pastelink.net Open in urlscan Pro
89.35.29.15 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pastelink.net/0hjg5kw0
Submission: On April 25 via manual (April 25th 2023, 1:55:23 pm UTC) from GB — Scanned from GE

Summary HTTP 258 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 66 IPs in 9 countries across 53 domains to perform 258 HTTP transactions. The main IP is 89.35.29.15, located in London, United Kingdom and belongs to BANDWIDTH-AS, GB. The main domain is pastelink.net. The Cisco Umbrella rank of the primary domain is 62449.
TLS certificate: Issued by R3 on April 1st 2023. Valid for: 3 months.

This is the only time pastelink.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	89.35.29.15 89.35.29.15	25369 (BANDWIDTH-AS) (BANDWIDTH-AS)
3	142.250.186.42 142.250.186.42	15169 (GOOGLE) (GOOGLE)
1	69.16.175.10 69.16.175.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.100 142.250.185.100	15169 (GOOGLE) (GOOGLE)
2	142.250.181.232 142.250.181.232	15169 (GOOGLE) (GOOGLE)
6	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	142.250.186.131 142.250.186.131	15169 (GOOGLE) (GOOGLE)
4	142.250.185.99 142.250.185.99	15169 (GOOGLE) (GOOGLE)
3	142.250.185.78 142.250.185.78	15169 (GOOGLE) (GOOGLE)
1	104.26.6.139 104.26.6.139	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2	104.26.2.70 104.26.2.70	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
9	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
2	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
1	161.35.94.134 161.35.94.134	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	104.26.8.169 104.26.8.169	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 8	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
1	104.18.3.114 104.18.3.114	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.255.84.151 185.255.84.151	200271 (IGUANE-) (IGUANE-)
1	34.248.233.188 34.248.233.188	16509 (AMAZON-02) (AMAZON-02)
1	34.107.148.139 34.107.148.139	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	178.32.210.226 178.32.210.226	16276 (OVH) (OVH)
4	69.173.144.140 69.173.144.140	26667 (RUBICONPR...) (RUBICONPROJECT)
1	178.250.7.10 178.250.7.10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 3	185.89.210.153 185.89.210.153	29990 (ASN-APPNEX) (ASN-APPNEX)
1	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
39	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2	142.250.184.225 142.250.184.225	15169 (GOOGLE) (GOOGLE)
13	216.58.212.161 216.58.212.161	15169 (GOOGLE) (GOOGLE)
6	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
3	69.173.144.152 69.173.144.152	26667 (RUBICONPR...) (RUBICONPROJECT)
1	130.211.27.62 130.211.27.62	15169 (GOOGLE) (GOOGLE)
1	23.48.23.26 23.48.23.26	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	169.150.247.33 169.150.247.33	60068 (CDN77 ^_^) (CDN77 ^_^)
4	34.120.139.69 34.120.139.69	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
14 21	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3 6	146.20.128.131 146.20.128.131	27357 (RACKSPACE) (RACKSPACE)
6 12	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2	178.250.7.2 178.250.7.2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
12	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
1	35.186.201.99 35.186.201.99	15169 (GOOGLE) (GOOGLE)
9	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
3	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
4 5	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	137.74.6.209 137.74.6.209	16276 (OVH) (OVH)
7 12	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	34.95.81.88 34.95.81.88	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2 3	54.239.33.158 54.239.33.158	16509 (AMAZON-02) (AMAZON-02)
4 4	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
2 4	209.54.182.161 209.54.182.161	16509 (AMAZON-02) (AMAZON-02)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	52.48.207.187 52.48.207.187	16509 (AMAZON-02) (AMAZON-02)
1	23.35.236.188 23.35.236.188	() ()
3	88.221.168.23 88.221.168.23	() ()
2	34.149.40.38 34.149.40.38	15169 (GOOGLE) (GOOGLE)
2 2	64.202.112.159 64.202.112.159	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 1	2.23.197.190 2.23.197.190	() ()
1 5	185.86.138.155 185.86.138.155	201081 (SMARTADSE...) (SMARTADSERVER)
2 2	151.101.194.49 151.101.194.49	() ()
1 1	185.29.134.248 185.29.134.248	() ()
1	35.244.174.68 35.244.174.68	() ()
1	185.64.190.79 185.64.190.79	() ()
1	3.71.149.231 3.71.149.231	() ()
1 1	104.80.242.37 104.80.242.37	() ()
1 1	193.0.160.131 193.0.160.131	() ()
1	23.35.228.23 23.35.228.23	() ()
1	2.23.192.21 2.23.192.21	() ()
258	66

13 89.35.29.15 (London, United Kingdom)

ASN25369 (BANDWIDTH-AS, GB)
PTR: 15.29.35.89.baremetal.zare.com

pastelink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.42 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

cdn4.buysellads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.6.139 (None, )

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.2.70 (None, )

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 216.58.212.130 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 161.35.94.134 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: srv-eu-nl-17.buysellads.com

srv.buysellads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.8.169 (None, )

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 51.89.9.251 (London, United Kingdom) 2 redirects

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.3.114 (None, )

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.151 (France)

ASN200271 (IGUANE-, FR)

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.233.188 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-233-188.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.148.139 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 178.32.210.226 (France)

ASN16276 (OVH, FR)
PTR: ip226.ip-178-32-210.eu

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.153 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net

adservice.google.ge	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.225 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f1.1e100.net

f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 216.58.212.161 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f161.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.152 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

beacon-fra2.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.27.62 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 62.27.211.130.bc.googleusercontent.com

win.eskimi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.48.23.26 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-48-23-26.deploy.static.akamaitechnologies.com

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 169.150.247.33 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-169-150-247-33.datapacket.com

dsp-media.eskimi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.120.139.69 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 69.139.120.34.bc.googleusercontent.com

dsp-trk.eskimi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 142.250.184.194 (United States) 14 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 146.20.128.131 (United States) 3 redirects

ASN27357 (RACKSPACE, US)

cs.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.80.39.216 (Canada) 6 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.7.2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.186.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.201.99 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 99.201.186.35.bc.googleusercontent.com

dsp-ap.eskimi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.37.42.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.125 (Amsterdam, Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.98.64.218 (Kansas City, United States) 4 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 137.74.6.209 (Warsaw, Poland)

ASN16276 (OVH, FR)
PTR: app-ngx-pl-02.adpartner.pro

a4p.adpartner.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 69.173.144.165 (Frankfurt am Main, Germany) 7 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.81.88 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 88.81.95.34.bc.googleusercontent.com

s-cs.rmp.rakuten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.239.33.158 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 15.197.193.217 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 209.54.182.161 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.207.187 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-207-187.eu-west-1.compute.amazonaws.com

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.188 (None, )

ASN- ()

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.221.168.23 (None, )

ASN- ()

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.40.38 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 38.40.149.34.bc.googleusercontent.com

u.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.159 (Chicago, United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.23.197.190 (None, ) 1 redirects

ASN- ()

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.86.138.155 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.49 (None, ) 2 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.248 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (None, )

ASN- ()

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.79 (None, )

ASN- ()

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.71.149.231 (None, )

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.80.242.37 (None, ) 1 redirects

ASN- ()

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.131 (None, ) 1 redirects

ASN- ()

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.228.23 (None, )

ASN- ()

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.23.192.21 (None, )

ASN- ()

