5-jt9sp1XMw47f7RciRulv2uaIL0uFW-n_Y-xOM-PqKe2h0e-Rv5aU0G0EGbQLsWgNemM8mPCsGZ_jxx3tLOeEoloWwqLx1TzM7TvEa70Cnq59oi7z9sGySVOwQ3M0CSZj4SUWcUT-uqjgWIpU6CXO-z0K6FNc1a_okW1wDC_mBU0AMdnjjkw6wxlVevQkj-AHjEbPwm5TEd35ls-vpO29uO11-b-9Hb5n8EXYBjAXPDFZaW-gcCoIRj-u6UICQuEcpsOMZz9xpYFcTikH4GRkC0jpQT17N1QO8gKGeyAL7YoXV6edus8Q1Wp173HvEawt4itjnFP9Az9VpgAtTL44lDNHAAYw7MbSoS3KjmnSxaIBuA4mnJEAeEsJFb_vazz9ASoymW2qzNskydyCGhOoacgtZMm0udoTPFG43mrYaiMNLgNgQ8WxGESWGWoDNoLhvlDAKqwbVjV5DM7eZC8_YT7einSnBtmdfXG7QNL9AcSwvyzoutle_UDuRd_SWkqNaw-jvSbumI4seQCmH6yRSTG9kTxYiXCK8ubLYERMFAuhEBpuWMwqsIsRDlaaQ0t6VBeU5iRHzwx9SgT13r5wO4YVPxQ4p6a7UzZB51qwqz6e0lEh5tWqmKORP2Xydzc_WMyOh-b7wJR61ID70DiDKGZvSNTXbcsdIB5f-pC-uHD5iu3Us3FzAUalQL6B2dcqyenMwYQYxhhtbg_RX0GNJFwoYee1P6snpVqQR8uHyCcU_DLBQ5cqXw4U6R_6nQZtyH7ZRwx01p3NMK7uRdWMFnRAs3j51OxhZUsc4YKPq9zvIDsrCKXl9aCiuDrc0yQOc2DsUvt0ad_X-IaEtstmk9UsR33qLAfLkOwsLoH437NReII6_L3VCXAQGennZmKMMqdz40q3cce19vQW2Fbiox4CrCF9UX06lt83OXE4QepGknA4bZR0UVi4Dvq6NuOTvtPf3Dnd2AYL15Zno5qLKadLIJ1sJDdlUYkEIkLta5ta5y_T7oEP-CBSfJ02furNEpDww28oQHTaTjFsRWeKYJXAeVgUOc9NnsjOVDPzGnwoNWidS6zw6iZ-RM2cEvfhQ4tkRQ44KjaXPJF_rJV0019FyuU-Mfmepce8dg9ZLAW8UwHCteQJGgWM_n4NoMt6A6TYatTa1f-ttjsN9xucJ_aMdwGg9uyAIty6sEcFTyT2DFqb1SFp9u65BMrV6Dqeuf86Up5pi-ioJdshDc8jP21ArVHJR2J8NN7q4ZJDtKOIxGVC1fsPKArf0KI3TFJ_ahx0G9q3dPVYfKMjMPmRlNwbb5B4ED5jifMOYEvARWcz4iA87YvBs0okZkS0QMyyj873uFvtk-P22FoANIMVhuJLAnNpdZQqtn16aAFdz1FbaAAUJi4UBzSFVTO9mWykny7BxO1t-jeo2rZ4_g0trx8i3ero2_RlMajPE-2MNFslxTxMc_f5C9_akMy_7SqXR7pEt7BHjrhRdt7gii4VAxDhiQrecBxNm6N9B5KUem3YxF1MCzBPaXTvIo1cihV1j912dlAMreti53bxdr03cRarwvnz36RTf8lAxorQyubJlY6gC_TdbDcRtIuFKKf8zBs5TbgY4px48VIdcXsQ2h2THcgySdNRdk3CwQqKgepkHGheLOsWtTUNscT8WiT1OcIOvbb6mCxUp7YvmKE9__uEh2MdIzMoFAW47AzQRYpPxcYm4aQ5qXez0QGIi6Jst5XEIbq-M878XcpPWYCyrbvUkQQbW4vGrD3d1&pr=8%3AB28A10F41776A975&cid=CAQSGwBygQiDdfe-riTcb0bIDkvCHZpg6NqXtb6HhRgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F7hemp0vr&ds=l&xdt=0&iif=1&cor=4067074568466444000&adk=724314706&idt=712&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

7cb4de0c4a9d53b089052f5095c4373a8315de19c4aa851df45c22d8418c979a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35702
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 513E 0
20 B 174ms
172ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8460195016248&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 513E 0
20 B 173ms
172ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8460195016248&version=m202301230201&ct=119&x=8&cor=5076272393318275000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 513E 84 KB
35 KB 282ms
282ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AtjveWpHsIe0y0DBsaWft6ZPK8QvKQ42SdHraGA-LnJhkMEHfwJx2_wA4RK3hGVDAN6l3yNPmrAiuvy9hwuz3A1cErR8-AfmHVB-b75L4utp3pVvjsrSbdTKTAy8uGFFHacvTT4WbC9iBIu8IwwBVbxJOjXQUUHQ0x9G38CRg4F7HF1_s&cry=1&dbm_d=AKAmf-BcKqA_LMPnmw8yUSnwX3b7Jl1YVl0bVZxqOVq0fZZdgcvoyqHx8nmGhQd13ngjiGrw7BLUIOOD2MqnOWrsNwAht8sh2sTJi9Hc5_qJI1XE_5Lrsyh_8WjdNjy1GiiOj3JCR8ileAbEb0eUsWIDD1KK8ueHU33kguKDS-IyJsRYAXY-4Ju2Juv25ziamYXw9WysMyfV8OMViF251X_rMZHhhKGHI4aIiEX_4ffVevDPHd0bMnNCHzWrKQld3Ex9T9-6BTL8v5VJXn3MN5U_KSKQN7Ae26ij9rNfnlcjn_plh1TRIbOdSeBdMfZ7H52-K5OUjqeyTgbz8Viy2yD8CTm9z-GsOFIQwWFHaeWNJlmDZVEwKZLsCDR6CkdIKAVvuEX7aF2mdZEjN7IlGWd2VJhWiZaLoU4Gsn07uVIkArsFmAYgBfHDcb5FsK8jvz_6b2Cit9qU_qqPIjJ6UlUQgJQ1rbI6EDZ-ywYWLH7KFbHhJg03_PwMSeYfqqbtAVa1HANnaJRxY1yl33_hDGahQvBjG4rN5geX5ZqsT89hfjp0uSzRzXlbBICjmUnnXWGoUrC0Kb4i-0UELEIOKXZo23N6_-X29-Ccqry48HTO_B5kYopnb9IlYqfhjfB5HUjQACMPEcOfG-zx-q813qeDnox1B5PWGf3m5Bd_kLh3OvyNwkS14PAaWZ03lIphF1tu842iCVuzi8pYHxKNz_Uz1JwQAkAGMYQ7N1d_D6OhvbqgvwV8pB2XLTYpASELuRqnp_GF6d4qN6AJsfU3OeSfIGamYTBU6FdJkyzN5e9cRVya405uwFbol8hndoTxv7EM1J43I3NS4xwSZ-OBi0FgwjaSNIjXjaoYGp7zfASQzbPrUEWxf7IBmfvUbmNlK_EzPC-93uZmOKK1Ic7Cc5IjJm7SgANwPz2_4E6D6T-lIr8IAUzj20_jm2okFEdqLhFj3Kxc46S0Qm6rWo4-4Icds6abUVJ5mfE6WXKrrIxqCS-HcbCoUPexP0zMT7Z_FwDq0MDYbnry_03xnwHuesIURmx0vhNF1ZkykUvf0N2jynhlUWeAqVJ9vQyIW9nsVoObK4VzzsOZIVT_YXGbJnfnm0tNBeF6bPmgb4p7-vcn7fkVfk6GSOyaNOT86BeS6CxqgWRImCoV4pt_a-oyhaHcoqbER65vIuoblUuSUp8lWppyNvS1cOKjtRcYNe_KhHUGmjkRr2TjThsR9BESoExv-DpoQq8nxQ08p-ZU9TbbWQC0PW_oeBmLKB_6cipOkm7N0b_PkQ2qvkaY8mYifhxO3Xhy-7D8L070cul9io83GK2lpnIwvqffAx7sJMMTE_hk_0R4MLkJ5ClOTfKFoe_dzc05_5l_03tMbCw8gdV-OwGZkeu8u9nY8QOECwlQ0S5GNMV3RsN_pCJopwjglUh1SX04rIHf0t_BuK1cIG9rrXmSyEWq1FhF7h3i3LUznbT2YIeSo2QQkUwSogHxIoe6y45wqfxLsxXu93NK4SWtxl776As3AmLlVMoT4LlMioulN_uaAb9hJzczb97BOsHGBJ0DseqOkkJqwfds2AtfYEFCSFa_iLVqBQBhV-rZXmM-6rQzTEgWr1E4QGg6rikkaYcrJ5K_nUXhMWaUuKCVR8YPwAMRKjDBNnt9e0oCcHAVn9py5tb-NdFdXhgmF9WxPiwZwbk66FGrao-4w7ns6-C9d-AHobiBIYO3BjRg8DScYHx4mi4sRg7SMHY9HRxFEdHVGVyZ7IdJcpr5AP1QAKYFK7VRcGFFPPgKOgLYIcJe6yx-_OAfTPkv4wIwVsBajj8it2UMeDia5HM0A2zLP6_tIiQpm6w093pNnhNrQBPh9hYt88D2UDnxjmfv3aU1cflpi57vFU0GByz3LRPEz445Lsun935lLQVKfnefN4L4Y4BJQYbTlMQqu-duTme0PpSCEGaQuiglIADmLTsMrbFyoKZeWb8RMN0Lr1QW_Cvt1Huxz3HCVSnJKrZp653eYdcUjAHysf5zv-mXcwsUdkk_Bg2h9DqPhXgmMvFG2IfvKJZVm4mRNT78YSvt-lDb8PSjlr1mcbdemWOqgWPLI6bLg5M6XZu8Twut0lZMn5Nvq7FWXgA0YcDhrMC1qHQ1obHQXuHOhk8y0SaUBETp48VHeYqzcMwOZjo-vpVh7o_8V-aHom2XQDUBageoiSkFYLHNvzQHlxxsJFFtyOwAgRqERD9zpp2t9PR0XzYLXgyBZIOHST-1mE1HjZrZboR7cjb2MIE7gl7AhQMLG2-fPl-_-UmEolgXLv3u_cHT0gZ_dDX1FKZT_9wUR5uWwvs8jBJz7TD-trqQ4rdYJVN8HtcVhMmQf59_birIa_IRUjntGfcuW9_bLCiCcj4bYZ0CcVRsdsnjiobzaffRhx2yKZT43DcccViM_nYadGDLwWOIJcgI4Ralo3lQH7kjCBgt_WgNfZk6a7I-IENjZ0PU_3NfbW8koCmxVrCOySsOXMFuPbQawB3mq9uxtkFglaF9HQAdthwj2KWvEJ_ph7Q-Jgfe4YyDzUAP73RgOM3_zDU9GB0qjJB7VDlAZjsyDi_DSF4sd-iLfM-70HzN-bo_BLwhSegSpZk8NBIni9CYfqrwWW95GY5x-2yVB-onUGOr-YR5TXYuCk3C_TUG2fsFiPODf50tU1k_Ws7eVKi0LnCsN_zoSrEJTSrUb7SBzGdX8TJjz5B3xinao6x6OCKIWkWNT3pzIauGOj0jZNR2bRcFpAGzZI-q7N9q4ImpCbEEWCiD3xflCsFa0Jrtg2dDZTsQ-yCQGCxfe0FhTypcXpVd5P-IrqwOLtvwsjULybZre67XOCrhJ5lJaBLArjJYWKgBlvSdQO2GtjEuDX6cIM5pXCay2PIrKP1T_PCkMTbAsbMHlMAC5WfIWX67ACxUeZLuR-jsOSe--utC8qGS94TP1-K3KOjnppYnRa0P-nw6bHKHH0gOJHGrNPToTeRCVtp8VxvUyfsfnMGOBSBBp5IV-91jxiqdZJ8-ZufX_EUAUULLNVQ5qjkBGc1LJaAYfms8_NW-5rKHBjoYPGVVmj2-v-LpAPTr1wW2GVov5weVPdBAulmHWy3Ng33VcOMOiKKjBopV3yFTKNCfNbq7M086gO5b7uLi1ehGGxExa-zwMLyXIJOt6LSSTtAxiUVPNMWB-o_0ptUQRL5kOtFb5M0xXYSMfPm7WjZLTsDq8Pzm7FcT3OZL42j5pEY1GcdP5DoI8RYQlzpMH6kQo9QwHx5ix_Zl9BVRShllpAKzMLCn9897lQFeTulbyhfR9u2SEE0X44_ZUDl-mllvi1JaoEMdHohe6N3IL2o98n--18Qdiu3rwXViHB9-QVZATObADtItMt1xTLhiPpK0WA8Zx1okobuj2mX6zRhi_mSGDOUgJIttpCGsbw&pr=8%3A11D9D28F4557DA28&cid=CAQSGwBygQiDva1sRQ9m0uBBgtaqUip5gi-3DvuVdxgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F7hemp0vr&ds=l&xdt=0&iif=1&cor=5076272393318275000&adk=1814326990&idt=736&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

fa90738d8bd068ebee032173cb39bfc2b56a0e1ca78fc75483122811f0d6a8dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36206
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DC2D 0
10 B 132ms
132ms Image
text/plain 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-ueYKg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s42-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:09 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 publishertag.prebid.135.js Show response
static.criteo.net/js/ld/ 89 KB
29 KB 495ms
212ms Script
text/javascript 178.250.7.2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.135.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

08882d31df95daace0c23f1108f3e11fc53ef17334df446f3e3cb395c597c955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 06 Apr 2023 09:15:34 GMT
server: nginx
etag: W/"642e8db6-1638a"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 27 Apr 2023 01:32:09 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 3993 106 KB
37 KB 434ms
142ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 09:27:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57896
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 09:27:13 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/ Frame 3993 11 KB
4 KB 142ms
139ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ASuYUGYyF_1bq-Si4JtLO8aIcD50tnbcYi4xTm1FQq5kWMAfw9Gx3LRAUld3c9RKxr1WAzHVZmTq_R0273c-BgmTIA2n9AR54mUo6yo86NID7ruaUqObxNoZErcUS9uAcjGwh9POvnYZMQSW3FP1xjqaUP-KN8S98A-QPWRTFsFMAXo-w&cry=1&dbm_d=AKAmf-Ba4omBQbXi3NRwNtl1F366LjE4LAaK7hdXuiNNt0aWlLKWjj_iMWZMoed5o-uAz_R_W7fpUvz5znI197toxD0G_A9g7ufRMVSbsjctcRFcZcBL8IeAP6T7XkTS4q-YU-5SxAS93mT-ZVZjvhZu80-uniOqi6lk7XUQwmeMa9UDOgh-GTBYD1xk2WtAxP8nkqdt2akQyRdB5X0BMtYm1qMyy6g8pE6mHorzlcs17UfMwQpFIeSoscLrvnDv7ka_j7CtKpIsnqbmZ-9LOhC7z3eUSQfx-hvMSOhaIpXACxjV8xdwmOMQW1SHjjXsX9kpZLXX8P0QfQxCopRQgzjdNCXHMyfg7wTfQLHqKhHxaEbLSlpI3aZJZHZAGg1Z3_xRawnK3XrFtYdYA3ISxUj1n8KEivq-2G1ED0t_sLLxF-ZMzh-lP2ziIT1JZkqDGb2rRemGPI_Tx6994Kn7mCF9URGY6DH_GV2O7EIfwHy3rxicD8R29tx4DUBtWrl9uHyeliAHnXby3WZTNDnnobjVCsv-GnIeLR07dlNQuMnTGMfJVqcmeXFI13SgqgA1VEOZeW4QKYNKyUctteNOD300mQtRAb7bqOKm2WND8qtKJpB5aNo17NZzojvj1XZ-LKNXdqxpQTDMhPXqtgPZkpN6Hrm1pehYcCiaF0evqcT0eOhvKI8GC92rsxHvRkx905MO4QhOHy7BC0FidsvnqYzs9RlBiVNntAH7s9PJKKi1KGtkQaKxTivmVLX8yf5kyb2BuDudTnDV9b3bwFciSIAXOjxnxuBIrITuKNb2mao5v5hnHCegZSEAlC-4Dopa8buNzr6qCu9uVo9NcBMOCp-ktYKgHsNZ6TbZR-y8-iusFfxrYDQHnoXvsICUWsjm8ZXR-T3SiiT1QgCUWVFkgTVj_323lZfh-Gy3qP8Mx_4FDG6g77MiiwTkDA5ihsKhYmW5fYDB1lRCSUUdsHGfat9kMgf5J4G3Kw3tIQzi5OT-pD2VqfZLWDZ0ylNAPI2BNKOxtgkHDI3pSsMzS-FeJBEQ7bQ5M049GVTSMp8zJKiB8pAt-Q3J2dtNPnOBJtrolrcXq4Bm5Q3OyAbpU0BgE9zgSR4ZeAEbOiaEQjHSMcEG19sAtCdZ0MJrhVT3vwXNOE8KqsTCw36ZGKgfJ92npHG5O8nsQGagKmQFYaptB7o0zyIEwyvZ-sus86xk0YQtjd7EXU2SYAv4a__INYvJhghcZhMfwS6QpllPsAPb0uLGNQ04o7zaxZUc4zl3B6ZCchQKfqUKbCGfN5HnlgwGDNIu0xgZAgS8AYhVt7DfEteTBR0bZDUh7r1U7rDhc49OVMrhqPCRHXEINhiblkkmNj5r_E-NZlXlOxG33gfkpH9fj9o0cIPWibTrEHQdoWvQbsmNyWkRDMz5Tqul2FlJrZQ2u9JMDEUgqIYPjqU7TLTJUe_A6gR79NIkywYl2zRldEc5erVJ-I64XKEgnW5npOW96NgCtOV9hh3BR2UtMp-S8PR3T3lRYLhcpH6WM3Lpty3E2K40pynz36sah9W_VqEBdzrO_lprnnYRC1E8PE1kL4tmY39yy8Gb6AmyHD-mRk-l08J2QMnUsiYEKXz_k1NEWGCkREGg9m3Tu4JLXEv7QVnZxSDVbKE8pnAMn6dXbV_U2soot8yBZy-h28SYsLvXMhLktl31FLDPejmANsufj2TbbiZZd29277tNqXae8rfyWt6OKH9f14HyWCUGIII8PeqH-8-tirtH0BRk2fzMY2apqGwigyaZbHXgPx2Gm_AXujrDdf38gCmjKWZTJVIMrwmvMRsQbne0IismQNAP0P3TIbDrRO2MNiB43084-VK9VGyTYnav6c6MPoBd1oQ9TMudVx-LUeZdFof5JULJYxBQrIOjG5y7V4ZtmQ5MweEgQqn0ZabsEtbL-ZSxzJAXPVNe2Nu5rRfxxMdtXO7oXV2TU0LVlF5EL8cf9SEBiBMttIC9rFyaGpdzFAk6ai1xEVRhhTIiMiU2Rtwhcz8SW_FX-OI9PWgOHKI5eLpHxc_JMqnMOxXrW7OwSTOZYIXNwT1c3OdvCMUpnsChj0oIg8LWWfb0yowhA0toyYIsWCJpvDEIUUoqr28GyYM_g7M8C5Cm_AyhfOCOA28w4mW2K9C03l6nPdBGgyhYka14nvWd_u9OxKCsqDxTGUs9G2IwKIH2g7sjiqaiJAcYIDeRR8UMf8P4qcHmHjG96CIQAcPd131JXoD1OgTuD1_uDgydoD-77SDO3shSc9fS4A5qIpB-nZaCUCrWo34bm3fb9E7oIGXlZqL7tLj1Ytelvcqlzfp57ApaTHzD9qZMWqGgJlnMD1tFYfl-PyIjEHZYG-h-kdXL7Qozyh6ukcQhyE0o2HZE3EyefCJwHyocQgdByp7lmYA67h0K14n_0r8nzqVopUa0-JTIfg0zBzNQeW-qLbA_dFYb-2yLpfPlaWVzh8opYB5YGTh1LQ3EDsmphVNqoHQzTvR5hMV3c2mOKSOa4AEyfl6d7Afo6mGMnmeg2SpTeOWBgkAblR2gY11V70_KG8qXFIyzghBCbu_pA-tVzWW11p9hqDmYqbsIrxhb-iu4MFegnklXUO2v9XIIFjOOfQ_wIESbbGjBxt2buG2o0WO8cHZpLfAwFH1YGN37HfDgPq6AW6hr0lYu2cdE4TMiLImHUK-p92RXh8uA3Hk3-AXghcokgKjAhmnQbxKFrmB2SKJpkI7yAlMGtN5paP1V-aNxBpiSSXPvcPtVu3RcBMpQoxB3x8Ki58CjxboTqQKs0mEfR7vvsUhDIX1AGT6BBRpnvFYKeEhI8h_SIMXY34DRNSNOgPii-scDnK64xvd6UahMkEvn5jgeWdQhMwdQEQF5RbjGgIxs-OH-sK-1wRgR3JhkuESGIqA5WsycXJJxH_3rXfwAsrRhk06tAl2J1p3MLw6hPwtprKVAKrX2jlI50OdXwvlXhEjBi9H1TKkPd5nv_uxYHghHGmBkjjHxQOdGX-uw0o9RYRxlBzUYxqQgdBx0hKrNZOi3iJ10lVlhNziRJ4jMVPVTbcMrDBQQKkp_oZuqPec5oLl7OQkhidiVklIxP9Oay19dGkFEf0FShxFXEOW3ZhZ-Y0n4aciyXaT5rtZe6zqhcoNOn8vWBQqBMg41-r3LLd92mxdDrD35yKMen8g90FEXztNIr2eaSKgLkA0lCtHXYRj04MGjiG2KRgq1u7rIE0WN-U01-8cwSgK3ec92pujMfeQFhFddFsEFwZfR-7dJxKngtridMfqN8VdEWuRF4AyBL0Yvu0RX9cndFlXiUm0wgUuzIeEcyATjrVVd&pr=8%3A20346306D5A119BA&cid=CAQSGwBygQiDySTDit4RzcaSIrZahWPZpHXTGnHcLhgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F7hemp0vr&ds=l&xdt=0&iif=1&cor=8452094366671481000&adk=2403728479&idt=701&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 16:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 16:32:53 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/ Frame 3993 28 KB
11 KB 139ms
139ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 16:32:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32399
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10768
x-xss-protection: 0
server: cafe
etag: 11141491900784070631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 16:32:10 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 0AC5 106 KB
37 KB 587ms
323ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 09:27:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57896
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 09:27:13 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/ Frame 0AC5 11 KB
4 KB 139ms
139ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A2a0pnhIND1s_k7WMaJCMpMcR1OJPZkrrfGUUfB307d4rq0yZSX2vd-kXCW_85FUdtiNDSelF__t6xgTp0NTNI5rY_MUEA-eWrKf4rllCWvwOzf5USJM007lf35r_NALEEY2PLqVV2liol1xzHfHxXe_Rq4dxDXtj84SVZ3p1nRXhkOIY&cry=1&dbm_d=AKAmf-AYIHHMn3OAOaWKAMMG4R-qcUatkjoOd6KRSS9NPdDnYZrXXw5UAx97Pzqi3nnPGXXWN_NHa3svsFJNUwdjHgCJdrJ1n_-ml825qi7tUp2W2ai0BNboxpTebY3e135b_9v5MMNSJ0wCo_BaYcCJNXIcJYMiswkGulqWrCE65Nj7Aq5jd9mk_P3Wg-8uCKrTcqOKZmA2sXalYvsgymQLBOwmJXSkrMUVJlspnVDs0YeZ3ZjvCa5B36bVd-VeUtPL03dRjIPlhYigYSSGHCTeNx9icAHTnxSkac_qhv3huNWv9PqFPrTRwu8EFRyNWm1Fdr-XTIh5Qqfh5rid1YD-MvQZk8QbG6D20xMcVo1u4n3ecyxPxme6TreuFNCm_Kk4ghTrUpUV7NkM2eD_mTMvqkV6MCKDa6M3uL7R5qhhJz3K-Libnqnsnenz5sNr7p2cLu1y6uO8F2z-juiU1C7XsWf-UCWFfqRUd_hwFbAznDqnNzLK-ED_eb_CQJH35D7mLolL1NVsXigj_WtCs6HdHVc8i2MbQ89e6ZMDWEZzJvfMSjnJdqapN7TGgxeL8gvTK8OMStiqEXUUvOjAgRBOSvvfQfql5xhVRLqIRYj2mFUwISHUnkQSu8O0PtF5HAu-egYZkQW0glcXL2H9KtliEOYBB34AF6ClqDwUb0xhJV2DWj1aPTPPLOEiTTT1w1d3iK1NGgEn-fPQIFts2AuCOUBqdzmUfSG5OxAXJYtoQ65BWcf_Eaon-U0ZlDeEbFRA6V75GS9rIUbrwfrX5uFghmv-vBdv7U6rj2X_hKDhdMar9L5MXNpC999609ivghML1kWp6f06DOqm1usleYdqg7dgw4JGerhKrwx9PY3a9LlPN9mV7-1VHlXTJbWfMJD5tiJxXlC0Ae8ipnrfS6m2Ilaqq-wekBgCpccoW3o5TnFv1GEP5oE5xKsyqOEkfJv1rDOlZtY4XSRMsWgUaozfp_r5E6bXQI6-sSD23h-q7iwidMlncrL4sRi13ItdLNZ9Zs6xp8WbtG7cgOyn2IG2-EgOKBgz-aXhPqe7YG8MMV8ZIZiSAXtg9DvG5DFtaqxk0ZAtzv5FU4gPgyqMjPeISZ5u6NK_dDJiIU91AOL5LKLMF-qMZwDRK7Oe2Vj4_I-fI1pP3iLL0b55TW2L6sm9kqnLWgNqkTmh1u0hfr35mNGo5GCVcNdaQGZv1KMy41biQ1XM_vp4Bo87J566mcqhYSATm6qgOPvLrmjORQmnLSZV7ejLQDM41X4JN2BOS1ZoIjxOnOaY8jYdCoKo3TonlzMNyVK9vi6NGkEmZCxycvP-UBJPapYXn14B9GTYcbvTsYxygjPHCTJIEHjBkfpf26wyxGulF1nzvsnZzwCT-2GDHJzYbK-r6sRccnsyIWWYHsMlxu5Ho0wpZQ4ORvkY4JisEYXT_X29OtA-PhfDR3j5Siuy5nGTl-iIisPzK8WaARNGH-llCTVoBbkw5TB_5XSpLKfD9h0tGGjronS9U_cnmiE37eWmQv8QcBqPU8N2GGGKN47hu0zXJ2xbYx1Xrvpay0Lp54hJ8PBRbl1bdpSZJKAmmEUoGbWLcAHkWqz_YNfgiS0DhcIi2pLIm5vb1S9qt68mFe2nm9ALcnz0DsDQprbPhGKrQ2K6Ve4fQhLNauB6L8o8ZXUK-1uO4hXjr9HnQ24PB-yRd5LoZhhIzEeWdjLrZGuNDan1w9rtg6Qbs5xeM2_Hoj9u8vIQ4Ex3Y1_EuS8vBcLsPLfWvQnnD4XU7lq93SegVz6tZ0Ibs7hDoqYihcv3GWuPjGxddpgaf4hYewvon9HJjFcle93RFS6tXyYdD-lapM3bFfMQYmYyLy_JcAOz8sTxqZgG3YTUx09to95qBmaoSJAHUbf_-3MDvBbWsASVnPT3UR5S4Yh6SDbZBwbXOd28Ut-e0wE_BgrIsPIiIOblUC_NLc2tS82_ABSPoaF2KLTRx1F6XV3yQpp9bulIDpoaqZJqCOHWUhoxYpfpRk_MBxXCGfP5rYB91IDUri9p-eTis554EX6ZUglQ2paNvLutFriIYgGt5sj11S8pXwz6utVB9XyN9EJj1ImdfVHpzL3bEZDZe93IssA9P1MC077iJUroOnyqRPG2DqNq1IZiy-yvqkn8Y1p1ime2Ysviqy4dm_KLlLDex9N-lFDxh3dkUtMYW1obUvSGxX0FXblrUZn__77CcuMEqb36ikJhqYQu7TDQ3ewrh4UDd-O50Sx1-2BZanTSOLz_pdOc2z33WQCVMEcK8an38ZngrebA2nX6aIBwTFaUZPuPSyEF9Ed-eLapAjjR4NosiN8PixVOx-XsffnF6q1UU9tyxyJjI6j8Z3iBZCsV4bER7Y3q0tl-bTQzL9tIazkddCokYP6FMaNoLN4s0owW9FQfVUSQF_bfGKCq5WrDm5oMNWmp2gC9eP_WMFgzvb4Bvo8v9gKlnR2EoOGC8sudk-YLYAbxFM7LZQSEMPqQZMgq-IB2DIhNd1MN0C7VlOoLJqj5VXpL4djK6gM_WgN30198atzYQJdjwC4I3CqrIadHakpqHTBiuIkhL0rLHvdb0I4KsnO3a1scpTjNuGvkpqoUotesm-Y4N43dZRLHBB9mkXFXPzZUbyIbKdXhqGL3cGKK1tiu4PNNktifIdk_h9VikjXuVvDY5pD4aEf1uCG_4uQLaPcgRiQHfVKEiDl83PZgeZwUWk299UihUbEPmVm2eoGbvFOuya255kqxVw9U9Gtv4mIYgQ0YxrmZl7w3cm9aQzQts-OAwshD_v65mBisuo5xH2sdczPYDtLxi0YSVAljFi8i1nWmYVo8WRvTvSTNboNVr8aV_JCJb923RgknP9AQis2OgnJb2P3Tf7tb7X5yJ8SkfBn3q6age-5-1gakJoU5tj9AdwlGn-R2XjBHlUwvUqAFyqxDykBZlWQr4D4FTDJOWkwc1mLqRSXlfLT0Z0NQgE2ng7H4h3JDGXTKy8HGgv4_UTjtWMxH0qQGkKPym-cK6gqAkCCs5Q1jggLjKJKMW-eCkYQrh4wOxAmOUo5rSf2NYf50xfHbFODZCwIqWVPWedgvNLAQdOySI9wPsJcqL14vfcLmcQNG-Lg1UpVAEV_a16G7Wh-eOaH4EZjnff43Ck1GhiBxTxHVKSPuZsvOq0PVNzTct-4MyvNBMzj_ikCENWN3RIa2eIASBzNqJvs3rOhQB0ZZvAH0xqKchjJWfMTb0zlv-ux1BnoxI1A&pr=8%3A8C16271E77AFFBAA&cid=CAQSGwBygQiDNRDoQx9FEJcvLq21SGC45myMcBwffhgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F7hemp0vr&ds=l&xdt=0&iif=1&cor=4835737498075073000&adk=2545910003&idt=517&cac=0&dtd=5

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 16:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 16:32:53 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/ Frame 0AC5 28 KB
11 KB 139ms
138ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 16:32:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32399
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10768
x-xss-protection: 0
server: cafe
etag: 11141491900784070631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 16:32:10 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame B885 106 KB
37 KB 480ms
244ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 09:27:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57896
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 09:27:13 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/ Frame B885 11 KB
4 KB 139ms
138ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BbPBWBSE5P4yE94Kk4dKvC2z36HUGOtZnU_rrR96nvDhdJGBtep_43MaWifRf1KcKc7lg879wnm4wkITbzrJTgiX-BP8cQhayHSEL-LPing2AnTTxNc2VKdMYrhP3RWVp2KT8KxOewN2QnrZaN_2Lp9AS9zQLCNB0Ix007Pte0brli33lPJjUN2FEFFaaGCR0XXZKV&cry=1&dbm_d=AKAmf-AS6rL_5FEifkYfzCyr0_i0wOaj8YX-LzKDGb8Vl-L8305-3wAHdv0pqdv3fQvU6JxQyiPlS9pyDyrF3nIOF4eMdusmfKY0_I4JxH36uAecTNO86AyYioiIHJCMH7rslJyBaCzmP3uyDAnLszrSI2DVlqfaviIe8jcOxpmNnEWkcqzJ0XpuawewVccAnyMHV21Fvr53pYCYWzPDkF4Nd6UTwO4xyL21hmJyXMfbjaj1qoQP_MfUheTX7HvLz1YCzBf84R1jaRn66y-0s-jMd23ZFdc42pN70aSuYnsdfgtOFmpD-23ECUEHLK1uTimhCLjNrmh7qNC1tTxImWyvs6Ps8vbDHQOtA7_qzjngAd4E-X-dXN-N91nZuOCAXI5G02UP624KxB347wVnx-pPSUUUY1w7LhP3msNHq8sX-RnoNqU9U2g-wH8ktQjag8n7nFX7XaQnrYZoxqRHTVX0TD1hk9qoXFS5weAU5PvXW7wAldG5mIEOnNsyKSQwsV5MPwI-E7aIcQukumIIOOnIv8FzLQom2q3HNNdBYBx1Clueuv3lg-x1r9P97m6-SJIXfSub20Ju3N4wC22p6GO1lOueFkPoQbDMs3ZvTcG3sH0PkkWngo2MCtS7kAGyz5h3hFDOU6jpz7N-M7huapUnT96-9oQDdKydRI0RGp4lf_rl51Gtf8DmJ_1RucxuVsMVqSfzoZTqQmhEjIJ3-waURKBUvkIjAaku9bltkWHK3ZlMbVzaa1S6ER9MtM1sqV6NmTaOkHJ85F0DtOqggm9FpEpyLym2XCkvilSOW6hGMXgmbcgNljL-uPaOp2puVvBLT57CReoJEMEvW2AntCDRdg1jaCxrnHgcgTcVYz9HVvUm7oi1hg_DC3OgHzFPRWvuKM5iNIQt28-t-0jKTKF5htvDBMWx1lFcz6DgHB1YXM_J5vUFL5trD7umeSwelir-_R-xArfXNGEDZoBGtGgn5q9u52t_VJ3NtuaDAg4OfKp9xK2pj8K67EusUWeEERWooKCZFjlJKdusbGs0Sg4XUBQq9ia3tapYL_HGL5tCMjGsPbfZDKoEauzel1_xyR7nLqv8NQyqk5egpXXy1YUk6Du1cqeah69qQ3LhEmiXST8HUt_e47ABX5XaNerHaXuTPqr0XMLnYx3-ofo8p-NkjQ8GAIHmEt3W7XZ4BTucHi5kjHM4KD8BCnouIrKuSLThYiASwesirJJpW3fbnyQChPb2i0SwRmSNQ4EEDhug_dC7a8IEtRbworZBIaghG-NBW7wHO11Zd0cgOWUEnkkfrQw5jTdnEPNgXGL_S20s_Jsd9EHp-OXkE_6naRGJy6Wsd1mpInaquv6LK9hDmmS__rbTyoQHJKM9VqLAvGsfosF2y2dM6kBwdwjXvPg-GJmliQ55y25uxRmdorKpd9L7fRzaBJB3pOf6zUYSMX1-qBnKfkbma_YG8rnkUsV1YVZ4yjEba1ipjqdpeZofXhUm053FXycT4GKdDp0nQdBJhrCUbc4Bqdaq1gvxIZcfkpqAmA_Krd6xi5PLFO9JBIWTJrOaX6hLsRqtSCRmlZkAutBp5thKz2U0yxxTOzlleJfZz91kulP49xDzDoUgpt_ciUmWrthRIOZwu3rvztOAD6bUflNz7ojzECZh-GwMkIrzJsUlexs2VwoJSgkXfw3Ku965-4aJ_hIUslh35JpT4R7ZfqLb42h_Um7pGBLPI4LKMDSNPye0-SLW-rKzYVTevKeOmvAc6QeMNw_UblCgfwDwpAbNdNpRiQhMSq97ngcLeqAnYpLVi-o03Orrs7vFWiB4opUgivXZvy1-MkHkeQJpevTQfDbkvG6T5N42Zm3hlpBcYcx_-7m9Cl0pMCM-SfyfnSwNwA6_k5-jt9sp1XMw47f7RciRulv2uaIL0uFW-n_Y-xOM-PqKe2h0e-Rv5aU0G0EGbQLsWgNemM8mPCsGZ_jxx3tLOeEoloWwqLx1TzM7TvEa70Cnq59oi7z9sGySVOwQ3M0CSZj4SUWcUT-uqjgWIpU6CXO-z0K6FNc1a_okW1wDC_mBU0AMdnjjkw6wxlVevQkj-AHjEbPwm5TEd35ls-vpO29uO11-b-9Hb5n8EXYBjAXPDFZaW-gcCoIRj-u6UICQuEcpsOMZz9xpYFcTikH4GRkC0jpQT17N1QO8gKGeyAL7YoXV6edus8Q1Wp173HvEawt4itjnFP9Az9VpgAtTL44lDNHAAYw7MbSoS3KjmnSxaIBuA4mnJEAeEsJFb_vazz9ASoymW2qzNskydyCGhOoacgtZMm0udoTPFG43mrYaiMNLgNgQ8WxGESWGWoDNoLhvlDAKqwbVjV5DM7eZC8_YT7einSnBtmdfXG7QNL9AcSwvyzoutle_UDuRd_SWkqNaw-jvSbumI4seQCmH6yRSTG9kTxYiXCK8ubLYERMFAuhEBpuWMwqsIsRDlaaQ0t6VBeU5iRHzwx9SgT13r5wO4YVPxQ4p6a7UzZB51qwqz6e0lEh5tWqmKORP2Xydzc_WMyOh-b7wJR61ID70DiDKGZvSNTXbcsdIB5f-pC-uHD5iu3Us3FzAUalQL6B2dcqyenMwYQYxhhtbg_RX0GNJFwoYee1P6snpVqQR8uHyCcU_DLBQ5cqXw4U6R_6nQZtyH7ZRwx01p3NMK7uRdWMFnRAs3j51OxhZUsc4YKPq9zvIDsrCKXl9aCiuDrc0yQOc2DsUvt0ad_X-IaEtstmk9UsR33qLAfLkOwsLoH437NReII6_L3VCXAQGennZmKMMqdz40q3cce19vQW2Fbiox4CrCF9UX06lt83OXE4QepGknA4bZR0UVi4Dvq6NuOTvtPf3Dnd2AYL15Zno5qLKadLIJ1sJDdlUYkEIkLta5ta5y_T7oEP-CBSfJ02furNEpDww28oQHTaTjFsRWeKYJXAeVgUOc9NnsjOVDPzGnwoNWidS6zw6iZ-RM2cEvfhQ4tkRQ44KjaXPJF_rJV0019FyuU-Mfmepce8dg9ZLAW8UwHCteQJGgWM_n4NoMt6A6TYatTa1f-ttjsN9xucJ_aMdwGg9uyAIty6sEcFTyT2DFqb1SFp9u65BMrV6Dqeuf86Up5pi-ioJdshDc8jP21ArVHJR2J8NN7q4ZJDtKOIxGVC1fsPKArf0KI3TFJ_ahx0G9q3dPVYfKMjMPmRlNwbb5B4ED5jifMOYEvARWcz4iA87YvBs0okZkS0QMyyj873uFvtk-P22FoANIMVhuJLAnNpdZQqtn16aAFdz1FbaAAUJi4UBzSFVTO9mWykny7BxO1t-jeo2rZ4_g0trx8i3ero2_RlMajPE-2MNFslxTxMc_f5C9_akMy_7SqXR7pEt7BHjrhRdt7gii4VAxDhiQrecBxNm6N9B5KUem3YxF1MCzBPaXTvIo1cihV1j912dlAMreti53bxdr03cRarwvnz36RTf8lAxorQyubJlY6gC_TdbDcRtIuFKKf8zBs5TbgY4px48VIdcXsQ2h2THcgySdNRdk3CwQqKgepkHGheLOsWtTUNscT8WiT1OcIOvbb6mCxUp7YvmKE9__uEh2MdIzMoFAW47AzQRYpPxcYm4aQ5qXez0QGIi6Jst5XEIbq-M878XcpPWYCyrbvUkQQbW4vGrD3d1&pr=8%3AB28A10F41776A975&cid=CAQSGwBygQiDdfe-riTcb0bIDkvCHZpg6NqXtb6HhRgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F7hemp0vr&ds=l&xdt=0&iif=1&cor=4067074568466444000&adk=724314706&idt=712&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 16:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 16:32:53 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/ Frame B885 28 KB
11 KB 139ms
139ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 16:32:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32399
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10768
x-xss-protection: 0
server: cafe
etag: 11141491900784070631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 16:32:10 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 513E 106 KB
37 KB 553ms
363ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 09:27:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57896
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 09:27:13 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/ Frame 513E 11 KB
4 KB 139ms
138ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AtjveWpHsIe0y0DBsaWft6ZPK8QvKQ42SdHraGA-LnJhkMEHfwJx2_wA4RK3hGVDAN6l3yNPmrAiuvy9hwuz3A1cErR8-AfmHVB-b75L4utp3pVvjsrSbdTKTAy8uGFFHacvTT4WbC9iBIu8IwwBVbxJOjXQUUHQ0x9G38CRg4F7HF1_s&cry=1&dbm_d=AKAmf-BcKqA_LMPnmw8yUSnwX3b7Jl1YVl0bVZxqOVq0fZZdgcvoyqHx8nmGhQd13ngjiGrw7BLUIOOD2MqnOWrsNwAht8sh2sTJi9Hc5_qJI1XE_5Lrsyh_8WjdNjy1GiiOj3JCR8ileAbEb0eUsWIDD1KK8ueHU33kguKDS-IyJsRYAXY-4Ju2Juv25ziamYXw9WysMyfV8OMViF251X_rMZHhhKGHI4aIiEX_4ffVevDPHd0bMnNCHzWrKQld3Ex9T9-6BTL8v5VJXn3MN5U_KSKQN7Ae26ij9rNfnlcjn_plh1TRIbOdSeBdMfZ7H52-K5OUjqeyTgbz8Viy2yD8CTm9z-GsOFIQwWFHaeWNJlmDZVEwKZLsCDR6CkdIKAVvuEX7aF2mdZEjN7IlGWd2VJhWiZaLoU4Gsn07uVIkArsFmAYgBfHDcb5FsK8jvz_6b2Cit9qU_qqPIjJ6UlUQgJQ1rbI6EDZ-ywYWLH7KFbHhJg03_PwMSeYfqqbtAVa1HANnaJRxY1yl33_hDGahQvBjG4rN5geX5ZqsT89hfjp0uSzRzXlbBICjmUnnXWGoUrC0Kb4i-0UELEIOKXZo23N6_-X29-Ccqry48HTO_B5kYopnb9IlYqfhjfB5HUjQACMPEcOfG-zx-q813qeDnox1B5PWGf3m5Bd_kLh3OvyNwkS14PAaWZ03lIphF1tu842iCVuzi8pYHxKNz_Uz1JwQAkAGMYQ7N1d_D6OhvbqgvwV8pB2XLTYpASELuRqnp_GF6d4qN6AJsfU3OeSfIGamYTBU6FdJkyzN5e9cRVya405uwFbol8hndoTxv7EM1J43I3NS4xwSZ-OBi0FgwjaSNIjXjaoYGp7zfASQzbPrUEWxf7IBmfvUbmNlK_EzPC-93uZmOKK1Ic7Cc5IjJm7SgANwPz2_4E6D6T-lIr8IAUzj20_jm2okFEdqLhFj3Kxc46S0Qm6rWo4-4Icds6abUVJ5mfE6WXKrrIxqCS-HcbCoUPexP0zMT7Z_FwDq0MDYbnry_03xnwHuesIURmx0vhNF1ZkykUvf0N2jynhlUWeAqVJ9vQyIW9nsVoObK4VzzsOZIVT_YXGbJnfnm0tNBeF6bPmgb4p7-vcn7fkVfk6GSOyaNOT86BeS6CxqgWRImCoV4pt_a-oyhaHcoqbER65vIuoblUuSUp8lWppyNvS1cOKjtRcYNe_KhHUGmjkRr2TjThsR9BESoExv-DpoQq8nxQ08p-ZU9TbbWQC0PW_oeBmLKB_6cipOkm7N0b_PkQ2qvkaY8mYifhxO3Xhy-7D8L070cul9io83GK2lpnIwvqffAx7sJMMTE_hk_0R4MLkJ5ClOTfKFoe_dzc05_5l_03tMbCw8gdV-OwGZkeu8u9nY8QOECwlQ0S5GNMV3RsN_pCJopwjglUh1SX04rIHf0t_BuK1cIG9rrXmSyEWq1FhF7h3i3LUznbT2YIeSo2QQkUwSogHxIoe6y45wqfxLsxXu93NK4SWtxl776As3AmLlVMoT4LlMioulN_uaAb9hJzczb97BOsHGBJ0DseqOkkJqwfds2AtfYEFCSFa_iLVqBQBhV-rZXmM-6rQzTEgWr1E4QGg6rikkaYcrJ5K_nUXhMWaUuKCVR8YPwAMRKjDBNnt9e0oCcHAVn9py5tb-NdFdXhgmF9WxPiwZwbk66FGrao-4w7ns6-C9d-AHobiBIYO3BjRg8DScYHx4mi4sRg7SMHY9HRxFEdHVGVyZ7IdJcpr5AP1QAKYFK7VRcGFFPPgKOgLYIcJe6yx-_OAfTPkv4wIwVsBajj8it2UMeDia5HM0A2zLP6_tIiQpm6w093pNnhNrQBPh9hYt88D2UDnxjmfv3aU1cflpi57vFU0GByz3LRPEz445Lsun935lLQVKfnefN4L4Y4BJQYbTlMQqu-duTme0PpSCEGaQuiglIADmLTsMrbFyoKZeWb8RMN0Lr1QW_Cvt1Huxz3HCVSnJKrZp653eYdcUjAHysf5zv-mXcwsUdkk_Bg2h9DqPhXgmMvFG2IfvKJZVm4mRNT78YSvt-lDb8PSjlr1mcbdemWOqgWPLI6bLg5M6XZu8Twut0lZMn5Nvq7FWXgA0YcDhrMC1qHQ1obHQXuHOhk8y0SaUBETp48VHeYqzcMwOZjo-vpVh7o_8V-aHom2XQDUBageoiSkFYLHNvzQHlxxsJFFtyOwAgRqERD9zpp2t9PR0XzYLXgyBZIOHST-1mE1HjZrZboR7cjb2MIE7gl7AhQMLG2-fPl-_-UmEolgXLv3u_cHT0gZ_dDX1FKZT_9wUR5uWwvs8jBJz7TD-trqQ4rdYJVN8HtcVhMmQf59_birIa_IRUjntGfcuW9_bLCiCcj4bYZ0CcVRsdsnjiobzaffRhx2yKZT43DcccViM_nYadGDLwWOIJcgI4Ralo3lQH7kjCBgt_WgNfZk6a7I-IENjZ0PU_3NfbW8koCmxVrCOySsOXMFuPbQawB3mq9uxtkFglaF9HQAdthwj2KWvEJ_ph7Q-Jgfe4YyDzUAP73RgOM3_zDU9GB0qjJB7VDlAZjsyDi_DSF4sd-iLfM-70HzN-bo_BLwhSegSpZk8NBIni9CYfqrwWW95GY5x-2yVB-onUGOr-YR5TXYuCk3C_TUG2fsFiPODf50tU1k_Ws7eVKi0LnCsN_zoSrEJTSrUb7SBzGdX8TJjz5B3xinao6x6OCKIWkWNT3pzIauGOj0jZNR2bRcFpAGzZI-q7N9q4ImpCbEEWCiD3xflCsFa0Jrtg2dDZTsQ-yCQGCxfe0FhTypcXpVd5P-IrqwOLtvwsjULybZre67XOCrhJ5lJaBLArjJYWKgBlvSdQO2GtjEuDX6cIM5pXCay2PIrKP1T_PCkMTbAsbMHlMAC5WfIWX67ACxUeZLuR-jsOSe--utC8qGS94TP1-K3KOjnppYnRa0P-nw6bHKHH0gOJHGrNPToTeRCVtp8VxvUyfsfnMGOBSBBp5IV-91jxiqdZJ8-ZufX_EUAUULLNVQ5qjkBGc1LJaAYfms8_NW-5rKHBjoYPGVVmj2-v-LpAPTr1wW2GVov5weVPdBAulmHWy3Ng33VcOMOiKKjBopV3yFTKNCfNbq7M086gO5b7uLi1ehGGxExa-zwMLyXIJOt6LSSTtAxiUVPNMWB-o_0ptUQRL5kOtFb5M0xXYSMfPm7WjZLTsDq8Pzm7FcT3OZL42j5pEY1GcdP5DoI8RYQlzpMH6kQo9QwHx5ix_Zl9BVRShllpAKzMLCn9897lQFeTulbyhfR9u2SEE0X44_ZUDl-mllvi1JaoEMdHohe6N3IL2o98n--18Qdiu3rwXViHB9-QVZATObADtItMt1xTLhiPpK0WA8Zx1okobuj2mX6zRhi_mSGDOUgJIttpCGsbw&pr=8%3A11D9D28F4557DA28&cid=CAQSGwBygQiDva1sRQ9m0uBBgtaqUip5gi-3DvuVdxgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F7hemp0vr&ds=l&xdt=0&iif=1&cor=5076272393318275000&adk=1814326990&idt=736&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 16:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 16:32:53 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/ Frame 513E 28 KB
11 KB 138ms
138ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 16:32:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32399
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10768
x-xss-protection: 0
server: cafe
etag: 11141491900784070631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 16:32:10 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3993 41 KB
15 KB 133ms
133ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 19:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280007
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 19:45:22 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame BEC0 281 B
554 B 422ms
131ms Document
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 26 Apr 2023 01:32:10 GMT
ETag: "40010-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3993 0
0 177ms
176ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss2bBEC8PHX9TejidAGq67Xd8cMdxpQe7WybKJz97DQY2nluDXJF-Nr-pT31Iuttbp8axicF54CRHfNpTXUlPFrDw2aoGqAbm3u38cDwyfq4jykp_SXwoUh75gb0XJjvOBQMctHYt2-AQR2HFRuRmUjsYrUaWYgoEF4sFYDQkuctZkwd66-tBdF7iaqDUYbmQosRnCTMew95lxKObNbJhGJI75KEk-_0yeY_YT3gnNSrtugnO_jvMpy9j_559fJMp8eMdRDXrfYIxNK21ED5TWW8vrwvcVNNPptKVrk2fhQYqqndV6FJddbYwTxWPt34GShgBExNLXaAjMOqsw2lSJQ8KyCB1tWMA&sai=AMfl-YQgX6td7WeoJ7RGlpVxUmuRFm1N7qi1m9SISiO_n6syQrFwvJ6jHNkaMzE_JjaqARnP-rAT-DyjtX4GJX96ZKEXBN9Nu3VY6C4yzFTIssLA6P0mpLuZK3niIABdAGjQQ4uZ9HhjY4mpVUGuz5SG&sig=Cg0ArKJSzBh6dDPMa60-EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 26 Apr 2023 01:32:09 GMT