c21lg-d.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 129 f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 177	305 KB
43	doubleclick.net 14 redirects ad.doubleclick.net — Cisco Umbrella Rank: 201 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 269 googleads.g.doubleclick.net — Cisco Umbrella Rank: 67 cm.g.doubleclick.net — Cisco Umbrella Rank: 313 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 394	272 KB
29	rubiconproject.com 8 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 677 beacon-fra2.rubiconproject.com — Cisco Umbrella Rank: 9579 eus.rubiconproject.com — Cisco Umbrella Rank: 798 pixel.rubiconproject.com — Cisco Umbrella Rank: 447 token.rubiconproject.com — Cisco Umbrella Rank: 795 pixel-eu.rubiconproject.com Failed secure-assets.rubiconproject.com	74 KB
14	eskimi.com win.eskimi.com — Cisco Umbrella Rank: 67760 dsp-media.eskimi.com — Cisco Umbrella Rank: 34158 dsp-trk.eskimi.com — Cisco Umbrella Rank: 29061 dsp-ap.eskimi.com — Cisco Umbrella Rank: 33608	74 KB
13	pastelink.net pastelink.net — Cisco Umbrella Rank: 62449	231 KB
12	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 373	953 KB
12	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 876	9 KB
10	smartadserver.com 1 redirects prg.smartadserver.com — Cisco Umbrella Rank: 2029 rtb-csync.smartadserver.com — Cisco Umbrella Rank: 774 ssbsync-global.smartadserver.com Failed ssbsync.smartadserver.com Failed	12 KB
8	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 1124	4 KB
7	amazon-adsystem.com 4 redirects aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 994 s.amazon-adsystem.com — Cisco Umbrella Rank: 376	5 KB
6	lkqd.net 3 redirects cs.lkqd.net — Cisco Umbrella Rank: 4185	3 KB
6	media.net prebid.media.net — Cisco Umbrella Rank: 1912 contextual.media.net cs.media.net c21lg-d.media.net	15 KB
6	buysellads.net cdn4.buysellads.net — Cisco Umbrella Rank: 28904	177 KB
5	openx.net 4 redirects eu-u.openx.net — Cisco Umbrella Rank: 3173 u.openx.net — Cisco Umbrella Rank: 974 us-u.openx.net	1 KB
5	4dex.io script.4dex.io — Cisco Umbrella Rank: 2474 mp.4dex.io — Cisco Umbrella Rank: 2960 u.4dex.io — Cisco Umbrella Rank: 5135	27 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 238	220 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	216 KB
4	adsrvr.org 4 redirects match.adsrvr.org — Cisco Umbrella Rank: 451	2 KB
4	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 319 acdn.adnxs.com	20 KB
4	criteo.com bidder.criteo.com — Cisco Umbrella Rank: 803 gum.criteo.com — Cisco Umbrella Rank: 442 dis.criteo.com Failed	7 KB
3	btloader.com btloader.com — Cisco Umbrella Rank: 1542 api.btloader.com — Cisco Umbrella Rank: 1745	8 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 91	20 KB
3	google.com www.google.com — Cisco Umbrella Rank: 16 adservice.google.com — Cisco Umbrella Rank: 130	2 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119	2 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net	689 B
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 813	1 KB
2	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 689 ups.analytics.yahoo.com	745 B
2	spotxchange.com 1 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 1061	1 KB
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 763	59 KB
2	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 729 ads.pubmatic.com Failed image8.pubmatic.com	156 B
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1707	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	146 KB
1	rfihub.com 1 redirects p.rfihub.com	669 B
1	rlcdn.com id.rlcdn.com
1	mathtag.com 1 redirects sync.mathtag.com	670 B
1	bluekai.com 1 redirects stags.bluekai.com	807 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 733	511 B
1	rakuten.com s-cs.rmp.rakuten.com — Cisco Umbrella Rank: 41315	275 B
1	adpartner.pro a4p.adpartner.pro — Cisco Umbrella Rank: 28075	458 B
1	createjs.com code.createjs.com — Cisco Umbrella Rank: 1957	48 KB
1	google.ge adservice.google.ge — Cisco Umbrella Rank: 48171	531 B
1	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 3698 public.servenobid.com Failed	439 B
1	omnitagjs.com hb-api.omnitagjs.com — Cisco Umbrella Rank: 4211	943 B
1	buysellads.com srv.buysellads.com — Cisco Umbrella Rank: 29984	664 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 344	1 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 997	30 KB
0	mfadsrvr.com Failed rtb.mfadsrvr.com Failed
0	w55c.net Failed pm.w55c.net Failed
0	1rx.io Failed sync.1rx.io Failed
0	stickyadstv.com Failed ads.stickyadstv.com Failed
0	audrte.com Failed a.audrte.com Failed
0	bidswitch.net Failed x.bidswitch.net Failed
0	loopme.me Failed csync.loopme.me Failed
258	53

	Domain	Requested by
39	pagead2.googlesyndication.com	securepubads.g.doubleclick.net pastelink.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
21	cm.g.doubleclick.net	14 redirects googleads.g.doubleclick.net pastelink.net onetag-sys.com
13	tpc.googlesyndication.com	securepubads.g.doubleclick.net f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com tpc.googlesyndication.com pastelink.net
13	pastelink.net	pastelink.net
12	s0.2mdn.net	pastelink.net s0.2mdn.net
12	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
9	eus.rubiconproject.com	pastelink.net eus.rubiconproject.com cdn4.buysellads.net contextual.media.net
9	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net pastelink.net
8	pixel.rubiconproject.com	3 redirects pastelink.net onetag-sys.com
8	dsp-media.eskimi.com	f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
8	onetag-sys.com	2 redirects cdn4.buysellads.net onetag-sys.com
6	googleads4.g.doubleclick.net	pastelink.net
6	cs.lkqd.net	3 redirects googleads.g.doubleclick.net
6	googleads.g.doubleclick.net	pastelink.net pagead2.googlesyndication.com
6	cdn4.buysellads.net	pastelink.net
5	rtb-csync.smartadserver.com	1 redirects
5	prg.smartadserver.com	cdn4.buysellads.net
5	www.googletagservices.com	cdn4.buysellads.net securepubads.g.doubleclick.net f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com pastelink.net
4	s.amazon-adsystem.com	2 redirects onetag-sys.com
4	match.adsrvr.org	4 redirects
4	token.rubiconproject.com	4 redirects
4	dsp-trk.eskimi.com	f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
4	fastlane.rubiconproject.com	cdn4.buysellads.net
4	fonts.gstatic.com	fonts.googleapis.com
3	contextual.media.net	cdn4.buysellads.net contextual.media.net
3	aax-eu.amazon-adsystem.com	2 redirects
3	eu-u.openx.net	2 redirects
3	gum.criteo.com	static.criteo.net gum.criteo.com contextual.media.net
3	beacon-fra2.rubiconproject.com	pastelink.net
3	ib.adnxs.com	1 redirects cdn4.buysellads.net acdn.adnxs.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	fonts.googleapis.com	pastelink.net securepubads.g.doubleclick.net
2	sync-tm.everesttech.net	2 redirects
2	b1sync.zemanta.com	2 redirects
2	u.4dex.io	cdn4.buysellads.net u.4dex.io
2	sync.search.spotxchange.com	1 redirects
2	static.criteo.net	cdn4.buysellads.net static.criteo.net
2	f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	script.4dex.io	cdn4.buysellads.net script.4dex.io
2	api.btloader.com	btloader.com
2	ad-delivery.net	pastelink.net
2	www.googletagmanager.com	pastelink.net www.googletagmanager.com
2	www.google.com	pastelink.net tpc.googlesyndication.com
1	c21lg-d.media.net	contextual.media.net
1	cs.media.net	contextual.media.net
1	us-u.openx.net	1 redirects
1	p.rfihub.com	1 redirects
1	secure-assets.rubiconproject.com	1 redirects
1	u.openx.net	1 redirects
1	ups.analytics.yahoo.com	onetag-sys.com
1	image8.pubmatic.com	onetag-sys.com
1	id.rlcdn.com	onetag-sys.com
1	sync.mathtag.com	1 redirects
1	stags.bluekai.com	1 redirects
1	acdn.adnxs.com	cdn4.buysellads.net
1	pr-bh.ybp.yahoo.com	1 redirects
1	px.ads.linkedin.com
1	s-cs.rmp.rakuten.com
1	a4p.adpartner.pro
1	dsp-ap.eskimi.com	dsp-media.eskimi.com
1	code.createjs.com	f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
1	win.eskimi.com	pastelink.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.ge	securepubads.g.doubleclick.net
1	hbopenbid.pubmatic.com	cdn4.buysellads.net
1	bidder.criteo.com	cdn4.buysellads.net
1	prebid.media.net	cdn4.buysellads.net
1	ads.servenobid.com	cdn4.buysellads.net
1	hb-api.omnitagjs.com	cdn4.buysellads.net
1	mp.4dex.io	cdn4.buysellads.net
1	srv.buysellads.com	cdn4.buysellads.net
1	ad.doubleclick.net	pastelink.net
1	btloader.com	cdn4.buysellads.net
1	www.gstatic.com	www.google.com
1	cdnjs.cloudflare.com	pastelink.net
1	code.jquery.com	pastelink.net
0	ssbsync.smartadserver.com Failed	u.4dex.io
0	rtb.mfadsrvr.com Failed	contextual.media.net
0	dis.criteo.com Failed	contextual.media.net
0	pm.w55c.net Failed	contextual.media.net
0	sync.1rx.io Failed	contextual.media.net
0	ads.stickyadstv.com Failed
0	ssbsync-global.smartadserver.com Failed	onetag-sys.com
0	pixel-eu.rubiconproject.com Failed	onetag-sys.com
0	a.audrte.com Failed
0	public.servenobid.com Failed	cdn4.buysellads.net
0	ads.pubmatic.com Failed	cdn4.buysellads.net contextual.media.net
0	x.bidswitch.net Failed	onetag-sys.com contextual.media.net
0	csync.loopme.me Failed
258	89

This site contains links to these domains. Also see Links.

Domain
dekatrian.com
www.facebook.com
twitter.com
t.me
api.whatsapp.com
www.reddit.com
www.pinterest.com
www.tumblr.com
www.blogger.com
profitquery.com
www.linkedin.com
share.flipboard.com
social-plugins.line.me
www.meneame.net
diasp.org
go.nordvpn.net

Subject Issuer	Validity	Valid
pastelink.net R3	`2023-04-01` - `2023-06-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
cdn4.buysellads.net R3	`2023-03-23` - `2023-06-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2023-04-14` - `2023-07-13`	3 months	crt.sh
*.buysellads.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-09` - `2023-06-09`	a year	crt.sh
script.4dex.io Cloudflare Inc ECC CA-3	`2022-11-23` - `2023-11-22`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-28` - `2024-01-28`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-21` - `2023-07-21`	a year	crt.sh
ads.servenobid.com Amazon RSA 2048 M02	`2023-02-09` - `2023-06-27`	5 months	crt.sh
*.media.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-06` - `2023-05-04`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.google.com.ge GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.eskimi.com GeoTrust TLS RSA CA G1	`2023-03-20` - `2024-04-12`	a year	crt.sh
tls.adobe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-08` - `2024-03-10`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-24` - `2023-06-18`	3 months	crt.sh
adpartner.pro R3	`2023-02-24` - `2023-05-25`	3 months	crt.sh
*.rmp.rakuten.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-20` - `2024-01-19`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2022-10-21` - `2023-10-22`	a year	crt.sh
u.4dex.io GTS CA 1D4	`2023-03-05` - `2023-06-03`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh

This page contains 33 frames:

Primary Page: https://pastelink.net/0hjg5kw0
Frame ID: 1882B6C217D8648040251DDAF786DFA9
Requests: 75 HTTP requests in this frame