GET
DATA 200
OK truncated
/ Frame 3993 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 46e93be186163f2421966a413816e276f12da8f982ab3d44563fe5c4c9253480

Request headers

accept-language: ka-GE,ka;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0AC5 41 KB
15 KB 133ms
133ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 19:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280007
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 19:45:22 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame FC10 281 B
554 B 393ms
131ms Document
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 26 Apr 2023 01:32:10 GMT
ETag: "40010-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B885 41 KB
15 KB 158ms
158ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 19:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280007
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 19:45:22 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 937E 281 B
554 B 404ms
135ms Document
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 26 Apr 2023 01:32:10 GMT
ETag: "40010-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame B885 0
0 176ms
176ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssMzgg0iPZyK9nhxevHj4KpwwJi7657bISHB-8MtQxDQltvhxLhIHIvlLlEBFhBXJulDbj_FQxcw8ayWJowxNSmL5KXcPn6kU24h1WWnsjUMjCZxVaeEKcfN2SbUDW8cFKqluJaw3pRXl3Nji83gLI1g87LkqLzZio9aV9p7Vv3T51giOm85tmFyGrwi-Om-T86TiFwRqcNg2eM7rcHGqvQWQUpKCHCRKi_Aw1d6lWOtFku2ZfEJYMoCneoAJh9diFENR08yvenQHmK152g8yrHok-MtFJ0O2TdNX2sl-iSnMVpSwA0rawU0c-a_CjfhYgIXnncamJivqbHS139UIqM&sai=AMfl-YTVs0h8Pb3Q8PiyS_P5XrfYjBGYefBW5Dlzcnv8PLgKZANaMGKDpF3U8MLfogaP1lYMMYbHrZXUnSj9PhbOcqU7LFs9guj4pijvCdUoQKCuhn1RebsZ8DLKSNU_qeHvVL6mbdaxhgwSf6UDE98x&sig=Cg0ArKJSzB2rxUAnLSd8EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 26 Apr 2023 01:32:09 GMT

GET
DATA 200
OK truncated
/ Frame B885 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1f0559b6305e3eb67af6090e057b4ba05da0edefa0c0857e2837ef4b7ca5ae9

Request headers

accept-language: ka-GE,ka;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 513E 41 KB
15 KB 176ms
176ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 19:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280007
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 19:45:22 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 51CC 281 B
554 B 409ms
136ms Document
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 26 Apr 2023 01:32:10 GMT
ETag: "40010-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 513E 0
0 176ms
176ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssa3wq_DphFQsny9y-NuJ7gOlet5dKPhjMxNu-iDCOD37urbUPmovVEm2l2-6cBXyTui0MDKoz5Tv6j4Yp_dF7YfS7sswDBt6r8FdK8MwsgSUIoWsKD7Uy2TMMjv0FbOpX14ihyd-QRV-ATOksZaE8oTAvJTin5IWALrb2UgaTomA0NjX93G-lqrY17LOmp6UcjivOrPMPmk3Zz7cd1SCfJKuVgpgv_yZ_AFgHUcZCWZZihF2Fz6Rcz3hRv_9sb8kHIZJQ54TnLa5BMWAVlxGdJhV7YYpY2fonTgKq0F0rvoa7EzHP2v8SV_MeXI0f6j3-S0G4UiQooYepMkXByfoIqPa-BPA&sai=AMfl-YQ-fe-XxunGZlaXLt2EY31WalijYNOdBslC2G_xXE8ge624R7BHoLRj0m_X_ojlvWiGgmy6uFheqmstkM_YLONhduOgujo-p0T9gv5YVzwNQJ08-oRsKy9g_VdejLFQ-4X05qo6wglHWxbA3cLh&sig=Cg0ArKJSzIK7r6e7-QovEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 26 Apr 2023 01:32:09 GMT

GET
DATA 200
OK truncated
/ Frame 513E 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 08d742a4342d3af73e46ec509e39e005c75365396ff8ecaf7d8809cce9ee317f

Request headers

accept-language: ka-GE,ka;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 619F 22 KB
8 KB 140ms
140ms Document
text/html 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
age: 292043
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 16:24:46 GMT
expires: Sun, 21 Apr 2024 16:24:46 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 176ms
176ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202304200101&jk=2929864133011834&bg=!MjGlMWXNAAYfNdXmPzU7ADkAdvg8WjOWb0obKvvVQZHZwti-gtgRtQtRbujuR6CYriOKqqsv4SyA3zsG51_0lMm-g8F3Ku7Obg4CAAAANlIAAAAGaAEHmQKioSYj9bqm7Ybq4fiJlfrQ_vMqRhfJMOCmrVMZZfUiMv64PZvxzOaIazMfIRjtxa7yqqa9MpAkfO0YlWpJRapDY3BYxCwcEyvRzKU-memK93nSLusPsgiuNngkc-DwAjZNXM7DRpcZ3RtRNoNd7LwFxompZX6A_IpZEzAnMQ_43uUgiz9wHJK2-jKTvnvVn8th6Tt3NjkoiFNhWjofPqpj1piHWhBSbD7JAbe-7QlTM-mhPxChiQkFYy6USEtGzrmrvf7EwPLtCO_whPSF7h0B5tydOYjnKo_JzovMpk1DSMhgvDpAvb_-1RS-5IAgGOC2Rb_qUvAK_-YvTFUmWMyB_km8zdvICh_rAQfXuUGWdN6eVKQ7N6dEzuxpKIAzjLxC4R6AJhX1ngETzI0-Biv4tvkxRjWam0kT5FGRiYX-HejvwsPXYSFHiQaVVwj3bcR4Ptw9iALECEvB-MYuJrlY5PuZgiU7BURHfCCwQf02CotYsof0uAGNGTkqOYkf_OAoDMhjLL6OxTCnjnor2LFmt9mbAiM5JEj6yCZdvDM8mDfeUMf6AQrv3kff87xyb-aHwUtkAZ0zBieaEz2_EK-iMmFOrda9IsQYw1-umpGJZc9YczLad_qo1OC_6-FL73O9LCE-QE45YS3MlKzIupIe4h3pbMLna3DUXDdimjng6_Tp_5AZtXyQPGs3Giui4lG1t7w32S-kdSKYJHSMpWcMsRHVuAtpCIEPR2kLjWomgzW3jJLHYQmJpJIV7wakj-QNXUK4u9wm93SETkaUocHN7Sdub6tyrOhTMvL1Cudnat3e30tvyPAvrWu7TLu4pCWr-SxqI7z_m8dyy0DP4h52KMG6DUn_vPclnYiNuzBssb5NIWHtnfG0exNAqbHB9gYMC1o
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.58.212.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s21-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame FEF3 22 KB
8 KB 132ms
132ms Document
text/html 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
age: 292043
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 16:24:46 GMT
expires: Sun, 21 Apr 2024 16:24:46 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 0DAF 15 KB
6 KB 494ms
212ms Document
text/html 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=pastelink.net

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3014acc16bf3744b41bb869785bf686290d9834a5e6f69d4583c4e39fca26bff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 01:32:10 GMT
server: Kestrel
server-processing-duration-in-ticks: 379447
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.135.js Show response
static.criteo.net/js/ld/ 89 KB
29 KB 640ms
359ms XHR
text/javascript 178.250.7.2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.135.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

08882d31df95daace0c23f1108f3e11fc53ef17334df446f3e3cb395c597c955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 06 Apr 2023 09:15:34 GMT
server: nginx
etag: W/"642e8db6-1638a"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 27 Apr 2023 01:32:10 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BD6B 22 KB
8 KB 133ms
132ms Document
text/html 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
age: 292043
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 16:24:46 GMT
expires: Sun, 21 Apr 2024 16:24:46 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js Show response
pagead2.googlesyndication.com/bg/ Frame 619F 36 KB
14 KB 139ms
138ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

sffe /

Resource Hash

089573faad72e10708f3a9071a67b4e677bd61e26c8b7a67351057b4812bbbfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 08:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 147901
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14219
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Apr 2024 08:27:09 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 49C2 22 KB
8 KB 132ms
132ms Document
text/html 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
age: 292044
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 16:24:46 GMT
expires: Sun, 21 Apr 2024 16:24:46 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js Show response
pagead2.googlesyndication.com/bg/ Frame FEF3 36 KB
14 KB 139ms
139ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

sffe /

Resource Hash

089573faad72e10708f3a9071a67b4e677bd61e26c8b7a67351057b4812bbbfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 08:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 147901
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14219
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Apr 2024 08:27:09 GMT

GET
H3 200 CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js Show response
pagead2.googlesyndication.com/bg/ Frame BD6B 36 KB
14 KB 139ms
138ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

sffe /

Resource Hash

089573faad72e10708f3a9071a67b4e677bd61e26c8b7a67351057b4812bbbfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 08:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 147901
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14219
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Apr 2024 08:27:09 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame BEC0 34 KB
10 KB 140ms
140ms Script
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 517804de83d11ec1469b839d29b9be9ae3d28bdcc4c1148b851af286003f1a2d

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 01:32:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Apr 2023 15:46:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=51228
Connection: keep-alive
Content-Length: 10019
Expires: Wed, 26 Apr 2023 15:45:58 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame FC10 34 KB
10 KB 137ms
137ms Script
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 517804de83d11ec1469b839d29b9be9ae3d28bdcc4c1148b851af286003f1a2d

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 01:32:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Apr 2023 15:46:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=51228
Connection: keep-alive
Content-Length: 10019
Expires: Wed, 26 Apr 2023 15:45:58 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/684995563204999026/ Frame 76B3 68 KB
19 KB 659ms
385ms Document
text/html 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/684995563204999026/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

026f40ccfa7ac2375270ed4d58c72077a4e7b340372e9cc3a6152499410e19ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 501498
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 19402
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 20 Apr 2023 06:13:52 GMT
expires: Fri, 19 Apr 2024 06:13:52 GMT
last-modified: Wed, 12 Apr 2023 09:19:22 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3993 0
0 583ms
258ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuoK-PZoo6l_co4TRjmJi4hrDkbg2j58EcFbnWf5sR4XFWCMRdInv8FiJTKokcPLw9BlXYFo3KnQqEYF-yoHEgcOhjmf1ez0FfzkPl1YA9H6rPhDksZI0v7n7RstxJOmiaYfsIjtWE0mvZp3xqaWotNErxlDRNvs_FpuqlyVQJJd9A2rF83FK3lTyrjQIM5DH89jjloOyQ8CqRAJkziyo0NP4B7_Ay6bhH7AIWaM0OaeaLxo6_KbCZ5uY1FX02fF3bzbYiv54W3i_CLay3fI0e1pN7NYNjrvGOJqh4wPS6bi11XE2u3suKjY7vowyIWQ2C_NN3rol8ZwZ5xIX3yCWrWp3hL6WlJRrtQF9cM1--5ilQjRoBFb-BYSBXjKsXn_l1H1kEHNBz3DpvPJkGCpDmSV4Ey5zmub-G34oxorfV86VrgfuhZVIKl3YioqzAXYzZNK2UkUYvT8zyrDAqQ9j9lIzU1ocaoJDitQ-0RJ29X0JIrF9MhFyLgASgO9i_A8icg4JrJrLlSQ3Cb1RUCHj-fNKPbWmLDvG4aO7RxFyaMQ_x1ghgmMZslHR2z6CNxpW0Z_8NM4pEqEKxNsC5Yo_krCqPZlnQfQlRsuYWycMVDMUiv-tZ4SrOoCPTFfy_JTmE0WTJOd4fyafJVhuMGOTVy5apxuohynSRQQ8J0CG1INnYAzv0kGW2efRMwOgT3ma_lkf08tlnhIum3yrHvr-qF07cTktvPq7b4JZpXIULOMZY1k4Fs_4xF6_JEh245dpFFsFy25cW1jAo_YN19qxR5r-r78CAdSwqEoy7M8EQDkamUs0no0AaWn0llqi9mUMGh32w95t6XjvJx3NzciC8N3L1h96dxkVV8hZ4qHBVyoDZCi3SoUI-kGusGx0_CFyw4cGR0IErjWtS0nXNHNM1XpL67xHqz_OqOt_v-ttPDSX56FCz1apHv1p1MQnrSB4QkHYBXnw6brnso03Pcnfvx317dKjLKbTGZFJpVRWxG_qNhyf3fhevdWjtLjRhPss7DvTVgyLfLC17RK08kZ31SEVUnnELyGqKUvZ0CTRWBvYatN_MU57jl1ChHKuvkJtSOpxpN-Kk3PHkSrBUgLlA&sai=AMfl-YRwIolq8O1qJW68oUTXkZXLZPcrAKIwKnQDYFfGTsCALPjbWRd80E4ZfXp2W3ff9kS1hNSTz9UfkmojyfBjsvMWXX1QChjzN1teDLO8CuwVeIiSArAmOkdHwTwtjmXUtQfaRXszJshOc2oxZaFN9E96paGI6NsRTPMJW1WAsLRaEsHhlnA&sig=Cg0ArKJSzGObNEjtvD0sEAE&uach_m=[UACH]&pr=8:20346306D5A119BA&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=608&cbvp=1&cstd=606&cisv=r20230420.25465&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 26 Apr 2023 01:32:10 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:10 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16134537147512073695/ Frame 5DB5 69 KB
19 KB 675ms
436ms Document
text/html 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16134537147512073695/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

bd96bee2e35df6e0fb73d90a5c730ee6612ab2cc3be9afe301aae164a099802f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 277549
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 19432
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 20:26:21 GMT
expires: Sun, 21 Apr 2024 20:26:21 GMT
last-modified: Wed, 12 Apr 2023 10:00:04 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B885 0
0 551ms
260ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvG-ICGcdJgo4VC3UGvrLvZFyShzYSfJiLrAmx8q00ZiEeMoo-cwyd27DAMRd177qswtdyrKkw2I5uUy2yhZMdEy3yJC_SvX2QgwRV-UyqIXDRwemXwxTYtzmMJTAA_DIXEuDH4hTt_hu3VeaHqLfUmDiQDSD755QFjBTlwuCozvX9lLyqIMCGUj-IF1IddAmiq2_mP-yXhfJiaZxXGxf005ItBUOwrrpAryqWxKZxVmZXh5S9H4jX6IrN7Lqz-90Yk9bx0lc4IaoIJzp-5F0r26s_rwhuf0IdlNwGvcQbF_-63XbIXfVIOIb6UIPbFKERwka4Ftx6H9U03goXlm-a160ssU1UQxssDQ7EfI8eyY2Bf9TWq6qk_spNHgk1i2XbEyuGLQ8EdQJgMo0UM_4GrrCJ6VX4TNviVmvPd8NLuCTk0BT4_9p_AtymMaTSpUJbVQFGeGXFZFVA-5mrui7kWG_1is9mBy0mz7URkfUjMHpDMXF6TaTu5dRn01wzoAevurKXx7hDzCNinBAfwZecn90adasvocR7W__l7lAEYEvdcQFl0I8KfGnUft1OPbmTeEzqLcmIAn6FdDL55phIEcTN6EdgltGqXgjRojYQ6-jFgN24je7ScoVEThYdh1kopD5-1c38fdjQYAbZ9JJJoN2SejclFPg-HsXdi3Ex_zv1tEolN7Aq6tSddsPzpCNgEuTf0wcPQ8mJ1yesZODfiGQA7WwXTxpi5wQgvfaNGFDs6J3ZG9lTZKbLiwC9JJj7Me9OE-jtuLRmFbVcw7xdkbOsFhgyd8rU1JwS0mbe9nGi3dfWumgYjU06n6wPTaeZ1PY3xliHcnxkJ-zXNsgXYcjpTUuTF0FK79OGZkeUctLMw0cPQJxr0TKLv_00tLQau3hjJ2g-W5LMczwFJdZiHZ4_DyvCM-s-fs_EtcoJD38crEY4OpUTLJDyIzMrqhUrGpI_6ySxfR89A4Tn5eOyN--KiYwRGTm-sbuGKxM2mcUAta5WAEYFX3cKtSiucDaoUQrQS6J1JY9vcSK6jBMBOTp1VM-KO11kgZbsDV3fwKUSY99l7ouRZyFfzTkyI42Gjg2nLHGyObmNGOeJmvWo&sai=AMfl-YRKEf59xAeLGU4diRPCrlkryoyMr-xjJdg76GnF_89RdK_GKtxLnqvKP3-hVSobpKuLAa11L2usUOMUeQwcrTFGzFhgWGJuk305tTQemRr776AVtAVOz4LYBQC8vgx34bAMRvUED4JgcFTAn6ToIjTa0rAGErsCzYtmBTEg3Qd-Ey3WX3U&sig=Cg0ArKJSzDigPcmF-zIfEAE&uach_m=[UACH]&pr=8:B28A10F41776A975&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=597&cbvp=1&cstd=596&cisv=r20230420.03815&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 26 Apr 2023 01:32:10 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:10 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 937E 34 KB
10 KB 141ms
140ms Script
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 517804de83d11ec1469b839d29b9be9ae3d28bdcc4c1148b851af286003f1a2d

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 01:32:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Apr 2023 15:46:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=51228
Connection: keep-alive
Content-Length: 10019
Expires: Wed, 26 Apr 2023 15:45:58 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 51CC 34 KB
10 KB 441ms
441ms Script
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 517804de83d11ec1469b839d29b9be9ae3d28bdcc4c1148b851af286003f1a2d

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 01:32:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Apr 2023 15:46:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=51228
Connection: keep-alive
Content-Length: 10019
Expires: Wed, 26 Apr 2023 15:45:58 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4538274646488672192/ Frame 531A 86 KB
20 KB 655ms
488ms Document
text/html 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4538274646488672192/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

6afe7549c57621a90a75d1b54671931e56b7c8e47e6619b9de7db1408a612650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 7751
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 20577
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Apr 2023 23:22:59 GMT
expires: Wed, 24 Apr 2024 23:22:59 GMT
last-modified: Tue, 25 Apr 2023 10:49:15 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0AC5 0
0 479ms
261ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv1p-6p8Dlif2UugdS5AVWMHTUxaB58Fe15UDd6W-DtN9a0RKHwVO9BhHVII4vmSxsT1TSWXqNT8Sw28RFpmTjmUvKDFLjJylzjgq-_pYWNGl4CucT2qVnKYLZqSTVHIutVtgQoQrzByVswBpc-qi2GLXv_qeIPBMjHPWs_-zM5qty2hFFiGwPg9LwOCMmiaKGu8uw_ex_53YGmIcAmmU69HDsHzfjHJXIs3ZcGr5FXpGbc1PICNV_MS89oRYnwDjW-PAMPlCSLOBWF530PIxhU4ri12FMDaUm2Kt3bbJw-7M6fF4S7k41Z480UQHyPf9xMDy2kzmsWS-ZEKBTKZ_UtZlXROMMCIlDEa3MPLKUp8z5YgotSBp4UyCRjmqz60WAG5w9AAf5u1K5sEE0FwpBByIS8E71yHGRn3ZQAtN6uXLIgt7n2yr8uYHngUXVTYo7AroEyvJYn38xCRM5Ga5QZQ-xxA8mZoYsiRbI9MwVwKnZsRtojr3oLGoCrcP2jYjeDSDqepE_Qx48BYcdQOBN_IfMe_ftVmKRWIEjEqp8mAMbue21IAouE-xcIdGRQQbC9_Wi-JpvUmIlm9A2GUaqeFUB5_kioRZX5HsHnuW_z5-8kGe6ATC2HzzRfvtVtQEtfR-p-Y7NM73DbSUbvgSMpQhuCwVDptWZDr1jQqMkrYoi4x3w2V64UaW6w4bej4215H97r00-UP9xh3mr8ePf85clkVACtqhTVnklENUOSiOXpTuK30w8cE7Gj9wdy6jCby92Hw1oetRi4lN3iOLMpzTv5MPYQGCPrkZkOiZs1T3CZIMIs5x8bRTaYuy5a0ybODJqt4EiwKFFCen54K58j9cKb2PS7f77FnGmM3mjyXcVCuK_FiT2B2Af9Tya4uiMhox5mXegz9d18UhNln3uKq6R3A3smyjMvej2mkG-8jFBpAD1HG5I_qMTl22hCKAR55EFkMJTjMxRv4exMDzLNP_ll-US_6lHt1m4_zFg6zFM5MRffRUVhpQc7ypra8QAC8ZzXNI82GvPXRIYQuu3Rmtb5dYvBFQCoPNBYHdhQAy8bQDJEGIaqZWtBCYjhCGScTxCaq5xn42aSRUjx&sai=AMfl-YRkt1iYbR_CMwhqwo8onFM4lX4JGPNcH_CdC0oT7bN2S1ksyM_blrMDxmrQ0ZtHXnLAk9VHY1xTcTfAigncdH7V8AqgBGChN7bjZxGrQXSkoZF085zVCZgfuwmvZRlMEtEjEI_Xk0GuUlpMIqDiLMybJdHlskNoH7ZUT6G-R1ww_26iJgU&sig=Cg0ArKJSzCkEsV2cyWQIEAE&uach_m=[UACH]&pr=8:8C16271E77AFFBAA&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=696&cbvp=1&cstd=694&cisv=r20230420.78565&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 26 Apr 2023 01:32:10 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:10 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15736253756977826551/ Frame 89DB 95 KB
20 KB 537ms
377ms Document
text/html 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15736253756977826551/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

df64fa72e1fb032611700626d73d9e36156e73b262db60e1bf3ed277cc1c76dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 329640
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 20682
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 05:58:10 GMT
expires: Sun, 21 Apr 2024 05:58:10 GMT
last-modified: Tue, 21 Feb 2023 09:51:51 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 513E 0
0 471ms
259ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssknYqWH3lmYZaAh6STceWti377UILt6rTsT083uUqTHgmVUeJD9VOQcqRc8xfy-cxrLbAROsfBAKxetnVqKuO7lPKSlD-eALJA2-oMI4jfr8qsD7waCMTNhHEYl9CGOMBEmcWdlMubzKMFA0z6QBeuF7V87f3uwkRxfZ243t0LsuY-tCslESkhTonQHQsKTK9dz4FXiV3qxI34_yQADXxWHFJ3ts4Tg5lUAgBLcBis8HgW_rg6u2U4xxDdlSoO9IeGEBLCGhi2yyF7DwsZK18ptlapLXYpHWPyZfBRoxWN4vQ_PqUhXf7F1d_BHHb7pbZxor_Dsxkd7IiteRY0yHAn62bu5BVP61-LgPZ02R6AX0IXdTFcESWfi-lH6pJbcOM70Xptl_r1_a4O-goShwp6-uJJ9UZmYCrScf1eyfCcUyqtVPUVWDwwuXnMgbXkBJw_QsE5WYD3m9b32d6eD2IgZqtpYpl0gpRdwTRkwvI9BNLttRFjy5RSfdoeb0VkzwA--Cxh8BnZLRfcrpFlner02WVi70i8eKV1qorZaUc4oU0eLxGI7eovuTVb6-jPcb3LwMNASLFpOrX_jSp2OgFrggn8KtJIKjW0LnkqZ5ri1QL7rA3BOG6n5gbOziIAuqa9PirFr14i8q2CIBTrqgJiuNNZbmPJgDnSSerM23wv64zwugeg23f9T9cyzwxAhIIXS3_o6D0ByYxHDu-YwhgJCQTC3DVqfgcyxZz56YyQ2S3ZIR4T_slKWj0euXgb0gztU6kMNiQ8dy6QTuzJO2qv6stPInWw4CLIA812NaFEmuSvnCNITEXZ7thfs9BNS0CsabddJjEJHjdv9Y_P2nAJW_tI4N5YtIwlgiRAd0FXVVo7qO2UhWfbjuw3pjrzn2ymXac_dC7AkNmDrpFCf8yX9-AXVwsqTrXGYC3PhPChTdmTKIKaCZQvmofgcy6UIoLEBat9Ts85OYb-b07yUSkLbdkFg-hiR2jyNEkr_3sSocPadIYdhZMFl3LddA6ZI0kQgDd_vDsshLIN2d_gdzkSbezOAS334Mmu1tA3grKT70xEkFu5JsX3aKALT7XIQXv1ryJ7RMuI99SbP67wK3eN_V1-t9mMsHEsor3nrZeTWFuwTmSwUigd6M79_0R-wS4s4Zx-oHfr-_1NygZ4BFQ_oOmaldp0eg0r2111dyNOjC6GnpccL38bn09pIkZ90KHIljqVHPVl58YLaaRKUkJ4I73yiV4zAAuG4g&sai=AMfl-YQqD726m6NLX9U42DtuzNCDZvsZruPf8oSh1Xd0BdPGrC_hHK1tw9BGwFRiNW4Kx3rX5cMwVLpEIZJS9A-YZ-YFxKLvckJCGpqAgTZIR91lbM4K-M-9LywikYNOmLHtjzKF8l3s3vSSLBB-cyyGJZ9qgLc7GhNkpOoCnNSXIyXH1PW5SyA&sig=Cg0ArKJSzAVPmZtTWQAOEAE&uach_m=[UACH]&pr=8:11D9D28F4557DA28&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=630&cbvp=1&cstd=628&cisv=r20230420.08853&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 26 Apr 2023 01:32:10 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 26 Apr 2023 01:32:10 GMT

GET
H3 200 CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js Show response
pagead2.googlesyndication.com/bg/ Frame 49C2 36 KB
14 KB 139ms
139ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

sffe /

Resource Hash

089573faad72e10708f3a9071a67b4e677bd61e26c8b7a67351057b4812bbbfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 08:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 147901
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14219
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Apr 2024 08:27:09 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 619F 0
20 B 176ms
176ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BtccQGX9IZNy-E8LMx_APma2o0AgAAAAAOAHgBAI&bg=!7e6l7rrNAAYfNdXmPzU7ADkAdvg8Wh_rXWI2Rq3lisVG2dOXaBKWzhg6G5qB_8-Y4OErYQf7p9z8--gbSym7LdcgijpU0Y7-6LQCAAAA1VIAAAACaAEHmQK5c3kh8BQNhXrw6a-ZdD-Rqjg9GLR3kTXLDaj8QJkLGkBb-HYEepdcIPc1pPiXInXvGBH80tCrCO7RL8tRosOhZA0d24Yev5f2HDWkOHusYaTeRPEQLNN9OZn4F5ex2uOCbP7u9IyuAemrRa9HuYHoLwQ_--ihmvFNxljlWB87wm7ZtzPMnanhrcS5K13j_E018xZNwejMd-gkjK7vziJZ2wx0lycSc9-0-r50g2xJJZ9twoY6Smex4Rc8aE14KylGWWUrOhIefv6RujnRHEYktxtRBgPEzZ5i3oNXq_0xeDpdvmPjLSUQpUpXZHOvRTVvG-cBeoKy0HJEsgBwcjk8D8vU74qBd0qxXbR9dMGeydfJE4DyOTm3y6FJ1ZTqCI-3P3Anqaj_tJLbJGScfEaP99gEWgKM10TxBFMBWP-RExqU5C130EKXwLJz1Zvo9fZprsvLDC-kVzC5pkYGvhheMHpyYAbgzB2WqeooXC17g0OGET9pnoZKxPtbPzbLOi0gCelzgNYcWff1eK9zfOrWcChvvIffB5BL_zh-UV_etEbdmsFv_R9Mm-1ToF_ZUU-THHhk0UQPt_7WISCvvod9Twl3FaiSVwry1qZQBkGpxuyt6ltIn7YrSN5EBKoPTQ2YT0uf2MwrRSPJrxB0WaiTvv8fFLZ-6UvrKya0-PhKJBhl--tMkPuvDdu4M1SaXxpnCTixtbtjG-GfDgFiIM0dxAnyckr8EiwsH7p-2FQlph7fjnp_dHVNXZTTrMWGq3LuUr0DFSkjKtWfNKxonp8gvKRkRL3aRPw-MX0d4loz8JOexfHUtHmaUBigg2019OSarrH5xvg5NnaVcq7qUfCm_-Y16bY3hXXTH8UYbKaV0bFEp1RO3-m3wYg1k3jxEsvrvrzKFB49nv2V381vsRRteOJJNeM2qf9Akg

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 0DAF 441 B
564 B 142ms
141ms Fetch
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertag&domain=pastelink.net&sn=ChromeSyncframe&so=0&topUrl=pastelink.net&cw=1&lsw=1&topicsavail=0&fledgeavail=0

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=pastelink.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ef19b5a2da1db70e73d6345df042dc8bcfbf03b8687fe95e18f3dda0ca8a10c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=pastelink.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:10 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1226377
expires: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame BEC0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESENut_Zbm-xyG8Wli2vXaXMM&google_cver=1

42 B
678 B

533ms
132ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESENut_Zbm-xyG8Wli2vXaXMM&google_cver=1
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: f5982f4f9cc79eb2b489dda8b92e3144
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESENut_Zbm-xyG8Wli2vXaXMM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BEC0
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEdYMFRLWTUtVC1FVDlI
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEARyC233WUZXP-kMVZ84SKA&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdYMFRLWTUtVC1FVDlI&google_push=

170 B
188 B

145ms
145ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdYMFRLWTUtVC1FVDlI&google_push=

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdYMFRLWTUtVC1FVDlI&google_push=
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: f5982f4f9cc79eb2b489dda8b92e3144
Expires: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame BEC0
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Cfu-xVKuR3KvJM_PFa7nsA&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Cfu-xVKuR3KvJM_PFa7nsA

43 B
479 B

232ms
231ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Cfu-xVKuR3KvJM_PFa7nsA

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:12 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: F80HNP2HZH3KJT5H9BM9
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Cfu-xVKuR3KvJM_PFa7nsA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: e06182bf224d96e6550f4595601cdb0b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame BEC0
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=snBCVmydRouoys62q7BXxw&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=snBCVmydRouoys62q7BXxw

43 B
479 B

164ms
163ms

Image
image/gif

67.220.226.232
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=snBCVmydRouoys62q7BXxw

Protocol

HTTP/1.1

Server

67.220.226.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:11 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: MW7PNABR8K0EP8A69351
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=snBCVmydRouoys62q7BXxw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame BEC0
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon
https://match.adsrvr.org/track/cmb/rubicon?
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=&expires=30

42 B
678 B

473ms
134ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=&expires=30
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: e06182bf224d96e6550f4595601cdb0b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=&expires=30
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 289

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame BEC0
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/GqGBRw7jnEu-r0U8As5INQ?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-GWhI715E2oIrNG.X5mI634vkTi2QNkqULhXrXQ--~A

42 B
678 B

214ms
135ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-GWhI715E2oIrNG.X5mI634vkTi2QNkqULhXrXQ--~A
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Wed, 26 Apr 2023 01:32:11 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-GWhI715E2oIrNG.X5mI634vkTi2QNkqULhXrXQ--~A
content-length: 0

GET
H2

200

setuid
px.ads.linkedin.com/ Frame BEC0
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LGX0TKY5-T-ET9H

0
515 B

541ms
281ms

Image
text/plain

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LGX0TKY5-T-ET9H
Requested by: Host: pastelink.net
URL: https://pastelink.net/7hemp0vr
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: DD7707E1BB1641EDBFFC6211F946CDEE Ref B: VIEEDGE4408 Ref C: 2023-04-26T01:32:11Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX6MzV/h4mnfIiOPxxeZw==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LGX0TKY5-T-ET9H
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: f5982f4f9cc79eb2b489dda8b92e3144
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BEC0
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzJjYzZiMzVlMmNmNDNhNjdhMTMxYWJjNGNkYmQyNDVmNzY5YWE2Zg

170 B
188 B

145ms
144ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzJjYzZiMzVlMmNmNDNhNjdhMTMxYWJjNGNkYmQyNDVmNzY5YWE2Zg

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzJjYzZiMzVlMmNmNDNhNjdhMTMxYWJjNGNkYmQyNDVmNzY5YWE2Zg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD6B 0
20 B 176ms
176ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B8GXjGX9IZNW2FNrV3wOY7p24CAAAAAA4AeAEAg&bg=!oqGlofXNAAYfNdXmPzU7ADkAdvg8WjgRck8yXG247Y57Ng_X0I1sWHwGOna-5bJ1jaUpHScozBWWGAPT-kA-k1lFF7YKwukweycCAAAAkVIAAAAEaAEHCgB_Wc84Y1tXg7nR2l2OWTRjUwwTnlih6DiNlD1kB-qBxvRODUi-oTSzIEud7gcj8-ugXHxA8vVSCzefcJoC_u13g_H7JZx0TpFyMC9V48NN8EV5UPixHrNYlmd2bxK9HBTRR-S9LizTumN4srGw53ezDf1zjZAxYIN49b_WHbHovpkCtjPPE6C934PJsagYc0cT56Dx4swioXfbmURrG3AS_UJycEeitDIZWl6LbCpgpYCnrvONn6CrwLicpQ92AGfS0Hae6sBH98duFj7kAlf5q3zfLWIrjrN7MBql3la6ISuIXwheV6CLR-VvL57jXnGsu68HL4Sjx_gOxPyvuLv3o0NHRa8Nott-Qhrw59WjeH7iCAxe8rPeICcHEumE8l8QceUSWCxImvBOuzDgi4gl7rPso32C0cLf2rt3fbmIpuXKwQFM0CX74Hy9-iZvFppq1XZKLmuOMOpJLCb4YWh2Z6jt4mURgyZwKvafJQYyfRH8gFIaovZvtqbXA126rIsDJrZlbG5Uty6tbG13cxGhsuR0AD9FLlpf-RK0wNa4llVVwlDJuyztibgU40ghzsE6ynQlOAXfjINbErIb3dcbv7a5cJaYjAPP0EtdWda2Mu6NMjeJcKRRHsc8LVhZbAmXD1D7wCtFsugqN077hKkmiblXXClWNbYBhbB0_ujetjSPi7ok_mu64sesKqdKXPQd-t15llkZe-mCZc2talsLhlRAN3MJbORsiYveY51P4LNGO88gLd48Uy0D1yJPcX2pz_M6ynOYoIxrFdt23vCLi58OkX_vSbC1rd-X_IS4zSjWo4ZimB6v_g0sdAd-B0GBoSqQ7_H_U--z3Cc99seXdW9T082EqsVisxVMG7f6NQyBtzG6hpDno1Aa-r_J2ybUvhZZvOjBVC6EI7sphZ_6KKL4USRhklAe-wWqSBkvmuIsc8KILkCjIgKasUrDV2N8XEWtzns-hDFgp7TljasNylFJe14nJuEXZBpddrmaTDpVHZDXw4_WIb9uBJtI7U_H5AtmZ94hEDxLM3mIpOTGpag3XCaql86xZ_DCRRptmuOULy1_wdu9cE5VXYdcdnLn1UKy4Fzbt-g

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FEF3 0
20 B 177ms
176ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BYbANGX9IZI_oEoju3wPptqyIDAAAAAA4AeAEAg&bg=!GhmlGU3NAAYfNdXmPzU7ADkAdvg8Wm_Xot_AcqZMxxaKMbZ2E4WPLh_CXy77wsxzY8nyp_0Hav0sWAvfx0pG2jjlc_GjDzeJZHoCAAAAulIAAAACaAEHmQLOux-yFaNkTagFP4p6lefXmeClc29QAK4FKlxj5LMXgeBLGqQZBx2sOx3MGlUdnTy8eXJ6G_FHjoi8ktuVNHGYs6uHBcOnhRarFHkrzoWZ7-Nq3616t5hNXPFGxQqctOv_HU_zuJzqtJJ9iupm4NuadYvLI7FMoYIap3RzzqCdgLIZDC4P-bcKCriMSOy_ZK7UqdB84HMB0AgjGTFegWLleJDxGcPifmslcQJSFIHND0abN39e82GS_jloCtYwm6t8zPBiRvo_9l3o-RDD4trG9GfUvfxtnebhHZ-Rq3zLI8DdkBf3iduEd5LHmXnqBtN4MP1xlWHzk7ysPvV39ELvL42-1bWsEXrEeMlppT91veweE8HR9k1Piu0SZPd0OCAeclnxSyrI-iR4R6XCzoWlNn81QwAQ-OXgdBfzKLnUWuzw5r8OAeQpei0DOulHE55jmrI20F5Cm-n3jt1IVsMckKfIDCxdiW_GiBp_wDgplPuWuP8bDOwPXTS90zKQ_jomT9R-XBCixfxGhMj2_xLzyT0192QqLqkQjMXuMJWyKj3Q0KDcAjk-X8cP4rXzkRZ7M_cd-9ERJmnM1XdlO9pdW_TigOeR7WTU0nW6kmI9q0o_jYH9S4aQ1E8RLqDdQyCKDRvKh-dRfgJok_aGQqvhZN6bATUYz0HmDKnIFSck5doYhoHEKwypeFlKZ-jPxFDbyUhRdC9SUR1iVrLClwtldPb3G-af-qU4Luz1EZiSoDWhs-w4Btu3QTyspIUswVmqvBs42ayx3bU9uFe6wCQ5NWQLWM7TWYzfiQXOKdsVfHMQsQgtJfKRTVa2hdxEc0bR31a3s3ydbpou3_R8qy3-PdjeSNEblCrfQgRDS05AMZObi9ckZfE3Ia_wMMe4VayaHEnGW7_9KA_kIUD5OoKwmLDo4yX-Ujk0zrXojUYy0PfiyrEmQa_jeXE7Ne1Nsg

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3993 42 B
174 B 177ms
176ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvR-PN_gfAs0ji3V4bt1Ee9w2Z_5o-xXt1IO8sIQ0oiM4CAVrXvy-DpCj3AWIC8Q-1-AZTN4x9YTS8rPQMvIJrHAakcc_y0zqXaf1YrDqvmlRWCM3ev&sig=Cg0ArKJSzHLJog7jXlSuEAE&id=lidar2&mcvt=1000&p=345,310,435,1038&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230424&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3944560474&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682472728375&rpt=1321&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 513E 42 B
108 B 176ms
176ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuZBZ2vZkygM5VecxviL4bpfSTRj-TVpXJEcFm9Mn5aMDHgNZXeD7HVtB_ufpPMUZJ6d9uha0cp9ktIqgLbfUhnSc6rcj-TxPaTKlwBOwP-hII6e5uY&sig=Cg0ArKJSzMJKKBiyAu6DEAE&id=lidar2&mcvt=1000&p=1105,436,1195,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230424&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=840525636&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682472728364&rpt=1400&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 49C2 0
20 B 175ms
175ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BVqSvGX9IZJ3WFe2G9u8P2Ku2-AEAAAAAOAHgBAI&bg=!wsGlwZXNAAYfNdXmPzU7ADkAdvg8WsIwbCZIkatQG9xMyY-ugkhFyPawPaOdId8h6qhPk52yW4FzQxSO2K28oq7WoMDiURy8NJ4CAAAARFIAAAACaAEHCgCU3Ax3bbfThlE67NRe5QXK9iELTVByzNJ4IvV97DpOqMIYjiJOFZ01iEJg-j1XDRBoiPkBv2Fr4Q0BnOYbV-5_5I6hzwWMKYV7tpqIN3CvbiCi1DZA6qSbGoMiLjnxOD2UqzhLhVQwG81PnRJLRw2O_mp_FSCfDV-G9-wxDrIbSp-kL_0j19UjHntdamSWDBnHxkHSdJkCtRgHwq9pmsjhpgIm_FN_kIZUIUTa8nPtZ0IZD9unwewWwIYsO6ffliMENJKk6Mo-W-A9IUWoGRnfjbNt59cRFTyeFqz3WXT8ntmljsQlwAKKYeWvTToSNGAMwrwSDqF44vAejvdSiRJYFQC28cquIfNhFBzbjzzXM0P5N66RaPqTpmybpuU3XZjgO-qGUhUynl2f06PYhbsm_xvIZzIAJFvE5m19hNevvA55eBDStvipT2QrxKadcv88SKYJNQhzB0nnWpAubQlgxu2GFRxII6JRQZ61r7Xqq4Buy0Ynk0VsM8UGHfa8jtMtvC1k3U4Xgx6QIT2sRnFDgNJ72cuDIXG4flkhQYXkZLUE1TWQAFwBGYdljh0Gprit_j3x-djtvr4pNb5WKlXFfpcSid604qbUWWbHGYbfMiQ2YffOoHuGzNFOKTr-17QUy0ojVosZ4VJB1JDCjFSGRfZTmJ9yazlcY2lpxmKwPU6vkqgRCrO4tohhzYiGCACx0h3oJSkUxj6wKhWg-KUBXU24GjS8LEJO-yASs52RGXlZcsKHfxuvPZ8LMj2ydUnemTdgkC_bFdFfOtXZIQP7QFsiVsUJn_l6GkJCEUZXe8Uz69cr7dxrmdmgvC2SAbFqSxWsRCP7U9BEJNdvxX6X3mplD5t5Gl9QCnll9ECeeBkX1BHoMyyScqCWnaKjTSN-G5f3DSsLwNl5WbUs5SL-617hrJl0DFyyUNOT3fdhTCNV48hxNIgQy3urY4ajX_hx4DciAnQs5cCndazDeodSfgWkWs46dxfsvmydQZHfC_Nj4e4pljIIcwzeXsXrnoVJJwhW93uI0Of1hAg03Fs6CC-Q2Aki2bUVogcz-9gYczW70qTgsJMA1P1jOvQEK81jukOHgtosRA7S-Bmtb16w7jspFRfOJgR30r45pA