Frame: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: FFAEE318F5E257D929BE0AF086FD7A50
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssd7CpHeO3LHt0WU8MrK2HThS-Lt2tIF1btivpkj9VSDy-zNu3Y8VRjjJNpQXCi-Pffs7Q_Fcb4u1fAPKmoveiHjeZIPvdHpazKYY0heT6kiXyTPPbGWYjbwepzIggoe6XY1s6Bcc3xp-BV84msUSG8VNtMcXE7bnl-XshEGJU3gR7zzPerMovzS_b8fM7bVnl5hvCsigB2ggLxSi4R5HuMGZZvMd11X0CoVgAXC3CFK9EB3UBniXn9LAKv3Jw8mzAMkHjEHiPl39NF8UJk3wFsFBNZyq1wzRroxbAGRvNk1LPZbz842oIqBqoD59zI1MtBGjuAXS1_gBbxBUQtWKWExz4&sai=AMfl-YSaSZPIzVDWBzMdkFcCu8aupHxwZ2HEMulHNSfcaoWWihwzy_Yf0wkCAhkW1jN-auIkInVjKRBzb-L2Ljp6xGHeG4kmM2MwMezaOeial1kNUd1um_4cN9tevCxArI7XM7KpDWLgRD6WcLRb9VKn&sig=Cg0ArKJSzIoDE7ML8fpJEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 25D1B1B90ECF9DAEF16035ED49BF62BE
Requests: 21 HTTP requests in this frame

Frame: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D90125C14E6B172EF9E2DD709214457C
Requests: 31 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssWFF8q6r0s3PjT4bigZaKa_Ep1BhKhzwk9kZ-c7RE87Rz83xo1RYHIlcoVnpu06yanG5jIwKKDBCr9TaSADMb55NX1vkB4P2MmJ2Zr_sB1QM2bBTDQn5e3ZTRNIzNbs9uwT9oW2m6vuLu-u_9re-KVVDdXeqMgszyVD5n3MMy3PCViCv-nwR1pCg9GVje842oIva5rtqKfqiPmCTBRI2vTbDAPh5tt573r94Uq2a4lQ2HKLVK5k4nMvZTKZi9jBaCAu3UTBvjj7MxuwprDBNcOnJ5-7aeL-ZBZqQwIy2WnoKZ2lKKQ-_DCnLe-OnCKwJ5NHL30nyMaGlddPARzzA&sai=AMfl-YSPF2dPj_0DCYVyJvIpGBZzKXng8VdeZ27qBKe06-p90DUb4fqCXoeK9ueytwMLA0zTx3_4HUC7C1aLQhV3A_lUeVbRoqaQLy4HRDvoMLP-ww5ENlADKq0QDX7sSO3ddZojOje7hRLBgqUwJbnx&sig=Cg0ArKJSzPCGlIDy4CKhEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 677E6E6C1E6B50890E7A8E8DCAB73C13
Requests: 21 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Frame ID: 582523311A008B59AACC688106D28F35
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGIX0ueYBMAE&v=APEucNXxCTMZSGGQReJCY-LzG_ImCTtjPb2UfEBqkQrIW1ByX1l6I_4gOWrPv2QwE4sHZzItnopTxBkD-fSsCMwrVU4mFPreEg
Frame ID: E0E78F6CE5937B7407A186DCD58C4111
Requests: 5 HTTP requests in this frame

Frame: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Frame ID: E0B489E23C54464EA30AC20861C1039E
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNiutpgCENGwxMYDGLaC_-ABMAE&v=APEucNUZ1-nsySB28RGIxd49F2ULtY0wxm4lJuBfykpSMpb5IQyeHMK_Dtcpj00qQ5XT_GWSiyNfMQEYR2ExW4xz3cwnjA3UJA
Frame ID: 8E780FC5B9BAD7838433C90721258979
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 08954A799703EAF6A93C8F320819C98C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E82185116253D3F31E7F485557280B2C
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMr8ueYBMAE&v=APEucNUAYMA9ZgcKAU7HCzd2-J-4boQECJJVFjP84-pIgcgfAVWz0-Z0ojWyGRp52NmJiysHrAp5LUBxOQSgRVMMQ-p7OdaNqQ
Frame ID: 8141BF95A36C459899AA64D07FEC31C2
Requests: 5 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Frame ID: 3AE43FE11610EF4D1D9723C4C9CA9B17
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Frame ID: 64A58E8EE5201866E45CD1623DA371AB
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=pastelink.net
Frame ID: 2EF3D4701D164CB9DFF8AA3444BC15C6
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9CCCA83B253E09A5F7CCD94CA084D318
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 546F9CD3D5FDEE69D736B7B6B6CE765D
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/1789578079973882148/index.html
Frame ID: EA3F1831F2B11F38CBB44EF4E83F8C06
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Frame ID: 7AF6CC89C58B66A8BFF0DF25B6C1C005
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6062960869303244307/geo_160x600/index.html
Frame ID: 000F40F3ECAF27E1B9CA4BA0EF1CBC49
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/3218427552362664649/index.html
Frame ID: CB7E02086955BF9107AD81B7238E438E
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A9171AEAEA1630D183635228C1D91C2A
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102
Frame ID: C703221AE832FB194C5507FEA14EA8BE
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 8F62D163966B5E105334199BABDED8F2
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 9ED06C12F7CAF6EAD5D094E2E0F10072
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Frame ID: 5ABEDB0B0B72F8486CECA35B91D68E80
Requests: 13 HTTP requests in this frame

Frame: https://u.4dex.io/usync.html
Frame ID: 97A50BF15E9F63024750EC890DCC0D4C
Requests: 3 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 67BABA0D4124C88F86A2E7737D339189
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1682430916790
Frame ID: A1FB0ACC182C226726F2F47121223A24
Requests: 14 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=medianet
Frame ID: F586E9B90E0C2FF7EC428CFDFEA56E19
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/cksync.html?cs=8&vsid=3254325214262558000V10&type=rkt&refUrl=&vid=24309220613254325214262558000V10&ovsid=5142336722875449073
Frame ID: D8E81FC2A03C7569278FDB053E556210
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159463&userIdMacro=PM_UID&predirect=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254325214262558000V10%26type%3Dpba%26refUrl%3D%26vid%3D24309220613254325214262558000V10%26ovsid%3DPM_UID
Frame ID: 4FCCB3B59CDCE3B4815C02DB764CD60B
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=43&gdpr=0&gdpr_consent=
Frame ID: 13286C5DE2B167A4BBC7D83DBCFAC0D3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

20 Trailblazers Lead The Way In Buy Broad Spectrum CBD Oil - Pastelink.net

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

258
Requests

79 %
HTTPS

0 %
IPv6

53
Domains

89
Subdomains

66
IPs

9
Countries

2932 kB
Transfer

6781 kB
Size

49
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: http://dekatrian.com/index.php?title=Why_Is_Everyone_Talking_About_CBD_Broad_Spectrum_Oil_Right_Now
Title: http://dekatrian.com/index.php?title=Why_Is_Everyone_Talking_About_CBD_Broad_Spectrum_Oil_Right_Now

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://pastelink.net/0hjg5kw0

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=%20https://pastelink.net/0hjg5kw0

Search URL Search Domain Scan URL

URL: https://t.me/share/url?url=%20%0Ahttps://pastelink.net/0hjg5kw0

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=%20https://pastelink.net/0hjg5kw0

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://https://pastelink.net/0hjg5kw0&title=%20

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/button/?url=https://pastelink.net/0hjg5kw0&description=%20&media=https://pastelink.net/assets/images/pastelink-logo-square.png

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share?v=3&u=https://pastelink.net/0hjg5kw0&t=%20&posttype=link

Search URL Search Domain Scan URL

URL: https://www.blogger.com/blog-this.g?u=https://pastelink.net/0hjg5kw0&n=%20

Search URL Search Domain Scan URL

URL: https://profitquery.com/add-to/livejournal/?url=https://pastelink.net/0hjg5kw0&title=%20

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://pastelink.net/0hjg5kw0

Search URL Search Domain Scan URL

URL: https://share.flipboard.com/bookmarklet/popout?v=2&title=%20&url=https://pastelink.net/0hjg5kw0

Search URL Search Domain Scan URL

URL: https://social-plugins.line.me/lineit/share?url=https://pastelink.net/0hjg5kw0&text=%20

Search URL Search Domain Scan URL

URL: https://www.meneame.net/submit?url=https://pastelink.net/0hjg5kw0

Search URL Search Domain Scan URL

URL: https://diasp.org/bookmarklet?url=https://pastelink.net/0hjg5kw0&title=%20&jump=doclose

Search URL Search Domain Scan URL

URL: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=85567&url_id=902

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm HTTP 302
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESECNeGUhbCTRB4EloewhHQhA&google_cver=1

Request Chain 105

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=em5fSXZORGlZc0k

Request Chain 106

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1

Request Chain 107

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEfbx-kwIAmBLOpECWyZpwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1

Request Chain 108

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm HTTP 302
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESECNeGUhbCTRB4EloewhHQhA&google_cver=1

Request Chain 109

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=djRNdW03a1hUOE0

Request Chain 110

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1

Request Chain 111

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEfbx-kwIAmBLOpECWyZpwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1

Request Chain 135

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm HTTP 302
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESECNeGUhbCTRB4EloewhHQhA&google_cver=1

Request Chain 136

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=eXRSRWo1TmliZEE

Request Chain 137

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1

Request Chain 138

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEfbx35ojPVbcjqy-1Xq4gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1

Request Chain 161

https://sync.search.spotxchange.com/partner?adv_id=8855&uid=c79b4b4b-413b-4814-a807-7c0bc2e45ef6 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8855&uid=c79b4b4b-413b-4814-a807-7c0bc2e45ef6&__user_check__=1&sync_id=d198aedc-e370-11ed-9f8d-18a305860106