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 76B3 29 KB
10 KB 197ms
197ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/684995563204999026/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/684995563204999026/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 03:57:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77686
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 03:57:24 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 5DB5 29 KB
10 KB 169ms
169ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16134537147512073695/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16134537147512073695/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 03:57:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77686
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 03:57:24 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 531A 29 KB
10 KB 137ms
137ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4538274646488672192/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4538274646488672192/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 03:57:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77686
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 03:57:24 GMT

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame 2CB5 9 KB
4 KB 420ms
134ms Document
text/html 18.66.147.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-40.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b24b19152e92ee2240cdf53444b33a1b8ec286e9a44072890c5490c9d8ddfa3d

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

age: 32870
cache-control: max-age=86400
content-encoding: br
content-type: text/html
date: Tue, 25 Apr 2023 16:24:22 GMT
etag: W/"fd0102e5847015626666169917857ba8"
last-modified: Wed, 12 Apr 2023 16:16:50 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 7efdfc8e9ebc26758933b0151e22707e.cloudfront.net (CloudFront)
x-amz-cf-id: GnRmxGadh32zl8MPI9BcbYkWfw9ffq9COdn8AdCfrMOrzaIhqwdM6A==
x-amz-cf-pop: FRA60-P4
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:b4af218c-2bc9-4531-9210-521693d9d5d7
x-amz-meta-codebuild-content-md5: 9cec9a15b660da7393081e2fc6c34731
x-amz-meta-codebuild-content-sha256: 8e6d48a695640d90e0623cd4e573f94721be8c1becd249758c7df42fcffde7be
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 0B88 16 KB
6 KB 415ms
134ms Document
text/html 2.19.228.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.228.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-228-187.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=66121
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Wed, 26 Apr 2023 01:32:11 GMT
expires: Wed, 26 Apr 2023 19:54:12 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 34D2 37 KB
12 KB 436ms
156ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

55fba04ad10c2021f460d09163d137b720bd5876c5dc377e09ea2991f22e8ed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 12182
content-type: text/html; charset=UTF-8
date: Wed, 26 Apr 2023 01:32:11 GMT
expires: Fri, 28 Apr 2023 01:32:11 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 91A9 281 B
554 B 138ms
137ms Document
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 26 Apr 2023 01:32:10 GMT
ETag: "40010-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 061A 4 KB
2 KB 146ms
146ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1682472727314

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

073151f918556ee367c01555a6e81bb192bed69f639d32c5557fb7fb125d076c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 1375
content-type: text/html
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
strict-transport-security: max-age=15552000

GET
H2 200 usync.html Show response
u.4dex.io/ Frame 01A8 627 B
825 B 428ms
154ms Document
text/html 34.149.40.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.4dex.io/usync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.40.38 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 38.40.149.34.bc.googleusercontent.com
Software: /
Resource Hash: ac9ceaebdba80b217a910d3a799734a4a4adbdc0bd10503548deb88abc8bc9bd

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
content-length: 627
content-type: text/html; charset=utf-8
date: Wed, 26 Apr 2023 01:32:11 GMT
expires: 0
pragma: no-cache
vary: Origin Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 07B1 52 KB
17 KB 513ms
203ms Document
text/html 23.35.236.188
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682472600000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.188 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-188.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Wed, 26 Apr 2023 01:32:11 GMT
ETag: "623de86a-cf34"
Expires: Thu, 27 Apr 2023 01:32:13 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Unused62: 8096267
Vary: Accept-Encoding

GET
H2

200

/
rtb-csync.smartadserver.com/redir/
Redirect Chain

https://sync.adotmob.com/cookie/smart?r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D66%26partneruserid%3D%7Bamob_user_id%7D&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=0902220400449a44f9749cc6&gdpr=0&gdpr_consent=

43 B
336 B

594ms
141ms

Image
image/gif

185.86.139.101
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=0902220400449a44f9749cc6&gdpr=0&gdpr_consent=
Protocol: H2
Server: 185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=0902220400449a44f9749cc6&gdpr=0&gdpr_consent=
date: Wed, 26 Apr 2023 01:32:11 GMT
access-control-allow-credentials: true
x-powered-by: Express
keep-alive: timeout=5
vary: Origin
content-length: 0

GET
H2 400 711890.gif
id.rlcdn.com/ 0
0 516ms
246ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/711890.gif?credir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D136%26partneruserid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2

200

/
rtb-csync.smartadserver.com/redir/
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?CC=1&party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=530242754212321200&gdpr=0&gdpr_consent=

43 B
328 B

430ms
142ms

Image
image/gif

185.86.139.101
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=530242754212321200&gdpr=0&gdpr_consent=
Protocol: H2
Server: 185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=530242754212321200&gdpr=0&gdpr_consent=
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

/
rtb-csync.smartadserver.com/redir/
Redirect Chain

https://eu-u.openx.net/w/1.0/cm?id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D100%2...
https://eu-u.openx.net/w/1.0/cm?cc=1&id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D...
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=100&partneruserid=60fc9243-23e3-06f1-0f7a-a1f70cad900c

43 B
348 B

388ms
142ms

Image
image/gif

185.86.139.101
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=100&partneruserid=60fc9243-23e3-06f1-0f7a-a1f70cad900c
Protocol: H2
Server: 185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

date: Wed, 26 Apr 2023 01:32:11 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=100&partneruserid=60fc9243-23e3-06f1-0f7a-a1f70cad900c
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

redir
rtb-csync.smartadserver.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=&_bee_ppp=1
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAGhG07IkP4AACAAN06IYQ&gdpr=0

43 B
334 B

237ms
141ms

Image
image/gif

185.86.139.101
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAGhG07IkP4AACAAN06IYQ&gdpr=0
Protocol: H2
Server: 185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
cache-control: no-cache,no-store
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAGhG07IkP4AACAAN06IYQ&gdpr=0
Date: Wed, 26 Apr 2023 01:32:11 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3993 0
0 180ms
179ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuoK-PZoo6l_co4TRjmJi4hrDkbg2j58EcFbnWf5sR4XFWCMRdInv8FiJTKokcPLw9BlXYFo3KnQqEYF-yoHEgcOhjmf1ez0FfzkPl1YA9H6rPhDksZI0v7n7RstxJOmiaYfsIjtWE0mvZp3xqaWotNErxlDRNvs_FpuqlyVQJJd9A2rF83FK3lTyrjQIM5DH89jjloOyQ8CqRAJkziyo0NP4B7_Ay6bhH7AIWaM0OaeaLxo6_KbCZ5uY1FX02fF3bzbYiv54W3i_CLay3fI0e1pN7NYNjrvGOJqh4wPS6bi11XE2u3suKjY7vowyIWQ2C_NN3rol8ZwZ5xIX3yCWrWp3hL6WlJRrtQF9cM1--5ilQjRoBFb-BYSBXjKsXn_l1H1kEHNBz3DpvPJkGCpDmSV4Ey5zmub-G34oxorfV86VrgfuhZVIKl3YioqzAXYzZNK2UkUYvT8zyrDAqQ9j9lIzU1ocaoJDitQ-0RJ29X0JIrF9MhFyLgASgO9i_A8icg4JrJrLlSQ3Cb1RUCHj-fNKPbWmLDvG4aO7RxFyaMQ_x1ghgmMZslHR2z6CNxpW0Z_8NM4pEqEKxNsC5Yo_krCqPZlnQfQlRsuYWycMVDMUiv-tZ4SrOoCPTFfy_JTmE0WTJOd4fyafJVhuMGOTVy5apxuohynSRQQ8J0CG1INnYAzv0kGW2efRMwOgT3ma_lkf08tlnhIum3yrHvr-qF07cTktvPq7b4JZpXIULOMZY1k4Fs_4xF6_JEh245dpFFsFy25cW1jAo_YN19qxR5r-r78CAdSwqEoy7M8EQDkamUs0no0AaWn0llqi9mUMGh32w95t6XjvJx3NzciC8N3L1h96dxkVV8hZ4qHBVyoDZCi3SoUI-kGusGx0_CFyw4cGR0IErjWtS0nXNHNM1XpL67xHqz_OqOt_v-ttPDSX56FCz1apHv1p1MQnrSB4QkHYBXnw6brnso03Pcnfvx317dKjLKbTGZFJpVRWxG_qNhyf3fhevdWjtLjRhPss7DvTVgyLfLC17RK08kZ31SEVUnnELyGqKUvZ0CTRWBvYatN_MU57jl1ChHKuvkJtSOpxpN-Kk3PHkSrBUgLlA&sai=AMfl-YRwIolq8O1qJW68oUTXkZXLZPcrAKIwKnQDYFfGTsCALPjbWRd80E4ZfXp2W3ff9kS1hNSTz9UfkmojyfBjsvMWXX1QChjzN1teDLO8CuwVeIiSArAmOkdHwTwtjmXUtQfaRXszJshOc2oxZaFN9E96paGI6NsRTPMJW1WAsLRaEsHhlnA&sig=Cg0ArKJSzGObNEjtvD0sEAE&uach_m=[UACH]&pr=8:20346306D5A119BA&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1556&vt=11&dtpt=948&dett=3&cstd=606&cisv=r20230420.25465&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 26 Apr 2023 01:32:11 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B885 0
0 180ms
179ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvG-ICGcdJgo4VC3UGvrLvZFyShzYSfJiLrAmx8q00ZiEeMoo-cwyd27DAMRd177qswtdyrKkw2I5uUy2yhZMdEy3yJC_SvX2QgwRV-UyqIXDRwemXwxTYtzmMJTAA_DIXEuDH4hTt_hu3VeaHqLfUmDiQDSD755QFjBTlwuCozvX9lLyqIMCGUj-IF1IddAmiq2_mP-yXhfJiaZxXGxf005ItBUOwrrpAryqWxKZxVmZXh5S9H4jX6IrN7Lqz-90Yk9bx0lc4IaoIJzp-5F0r26s_rwhuf0IdlNwGvcQbF_-63XbIXfVIOIb6UIPbFKERwka4Ftx6H9U03goXlm-a160ssU1UQxssDQ7EfI8eyY2Bf9TWq6qk_spNHgk1i2XbEyuGLQ8EdQJgMo0UM_4GrrCJ6VX4TNviVmvPd8NLuCTk0BT4_9p_AtymMaTSpUJbVQFGeGXFZFVA-5mrui7kWG_1is9mBy0mz7URkfUjMHpDMXF6TaTu5dRn01wzoAevurKXx7hDzCNinBAfwZecn90adasvocR7W__l7lAEYEvdcQFl0I8KfGnUft1OPbmTeEzqLcmIAn6FdDL55phIEcTN6EdgltGqXgjRojYQ6-jFgN24je7ScoVEThYdh1kopD5-1c38fdjQYAbZ9JJJoN2SejclFPg-HsXdi3Ex_zv1tEolN7Aq6tSddsPzpCNgEuTf0wcPQ8mJ1yesZODfiGQA7WwXTxpi5wQgvfaNGFDs6J3ZG9lTZKbLiwC9JJj7Me9OE-jtuLRmFbVcw7xdkbOsFhgyd8rU1JwS0mbe9nGi3dfWumgYjU06n6wPTaeZ1PY3xliHcnxkJ-zXNsgXYcjpTUuTF0FK79OGZkeUctLMw0cPQJxr0TKLv_00tLQau3hjJ2g-W5LMczwFJdZiHZ4_DyvCM-s-fs_EtcoJD38crEY4OpUTLJDyIzMrqhUrGpI_6ySxfR89A4Tn5eOyN--KiYwRGTm-sbuGKxM2mcUAta5WAEYFX3cKtSiucDaoUQrQS6J1JY9vcSK6jBMBOTp1VM-KO11kgZbsDV3fwKUSY99l7ouRZyFfzTkyI42Gjg2nLHGyObmNGOeJmvWo&sai=AMfl-YRKEf59xAeLGU4diRPCrlkryoyMr-xjJdg76GnF_89RdK_GKtxLnqvKP3-hVSobpKuLAa11L2usUOMUeQwcrTFGzFhgWGJuk305tTQemRr776AVtAVOz4LYBQC8vgx34bAMRvUED4JgcFTAn6ToIjTa0rAGErsCzYtmBTEg3Qd-Ey3WX3U&sig=Cg0ArKJSzDigPcmF-zIfEAE&uach_m=[UACH]&pr=8:B28A10F41776A975&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1514&vt=11&dtpt=917&dett=3&cstd=596&cisv=r20230420.03815&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 26 Apr 2023 01:32:11 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 91A9 34 KB
10 KB 153ms
153ms Script
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 517804de83d11ec1469b839d29b9be9ae3d28bdcc4c1148b851af286003f1a2d

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 01:32:11 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Apr 2023 15:46:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=51227
Connection: keep-alive
Content-Length: 10019
Expires: Wed, 26 Apr 2023 15:45:58 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0AC5 0
0 178ms
178ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv1p-6p8Dlif2UugdS5AVWMHTUxaB58Fe15UDd6W-DtN9a0RKHwVO9BhHVII4vmSxsT1TSWXqNT8Sw28RFpmTjmUvKDFLjJylzjgq-_pYWNGl4CucT2qVnKYLZqSTVHIutVtgQoQrzByVswBpc-qi2GLXv_qeIPBMjHPWs_-zM5qty2hFFiGwPg9LwOCMmiaKGu8uw_ex_53YGmIcAmmU69HDsHzfjHJXIs3ZcGr5FXpGbc1PICNV_MS89oRYnwDjW-PAMPlCSLOBWF530PIxhU4ri12FMDaUm2Kt3bbJw-7M6fF4S7k41Z480UQHyPf9xMDy2kzmsWS-ZEKBTKZ_UtZlXROMMCIlDEa3MPLKUp8z5YgotSBp4UyCRjmqz60WAG5w9AAf5u1K5sEE0FwpBByIS8E71yHGRn3ZQAtN6uXLIgt7n2yr8uYHngUXVTYo7AroEyvJYn38xCRM5Ga5QZQ-xxA8mZoYsiRbI9MwVwKnZsRtojr3oLGoCrcP2jYjeDSDqepE_Qx48BYcdQOBN_IfMe_ftVmKRWIEjEqp8mAMbue21IAouE-xcIdGRQQbC9_Wi-JpvUmIlm9A2GUaqeFUB5_kioRZX5HsHnuW_z5-8kGe6ATC2HzzRfvtVtQEtfR-p-Y7NM73DbSUbvgSMpQhuCwVDptWZDr1jQqMkrYoi4x3w2V64UaW6w4bej4215H97r00-UP9xh3mr8ePf85clkVACtqhTVnklENUOSiOXpTuK30w8cE7Gj9wdy6jCby92Hw1oetRi4lN3iOLMpzTv5MPYQGCPrkZkOiZs1T3CZIMIs5x8bRTaYuy5a0ybODJqt4EiwKFFCen54K58j9cKb2PS7f77FnGmM3mjyXcVCuK_FiT2B2Af9Tya4uiMhox5mXegz9d18UhNln3uKq6R3A3smyjMvej2mkG-8jFBpAD1HG5I_qMTl22hCKAR55EFkMJTjMxRv4exMDzLNP_ll-US_6lHt1m4_zFg6zFM5MRffRUVhpQc7ypra8QAC8ZzXNI82GvPXRIYQuu3Rmtb5dYvBFQCoPNBYHdhQAy8bQDJEGIaqZWtBCYjhCGScTxCaq5xn42aSRUjx&sai=AMfl-YRkt1iYbR_CMwhqwo8onFM4lX4JGPNcH_CdC0oT7bN2S1ksyM_blrMDxmrQ0ZtHXnLAk9VHY1xTcTfAigncdH7V8AqgBGChN7bjZxGrQXSkoZF085zVCZgfuwmvZRlMEtEjEI_Xk0GuUlpMIqDiLMybJdHlskNoH7ZUT6G-R1ww_26iJgU&sig=Cg0ArKJSzCkEsV2cyWQIEAE&uach_m=[UACH]&pr=8:8C16271E77AFFBAA&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1560&vt=11&dtpt=864&dett=3&cstd=694&cisv=r20230420.78565&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 26 Apr 2023 01:32:11 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame 061A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D1%26uid%3D%5BMM_UUID%5D%26gdpr%3D1%26gdpr_consent%3D
https://onetag-sys.com/match/?int_id=1&uid=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=1&gdpr_consent=

0
291 B

146ms
145ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=1&uid=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=1&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 26 Apr 2023 01:32:11 GMT
Server: MT3 830 785530e master cdg-pixel-x34 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://onetag-sys.com/match/?int_id=1&uid=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=1&gdpr_consent=
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 26 Apr 2023 01:32:10 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 061A 0
239 B 545ms
133ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag&gdpr=1&gdpr_consent=
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

/
onetag-sys.com/match/ Frame 061A
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D1%26gdpr_consent%3D%26uid%3D$UID
https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=5517930712341661683

0
291 B

146ms
146ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=5517930712341661683

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 26 Apr 2023 01:32:11 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 91.239.206.153; 91.239.206.153; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e6264446-f7d3-4d46-8022-e45b717c4d4f
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=5517930712341661683
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK tap.php
pixel.rubiconproject.com/ Frame 061A 42 B
678 B 366ms
132ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=UHcz0DqcRHP9yXilxBGCZlTObcRSWS05USCPkItxayU
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: f5982f4f9cc79eb2b489dda8b92e3144
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 061A
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7swghudZqjgSpIennGQypFUXWsy4xjtZg

170 B
188 B

145ms
145ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7swghudZqjgSpIennGQypFUXWsy4xjtZg

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7swghudZqjgSpIennGQypFUXWsy4xjtZg
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H/1.1 200
OK sync
ssbsync-global.smartadserver.com/api/ Frame 061A 0
75 B 430ms
143ms Image
text/plain 185.86.138.153
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.153 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:10 GMT
content-length: 0

GET
H2 400 711916.gif
id.rlcdn.com/ Frame 061A 0
0 345ms
245ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/711916.gif?ct=4&cv=
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 061A
Redirect Chain

https://onetag-sys.com/match/?int_id=113&gdpr=1&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=GIxqJX0iHlQowKDqs4nkc8apRhs-iT6ZgeLx3OXrMsc

43 B
720 B

336ms
226ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=GIxqJX0iHlQowKDqs4nkc8apRhs-iT6ZgeLx3OXrMsc

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:11 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: APG1BSH7A7MVP7430RD1
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=GIxqJX0iHlQowKDqs4nkc8apRhs-iT6ZgeLx3OXrMsc
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 200 ImgSync
image8.pubmatic.com/AdServer/ Frame 061A 0
42 B 454ms
146ms Image
text/plain 185.64.190.79
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=1&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26uid%3D%23PMUID
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:09 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame 061A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEPmFhDAqWL8Cs-GrJAr3X7c&google_cver=1

0
291 B

146ms
146ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=106&google_gid=CAESEPmFhDAqWL8Cs-GrJAr3X7c&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=106&google_gid=CAESEPmFhDAqWL8Cs-GrJAr3X7c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58488/ Frame 061A 0
15 B 432ms
137ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=1&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/match/ Frame 061A
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://onetag-sys.com/match/?int_id=29&uid=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=

0
291 B

146ms
145ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=29&uid=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/match/?int_id=29&uid=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 233

GET
H2 200 sync
x.bidswitch.net/ Frame 061A 43 B
146 B 414ms
134ms Image
image/gif 3.77.118.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=onetag&gdpr=1&gdpr_consent=
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682472727314
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.77.118.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-77-118-156.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3 200 Untitled_design__3_.gif
s0.2mdn.net/sadbundle/684995563204999026/ Frame 76B3 451 KB
451 KB 138ms
137ms Image
image/gif 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/684995563204999026/Untitled_design__3_.gif

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

0757e74a88e465995beefd4f6d4444455ef105e7e07af102600221a868434909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/684995563204999026/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 22:34:32 GMT
x-content-type-options: nosniff
age: 269859
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 461420
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 09:19:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 22:34:32 GMT

GET
H3 200 Untitled_design__1_.gif
s0.2mdn.net/sadbundle/16134537147512073695/ Frame 5DB5 3 MB
3 MB 165ms
164ms Image
image/gif 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16134537147512073695/Untitled_design__1_.gif

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

be09f8ccab61436c7c8480fe016f5e95d4e9fac3d8c50cdaad96d8023375b47a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16134537147512073695/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 21:29:51 GMT
x-content-type-options: nosniff
age: 273740
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3442979
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 10:00:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 21:29:51 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 89DB 29 KB
10 KB 136ms
136ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15736253756977826551/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15736253756977826551/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 03:57:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77687
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 03:57:24 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3993 42 B
64 B 167ms
166ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstVBMT8KK6WV330bgAn4FcLzd8UJsC7ghMP0bPxCxhkmY3DTIrbrIVvOwv9rEW2E4BD9qYMJsm53gFhNazumwQKhrqCgwFGSVo&sig=Cg0ArKJSzAKpFyOPAJsEEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230424&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=34&adk=2403728479&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682472728375&rpt=1769&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B885 42 B
64 B 167ms
167ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstXHv1RgfqzTDC8Kgc3xYyg42RSDa7DV1qWxzaJfG8M8-reI4gmpr7M7cMw2ko8HsNx-sGTLT38hVOY3IvBec4zaw-Eomze7U8&sig=Cg0ArKJSzHZ2wGY-7uwcEAE&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230424&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=34&adk=724314706&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682472728383&rpt=1815&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B885 42 B
64 B 171ms
171ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuDa5Egw_m504i-RPx85YvT9bAQa3DUQGPir-U5VEz9VKRVDL2-oxredJsOKsOO7WvGVKReZRMWTKJPnyl1c3S7rffo5DgjqJsTwk7tX_gOaQqloEx7&sig=Cg0ArKJSzPdIdxq5WQL1EAE&id=lidar2&mcvt=1001&p=521,1190,561,1231&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230424&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3798138915&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682472728383&rpt=1357&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 513E 0
0 181ms
180ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssknYqWH3lmYZaAh6STceWti377UILt6rTsT083uUqTHgmVUeJD9VOQcqRc8xfy-cxrLbAROsfBAKxetnVqKuO7lPKSlD-eALJA2-oMI4jfr8qsD7waCMTNhHEYl9CGOMBEmcWdlMubzKMFA0z6QBeuF7V87f3uwkRxfZ243t0LsuY-tCslESkhTonQHQsKTK9dz4FXiV3qxI34_yQADXxWHFJ3ts4Tg5lUAgBLcBis8HgW_rg6u2U4xxDdlSoO9IeGEBLCGhi2yyF7DwsZK18ptlapLXYpHWPyZfBRoxWN4vQ_PqUhXf7F1d_BHHb7pbZxor_Dsxkd7IiteRY0yHAn62bu5BVP61-LgPZ02R6AX0IXdTFcESWfi-lH6pJbcOM70Xptl_r1_a4O-goShwp6-uJJ9UZmYCrScf1eyfCcUyqtVPUVWDwwuXnMgbXkBJw_QsE5WYD3m9b32d6eD2IgZqtpYpl0gpRdwTRkwvI9BNLttRFjy5RSfdoeb0VkzwA--Cxh8BnZLRfcrpFlner02WVi70i8eKV1qorZaUc4oU0eLxGI7eovuTVb6-jPcb3LwMNASLFpOrX_jSp2OgFrggn8KtJIKjW0LnkqZ5ri1QL7rA3BOG6n5gbOziIAuqa9PirFr14i8q2CIBTrqgJiuNNZbmPJgDnSSerM23wv64zwugeg23f9T9cyzwxAhIIXS3_o6D0ByYxHDu-YwhgJCQTC3DVqfgcyxZz56YyQ2S3ZIR4T_slKWj0euXgb0gztU6kMNiQ8dy6QTuzJO2qv6stPInWw4CLIA812NaFEmuSvnCNITEXZ7thfs9BNS0CsabddJjEJHjdv9Y_P2nAJW_tI4N5YtIwlgiRAd0FXVVo7qO2UhWfbjuw3pjrzn2ymXac_dC7AkNmDrpFCf8yX9-AXVwsqTrXGYC3PhPChTdmTKIKaCZQvmofgcy6UIoLEBat9Ts85OYb-b07yUSkLbdkFg-hiR2jyNEkr_3sSocPadIYdhZMFl3LddA6ZI0kQgDd_vDsshLIN2d_gdzkSbezOAS334Mmu1tA3grKT70xEkFu5JsX3aKALT7XIQXv1ryJ7RMuI99SbP67wK3eN_V1-t9mMsHEsor3nrZeTWFuwTmSwUigd6M79_0R-wS4s4Zx-oHfr-_1NygZ4BFQ_oOmaldp0eg0r2111dyNOjC6GnpccL38bn09pIkZ90KHIljqVHPVl58YLaaRKUkJ4I73yiV4zAAuG4g&sai=AMfl-YQqD726m6NLX9U42DtuzNCDZvsZruPf8oSh1Xd0BdPGrC_hHK1tw9BGwFRiNW4Kx3rX5cMwVLpEIZJS9A-YZ-YFxKLvckJCGpqAgTZIR91lbM4K-M-9LywikYNOmLHtjzKF8l3s3vSSLBB-cyyGJZ9qgLc7GhNkpOoCnNSXIyXH1PW5SyA&sig=Cg0ArKJSzAVPmZtTWQAOEAE&uach_m=[UACH]&pr=8:11D9D28F4557DA28&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1651&vt=11&dtpt=1021&dett=3&cstd=628&cisv=r20230420.08853&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/7hemp0vr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 26 Apr 2023 01:32:11 GMT

GET
H3 200 text-3.png
s0.2mdn.net/sadbundle/15736253756977826551/ Frame 89DB 4 KB
4 KB 167ms
166ms Image
image/png 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15736253756977826551/text-3.png

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

1040f1af7cf3e5b5fbca23e79ae9119e05faa4d0b7db924db1863f8af793b050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15736253756977826551/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 21:06:40 GMT
x-content-type-options: nosniff
age: 275131
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3922
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 09:51:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 21:06:40 GMT

GET
H3 200 text-2.png
s0.2mdn.net/sadbundle/15736253756977826551/ Frame 89DB 3 KB
3 KB 170ms
169ms Image
image/png 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15736253756977826551/text-2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

6a30938a8e6caa31a9397d39832b33ca6d72c73f39fde0f08e22f9d9e6981730

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15736253756977826551/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 21:06:40 GMT
x-content-type-options: nosniff
age: 275131
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2706
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 09:51:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 21:06:40 GMT

GET
H3 200 text-1.png
s0.2mdn.net/sadbundle/15736253756977826551/ Frame 89DB 2 KB
2 KB 176ms
175ms Image
image/png 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15736253756977826551/text-1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

902bb33b53eeaa949c75ef9ff8e79c10500f7a91c3d8ffa46bd3346fcddec5eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15736253756977826551/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 15:59:17 GMT
x-content-type-options: nosniff
age: 293574
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2476
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 09:51:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 15:59:17 GMT

GET
H3 200 click.png
s0.2mdn.net/sadbundle/15736253756977826551/ Frame 89DB 2 KB
2 KB 179ms
178ms Image
image/png 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15736253756977826551/click.png

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

f94c500166f027535e5196660af9fdf145b1a373eac71c3d6b40bf7d62b32c6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15736253756977826551/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 07:07:22 GMT
x-content-type-options: nosniff
age: 411889
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1582
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 09:51:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 20 Apr 2024 07:07:22 GMT

GET
H3 200 bg.jpg
s0.2mdn.net/sadbundle/15736253756977826551/ Frame 89DB 5 KB
5 KB 172ms
172ms Image
image/jpeg 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15736253756977826551/bg.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

e2d6f4a3c4022517eed6c5060c96864f1a6d2e6d0adcab546c142e87a00ddc27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15736253756977826551/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 21:06:40 GMT
x-content-type-options: nosniff
age: 275131
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4689
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 09:51:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 21:06:40 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 513E 42 B
64 B 167ms
166ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss5coMlGrgkl6eymBSxifQHVxuOG5IsHDIL0E4ie1eW6MeqVFkC0jnF8Q-URiJdi_m5TRA0fXM0VyYVWHUqFNv1XkQx8qmF4VM&sig=Cg0ArKJSzDm1JWnP6DqbEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230424&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=34&adk=1814326990&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682472728364&rpt=1918&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET PugMaster
image6.pubmatic.com/AdServer/ Frame 0B88 0
0

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame 55F6 4 KB
2 KB 1498ms
157ms Document
text/html 34.249.56.197

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.56.197 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: f8fc1511181fe40b75825efbb39c5f15556e7223a6bd7f0d558694600bc6e3da

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Wed, 26 Apr 2023 01:32:12 GMT
etag: W/"09022923032f867f45b32872d23b653f6"
server: nginx
timing-allow-origin: *

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 6044 4 KB
2 KB 148ms
148ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

4686828206af6e769d9a50c7671eae2a399c49b02e37c21c1e60a974c6701003

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 1397
content-type: text/html
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame C0C2 976 B
1 KB 435ms
143ms Document
text/html 185.86.138.154
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.154 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: f30d7e7a13993c6a9da65e9ee2a8f6daef2a52951f3fd0e514407bf3c53fc97e

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

content-length: 976
content-type: text/html
date: Wed, 26 Apr 2023 01:32:11 GMT

GET
H/1.1 200
OK usermatch Show response
ssum-sec.casalemedia.com/ Frame BD90 2 KB
2 KB 1429ms
135ms Document
text/html 185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: de9486ffd88568e6a8669ec77a9d913f069e4e332778ade78f02ee8c97ada164

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 1734
Content-Type: text/html
Date: Wed, 26 Apr 2023 01:32:12 GMT
Expires: 0
Keep-Alive: timeout=1, max=500
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Server: Apache

GET multi-sync.html
secure-assets.rubiconproject.com/utils/xapi/ Frame B791 0
0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame B14C 16 KB
6 KB 135ms
129ms Document
text/html 2.19.228.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.228.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-228-187.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=66121
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Wed, 26 Apr 2023 01:32:11 GMT
expires: Wed, 26 Apr 2023 19:54:12 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET sync-iframe
cs-rtb.minutemedia-prebid.com/ Frame 20B2 0
0

GET user-sync
sync.adkernel.com/ Frame 73F7 0
0

GET
H2 200 sync-iframe Show response
cs-server-s2s.yellowblue.io/ Frame 8841 145 B
558 B 1701ms
230ms Document
text/html 54.165.190.143

General

Check archive.org

Show headers Download Go to

Full URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D352%26uid%3D%7BpartnerId%7D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.165.190.143 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0683291784c539f7776eaa5598867d51d1972ee5fc7a428c99ce7d604a799dad

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://public.servenobid.com/
content-length: 145
content-type: text/html
date: Wed, 26 Apr 2023 01:32:12 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 2CB5
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=5517930712341661683

0
344 B

161ms
160ms

Image
image/avif

34.248.219.195
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=5517930712341661683
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.248.219.195 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-219-195.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Date: Wed, 26 Apr 2023 01:32:11 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 91.239.206.153; 91.239.206.153; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e4792e8f-2c79-4198-ad93-c07c92e248be
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://ads.servenobid.com/sync?pid=312&uid=5517930712341661683
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 2CB5
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1
https://ads.servenobid.com/sync?pid=310&uid=Giu8vRZHhsF9uT_CQ_iJk-M1

0
350 B

159ms
159ms

Image
image/avif

34.248.219.195
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=Giu8vRZHhsF9uT_CQ_iJk-M1
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.248.219.195 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-219-195.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:12 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:12 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ads.servenobid.com/sync?pid=310&uid=Giu8vRZHhsF9uT_CQ_iJk-M1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap7ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 2CB5
Redirect Chain

https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID&sovrn_retry=true
https://ads.servenobid.com/sync?pid=310&uid=Giu8vLZHEbPf1gzQSXGUM4MI

0
351 B

159ms
159ms

Image
image/avif

34.248.219.195
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=Giu8vLZHEbPf1gzQSXGUM4MI
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.248.219.195 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-219-195.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:13 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Date: Wed, 26 Apr 2023 01:32:12 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://ads.servenobid.com/sync?pid=310&uid=Giu8vLZHEbPf1gzQSXGUM4MI
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET rmpssp
sync.1rx.io/usersync2/ Frame 2CB5 0
0

GET cm
p.rfihub.com/ Frame 2CB5 0
0

GET usa
sync.go.sonobi.com/ Frame 2CB5 0
0

GET 0
prebid.a-mo.net/cchain/ Frame 2CB5 0
0

GET
H2

200

sync
ads.servenobid.com/ Frame 2CB5
Redirect Chain

https://ups.analytics.yahoo.com/ups/58559/occ
https://ups.analytics.yahoo.com/ups/58559/occ?verify=true
https://ads.servenobid.com/sync?pid=337&uid=y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A

0
367 B

366ms
358ms

Image
image/avif

34.248.219.195
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=337&uid=y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.248.219.195 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-219-195.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=337&uid=y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A
date: Wed, 26 Apr 2023 01:32:11 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET

match
ssp.disqus.com/ Frame 2CB5
Redirect Chain

https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID
https://ce.lijit.com/merge?pid=279534&3pid=ua-367b9236-709b-35d1-81f8-a0aea72d596a&gdpr=&gdpr_consent=&us_privacy=&location=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D12%26buyeruid%3D%5BSOVRNI...
https://ce.lijit.com/merge?pid=279534&3pid=ua-367b9236-709b-35d1-81f8-a0aea72d596a&gdpr=&gdpr_consent=&us_privacy=&location=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D12%26buyeruid%3D%5BSOVRNI...
https://ssp.disqus.com/match?bidder=12&buyeruid=Giu8vRZHO7uMqrZsTzOwEBOy&r=Cid1YS0zNjdiOTIzNi03MDliLTM1ZDEtODFmOC1hMGFlYTcyZDU5NmEQ____________ASpTaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9Mz...

0
0

GET
H2

200

sync
ads.servenobid.com/ Frame 2CB5
Redirect Chain

https://ups.analytics.yahoo.com/ups/58632/occ
https://ups.analytics.yahoo.com/ups/58632/occ?verify=true
https://ads.servenobid.com/sync?pid=339&uid=y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A

0
367 B

161ms
152ms

Image
image/avif

34.248.219.195
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=339&uid=y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.248.219.195 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-219-195.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=339&uid=y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A
date: Wed, 26 Apr 2023 01:32:11 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET v1
match.sharethrough.com/universal/ Frame 2CB5 0
0

GET
H2

200

sync
ads.servenobid.com/ Frame 2CB5
Redirect Chain

https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D353%26uid%3D%3Cvsid%3E
https://ads.servenobid.com/sync?pid=353&uid=3254743314264952000V10

0
346 B

159ms
158ms

Image
image/avif

34.248.219.195
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=353&uid=3254743314264952000V10
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.248.219.195 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-219-195.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:12 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Wed, 26 Apr 2023 01:32:12 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
location: https://ads.servenobid.com/sync?pid=353&uid=3254743314264952000V10
content-type: text/html
cache-control: max-age=0, no-cache, no-store
content-length: 154
x-mnet-hl2: E
expires: Wed, 26 Apr 2023 01:32:12 GMT

GET
H2 200 sync Show response
gum.criteo.com/ Frame 34D2 88 B
328 B 141ms
141ms Script
text/javascript 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?r=2&c=321&gdpr=0&gdpr_pd=0&gdpr_consent=&us_privacy=&j=window.advBidxc.mnetRtusId

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ed1d6e3ea5afc8a3b37d28a22d104fbb7e6a5fc8aa8dba2b64f95095450370da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:10 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 1108176
expires: 60

GET multi-sync.html
secure-assets.rubiconproject.com/utils/xapi/ Frame 03EC 0
0

GET cm
p.rfihub.com/ Frame 0CA2 0
0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame D603 16 KB
6 KB 137ms
134ms Document
text/html 2.19.228.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159463&userIdMacro=PM_UID&predirect=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254743314264952000V10%26type%3Dpba%26refUrl%3D%26vid%3D24727314023254743314264952000V10%26ovsid%3DPM_UID
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.228.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-228-187.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://contextual.media.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=66121
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Wed, 26 Apr 2023 01:32:11 GMT
expires: Wed, 26 Apr 2023 19:54:12 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET us
sync.go.sonobi.com/ Frame 34D2 0
0

GET
H2

200

cksync.html
contextual.media.net/ Frame 34D2
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3254743314264952...
https://us-u.openx.net/w/1.0/cm?cc=1&id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D32547433142...
https://contextual.media.net/cksync.html?cs=8&vsid=3254743314264952000V10&type=opx&refUrl=&vid=24727314023254743314264952000V10&ovsid=7a9b7525-c6a7-0383-02f7-3a0b9c0091e2

235 B
235 B

161ms
159ms

Image
text/html

2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.html?cs=8&vsid=3254743314264952000V10&type=opx&refUrl=&vid=24727314023254743314264952000V10&ovsid=7a9b7525-c6a7-0383-02f7-3a0b9c0091e2

Requested by

Protocol

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Wed, 26 Apr 2023 01:32:11 GMT
server: Apache
vary: Accept-Encoding
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: text/html;charset=UTF-8
cache-control: max-age=0, no-cache, no-store
content-length: 235
x-mnet-hl2: E
expires: Wed, 26 Apr 2023 01:32:11 GMT

Redirect headers

date: Wed, 26 Apr 2023 01:32:11 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://contextual.media.net/cksync.html?cs=8&vsid=3254743314264952000V10&type=opx&refUrl=&vid=24727314023254743314264952000V10&ovsid=7a9b7525-c6a7-0383-02f7-3a0b9c0091e2
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET rmp1r1
sync.1rx.io/usersync2/ Frame 34D2 0
0

GET
H/1.1

200
OK

cksync
cs.media.net/ Frame 34D2
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=MzI1NDc0MzMxNDI2NDk1MjAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEMRsJKQnGxplACkxpP07Iy4&google_cver=1

61 B
626 B

437ms
148ms

Image
image/gif

23.35.228.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEMRsJKQnGxplACkxpP07Iy4&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Server: 23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:11 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 61
x-mnet-hl2: E
Expires: Wed, 26 Apr 2023 01:32:11 GMT

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEMRsJKQnGxplACkxpP07Iy4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame 34D2
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254743314264952000V10%26type%3Ddxu%26refUrl%3D%26vid%3D24727314023254743314264...
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254743314264952000V10%26type%3Ddxu%26refUrl%3D%26vid%3D24727314023254743...
https://contextual.media.net/cksync.php?cs=8&vsid=3254743314264952000V10&type=dxu&refUrl=&vid=24727314023254743314264952000V10&ovsid=s8LxiQgS1PRu0Y5

61 B
467 B

166ms
166ms

Image
image/gif

2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=8&vsid=3254743314264952000V10&type=dxu&refUrl=&vid=24727314023254743314264952000V10&ovsid=s8LxiQgS1PRu0Y5

Requested by

Protocol

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Wed, 26 Apr 2023 01:32:12 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Wed, 26 Apr 2023 01:32:12 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:11 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-775-g5f74e41#rel-ec2-master i-0bdcd692e53b93ca1@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://contextual.media.net/cksync.php?cs=8&vsid=3254743314264952000V10&type=dxu&refUrl=&vid=24727314023254743314264952000V10&ovsid=s8LxiQgS1PRu0Y5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET usersync.aspx
dis.criteo.com/dis/ Frame 34D2 0
0

GET

match
ads.betweendigital.com/ Frame 34D2
Redirect Chain

https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26expires%3D30%26...
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26expires%3D30%26...

0
0

GET /
b1sync.zemanta.com/usersync/medianet/ Frame 34D2 0
0

GET sync
rtb.mfadsrvr.com/ Frame 34D2 0
0

GET
H/1.1

200
OK

cksync
cs.media.net/ Frame 34D2
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent=
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=80bf9871-e16f-474f-93fb-ade652fb06dc

61 B
637 B

559ms
145ms

Image
image/gif

23.35.228.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=80bf9871-e16f-474f-93fb-ade652fb06dc
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Server: 23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:12 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 61
x-mnet-hl2: E
Expires: Wed, 26 Apr 2023 01:32:12 GMT

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=80bf9871-e16f-474f-93fb-ade652fb06dc
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 199

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 86FC 4 KB
2 KB 146ms
146ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=6b859b96c564fbe

Requested by

Host: u.4dex.io
URL: https://u.4dex.io/usync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

1b354ab0ba22d752698db245f6db2cca748df2025e8294d7c39e6477e68ec53b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://u.4dex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 1403
content-type: text/html
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 07B1 0
861 B 230ms
137ms Script
text/html 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.2 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:11 GMT
AN-X-Request-Uuid: 801781d1-5f22-4015-88e5-98366b6bcc67
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 91.239.206.153; 91.239.206.153; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6044
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7swg-llpeuEGt1Bv9uGOcDHQgkOSYWzEA

170 B
188 B

152ms
150ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7swg-llpeuEGt1Bv9uGOcDHQgkOSYWzEA

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7swg-llpeuEGt1Bv9uGOcDHQgkOSYWzEA
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

/
onetag-sys.com/match/ Frame 6044
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D1%26uid%3D%5BMM_UUID%5D%26gdpr%3D0%26gdpr_consent%3D
https://onetag-sys.com/match/?int_id=1&uid=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=0&gdpr_consent=

0
291 B

151ms
148ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=1&uid=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=0&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 26 Apr 2023 01:32:11 GMT
Server: MT3 830 785530e master cdg-pixel-x7 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://onetag-sys.com/match/?int_id=1&uid=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=0&gdpr_consent=
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 26 Apr 2023 01:32:10 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame 6044
Redirect Chain

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag&gdpr=0&gdpr_consent=
https://onetag-sys.com/match/?int_id=2&uid=LGX0TKY5-T-ET9H&gdpr=0

0
291 B

149ms
148ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=2&uid=LGX0TKY5-T-ET9H&gdpr=0

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://onetag-sys.com/match/?int_id=2&uid=LGX0TKY5-T-ET9H&gdpr=0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET
H2

200

/
onetag-sys.com/match/ Frame 6044
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D0%26gdpr_consent%3D%26uid%3D$UID
https://onetag-sys.com/match/?int_id=98&gdpr=0&gdpr_consent=&uid=5517930712341661683

0
291 B

146ms
145ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=98&gdpr=0&gdpr_consent=&uid=5517930712341661683

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 26 Apr 2023 01:32:11 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 91.239.206.153; 91.239.206.153; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e7798bee-8b06-4a14-a031-5546dc25c3e8
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://onetag-sys.com/match/?int_id=98&gdpr=0&gdpr_consent=&uid=5517930712341661683
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK tap.php
pixel.rubiconproject.com/ Frame 6044 42 B
678 B 171ms
132ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=GIxqJX0iHlQowKDqs4nkc8apRhs-iT6ZgeLx3OXrMsc
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: f5982f4f9cc79eb2b489dda8b92e3144
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

/
onetag-sys.com/match/ Frame 6044
Redirect Chain

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=1YN-&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]
https://onetag-sys.com/match/?int_id=107&uid=8078455939417259124

0
291 B

156ms
148ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=107&uid=8078455939417259124

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: https://onetag-sys.com/match/?int_id=107&uid=8078455939417259124
date: Wed, 26 Apr 2023 01:32:10 GMT
content-length: 0

GET
H2 400 711916.gif
id.rlcdn.com/ Frame 6044 0
0 147ms
141ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/711916.gif?ct=4&cv=
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 6044
Redirect Chain

https://onetag-sys.com/match/?int_id=113&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=Cp0g7vbwpZfA9NCmib-qfOMjrJ1itrIpqnCGJAJVlys