Request Chain 162

https://eu-u.openx.net/w/1.0/sd?id=539901412&val=c79b4b4b-413b-4814-a807-7c0bc2e45ef6&gdpr=0&gdpr_consent= HTTP 302
https://eu-u.openx.net/w/1.0/sd?cc=1&id=539901412&val=c79b4b4b-413b-4814-a807-7c0bc2e45ef6&gdpr=0&gdpr_consent=

Request Chain 186

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=1TxC94hmR_mUGx5Qdbsrww&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=1TxC94hmR_mUGx5Qdbsrww

Request Chain 187

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEFR3SDC6X8HsZ8oBpGv2RX8&google_cver=1

Request Chain 188

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEdXQlhGUUYtNC1MUUhY HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIgkQErBluiu4iqSn7rWNBE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdXQlhGUUYtNC1MUUhY&google_push=

Request Chain 189

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=M2M3Mzk4ZjIzNmViY2ZjMzZiODEwMTQ4MDkwYTUxMThlMzYwYWFmNQ

Request Chain 190

https://match.adsrvr.org/track/cmf/rubicon HTTP 302
https://match.adsrvr.org/track/cmb/rubicon HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3767e262-38e9-452d-b449-3be4a4168cad&gdpr=0&gdpr_consent=&expires=30

Request Chain 191

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=c1ap7k-BQdSTdEky1taa0g&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=c1ap7k-BQdSTdEky1taa0g

Request Chain 192

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LGWBXFQF-4-LQHX

Request Chain 193

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/IyH_U9eUGuDJEFxNk2R3RA?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-E__Kd2RE2oLaW1TzEqpfsLetUqWhv8OSFhYKBA--~A

Request Chain 211

https://b1sync.zemanta.com/usersync/smart/?cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D116%26partneruserid%3D__ZUID__&gdpr=0&gdpr_consent= HTTP 302
https://stags.bluekai.com/site/23178?id=-TfcynS3qpRQgnR7TjeE&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIWWG43ZNZRS443NMFZHIYLEONSXE5TFOIXGG33NF5ZGKZDJOIXT6ZLYMNUGC3THMU6XG3LBOJ2CMZ3EOBZD2MBGNFZXG2J5GETHAYLSORXGK4TJMQ6TCMJWEZYGC4TUNZSXE5LTMVZGSZB5FVKGMY3ZNZJTG4LQKJIWO3SSG5KGUZKF&gdpr=0 HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIWWG43ZNZRS443NMFZHIYLEONSXE5TFOIXGG33NF5ZGKZDJOIXT6ZLYMNUGC3THMU6XG3LBOJ2CMZ3EOBZD2MBGNFZXG2J5GETHAYLSORXGK4TJMQ6TCMJWEZYGC4TUNZSXE5LTMVZGSZB5FVKGMY3ZNZJTG4LQKJIWO3SSG5KGUZKF HTTP 302
https://rtb-csync.smartadserver.com/redir/?gdpr=0&issi=1&partnerid=116&partneruserid=-TfcynS3qpRQgnR7TjeE

Request Chain 212

https://eu-u.openx.net/w/1.0/cm?id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D100%26partneruserid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=100&partneruserid=1b23f7b7-0a65-475d-852f-113e788cf1b1

Request Chain 213

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=76&partneruserid=GOOGLE_HOSTED_SI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_sc%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=MzY1MjM5NTI2NzYyMzE2Nzg3&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEB1BcZIc3v7Pjjh1D7uBT00&gdpr=0&gdpr_consent=&google_cver=1

Request Chain 214

https://sync-tm.everesttech.net/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=ZEfbygAFWvUwbQAp HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=94&partneruserid=ZEfbygAFWvUwbQAp&gdpr=0&gdpr_consent=&_test=ZEfbygAFWvUwbQAp

Request Chain 218

https://sync.mathtag.com/sync/img?mt_exid=75&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D1%26uid%3D%5BMM_UUID%5D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://onetag-sys.com/match/?int_id=1&uid=0f4a6447-dbca-4f00-85f7-368c1b1b7f16&gdpr=1&gdpr_consent=

Request Chain 220

https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D1%26gdpr_consent%3D%26uid%3D$UID HTTP 302
https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=7656236649959587680

Request Chain 222

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7iyiBt38sII32jz77HliGBYxL2PUQrKyA

Request Chain 225

https://onetag-sys.com/match/?int_id=113&gdpr=1&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=5ZOV02xj0ogLhNj3oa6KuHKH3S935C9yaiVMzzzzx4M

Request Chain 227

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm HTTP 302
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEES5BcUOYltYTAw1H8gAFxk&google_cver=1

Request Chain 229

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=29&uid=13cf2bf7-215c-4ed5-a397-49f7919fb11b&gdpr=0&gdpr_consent=

Request Chain 238

https://u.openx.net/w/1.0/cm?id=3cc4b2f6-c7e1-439a-8174-b6dbb96bcabf&r=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%7BOPENX_ID%7D HTTP 302
https://u.4dex.io/setuid?bidder=openx&uid=82a064da-4ccf-4af9-8e14-9225851d239f

Request Chain 244

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=medianet HTTP 301
https://eus.rubiconproject.com/usync.html?p=medianet

Request Chain 245

https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3254325214262558000V10%26type%3Drkt%26refUrl%3D%26vid%3D24309220613254325214262558000V10%26ovsid%3D%7Buserid%7D HTTP 302
https://contextual.media.net/cksync.html?cs=8&vsid=3254325214262558000V10&type=rkt&refUrl=&vid=24309220613254325214262558000V10&ovsid=5142336722875449073

Request Chain 247

https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=3254325214262558000V10&type=son&refUrl=&vid=24309220613254325214262558000V10&ovsid=[UID] HTTP 302
https://contextual.media.net/cksync.php?cs=8&vsid=3254325214262558000V10&type=son&refUrl=&vid=24309220613254325214262558000V10&ovsid=6fd8f03a-1959-400a-b2a9-b3e4ad916289

Request Chain 248

https://us-u.openx.net/w/1.0/cm?id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3254325214262558000V10%26type%3Dopx%26refUrl%3D%26vid%3D24309220613254325214262558000V10%26ovsid%3D HTTP 302
https://contextual.media.net/cksync.html?cs=8&vsid=3254325214262558000V10&type=opx&refUrl=&vid=24309220613254325214262558000V10&ovsid=c68609d0-30a7-42d1-a1f2-d16cec70b8ab

Request Chain 250

https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=MzI1NDMyNTIxNDI2MjU1ODAwMFYxMA%3D%3D&google_sc=1 HTTP 302
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEGdfsuU_RDPtwSTDyujae-U&google_cver=1

Request Chain 254

https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254325214262558000V10%26type%3Dzem%26refUrl%3D%26vid%3D24309220613254325214262558000V10%26ovsid%3D__ZUID__ HTTP 302
https://stags.bluekai.com/site/23178?id=-TfcynS3qpRQgnR7TjeE&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPJNKRTGG6LOKMZXC4CSKFTW4URXKRVGKRLIOR2HA4ZFGNASKMSGEUZEMY3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIJJSIZRWW43ZNZRS44DIOASTGRTDOMSTGRBYEZXXM43JMQ6V6X22KVEUIX27EZZGKZSVOJWD2JTUPFYGKPL2MVWSM5DZOBST26TFNUTHM2LEHUZDIMZQHEZDEMBWGEZTENJUGMZDKMRRGQZDMMRVGU4DAMBQKYYTAJTWONUWIPJTGI2TIMZSGUZDCNBSGYZDKNJYGAYDAVRRGA HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPJNKRTGG6LOKMZXC4CSKFTW4URXKRVGKRLIOR2HA4ZFGNASKMSGEUZEMY3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIJJSIZRWW43ZNZRS44DIOASTGRTDOMSTGRBYEZXXM43JMQ6V6X22KVEUIX27EZZGKZSVOJWD2JTUPFYGKPL2MVWSM5DZOBST26TFNUTHM2LEHUZDIMZQHEZDEMBWGEZTENJUGMZDKMRRGQZDMMRVGU4DAMBQKYYTAJTWONUWIPJTGI2TIMZSGUZDCNBSGYZDKNJYGAYDAVRRGA HTTP 302
https://contextual.media.net/cksync.php?cs=1&ovsid=-TfcynS3qpRQgnR7TjeEhttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=24309220613254325214262558000V10&vsid=3254325214262558000V10

Request Chain 256

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=3767e262-38e9-452d-b449-3be4a4168cad

258 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 0hjg5kw0 Show response
pastelink.net/ 34 KB
10 KB 520ms
221ms Document
text/html 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

4cd800db84fcc5c0f0554b994b9c23e455f3b76c300ce069f35572b18e6ca6fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 25 Apr 2023 13:55:12 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: SAMEORIGIN

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 498ms
215ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

50fb7a74467a7c8eff5584b3c0ef64577cf0e84e3256387a0e3f17a1a1be0f7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 25 Apr 2023 13:55:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 13:55:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 25 Apr 2023 13:55:13 GMT

GET
H2 200 styles.css
pastelink.net/assets/css/ 121 KB
121 KB 241ms
240ms Stylesheet
text/css 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/css/styles.css?q=36

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

ec237517566b85a5797425cebe748d7248a7d8c698bdb113f9615946b7434a78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/0hjg5kw0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Mon, 24 Apr 2023 17:57:18 GMT
server: nginx
etag: "6446c2fe-1e436"
content-type: text/css
accept-ranges: bytes
content-length: 123958