43 B
479 B

239ms
237ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=Cp0g7vbwpZfA9NCmib-qfOMjrJ1itrIpqnCGJAJVlys

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:11 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 9MHVCYH1RVF7Z1J034GX
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=Cp0g7vbwpZfA9NCmib-qfOMjrJ1itrIpqnCGJAJVlys
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

/
onetag-sys.com/match/ Frame 6044
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=0&gdpr_consent=&us_privacy=1YN-&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26uid%3D%23PMUID
https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=0&gdpr_consent=&us_privacy=1YN-&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26uid%3D%23PMUID&rdf=1
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MzhCMjRFRjAtNjNCQy00ODczLUIyNUMtQUREM0U4Mzg2OTJG&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://onetag-sys.com/match/?int_id=114&uid=38B24EF0-63BC-4873-B25C-ADD3E838692F

0
291 B

146ms
146ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=114&uid=38B24EF0-63BC-4873-B25C-ADD3E838692F

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: https://onetag-sys.com/match/?int_id=114&uid=38B24EF0-63BC-4873-B25C-ADD3E838692F
date: Wed, 26 Apr 2023 01:32:11 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 108
content-type: text/html; charset=utf-8

GET
H2

200

/
onetag-sys.com/match/ Frame 6044
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEPmFhDAqWL8Cs-GrJAr3X7c&google_cver=1

0
291 B

150ms
149ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=106&google_gid=CAESEPmFhDAqWL8Cs-GrJAr3X7c&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=106&google_gid=CAESEPmFhDAqWL8Cs-GrJAr3X7c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame 6044
Redirect Chain

https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=0&gdpr_consent=
https://onetag-sys.com/match/?int_id=92&uid=y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A

0
291 B

157ms
148ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=92&uid=y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: https://onetag-sys.com/match/?int_id=92&uid=y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A
date: Wed, 26 Apr 2023 01:32:11 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/match/ Frame 6044
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent=
https://onetag-sys.com/match/?int_id=29&uid=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=

0
291 B

145ms
145ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=29&uid=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/match/?int_id=29&uid=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 233

GET
H2

200

/
onetag-sys.com/match/ Frame 6044
Redirect Chain

https://x.bidswitch.net/sync?ssp=onetag&gdpr=0&gdpr_consent=
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Donetag
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Donetag
https://x.bidswitch.net/sync?dsp_id=59&user_id=4b45454e-7ffc-4eda-93d5-ef47cfeace44&ssp=onetag
https://onetag-sys.com/match/?int_id=30&uid=6bd7a558-d246-47c6-96e1-a500ce3d8c93&gdpr=&gdpr_consent=&us_privacy=

0
291 B

145ms
145ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=6bd7a558-d246-47c6-96e1-a500ce3d8c93&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: //onetag-sys.com/match/?int_id=30&uid=6bd7a558-d246-47c6-96e1-a500ce3d8c93&gdpr=&gdpr_consent=&us_privacy=
date: Wed, 26 Apr 2023 01:32:12 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame 6044 0
364 B 163ms
159ms Image
image/avif 34.248.219.195
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=318&uid=GIxqJX0iHlQowKDqs4nkc8apRhs-iT6ZgeLx3OXrMsc
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.219.195 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-219-195.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET log
c21lg-d.media.net/ Frame 34D2 0
0

GET
H2

200

/
onetag-sys.com/match/ Frame 86FC
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D1%26uid%3D%5BMM_UUID%5D%26gdpr%3D1%26gdpr_consent%3D
https://onetag-sys.com/match/?int_id=1&uid=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=1&gdpr_consent=

0
291 B

146ms
145ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=1&uid=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=1&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 26 Apr 2023 01:32:11 GMT
Server: MT3 830 785530e master cdg-pixel-x27 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://onetag-sys.com/match/?int_id=1&uid=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=1&gdpr_consent=
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 26 Apr 2023 01:32:10 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 86FC 0
239 B 333ms
132ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag&gdpr=1&gdpr_consent=
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK tap.php
pixel.rubiconproject.com/ Frame 86FC 42 B
678 B 189ms
134ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=GIxqJX0iHlQowKDqs4nkc8apRhs-iT6ZgeLx3OXrMsc
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: e06182bf224d96e6550f4595601cdb0b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 86FC
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7swhAHXnVV_7__Aww0ShJZ8dfyaO4VyRQ

170 B
188 B

145ms
145ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7swhAHXnVV_7__Aww0ShJZ8dfyaO4VyRQ

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7swhAHXnVV_7__Aww0ShJZ8dfyaO4VyRQ
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 400 711916.gif
id.rlcdn.com/ Frame 86FC 0
0 145ms
141ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/711916.gif?ct=4&cv=
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 86FC
Redirect Chain

https://onetag-sys.com/match/?int_id=113&gdpr=1&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=3zf8hX2cpanNSyqx_Xi_DzDbIqkzhDywkzYxZ6orVO4

43 B
479 B

290ms
227ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=3zf8hX2cpanNSyqx_Xi_DzDbIqkzhDywkzYxZ6orVO4

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:11 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 5X4Z3VD4RW2BDP45E8BM
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=3zf8hX2cpanNSyqx_Xi_DzDbIqkzhDywkzYxZ6orVO4
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

/
onetag-sys.com/match/ Frame 86FC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEPmFhDAqWL8Cs-GrJAr3X7c&google_cver=1

0
291 B

146ms
145ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=106&google_gid=CAESEPmFhDAqWL8Cs-GrJAr3X7c&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=106&google_gid=CAESEPmFhDAqWL8Cs-GrJAr3X7c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame 86FC 43 B
145 B 137ms
133ms Image
image/gif 3.77.118.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=onetag&gdpr=1&gdpr_consent=
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.77.118.156 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-77-118-156.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2

200

/
onetag-sys.com/match/ Frame 86FC
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D1%26gdpr_consent%3D%26uid%3D$UID
https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=5517930712341661683

0
291 B

146ms
146ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=5517930712341661683

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 26 Apr 2023 01:32:11 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 91.239.206.153; 91.239.206.153; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 568132bc-01e8-4b43-823a-b71eb26276c1
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=5517930712341661683
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK sync
ssbsync-global.smartadserver.com/api/ Frame 86FC 0
75 B 272ms
142ms Image
text/plain 185.86.138.153
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.153 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
content-length: 0

GET
H2 200 ImgSync
image8.pubmatic.com/AdServer/ Frame 86FC 0
39 B 148ms
145ms Image
text/plain 185.64.190.79
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=1&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26uid%3D%23PMUID
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:10 GMT
content-length: 0

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58488/ Frame 86FC 0
15 B 139ms
136ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=1&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/match/ Frame 86FC
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://onetag-sys.com/match/?int_id=29&uid=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=

0
291 B

162ms
162ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=29&uid=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/match/?int_id=29&uid=80bf9871-e16f-474f-93fb-ade652fb06dc&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 233

GET
H2 401 setuid
u.4dex.io/ Frame 86FC 0
48 B 143ms
140ms Image
text/plain 34.149.40.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.4dex.io/setuid?bidder=onetag&uid=GIxqJX0iHlQowKDqs4nkc8apRhs-iT6ZgeLx3OXrMsc&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.40.38 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 38.40.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
via: 1.1 google
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: 0

GET
H2 200 sync
ads.servenobid.com/ Frame C0C2 0
344 B 233ms
232ms Image
image/avif 34.248.219.195
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=8078455939417259124&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.219.195 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-219-195.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:11 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET

v1
match.sharethrough.com/sync/ Frame C0C2
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=139&partneruserid=0&redirurl=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3D98KUz37ype9D3X2sf9ovgeTt%26source_user_id%3DS...
https://match.sharethrough.com/sync/v1?source_id=98KUz37ype9D3X2sf9ovgeTt&source_user_id=8078455939417259124&gdpr=0&gdpr_consent=

0
0

GET /
s.ad.smaato.net/c/ Frame C0C2 0
0

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame C0C2
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USE...
https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=8078455939417259124&gdpr=0&gdpr_consent=

43 B
855 B

228ms
227ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=8078455939417259124&gdpr=0&gdpr_consent=

Requested by

Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:12 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 1XGK2BC21AYDHA06N5QJ
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=8078455939417259124&gdpr=0&gdpr_consent=
pragma: no-cache
date: Wed, 26 Apr 2023 01:32:11 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H2 400 711890.gif
id.rlcdn.com/ Frame C0C2 0
0 142ms
141ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/711890.gif?credir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D136%26partneruserid%3D&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3993 0
20 B 172ms
172ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7605896528638&version=m202301230201&ct=119&x=8&cor=8452094366671481000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B885 0
20 B 172ms
172ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2679293779858&version=m202301230201&ct=119&x=8&cor=4067074568466444000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0AC5 0
20 B 173ms
173ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9792639872841&version=m202301230201&ct=119&x=8&cor=4835737498075073000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 513E 0
20 B 173ms
172ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8460195016248&version=m202301230201&ct=119&x=8&cor=5076272393318275000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 01:32:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

setuid Show response
u.4dex.io/ Frame 5E63
Redirect Chain

https://visitor.omnitagjs.com/visitor/bsync?uid=bc65ac468bfc90e6260132832a3bc684&name=ADAGIO&url=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dadyoulike%26uid%3D%24UID
https://u.4dex.io/setuid?bidder=adyoulike&uid=34cbf41e78f4c9620ca50b6619426013

0
15 B

145ms
144ms

Document
text/plain

34.149.40.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.4dex.io/setuid?bidder=adyoulike&uid=34cbf41e78f4c9620ca50b6619426013
Requested by: Host: u.4dex.io
URL: https://u.4dex.io/usync.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.40.38 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 38.40.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://u.4dex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Wed, 26 Apr 2023 01:32:12 GMT
expires: 0
pragma: no-cache
vary: Origin Accept-Encoding
via: 1.1 google

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 26 Apr 2023 01:32:12 GMT
expires: 0
location: https://u.4dex.io/setuid?bidder=adyoulike&uid=34cbf41e78f4c9620ca50b6619426013
p3p: CP="CAO PSA OUR"
pragma: no-cache
server: ayl-lb-fra02
vary: Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 4

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 07B1 0
861 B 137ms
137ms Script
text/html 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.2 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:12 GMT
AN-X-Request-Uuid: e7cc284e-903b-490a-a22b-d59995e8a890
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 91.239.206.153; 91.239.206.153; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET

rum
dsum-sec.casalemedia.com/ Frame BD90
Redirect Chain

https://match.adsrvr.org/track/cmf/casale
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=80bf9871-e16f-474f-93fb-ade652fb06dc&expiration=1685064732&gdpr=0&gdpr_consent=

0
0

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame BD90 43 B
855 B 225ms
225ms Image
image/gif 52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZEh_GbtLmO1KKrl7azIwMAAADT0AAAAB&gpp=&gpp_sid=

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Apr 2023 01:32:12 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 1NCMZMEX6N7SVJXCHD35
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET

usermatchredir
ssum-sec.casalemedia.com/ Frame BD90
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZEh_GbtLmO1KKrl7azIwMAAADT0AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEMluIy0tl_QVg_ypqK4UYro&google_cver=1

0
0

GET getuid
secure.adnxs.com/ Frame BD90 0
0

GET bridge
cm.adgrx.com/ Frame BD90 0
0

GET /
sync.taboola.com/sg/indexscod/1/cm/ Frame BD90 0
0

GET index
dmp.brand-display.com/cm/api/ Frame BD90 0
0

GET
H2 200 ZEh_GbtLmO1KKrl7azIwMAAADT0AAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame BD90 43 B
601 B 162ms
161ms Image
image/gif 34.248.79.190
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/ZEh_GbtLmO1KKrl7azIwMAAADT0AAAAB?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.248.79.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-248-79-190.eu-west-1.compute.amazonaws.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:12 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2 200 sync
ads.servenobid.com/ Frame BD90 0
356 B 160ms
159ms Image
image/avif 34.248.219.195
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=ZEh_GbtLmO1KKrl7azIwMAAADT0AAAAB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.219.195 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-219-195.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:12 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET getuid
secure.adnxs.com/ Frame 55F6 0
0

GET

/
c1.adform.net/serving/cookie/match/ Frame 55F6
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_1e47e964-5117-49c5-ad5a-5ef644bcc3ee&gdpr=0&gdpr_consent=&us_privacy=1---
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2

0
0

GET redirectObuid
sync.outbrain.com/ Frame 55F6 0
0

GET

usersync
usersync.gumgum.com/ Frame 55F6
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://usersync.gumgum.com/usersync?b=opx&i=458ab8ca-45b2-0135-06c3-5488e6bf0278

0
0

GET sync
sync.srv.stackadapt.com/ Frame 55F6 0
0

GET

usersync
usersync.gumgum.com/ Frame 55F6
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=oth&i=y-gc9FAjdE2pcdV58HX0hSAYkv16Qz4QcRdbR9~A

0
0

GET generic
sync.ipredictive.com/d/sync/cookie/ Frame 55F6 0
0

GET services
sync.technoratimedia.com/ Frame 55F6 0
0

GET 142
match.deepintent.com/usersync/ Frame 55F6 0
0

GET /
b1sync.zemanta.com/usersync/gumgum/ Frame 55F6 0
0

GET server_match
ad.360yield.com/ Frame 55F6 0
0

GET rtset
bh.contextweb.com/bh/ Frame 55F6 0
0

GET

usersync
usersync.gumgum.com/ Frame 55F6
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=sad&i=8078455939417259124

0
0

GET
H2 200 sync
ads.servenobid.com/ Frame 55F6 0
357 B 168ms
165ms Image
image/avif 34.248.219.195
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_1e47e964-5117-49c5-ad5a-5ef644bcc3ee
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.219.195 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-219-195.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 01:32:12 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET

usersync
usersync.gumgum.com/ Frame 3EDF
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://usersync.gumgum.com/usersync?b=mmh&i=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=0&gdpr_consent=

0
0

GET user-sync
sync.adkernel.com/ Frame 6007 0
0

GET URnmbSKM
sync-tm.everesttech.net/upi/pid/ Frame E447 0
0

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame 5BC8 170 B
188 B 147ms
146ms Document
image/png 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8xZTQ3ZTk2NC01MTE3LTQ5YzUtYWQ1YS01ZWY2NDRiY2MzZWU=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 170
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 01:32:12 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 5029 16 KB
6 KB 134ms
134ms Document
text/html 2.19.228.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.228.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-228-187.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=66120
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Wed, 26 Apr 2023 01:32:12 GMT
expires: Wed, 26 Apr 2023 19:54:12 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET

usersync
usersync.gumgum.com/ Frame 6539
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=ttd&i=80bf9871-e16f-474f-93fb-ade652fb06dc

0
0

GET idsync
tg.socdm.com/aux/ Frame 840F 0
0

GET gumgum
cs.admanmedia.com/sync/ Frame DA18 0
0

GET
H/1.1 200
OK usermatchredir Show response
ssum-sec.casalemedia.com/ Frame 9635 43 B
632 B 133ms
133ms Document
image/gif 185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=189872&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif
Date: Wed, 26 Apr 2023 01:32:12 GMT
Expires: 0
Keep-Alive: timeout=1, max=499
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Server: Apache

GET cm-notify
creativecdn.com/ Frame D053 0
0

GET multi-sync.html
secure-assets.rubiconproject.com/utils/xapi/ Frame F72C 0
0

GET sync
ads.servenobid.com/ Frame 8841 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=65942654&p=161102&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=

Domain: secure-assets.rubiconproject.com
URL: https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=duration_media&endpoint=us-east

Domain: cs-rtb.minutemedia-prebid.com
URL: https://cs-rtb.minutemedia-prebid.com/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D348%26uid%3D%7BpartnerId%7D

Domain: sync.adkernel.com
URL: https://sync.adkernel.com/user-sync?zone=181225&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D152%26uid%3D%7BUID%7D&gdpr=0&gdpr_consent=&us_privacy=1YN-&

Domain: sync.1rx.io
URL: https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D

Domain: p.rfihub.com
URL: https://p.rfihub.com/cm?pub=44007&in=1

Domain: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Domain: prebid.a-mo.net
URL: https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D

Domain: ssp.disqus.com
URL: https://ssp.disqus.com/match?bidder=12&buyeruid=Giu8vRZHO7uMqrZsTzOwEBOy&r=Cid1YS0zNjdiOTIzNi03MDliLTM1ZDEtODFmOC1hMGFlYTcyZDU5NmEQ____________ASpTaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzQ2JnVpZD11YS0zNjdiOTIzNi03MDliLTM1ZDEtODFmOC1hMGFlYTcyZDU5NmEyAgwOOAE=

Domain: match.sharethrough.com
URL: https://match.sharethrough.com/universal/v1?supply_id=KW3eSFMR&gdpr=0&gdpr_consent=&us_privacy=1YN-&

Domain: secure-assets.rubiconproject.com
URL: https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=medianet

Domain: p.rfihub.com
URL: https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3254743314264952000V10%26type%3Drkt%26refUrl%3D%26vid%3D24727314023254743314264952000V10%26ovsid%3D%7Buserid%7D

Domain: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=3254743314264952000V10&type=son&refUrl=&vid=24727314023254743314264952000V10&ovsid=[UID]

Domain: sync.1rx.io
URL: https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254743314264952000V10%26type%3Dr1%26refUrl%3D%26vid%3D24727314023254743314264952000V10%26ovsid%3D%5BRX_UUID%5D

Domain: dis.criteo.com
URL: https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40

Domain: ads.betweendigital.com
URL: https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D0%26gdpr_consent%3D&crf=1

Domain: b1sync.zemanta.com
URL: https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254743314264952000V10%26type%3Dzem%26refUrl%3D%26vid%3D24727314023254743314264952000V10%26ovsid%3D__ZUID__

Domain: rtb.mfadsrvr.com
URL: https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=3254743314264952000V10

Domain: c21lg-d.media.net
URL: https://c21lg-d.media.net/log?logid=kfk&evtid=cs&origin=1&pvgid=data-c&ovsid=MlJnFqXUqqCaLRcqTWigXnGkb0XlUtfY&cs=15&vsid=3254743314264952000V10

Domain: match.sharethrough.com
URL: https://match.sharethrough.com/sync/v1?source_id=98KUz37ype9D3X2sf9ovgeTt&source_user_id=8078455939417259124&gdpr=0&gdpr_consent=

Domain: s.ad.smaato.net
URL: https://s.ad.smaato.net/c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent=

Domain: dsum-sec.casalemedia.com
URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=80bf9871-e16f-474f-93fb-ade652fb06dc&expiration=1685064732&gdpr=0&gdpr_consent=

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEMluIy0tl_QVg_ypqK4UYro&google_cver=1

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID

Domain: cm.adgrx.com
URL: https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE

Domain: sync.taboola.com
URL: https://sync.taboola.com/sg/indexscod/1/cm/?us_privacy=&gdpr=&gdpr_consent=&id=ZEh-GbtLmO1KKrl7azIwMAAA%263389&gpp=&gpp_sid=

Domain: dmp.brand-display.com
URL: https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID

Domain: c1.adform.net
URL: https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2

Domain: sync.outbrain.com
URL: https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D

Domain: usersync.gumgum.com
URL: https://usersync.gumgum.com/usersync?b=opx&i=458ab8ca-45b2-0135-06c3-5488e6bf0278

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=

Domain: usersync.gumgum.com
URL: https://usersync.gumgum.com/usersync?b=oth&i=y-gc9FAjdE2pcdV58HX0hSAYkv16Qz4QcRdbR9~A

Domain: sync.ipredictive.com
URL: https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D

Domain: sync.technoratimedia.com
URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D

Domain: match.deepintent.com
URL: https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D

Domain: b1sync.zemanta.com
URL: https://b1sync.zemanta.com/usersync/gumgum/?puid=e_1e47e964-5117-49c5-ad5a-5ef644bcc3ee&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__

Domain: ad.360yield.com
URL: https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D

Domain: bh.contextweb.com
URL: https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25

Domain: usersync.gumgum.com
URL: https://usersync.gumgum.com/usersync?b=sad&i=8078455939417259124

Domain: usersync.gumgum.com
URL: https://usersync.gumgum.com/usersync?b=mmh&i=e34b6448-7f1b-4200-af8b-d6c5b99ffd54&gdpr=0&gdpr_consent=

Domain: sync.adkernel.com
URL: https://sync.adkernel.com/user-sync?zone=181093&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dmdp%26i%3D%5BUID%5D&gdpr=0&gdpr_consent=&ccpa=1---

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=

Domain: usersync.gumgum.com
URL: https://usersync.gumgum.com/usersync?b=ttd&i=80bf9871-e16f-474f-93fb-ade652fb06dc

Domain: tg.socdm.com
URL: https://tg.socdm.com/aux/idsync?proto=gumgum

Domain: cs.admanmedia.com
URL: https://cs.admanmedia.com/sync/gumgum?puid=e_1e47e964-5117-49c5-ad5a-5ef644bcc3ee&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Daad%26i%3D%5BDSP_USER_ID%5D&gdpr=0&gdpr_consent=&ccpa=1---

Domain: creativecdn.com
URL: https://creativecdn.com/cm-notify?pi=gumgum

Domain: secure-assets.rubiconproject.com
URL: https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum

Domain: ads.servenobid.com
URL: https://ads.servenobid.com/sync?pid=352&uid=8nPcPoetCp_s