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 1406ms
133ms Script
application/javascript 69.16.175.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d9d"
vary: Accept-Encoding
x-hw: 1682430914.dop227.fr8.t,1682430914.cds332.fr8.hn,1682430914.cds144.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 script.min.js Show response
pastelink.net/assets/js/ 41 KB
41 KB 151ms
151ms Script
application/javascript 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pastelink.net/assets/js/script.min.js?q=36

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

190d542d8e593c755fd16e67ca62583e183957829dfb69cc2e00c7bf67df237d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/0hjg5kw0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 17 Nov 2022 12:00:15 GMT
server: nginx
etag: "6376224f-a225"
content-type: application/javascript
accept-ranges: bytes
content-length: 41509

GET
H2 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/ 2 KB
1 KB 429ms
148ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/js.cookie.min.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 5138415
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 772
last-modified: Mon, 04 May 2020 16:11:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec5-6d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=70EG7nqvmIwgJxHsg1kyEN0MnejsfMxb6GyBqu3sR%2Ffg2Faz2igGmIrS1NiwUQsnLLZqDfQ0yOJPhAwMR%2FaidHMYepWkhXtgY915l2zPGiGAxOtbQLU50DsV5DOnuvACtiOMZJTX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7bd715181ea791f9-FRA
expires: Sun, 14 Apr 2024 13:55:13 GMT

GET
H2 200 css2
fonts.googleapis.com/ 830 B
445 B 498ms
216ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Arbutus:wght@400&display=swap

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

9d2a1bd035ccc0274c7333c015d2e927ab47b4d256fcd544d2dcb7c05f9cb68e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 25 Apr 2023 13:55:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 13:55:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 25 Apr 2023 13:55:13 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 906 B
893 B 538ms
256ms Script
text/javascript 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=captchaLoaded

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

GSE /

Resource Hash

977fec2807d31f9cda9b855a04aec643ed99e64f2d963806aea4221bd4586d98

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 573
x-xss-protection: 1; mode=block
expires: Tue, 25 Apr 2023 13:55:13 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 189 KB
67 KB 455ms
161ms Script
application/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

21a5ba176b5e077b89f9ecb8252d0e9de75010082b29898d25e343b01353eb6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68418
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 25 Apr 2023 13:55:14 GMT

GET
H2 200 pastelink.js Show response
cdn4.buysellads.net/pub/ 538 KB
150 KB 414ms
138ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 362ee6590413841d5076ac5bc201f3d298119845533319dfbd051c1b6fbf3d78

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
content-encoding: gzip
last-modified: Tue, 25 Apr 2023 13:42:21 GMT
server: AmazonS3
x-amz-request-id: RMGZ07KNSDXG2DY8
etag: "967f50d20b7051d94d674be74ee34e7b"
x-amz-server-side-encryption: AES256
x-hw: 1682430914.cds144.fr8.hn,1682430914.cds269.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 153587
x-amz-id-2: svSURGDxOt5BegwsqF47WMLvOT2VcwnJWfx1YeQgUCk4Ss0KckX+Xwg4oSjOCXRY2aZKVy0Wolht+RZJzfaGLL0j5C5laFCe

GET
H2 200 recaptcha__ka.js Show response
www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/ 442 KB
168 KB 439ms
140ms Script
text/javascript 142.250.186.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/recaptcha__ka.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=captchaLoaded

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f3.1e100.net

Software

sffe /

Resource Hash

e5d563ffd8db6e460ac4a8eba1934c4ca7c5415b34f06f2c65371ad03665bafe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:25:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 171147
x-xss-protection: 0
last-modified: Fri, 21 Apr 2023 01:25:41 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 24 Apr 2024 13:25:08 GMT

GET
H2 200 debut_light.png
pastelink.net/assets/images/ 4 KB
4 KB 146ms
146ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/debut_light.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-10c8"
content-type: image/png
accept-ranges: bytes
content-length: 4296

GET
H2 200 pastelink-logo.svg
pastelink.net/assets/images/logo/ 3 KB
3 KB 147ms
147ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-d3d"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3389

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 arrow-down-blue.svg
pastelink.net/assets/images/ 239 B
409 B 147ms
147ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/arrow-down-blue.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-ef"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 239

GET
H2 200 moon.svg
pastelink.net/assets/images/ 2 KB
2 KB 147ms
147ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/moon.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-62e"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 1582

GET
H2 200 public-black.svg
pastelink.net/assets/images/ 578 B
749 B 220ms
220ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/public-black.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-242"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 578

GET
H2 200 social-spritesheet.png
pastelink.net/assets/images/ 28 KB
28 KB 226ms
226ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/social-spritesheet.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-70de"
content-type: image/png
accept-ranges: bytes
content-length: 28894

GET
H2 200 logo-bg-90-tl.svg
pastelink.net/assets/images/ 2 KB
2 KB 297ms
297ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-bg-90-tl.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-933"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2355

GET
H2 200 pastelink-logo-contrast.svg
pastelink.net/assets/images/logo/ 4 KB
4 KB 299ms
299ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo/pastelink-logo-contrast.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

3a73b36061944ebbb33696553917d393280f796e212afcd09057b441c1168606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-e31"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3633

GET
H2 200 logo-symbol-non-white-bg.svg
pastelink.net/assets/images/ 4 KB
5 KB 302ms
302ms Image
image/svg+xml 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/logo-symbol-non-white-bg.svg

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 13 Oct 2022 11:31:15 GMT
server: nginx
etag: "6347f703-11c0"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 4544

GET
H2 200 nord-white-trim.png
pastelink.net/assets/images/ 9 KB
9 KB 305ms
304ms Image
image/png 89.35.29.15
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastelink.net/assets/images/nord-white-trim.png

Requested by

Host: pastelink.net
URL: https://pastelink.net/assets/css/styles.css?q=36

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.35.29.15 London, United Kingdom, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

15.29.35.89.baremetal.zare.com

Software

nginx /

Resource Hash

6f0fef1778678fd7b5436ebd0ba183edb1e28d93136539e8beb4e4d60efdeceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/assets/css/styles.css?q=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Mon, 24 Apr 2023 17:57:18 GMT
server: nginx
etag: "6446c2fe-2424"
content-type: image/png
accept-ranges: bytes
content-length: 9252

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 420ms
134ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:01:47 GMT
x-content-type-options: nosniff
age: 244407
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 18:01:47 GMT

GET
H2 200 NaPYcZ7dG_5J3pooX9Vnrg.woff2
fonts.gstatic.com/s/arbutus/v24/ 25 KB
25 KB 430ms
144ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/arbutus/v24/NaPYcZ7dG_5J3pooX9Vnrg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Arbutus:wght@400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

601950f24fa6240b97d1f7887b87077902e0ff789e53d2a813e46e3782d099de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 22:58:04 GMT
x-content-type-options: nosniff
age: 226630
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25336
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:58:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 22:58:04 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 518ms
233ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 19:38:46 GMT
x-content-type-options: nosniff
age: 238588
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 19:38:46 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 532ms
246ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 23:30:01 GMT
x-content-type-options: nosniff
age: 224713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 23:30:01 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 413ms
135ms Script
text/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 25 Apr 2023 12:35:44 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 4771
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Tue, 25 Apr 2023 14:35:44 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
78 KB 154ms
153ms Script
application/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

73f5bea8ad17369a5d7d4169383952d16544b54d029b3fe0d621b3c41d5e687b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80192
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 25 Apr 2023 13:55:15 GMT

GET
H2 200 tag Show response
btloader.com/ 22 KB
8 KB 414ms
143ms Script
application/javascript 104.26.6.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.139 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88f94fc9bb9bada786c28d661a00855994d18fbeda03d3834cf0c8a55fa79384

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:15 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 25 Apr 2023 13:21:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1897
etag: W/"e03622ac04805a8e06fb6e13744701f4"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v2xSbL84rNo4Xtw7JGZEomi8wVHDShETeG%2BT9UoFL7wmPkKJeDB5T%2BW2V3o7%2BDj0cpl7E3RWVedPslZJPINuzqh0YTuBwWFLpUTV6bX3%2Bq70hihBCCCErDCtWbIdTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray: 7bd7152569b190d6-FRA

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 74 KB
25 KB 499ms
209ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

fc88f7053cc02fa49d877214ca893f0753ebe7687a319512ebc4914de2b84258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25039
x-xss-protection: 0
server: cafe
etag: 141 / 19472 / 31074079 / config-hash: 5475733890269258837
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:55:15 GMT

GET
H2 200 acceptable.gif
cdn4.buysellads.net/ 43 B
264 B 257ms
256ms Image
image/gif 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn4.buysellads.net/acceptable.gif?ch=1&rn=2.952081915156813
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:15 GMT
last-modified: Fri, 19 Jul 2019 16:45:51 GMT
server: AmazonS3
x-amz-request-id: PEHTKPPEHG7D8A2Q
etag: "b4491705564909da7f9eaf749dbbfbb1"
x-hw: 1682430915.cds144.fr8.hn,1682430915.cds230.fr8.sc,1682430915.cds230.fr8.p
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 43
x-amz-id-2: R6MR9ojWMPDfERCHMRbvTboJHb2SAJWJYiDN3ZysqS9t+rYYJy1wa5Th3tWjR58DhyC6CuMWJEXXVJlqreiJEpXw32YlPUig8hMOWidZp1k=