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

69 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
pastelink.net/	1970-01-20 12:11:12	Name: PHPSESSID Value: vlp56e7pogsmfo9jmpnnpfarvf
.pastelink.net/	1970-01-20 13:30:48	Name: _gcl_au Value: 1.1.54775390.1682472725
.pastelink.net/	1970-01-20 20:57:12	Name: _ga Value: GA1.2.570099938.1682472726
.pastelink.net/	1970-01-20 11:22:39	Name: _gid Value: GA1.2.1946568482.1682472726
.pastelink.net/	1970-01-20 11:21:12	Name: _gat_UA-55088947-2 Value: 1
.4dex.io/	1970-01-20 12:47:36	Name: uids Value: eyJzeW5jcyI6eyJpbmRleGV4Y2hhbmdlIjoiMjAyMy0wNC0yNlQwMTozMjowNy4yMTkyMDkzMzJaIiwicHVibWF0aWMiOiIyMDIzLTA0LTI2VDAxOjMyOjA3LjIxOTE1NTEzOFoiLCJydWJpY29uIjoiMjAyMy0wNC0yNlQwMTozMjowNy4yMTkyMDQyNjlaIn0sInVpZHMiOnsiYWRhZ2lvIjp7InVpZCI6IjU3M2I0MTdiLTZmOGQtNDY3Yy1iNDljLWYwZDhlZjRiYmU5ZSIsImV4cGlyZXMiOiIyMDIzLTA2LTI1VDAxOjMyOjA3LjIxODYyNzAyWiJ9fSwiYmRheSI6IjIwMjMtMDQtMjZUMDE6MzI6MDcuMjE4NDY0MDQ2WiJ9
.omnitagjs.com/	1970-01-20 12:04:24	Name: ayl_visitor Value: 34cbf41e78f4c9620ca50b6619426013
pastelink.net/	1970-01-20 11:21:16	Name: _ublock Value: 1
.adnxs.com/	1970-01-20 13:30:48	Name: icu Value: ChgIvahBEAoYASABKAEwl_6hogY4AUABSAEQl_6hogYYAA..
.adnxs.com/	1970-01-20 13:30:48	Name: uuid2 Value: 5517930712341661683
.smartadserver.com/	1970-01-20 20:08:15	Name: pbw Value: %24b%3d16890%3b%24o%3d11100
.smartadserver.com/	1969-12-31 23:59:59	Name: vs Value: 587752=5424572
.smartadserver.com/	1969-12-31 23:59:59	Name: TestIfCookie Value: ok
.smartadserver.com/	1970-01-20 20:08:15	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-20 11:22:39	Name: sasd Value: %24qc%3D1314590126%3B%24ql%3DUnknown%3B%24qpc%3D380000%3B%24qt%3D107_7_29856t%3B%24dma%3D0
.smartadserver.com/	1970-01-20 20:08:15	Name: pid Value: 8078455939417259124
.smartadserver.com/	1970-01-20 11:22:39	Name: sasd2 Value: q=%24qc%3D1314590126%3B%24ql%3DUnknown%3B%24qpc%3D380000%3B%24qt%3D107_7_29856t%3B%24dma%3D0&c=1&l=1224194952&lo=1424563188&lt=638180695273600415&o=1
.rubiconproject.com/	1970-01-20 20:06:48	Name: khaos Value: LGX0TKY5-T-ET9H
.pastelink.net/	1970-01-20 20:42:48	Name: __gads Value: ID=a8f0ef96af01ad4c:T=1682472728:S=ALNI_MbMvLgYfZ8zNSEaEIPSY4PUBHGv6w
.pastelink.net/	1970-01-20 20:42:48	Name: __gpi Value: UID=00000befbb37882b:T=1682472728:RT=1682472728:S=ALNI_MYnTIynyIwxM8Yqg8-lprO7Qq9HFw
.pastelink.net/	1970-01-20 20:57:12	Name: _ga_S3DKHVPF03 Value: GS1.1.1682472725.1.0.1682472728.0.0.0
.doubleclick.net/	1970-01-20 20:57:12	Name: IDE Value: AHWqTUkkwNqJ4cLDl4KRIHkIwGhb23BBQhES2Ofo8lKWIv1FkG1sTT4KNw7oHZck
.casalemedia.com/	1970-01-20 13:30:48	Name: CMPS Value: 3389
.lkqd.net/	1970-01-20 20:06:48	Name: lkqdidts Value: 1682472729
.lkqd.net/	1970-01-20 20:06:48	Name: sr59 Value: 1\|CAESEOO65Zjv3oU8g1hxj47EC_8\|1682472729
.lkqd.net/	1970-01-20 20:06:48	Name: lkqdid Value: kPl2SNMvuiw
.casalemedia.com/	1970-01-20 20:06:48	Name: CMID Value: ZEh-GbtLmO1KKrl7azIwMAAA
.casalemedia.com/	1970-01-20 13:30:48	Name: CMPRO Value: 3389
.criteo.com/	1970-01-20 20:42:48	Name: uid Value: d63c89d1-1cd4-4130-b945-fabd538b42ef
.pastelink.net/	1970-01-20 20:42:48	Name: cto_bundle Value: o_M4H18wWUhaTFF5N1dwZmNlNTBKS1VXeTJJaEFMcmwzJTJGV2JZMzVMbGVlZlNrJTJCWGFtV2hzVndkaEh5YVlnd0hEJTJGcHNxU05SVlFSVGglMkI3R2tUYVF3bmF2OGttTEolMkZ2aDRtMU9XTWVMUDlNZDVNRGU0R3RiJTJCJTJGQm16ZjZ1Ym5Pbmw4YTZDS2dsMGlYNkVnYTg4U2didFNVc3NsZyUzRCUzRA
.adsrvr.org/	1970-01-20 20:08:15	Name: TDID Value: 80bf9871-e16f-474f-93fb-ade652fb06dc
.ads.pubmatic.com/	1970-01-20 11:22:39	Name: KCCH Value: YES
.media.net/	1970-01-20 20:06:48	Name: visitor-id Value: 3254743314264952000V10
.adotmob.com/	1970-01-20 20:50:00	Name: uid Value: 0902220400449a44f9749cc6
.adotmob.com/	1970-01-20 20:50:00	Name: uuid Value: 0902220400449a44f9749cc6
.adotmob.com/	1970-01-20 20:50:00	Name: partners Value: SMA%3A1682472731285
.adform.net/	1970-01-20 12:04:24	Name: C Value: 1
.amazon-adsystem.com/	1970-01-20 20:57:12	Name: ad-privacy Value: 0
.mathtag.com/	1970-01-20 20:47:07	Name: uuid Value: e34b6448-7f1b-4200-af8b-d6c5b99ffd54
.yahoo.com/	1970-01-20 20:07:10	Name: A3 Value: d=AQABBBt_SGQCECpodQzbaaJU4iDJ6zUhe70FEgEBAQHQSWRSZAAAAAAA_eMAAA&S=AQAAAi1RGIQsMP-FPxDhvDmGfe4
.linkedin.com/	1970-01-20 20:06:48	Name: bcookie Value: "v=2&8164e7b7-b2c5-471b-83b6-f5f19ba47912"
.linkedin.com/	1970-01-20 11:22:39	Name: lidc Value: "b=TGST07:s=T:r=T:a=T:p=T:g=2559:u=1:x=1:i=1682472731:t=1682559131:v=2:sig=AQFvn9uemnyzHjMASqEp8Gwb8jQ29tfz"
.adform.net/	1970-01-20 12:47:36	Name: uid Value: 530242754212321200
.bidswitch.net/	1970-01-20 20:06:48	Name: tuuid Value: 6bd7a558-d246-47c6-96e1-a500ce3d8c93
.bidswitch.net/	1970-01-20 20:06:48	Name: c Value: 1682472731
.bidswitch.net/	1970-01-20 20:06:48	Name: tuuid_lu Value: 1682472731
.analytics.yahoo.com/	1970-01-20 20:06:48	Name: IDSYNC Value: 194o~2bap
.servenobid.com/	1970-01-20 11:31:17	Name: pid_312 Value: 5517930712341661683
.pubmatic.com/	1970-01-20 11:22:39	Name: KTPCACOOKIE Value: YES
.openx.net/	1970-01-20 20:06:48	Name: i Value: 611b23e3-c420-0694-3b6e-8c8d4ac830c3\|1682472731
.servenobid.com/	1970-01-20 11:31:17	Name: pid_318 Value: GIxqJX0iHlQowKDqs4nkc8apRhs-iT6ZgeLx3OXrMsc
.bidr.io/	1970-01-20 20:49:46	Name: bito Value: AAGhG07IkP4AACAAN06IYQ
.bidr.io/	1970-01-20 20:49:46	Name: bitoIsSecure Value: ok
.adsrvr.org/	1970-01-20 20:08:15	Name: TDCPM Value: CAEYASABKAIyCwj8pq6fmYDjOxAFOAFaB3Z3Nml5cm5gAg..
.amazon-adsystem.com/	1970-01-20 17:21:12	Name: ad-id Value: Ay8p2b9Th0jJmdGyQeB9cTM
.servenobid.com/	1970-01-20 11:31:17	Name: pid_339 Value: y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A
.pubmatic.com/	1970-01-20 13:30:48	Name: SyncRTB3 Value: 1683676800%3A220
.pubmatic.com/	1970-01-20 11:21:12	Name: ipc Value: 159706^https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26uid%3D%23PMUID^1^0
.pubmatic.com/	1970-01-20 11:22:39	Name: pi Value: 159706:2
.pubmatic.com/	1970-01-20 20:06:48	Name: KADUSERCOOKIE Value: 38B24EF0-63BC-4873-B25C-ADD3E838692F
.pubmatic.com/	1970-01-20 13:30:48	Name: chkChromeAb67Sec Value: 1
.media.net/	1970-01-20 20:05:22	Name: data-o Value: 7a9b7525-c6a7-0383-02f7-3a0b9c0091e2~~8
.onetag-sys.com/	1970-01-20 20:57:12	Name: OTP Value: 3zf8hX2cpanNSyqx_Xi_DzDbIqkzhDywkzYxZ6orVO4
.rubiconproject.com/	1970-01-20 20:06:48	Name: audit Value: 1\|naVuGyos1qqCxjCszKpv2e1ArEyWu9IO8o4YPv4NG7lmwjSVgYzFI4CywZhaqLKPDcJZWBbPH93MboWaW1ii7VcR1aWtdTEq
.smartadserver.com/	1970-01-20 20:08:15	Name: csync Value: 139:0
.media.net/	1970-01-20 11:41:22	Name: data-g Value: CAESEMRsJKQnGxplACkxpP07Iy4~~8
.servenobid.com/	1970-01-20 11:31:17	Name: pid_337 Value: y-XQpqOqpE2uE.CVg.URrWabr979hUb8yoBAJVP.0-~A
.servenobid.com/	1970-01-20 11:31:17	Name: pid_317 Value: 8078455939417259124
.disqus.com/	1970-01-20 20:06:48	Name: zeta-ssp-user-id Value: ua-367b9236-709b-35d1-81f8-a0aea72d596a

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://id.rlcdn.com/711916.gif?ct=4&cv= Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://id.rlcdn.com/711890.gif?credir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D136%26partneruserid%3D&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://id.rlcdn.com/711916.gif?ct=4&cv= Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://u.4dex.io/setuid?bidder=onetag&uid=GIxqJX0iHlQowKDqs4nkc8apRhs-iT6ZgeLx3OXrMsc&gdpr=1&gdpr_consent=&us_privacy= Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://id.rlcdn.com/711916.gif?ct=4&cv= Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://id.rlcdn.com/711890.gif?credir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D136%26partneruserid%3D&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10f9d7e471e06f01770b163f75fe6dc3.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad-delivery.net
ad.360yield.com
ad.doubleclick.net
ads.avct.cloud
ads.betweendigital.com
ads.pubmatic.com
ads.servenobid.com
adservice.google.com
adservice.google.ge
ap.lijit.com
api.btloader.com
b1sync.zemanta.com
beacon-ams3.rubiconproject.com
bh.contextweb.com
bidder.criteo.com
btloader.com
c.4dex.io
c1.adform.net
c21lg-d.media.net
cdn4.buysellads.net
cdnjs.cloudflare.com
ce.lijit.com
cm.adgrx.com
cm.g.doubleclick.net
code.jquery.com
contextual.media.net
creativecdn.com
cs-rtb.minutemedia-prebid.com
cs-server-s2s.yellowblue.io
cs.admanmedia.com
cs.lkqd.net
cs.media.net
dis.criteo.com
dmp.brand-display.com
dsum-sec.casalemedia.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hb-api.omnitagjs.com
hbopenbid.pubmatic.com
hbx.media.net
ib.adnxs.com
id.rlcdn.com
image2.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
mp.4dex.io
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pastelink.net
pixel-eu.rubiconproject.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prebid.media.net
prg.smartadserver.com
public.servenobid.com
px.ads.linkedin.com
rtb-csync.smartadserver.com
rtb.mfadsrvr.com
s.ad.smaato.net
s.amazon-adsystem.com
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
srv.buysellads.com
ssbsync-global.smartadserver.com
ssbsync.smartadserver.com
ssp.disqus.com
ssum-sec.casalemedia.com
static.criteo.net
sync-tm.everesttech.net
sync.1rx.io
sync.adkernel.com
sync.adotmob.com
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.taboola.com
sync.technoratimedia.com
tg.socdm.com
token.rubiconproject.com
tpc.googlesyndication.com
u.4dex.io
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
visitor.omnitagjs.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
ad.360yield.com
ads.betweendigital.com
ads.servenobid.com
b1sync.zemanta.com
bh.contextweb.com
c1.adform.net
c21lg-d.media.net
cm.adgrx.com
creativecdn.com
cs-rtb.minutemedia-prebid.com
cs.admanmedia.com
dis.criteo.com
dmp.brand-display.com
dsum-sec.casalemedia.com
image6.pubmatic.com
match.deepintent.com
match.sharethrough.com
p.rfihub.com
prebid.a-mo.net
rtb.mfadsrvr.com
s.ad.smaato.net
secure-assets.rubiconproject.com
secure.adnxs.com
ssp.disqus.com
ssum-sec.casalemedia.com
sync-tm.everesttech.net
sync.1rx.io
sync.adkernel.com
sync.go.sonobi.com
sync.ipredictive.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.taboola.com
sync.technoratimedia.com
tg.socdm.com
usersync.gumgum.com
104.17.25.14
104.18.3.114
104.26.3.70
104.26.7.139
13.107.42.14
130.211.23.194
142.250.181.234
142.250.184.225
142.250.184.226
142.250.184.227
142.250.185.131
142.250.185.132
142.250.185.168
142.250.185.226
142.250.186.134
142.250.186.34
142.250.186.38
142.250.186.66
146.20.132.173
15.197.193.217
151.139.128.10
172.217.18.2
172.217.18.97
172.67.75.241
178.250.1.11
178.250.7.10
178.250.7.2
18.198.82.46
18.66.147.40
185.183.112.148
185.255.84.151
185.255.84.153
185.29.134.248
185.64.189.110
185.64.189.112
185.64.190.79
185.80.39.216
185.86.138.153
185.86.138.154
185.86.139.101
185.89.210.46
2.18.235.93
2.19.228.187
213.19.162.27
213.19.162.31
216.239.38.178
216.52.2.39
216.58.212.130
23.35.228.23
23.35.236.188
23.56.202.187
3.75.62.37
3.77.118.156
34.107.148.139
34.149.40.38
34.248.219.195
34.248.79.190
34.249.56.197
35.241.34.106
35.244.159.8
35.244.174.68
37.157.4.23
51.89.9.251
52.46.128.147
52.50.252.9
52.51.235.201
54.165.190.143
64.227.38.224
67.220.226.232
69.16.175.42
69.173.144.138
81.17.55.99
89.35.29.15
01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d
026f40ccfa7ac2375270ed4d58c72077a4e7b340372e9cc3a6152499410e19ce
0683291784c539f7776eaa5598867d51d1972ee5fc7a428c99ce7d604a799dad
073151f918556ee367c01555a6e81bb192bed69f639d32c5557fb7fb125d076c
0757e74a88e465995beefd4f6d4444455ef105e7e07af102600221a868434909
08882d31df95daace0c23f1108f3e11fc53ef17334df446f3e3cb395c597c955
089573faad72e10708f3a9071a67b4e677bd61e26c8b7a67351057b4812bbbfb
08d742a4342d3af73e46ec509e39e005c75365396ff8ecaf7d8809cce9ee317f
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e1070ef03510c03bf072fc9acc862eb3e3bc71cd0079472eb0dc10455e9838a
0f7a0631e44ae2becc0b3d8cc6790d2a62bd8a6cfe8315c71c9768f996a84c37
1040f1af7cf3e5b5fbca23e79ae9119e05faa4d0b7db924db1863f8af793b050
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b
15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc
175d2396ffff9c88b106d57937e2548891a098dcf1ff3df867f16e144dcbd257
190d542d8e593c755fd16e67ca62583e183957829dfb69cc2e00c7bf67df237d
1b354ab0ba22d752698db245f6db2cca748df2025e8294d7c39e6477e68ec53b
1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
28206f4189052daa1630edbe12c03c5e58d4993e7192eaf1629c77759ac6df84
3014acc16bf3744b41bb869785bf686290d9834a5e6f69d4583c4e39fca26bff
3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c
33e0650c01f9a54135d088714593b0149b568cc937327d981ae7dd32a21f0739
373c0c718e68909d14e20fbae24f443c23845f906c53f6c407d5ff86f5a6e2fa
3a73b36061944ebbb33696553917d393280f796e212afcd09057b441c1168606
3b011df17e8d9676cbaae47f785b9060a97feb144818eb5770e1d8ae7455dafd
3b69aa747c98f3cbff20d7439431d770dc46a4fafab40c9153b2e6e692bb7fd9
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
45b5465229b3d2f0348a4cfcd69e52df10b6059122d41cff6f9854a30bf111cf
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
4686828206af6e769d9a50c7671eae2a399c49b02e37c21c1e60a974c6701003
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143
46e93be186163f2421966a413816e276f12da8f982ab3d44563fe5c4c9253480
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311
4c1cd9231c34681700c821a83e97f054589344e4bd0659d3395f4825416d0110
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc
50fb7a74467a7c8eff5584b3c0ef64577cf0e84e3256387a0e3f17a1a1be0f7f
517804de83d11ec1469b839d29b9be9ae3d28bdcc4c1148b851af286003f1a2d
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54d04e60587e1c0573668e3020db63909de90f1e0adfcadb9b83053995460599
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55fba04ad10c2021f460d09163d137b720bd5876c5dc377e09ea2991f22e8ed6
57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc
5d105706136072e68e4f64506fcd85ce53005e96431e4c7b2aff1655cd7acdc0
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
677665c9aa36e5cd681e94aa60e14fa92cf7949c5040ca2bc46e82eed343d6cf
6a30938a8e6caa31a9397d39832b33ca6d72c73f39fde0f08e22f9d9e6981730
6afe7549c57621a90a75d1b54671931e56b7c8e47e6619b9de7db1408a612650
6f0fef1778678fd7b5436ebd0ba183edb1e28d93136539e8beb4e4d60efdeceb
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
746063f478b2bc5043c3ba6f7df64711ee6741a540febed4f8aecb428f575df4
79159c859ad82bb982f7f91b91d4b50cf81faef5611aca61321908c656ebad6e
7cb4de0c4a9d53b089052f5095c4373a8315de19c4aa851df45c22d8418c979a
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
801b8dd8e96368cd4aaf11dff088dd542e2a0adc1677376621b1dfdd01cb5270
8110a7b78aad269576f11e8480a21d0b56919b9adccedf7e57b559a877f1e009
831997ce334905a4fc3c7f0673c30bd34701f9810d87b19335aea228804ae38a
88f94fc9bb9bada786c28d661a00855994d18fbeda03d3834cf0c8a55fa79384
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7
902bb33b53eeaa949c75ef9ff8e79c10500f7a91c3d8ffa46bd3346fcddec5eb
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
9564ada993ad8b18f7d1c0647682d9f923eb410b8d9410b65e989b95806d4a12
9613f838798d1aed5da373796f9180a1531b4670d6762a7db38dde12ae032934
962d6dea088b031cd44d33f937adb5ba241a9435aa32a8be667d57482b8bbe1a
977fec2807d31f9cda9b855a04aec643ed99e64f2d963806aea4221bd4586d98
97c319b780c2ab10dc7ef00c16272cebe035cb1d2e3f22ddb2f3ac97306d874f
9a37c1a43b54ee3f2cddea81bbf2b46a05040cae20c7f6c12548388e97bdd89d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a07b2d3f344804ec5e5899074a5422e18b28777db5ce90c694ecea79b20a4499
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a53b5b78a91df3a9dfab513a287d4fa4c39b01d6db5110ecffd83e8f6c0044ab
a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427
ac9ceaebdba80b217a910d3a799734a4a4adbdc0bd10503548deb88abc8bc9bd
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b24b19152e92ee2240cdf53444b33a1b8ec286e9a44072890c5490c9d8ddfa3d
bd96bee2e35df6e0fb73d90a5c730ee6612ab2cc3be9afe301aae164a099802f
be09f8ccab61436c7c8480fe016f5e95d4e9fac3d8c50cdaad96d8023375b47a
c1f0559b6305e3eb67af6090e057b4ba05da0edefa0c0857e2837ef4b7ca5ae9
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
c5663a1ab2a975aedc88dbbf644d92980a966b614286321a39baac756077b738
c693fa3a76ae3c886f9178bfb656698f38df8669ff90f4a323c33b588ba08a95
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
cc355fb896177685045a25e92a9b891b063232469b4286975e7cbb517ce7f637
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d6165e9d2b3a0134993445c944512d598f502a9482f217425969e0f78a25d485
d930e131a2786337b88b420203752e6bedbbe7e027df424561bee3d0947d4b03
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
de9486ffd88568e6a8669ec77a9d913f069e4e332778ade78f02ee8c97ada164
df64fa72e1fb032611700626d73d9e36156e73b262db60e1bf3ed277cc1c76dc
e2d6f4a3c4022517eed6c5060c96864f1a6d2e6d0adcab546c142e87a00ddc27
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e4adee60e5a982b8e77ff2f3e5b746fd22d2d297be8d4d89a0de2c6379151d6f
e5d563ffd8db6e460ac4a8eba1934c4ca7c5415b34f06f2c65371ad03665bafe
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e87a5e3e670429a28f4590fafffb9bad5a45df4479c95ad247bb1c7bc44a0505
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ec237517566b85a5797425cebe748d7248a7d8c698bdb113f9615946b7434a78
ed1d6e3ea5afc8a3b37d28a22d104fbb7e6a5fc8aa8dba2b64f95095450370da
ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f
ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf
eebca01c60b315a6937fea6c94dfaa2b2afcb61cd14cdf7e655cefec2fc32017
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef19b5a2da1db70e73d6345df042dc8bcfbf03b8687fe95e18f3dda0ca8a10c1
f30d7e7a13993c6a9da65e9ee2a8f6daef2a52951f3fd0e514407bf3c53fc97e
f40c7fbbe780ac0c89f1272e59072315224dc5e09e8dcccec5f87b5e998235e8
f57c9b5c6ebd6b9bb4c6f5634c61c2ad35574590e84fc063ddcbe05aea9782b1
f8fc1511181fe40b75825efbb39c5f15556e7223a6bd7f0d558694600bc6e3da
f94c500166f027535e5196660af9fdf145b1a373eac71c3d6b40bf7d62b32c6d
fa90738d8bd068ebee032173cb39bfc2b56a0e1ca78fc75483122811f0d6a8dc
fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

pastelink.net Open in urlscan Pro 89.35.29.15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

356 Requests

69 %HTTPS

0 %IPv6

72 Domains

113 Subdomains

63 IPs

9 Countries

6114 kBTransfer

9907 kBSize

69 Cookies

16 Outgoing links

Redirected requests

356 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pastelink.net Open in urlscan Pro
89.35.29.15 Public Scan

Screenshot
Live screenshot

Full Image

356
Requests

69 %
HTTPS

0 %
IPv6

72
Domains

113
Subdomains

63
IPs

9
Countries

6114 kB
Transfer

9907 kB
Size

69
Cookies

356 HTTP transactions
4 data transactions