GET
H2 200 acceptable.gif
cdn4.buysellads.net/ 43 B
301 B 254ms
254ms Image
image/gif 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn4.buysellads.net/acceptable.gif?ch=2&rn=2.952081915156813
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:15 GMT
last-modified: Fri, 19 Jul 2019 16:45:51 GMT
server: AmazonS3
x-amz-request-id: PEHNJWCBJZ6P7ER2
etag: "b4491705564909da7f9eaf749dbbfbb1"
x-hw: 1682430915.cds144.fr8.hn,1682430915.cds220.fr8.sc,1682430915.cds220.fr8.p
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 43
x-amz-id-2: 95Op+HX7bx9E/nF4EXifbeLTs7UG3ZB21ssXP5qh6g73OzwlRp4v9/1zpl5z6nQgJ6VwMGK6uR4=

POST
H2 204 collect
www.google-analytics.com/g/ 0
160 B 208ms
208ms Ping
text/plain 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=45je34j0&_p=83075229&cid=722270160.1682430915&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682430915&sct=1&seg=0&dl=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&dt=20%20Trailblazers%20Lead%20The%20Way%20In%20Buy%20Broad%20Spectrum%20CBD%20Oil%20-%20Pastelink.net&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:15 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
326 B 411ms
143ms Image
image/gif 104.26.2.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.2.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2545587
x-guploader-uploadid: ADPycduyUPEuzBUIKx7fLz8o1gICs6GKx1jKQDp8CwfiatFid6KI9QByNnQXIiZNJcDullDOiy7LeRCk_J2AJKlJXBBEIA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WKylYH4tpS93pcYefoZpN4qoH0AXX3jwWpyYSVCg0w3TfXZjI%2FlS2qV6mmrzzlXue70oZh6%2BWUO9ulOZGVeKRBYwE3uBr9wxnij5ZlU8N9RzZWSu5DAt68Ixie%2F2hxRy0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7bd715280ee792ad-FRA
expires: Mon, 27 Mar 2023 03:17:53 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
571 B 416ms
135ms Image
image/x-icon 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 22:11:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56629
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Apr 2023 22:11:26 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
931 B 408ms
140ms Image
image/gif 104.26.2.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.778814506074712
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.2.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2545587
x-guploader-uploadid: ADPycduyUPEuzBUIKx7fLz8o1gICs6GKx1jKQDp8CwfiatFid6KI9QByNnQXIiZNJcDullDOiy7LeRCk_J2AJKlJXBBEIA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oNz4G7gHs940FNU%2F8BBFA%2F6JJhAzcrypQAR6Zki4VSQaVcapintElZ5aPArWruQmvz45JelvAFSbpSbItl5Zqbzu1CDadHOWp6Eqzzz9x3ihYQnU%2BDWT95ZFj%2Fzq7jfv%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7bd715280ee992ad-FRA
expires: Mon, 27 Mar 2023 03:17:53 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
93 B 143ms
143ms XHR
text/plain 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=83075229&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&ul=en-us&de=UTF-8&dt=20%20Trailblazers%20Lead%20The%20Way%20In%20Buy%20Broad%20Spectrum%20CBD%20Oil%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1220320666&gjid=590557553&cid=722270160.1682430915&tid=UA-55088947-2&_gid=1400003710.1682430916&_r=1&_slc=1&gtm=45He34j0n8155WHPWQ&z=2028672921

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/ 400 KB
125 KB 411ms
133ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

2c470984efff845d5290f15d3a01552b4bff15c1e40a48c944233a5bc5f69539

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 08:44:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18650
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127052
x-xss-protection: 0
server: cafe
etag: 14196522953641333499
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 24 Apr 2024 08:44:26 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 72 B
601 B 458ms
173ms XHR
application/json 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pastelink.net

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

9613f838798d1aed5da373796f9180a1531b4670d6762a7db38dde12ae032934

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 59
x-xss-protection: 0
expires: Tue, 25 Apr 2023 13:55:16 GMT

GET
H2 200 country Show response
api.btloader.com/ 16 B
203 B 523ms
244ms Fetch
application/json 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/country
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 45b5465229b3d2f0348a4cfcd69e52df10b6059122d41cff6f9854a30bf111cf

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:16 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 204 pv Show response
api.btloader.com/ 0
66 B 523ms
246ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=xQ2e0YED4f&w=5093624318001152&o=5102648370397184&cv=2.1.11-3-gabc8642&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&sid=wQGViA8ep&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5102648370397184&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 25 Apr 2023 13:55:16 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 CWYD627N.json Show response
srv.buysellads.com/ads/ 930 B
664 B 438ms
143ms Fetch
application/json 161.35.94.134
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://srv.buysellads.com/ads/CWYD627N.json?forcebanner=493702&ignoretargeting=yes
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 161.35.94.134 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: srv-eu-nl-17.buysellads.com
Software: //srv.buysellads.com /
Resource Hash: 1159abe5cc504088525f8af0791bf5127f836bbf1be3d0937131b1e067f1f7c6

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: gzip
server: //srv.buysellads.com
content-length: 551
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ 483 B
1001 B 404ms
140ms Script
application/javascript 104.26.8.169
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.169 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 Apr 2023 13:55:16 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 1607140
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WMEJaD5ck5QJCxstD2jKhkXkrRrAQxtOgCLz3OQSl6WrZ2ag4QtGv5BV68T4bCZ7Tr0mMP8Wms9Gadwj4Zz%2B6WvJEDgJ%2Bj3c3I7JczOVh3SSKaPhinW17MKtR9TQ3MzE"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 7bd7152d19b53662-FRA

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
501 B 434ms
149ms XHR
application/json 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://pastelink.net
content-type: application/json
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 200 prebid Show response
mp.4dex.io/ 173 B
1 KB 426ms
156ms XHR
application/json 104.18.3.114
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.114 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6034cf3e2d9adb48d84f3600a5348e9fb3aa350fdd89dfabbba82ff4b092c805

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

x-version: 3.0.0-gcp-ams
date: Tue, 25 Apr 2023 13:55:16 GMT
x-err: Shapings: no adunits with size and seat and mapping
via: 1.1 google
cf-cache-status: DYNAMIC
content-encoding: gzip
x-warn: Process Floors. 3 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1675868039084-1_123456, Process Floors. 13 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1675868173958-4_123456, Process Floors. 1 inventory rules not found for mediatype: banner and adUnitCode: bsa-zone_1675868324828-7_123456, Process Seats Booster. unable to get the seat booster engine for organization: 1116
pragma: no-cache
server: cloudflare
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7bd7152d48725c85-FRA
expires: 0

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 2 KB
943 B 1124ms
826ms XHR
application/json 185.255.84.151
IGUANE-

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&PageUrl=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&PageReferrer=https%3A%2F%2Fpastelink.net%2F0hjg5kw0

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.151 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

cb5324b739486087ff90039a0e13dc311dbda5475ad406e5fbe65611540b6bcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO PSA OUR"
x-envoy-upstream-service-time: 678
content-length: 482
pragma: no-cache
server: ayl-lb-fra02
access-control-max-age: 3600
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding
access-control-allow-headers: Accept-Encoding, Content-Type
expires: 0

POST
H2 200 adreq Show response
ads.servenobid.com/ 109 B
439 B 485ms
161ms XHR
application/json 34.248.233.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=2762
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.233.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-233-188.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 28206f4189052daa1630edbe12c03c5e58d4993e7192eaf1629c77759ac6df84

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://pastelink.net
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
1 KB 642ms
365ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU18831I
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: b07fc25523bee53d607b8220afb66cafda92652ffe192daae20aed20536d69a8

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Tue, 25 Apr 2023 13:55:16 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 797 B
2 KB 464ms
170ms XHR
application/json 178.32.210.226
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.32.210.226 , France, ASN16276 (OVH, FR),
Reverse DNS: ip226.ip-178-32-210.eu
Software: /
Resource Hash: 16750ab679c3941c3459154252f03b2916b3e9384fdb4b5320d90ab4d69b9ea1

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 543ms
248ms XHR
application/json 178.32.210.226
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.32.210.226 , France, ASN16276 (OVH, FR),
Reverse DNS: ip226.ip-178-32-210.eu
Software: /
Resource Hash: b42ccfc9b92963d83a5459f6585c19c7c335f79f647e78959c3aba1dddd21395

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 463ms
169ms XHR
application/json 178.32.210.226
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.32.210.226 , France, ASN16276 (OVH, FR),
Reverse DNS: ip226.ip-178-32-210.eu
Software: /
Resource Hash: 4b79ae7526be652a8b9c2525fd6ceeeec70fabf817604e4fdd1c24c0aa382390

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 461ms
168ms XHR
application/json 178.32.210.226
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.32.210.226 , France, ASN16276 (OVH, FR),
Reverse DNS: ip226.ip-178-32-210.eu
Software: /
Resource Hash: 70a2cbd8021e2ea73d296d362b2a3f26c423f30932ea4c7c3b295d61d2d0d851

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 635ms
173ms XHR
application/json 178.32.210.226
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.32.210.226 , France, ASN16276 (OVH, FR),
Reverse DNS: ip226.ip-178-32-210.eu
Software: /
Resource Hash: 9d8c65de4f672a8b673ae2210d3300205856ee3ca210d5de54285a3cfadec541

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://pastelink.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 622ms
224ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=2&alt_size_ids=1%2C55&rp_schain=1.0,1!buysellads.com,16898,1,,,&rf=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_FixedFooter_ROS%23bsa-zone_1675868039084-1_123456&tk_flint=pbjs_lite_v7.43.0&x_source.tid=1d81b572-12a9-423a-9381-1e87bf75fb39&l_pb_bid_id=45769a72502411d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_FixedFooter_ROS%23bsa-zone_1675868039084-1_123456&slots=1&rand=0.9642877142145541
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 0c428367c7cb37f9089c9fa7b0dca779f518f18f6ef3b2901ca229b97d1db76c

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://pastelink.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 643ms
245ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=15&alt_size_ids=2%2C1%2C16%2C232&rp_schain=1.0,1!buysellads.com,16898,1,,,&rf=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_TopLeaderboard_ROS%23bsa-zone_1675868173958-4_123456&tk_flint=pbjs_lite_v7.43.0&x_source.tid=e95394b3-814e-4a1d-a2a3-4a392b88ee87&l_pb_bid_id=46202f0deb20bf7&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_TopLeaderboard_ROS%23bsa-zone_1675868173958-4_123456&slots=1&rand=0.8107538787038444
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: f63176263e5a9f08c29da36c980255eee48ee4672be12581811d28153684aa2a

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://pastelink.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
5 KB 769ms
371ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=15&alt_size_ids=9%2C8%2C10%2C16&rp_schain=1.0,1!buysellads.com,16898,1,,,&rf=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_Sidebar_ROS%23bsa-zone_1675868324828-7_123456&tk_flint=pbjs_lite_v7.43.0&x_source.tid=ed5a5b30-4a46-4ec2-a20a-a5c0c659a7c8&l_pb_bid_id=476006986d6799&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_Sidebar_ROS%23bsa-zone_1675868324828-7_123456&slots=1&rand=0.535097920179725
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 2702607d13c6fb6f41b20d7794bef6c4ce9640011d5a37341a8d85fe972c7498

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://pastelink.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 632ms
235ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=468716&zone_id=2765554&size_id=15&alt_size_ids=10%2C16%2C53%2C67%2C101%2C102%2C221&rp_schain=1.0,1!buysellads.com,16898,1,,,&rf=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&tg_i.domain=pastelink.net&tg_i.page=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&tg_i.pbadslot=%2F22405481091%2FPastelink_S2S_Interstitial_ROS%23bsa-zone_1675868453109-5_123456&tk_flint=pbjs_lite_v7.43.0&x_source.tid=510c9d11-b078-494d-918a-7399ec185d47&l_pb_bid_id=48ce59171ce1452&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22405481091%2FPastelink_S2S_Interstitial_ROS%23bsa-zone_1675868453109-5_123456&slots=1&rand=0.4136061885283646
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 4ce37f09420b29f874f11bf6fd1418a013b8a776dd8a45d0c63bf413759b600a

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://pastelink.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
311 B 764ms
225ms XHR
application/json 178.250.7.10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.43.0&cb=85101344843&lsavail=1

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 25 Apr 2023 13:55:16 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://pastelink.net
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
114 B 729ms
183ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://pastelink.net
date: Tue, 25 Apr 2023 13:55:16 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 483 B
2 KB 653ms
377ms XHR
application/json 185.89.210.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

13ce1ffd71c6690d9122a0c231c3dadc0140b95c1ca4010f11930f1856477a1f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:16 GMT
AN-X-Request-Uuid: 1eac68f5-e456-497a-a867-af8e4126581b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://pastelink.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 91.239.206.129; 91.239.206.129; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 483
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ 74 KB
24 KB 405ms
142ms Fetch
application/javascript 104.26.8.169
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.169 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 Apr 2023 13:55:17 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: XPAED07JE2QM6FJN
Age: 2606565
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: 1oNXx77TX1TuOPszDM/gbMHwIp325wBGk1yve7vJEmvj8kd7rKYhybK/m+lct0jEV1b7/3hXqqQ=
Last-Modified: Tue, 22 Nov 2022 09:44:15 GMT
Server: cloudflare
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K080FIw8%2FzluQx9V%2F5x4Mo53KSrXXnnpzp0sHEQ3eITNITn0SAbNnRnPVthMI4RZR2NpIjP%2Bj5BluWaiR3mxJVj9cnR0LHz4Qysx0ime2rYA6t%2F8lGfuE0BmGLyj6ULW"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
CF-RAY: 7bd7152faae49186-FRA

GET
H2 200 integrator.js Show response
adservice.google.ge/adsid/ 107 B
531 B 420ms
144ms Script
application/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ge/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 412ms
140ms Script
application/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastelink.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 118 KB
26 KB 509ms
508ms XHR
text/plain 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3842846794426725&correlator=2862098844516360&eid=31072879%2C31074079%2C31074096%2C21065725&output=ldjh&gdfp_req=1&vrg=202304190101&ptt=17&impl=fifs&iu_parts=22405481091%2CPastelink_S2S_FixedFooter_ROS%2CPastelink_S2S_TopLeaderboard_ROS%2CPastelink_S2S_Sidebar_ROS%2CPastelink_S2S_Interstitial_ROS%2CPastelink_S2S_TopAnchor_ROS&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=728x90%7C970x90%7C980x90%7C990x90%7C468x60%2C320x50%7C728x90%7C468x60%7C728x200%7C580x400%7C750x280%7C760x280%7C690x90%7C675x90%7C670x90%7C650x90%7C630x90%7C600x90%7C580x90%7C570x90%7C300x250%7C336x280%2C320x50%7C120x600%7C160x600%7C300x600%7C300x250%7C336x280%7C240x600%2C1x1%2C1x1&fluid=0%2Cheight%2Cheight%2C0%2C0&ifi=1&adks=840525636%2C3944560474%2C3798138915%2C1897443797%2C1230872867&sfv=1-0-40&ists=3&fas=0%2C0%2C0%2C8%2C2&prev_scp=optimize_ad_unit_id%3Dbsa-zone_1675868039084-1_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D728x90%26hb_pb%3D0.03%26hb_creative%3D2249%253A483293701%26hb_adid%3D67feee243d0be3c%26hb_bidder%3Drubicon%26_bd%3Dbid%26_pl%3D0.03%26hb_size_rubicon%3D728x90%26hb_pb_rubicon%3D0.03%26hb_adid_rubicon%3D67feee243d0be3c%26hb_bidder_rubicon%3Drubicon%7Coptimize_ad_unit_id%3Dbsa-zone_1675868173958-4_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D728x90%26hb_pb%3D0.02%26hb_creative%3D2249%253A483293701%26hb_adid%3D69fec61f9cbcdfc%26hb_bidder%3Drubicon%26_bd%3Dbid%26_pl%3D0.02%26hb_size_rubicon%3D728x90%26hb_pb_rubicon%3D0.02%26hb_adid_rubicon%3D69fec61f9cbcdfc%26hb_bidder_rubicon%3Drubicon%7Coptimize_ad_unit_id%3Dbsa-zone_1675868324828-7_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D160x600%26hb_pb%3D0.02%26hb_creative%3D2249%253A471843126%26hb_adid%3D7032c5e3cc1b101%26hb_bidder%3Drubicon%26_bd%3Dbid%26_pl%3D0.02%26hb_size_rubicon%3D160x600%26hb_pb_rubicon%3D0.02%26hb_adid_rubicon%3D7032c5e3cc1b101%26hb_bidder_rubicon%3Drubicon%7Coptimize_ad_unit_id%3Dbsa-zone_1675868453109-5_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D300x250%26hb_pb%3D0.01%26hb_creative%3D2249%253A483294794%26hb_adid%3D68ce764c396092e%26hb_bidder%3Drubicon%26_bd%3Dbid%26_pl%3D0.01%26hb_size_rubicon%3D300x250%26hb_pb_rubicon%3D0.01%26hb_adid_rubicon%3D68ce764c396092e%26hb_bidder_rubicon%3Drubicon%7Coptimize_ad_unit_id%3Dbsa-zone_1678879398722-5_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0&eri=1&cust_params=optimize_refreshed%3Dfalse%26optimize_acceptable%3Dfalse%26optimize_adl_debug%3Dfalse%26optimize_ctv_debug%3Dfalse%26optimize_debug%3Dfalse%26optimize%3Dtrue%26optimize_adl_id%3D%26optimize_amp%3Dfalse%26optimize_audience%3Dtech%26optimize_env%3Dprod%26optimize_pub%3Dpastelink%26optimize_xp%3Da&sc=1&cookie_enabled=1&abxe=1&dt=1682430917530&lmt=1682430917&dlt=1682430912947&idt=3365&adxs=-12245933%2C310%2C1091%2C-9%2C-9&adys=-12245933%2C351%2C521%2C-9%2C-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C0%7C0%7C-1%7C-1&ucis=1%7C2%7C3%7C4%7C5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&frm=20&vis=1&psz=1600x-1%7C705x430%7C168x607%7C0x-1%7C0x-1&msz=0x-1%7C705x250%7C120x600%7C0x-1%7C0x-1&fws=644%2C4%2C4%2C2%2C2&ohw=1600%2C1600%2C1600%2C0%2C0&ga_vid=722270160.1682430915&ga_sid=1682430918&ga_hid=83075229&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

3f3e1cbe829f2a7fe05a78842adb78070c3a4c1314fd0c245418c0477986df3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:17 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26230
x-xss-protection: 0
google-lineitem-id: 6244825807,-1,6242989371,6244825801,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138426175561,-1,138425476184,138425476184,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastelink.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 492ms
189ms XHR
application/json 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202304190101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

694e625dc02fa5acaf8447d2928b7f558f54335c8c5bccaf8dd4f24e17d29190

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11347
x-xss-protection: 0

GET
H2 200 container.html Show response
f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FFAE 6 KB
3 KB 443ms
144ms Document
text/html 142.250.184.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f1.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Apr 2023 13:55:17 GMT
expires: Wed, 24 Apr 2024 13:55:17 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/ 33 KB
12 KB 135ms
134ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl_page_level_ads.js?cb=31074079

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

36b51237a514c8362d64d43c17abd3d4fd2e3a586c8a55c32bfde0c0e1c114aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 11:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8357
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11860
x-xss-protection: 0
server: cafe
etag: 7680045872876739953
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 24 Apr 2024 11:36:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 667ms
371ms Script
text/javascript 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f161.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 25 Apr 2023 13:55:18 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 25D1 0
0 174ms
174ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssd7CpHeO3LHt0WU8MrK2HThS-Lt2tIF1btivpkj9VSDy-zNu3Y8VRjjJNpQXCi-Pffs7Q_Fcb4u1fAPKmoveiHjeZIPvdHpazKYY0heT6kiXyTPPbGWYjbwepzIggoe6XY1s6Bcc3xp-BV84msUSG8VNtMcXE7bnl-XshEGJU3gR7zzPerMovzS_b8fM7bVnl5hvCsigB2ggLxSi4R5HuMGZZvMd11X0CoVgAXC3CFK9EB3UBniXn9LAKv3Jw8mzAMkHjEHiPl39NF8UJk3wFsFBNZyq1wzRroxbAGRvNk1LPZbz842oIqBqoD59zI1MtBGjuAXS1_gBbxBUQtWKWExz4&sai=AMfl-YSaSZPIzVDWBzMdkFcCu8aupHxwZ2HEMulHNSfcaoWWihwzy_Yf0wkCAhkW1jN-auIkInVjKRBzb-L2Ljp6xGHeG4kmM2MwMezaOeial1kNUd1um_4cN9tevCxArI7XM7KpDWLgRD6WcLRb9VKn&sig=Cg0ArKJSzIoDE7ML8fpJEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 25 Apr 2023 13:55:18 GMT

GET
H2 200 prebid-universal-creative.js Show response
cdn4.buysellads.net/pub/ Frame 25D1 26 KB
9 KB 138ms
138ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: gzip
last-modified: Mon, 24 Apr 2023 18:51:17 GMT
server: AmazonS3
x-amz-request-id: HN0CTCPMW0ZD5RSF
etag: "6247b34aaaa023705aa5146179ffd119"
x-amz-server-side-encryption: AES256
x-hw: 1682430918.cds144.fr8.hn,1682430918.cds248.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 8892
x-amz-id-2: Or/WK46ET7bA03EEQhE530CTRANDeifs8l2JmqejJLVfdu0hm5SUYNms1Bm7l8RcKKFhAlh5G9k=

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 25D1 159 KB
49 KB 176ms
176ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:55:18 GMT

GET
H2 200 container.html Show response
f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D901 6 KB
3 KB 136ms
135ms Document
text/html 142.250.184.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f1.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Apr 2023 13:55:17 GMT
expires: Wed, 24 Apr 2024 13:55:17 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 677E 0
0 171ms
170ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssWFF8q6r0s3PjT4bigZaKa_Ep1BhKhzwk9kZ-c7RE87Rz83xo1RYHIlcoVnpu06yanG5jIwKKDBCr9TaSADMb55NX1vkB4P2MmJ2Zr_sB1QM2bBTDQn5e3ZTRNIzNbs9uwT9oW2m6vuLu-u_9re-KVVDdXeqMgszyVD5n3MMy3PCViCv-nwR1pCg9GVje842oIva5rtqKfqiPmCTBRI2vTbDAPh5tt573r94Uq2a4lQ2HKLVK5k4nMvZTKZi9jBaCAu3UTBvjj7MxuwprDBNcOnJ5-7aeL-ZBZqQwIy2WnoKZ2lKKQ-_DCnLe-OnCKwJ5NHL30nyMaGlddPARzzA&sai=AMfl-YSPF2dPj_0DCYVyJvIpGBZzKXng8VdeZ27qBKe06-p90DUb4fqCXoeK9ueytwMLA0zTx3_4HUC7C1aLQhV3A_lUeVbRoqaQLy4HRDvoMLP-ww5ENlADKq0QDX7sSO3ddZojOje7hRLBgqUwJbnx&sig=Cg0ArKJSzPCGlIDy4CKhEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 25 Apr 2023 13:55:18 GMT

GET
H2 200 prebid-universal-creative.js Show response
cdn4.buysellads.net/pub/ Frame 677E 26 KB
9 KB 137ms
137ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: gzip
last-modified: Mon, 24 Apr 2023 18:51:17 GMT
server: AmazonS3
x-amz-request-id: HN0CTCPMW0ZD5RSF
etag: "6247b34aaaa023705aa5146179ffd119"
x-amz-server-side-encryption: AES256
x-hw: 1682430918.cds144.fr8.hn,1682430918.cds248.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 8892
x-amz-id-2: Or/WK46ET7bA03EEQhE530CTRANDeifs8l2JmqejJLVfdu0hm5SUYNms1Bm7l8RcKKFhAlh5G9k=

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 677E 159 KB
49 KB 525ms
525ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:55:18 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 5825 5 KB
755 B 151ms
150ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

831997ce334905a4fc3c7f0673c30bd34701f9810d87b19335aea228804ae38a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 12:05:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 25 Apr 2023 13:55:18 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/ Frame 5825 19 KB
8 KB 381ms
145ms Script
text/javascript 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304190101/pubads_impl.js?cb=31074079

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f161.1e100.net

Software

cafe /

Resource Hash

c5663a1ab2a975aedc88dbbf644d92980a966b614286321a39baac756077b738

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 21:35:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58798
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8167
x-xss-protection: 0
server: cafe
etag: 3140062999518874537
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 08 May 2023 21:35:20 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E0E7 663 B
546 B 553ms
173ms Document
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGIX0ueYBMAE&v=APEucNXxCTMZSGGQReJCY-LzG_ImCTtjPb2UfEBqkQrIW1ByX1l6I_4gOWrPv2QwE4sHZzItnopTxBkD-fSsCMwrVU4mFPreEg

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

962d6dea088b031cd44d33f937adb5ba241a9435aa32a8be667d57482b8bbe1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 234
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 25 Apr 2023 13:55:18 GMT
expires: Tue, 25 Apr 2023 13:55:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 25D1 78 KB
27 KB 452ms
182ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:55:18 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 25D1 42 B
63 B 435ms
167ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CbiDlxJ6RuEc7mwUid3688PFah4BQa-rR4_0PeKVHJ5vDywiq9Pbrhp94Nx9M5kq7StQn_gro4BAoWWjCecQNMG09KwSLbSWJ5hOyPZb3qN9SXgXQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 25D1 0
20 B 434ms
167ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14227305223910583191&x=8&ct=119

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 74ca0144-8fd5-4c87-95ea-deb6e94b3bde
beacon-fra2.rubiconproject.com/beacon/d/ Frame 25D1 43 B
75 B 835ms
132ms Image
image/avif 69.173.144.152
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-fra2.rubiconproject.com/beacon/d/74ca0144-8fd5-4c87-95ea-deb6e94b3bde?oo=0&accountId=18812&siteId=468716&zoneId=2765554&sizeId=2&e=6A1E40E384DA563B57842E31082893C6BBFD054624B0661AEB08DDA2104E1A52C7D99F6100E135AA3FE7B59EFF68058B6D748C0D8D7FAA22A128B8BF1AC0232A919445E1DDDEA4B558F3483D31C5FB57CD559C8B88F7B0F58E47B3A1E1315CCA33B79900783003DF75EE724C8C9721BCF5346B5345877041C57D7F14A4F65198A75BAB7B50C50C3825CE5DE0A0EF7BCB73458AC0BCCFD6B2A4E112DBA733BD52F17B8876665BFE0A3032BFFE8A7CEDCBB0F4E1A56A0309ECCDA10306204D320B

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.173.144.152 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D901 0
0 178ms
178ms Fetch
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CHFlixdtHZNTTJ8munsEPkIaTkAuf6resbsn4wd_WEMCNtwEQASAAYI0CggEXY2EtcHViLTk2MDI1MTk1MDI2MTgyNjLIAQngAgCoAwGqBO8BT9CNHXsA5CZFHbOxpqkem9xywbC1Bl3d5zuWs_XdPzRB2K_bh8cOQYDv29kcq3eej2h3Av17EAdvyyRTTX8GZx9cLIV3wqH1XMiKnOtB1W03yJIrxV8JLT7pWoSrHgVRiadTCw-g9VsjsUMlcSdXxRgsmtgxkjajmzYVZCtHYfkmcL1oeyxypD-CTxcow8sfqS3-srNedoPN9PVDltMaEhzv-rD_RhCriGFGF2ZfILXzZvx71iBxNPOrEDoTR54ok_U5zWRZbSJHOKyeXu_9KT8qWKpF3qOgE5U2IaONoYvkcxCkOrrHWirirrKltLbgBAGABuC0stPNzbHVsgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggNCIBhEAEyAooCOgKAQIAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi05NjAyNTE5NTAyNjE4MjYyGPrefA&sigh=YkpiiiSxIyU&uach_m=[UACH]&cid=CAQSTABygQiD1hGGA8PohMZEq9t3iArrjoJw-gnbHusqUct26BFsGnqDKcW_7slS2gtIkPsgv_vCcQfg-0e69iJnvnp6WA6xlRiyGMcaf5YYAQ
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.58.212.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s21-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 doubleWin Show response
win.eskimi.com/ Frame D901 43 B
161 B 949ms
144ms Fetch
image/gif 130.211.27.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://win.eskimi.com/doubleWin?eid=2&w=EiEKFmc3R0llc1NnYVNGakU5c3JmRk9USVEQAhiI-cnF-zAYBSCAnL_fBSi5lrwNMQrXo3A9Crc_QXsUrkfheoQ_SLybz5gmUPSR4L4CWOP8CWCYz0BoAnDYnwJ4tb3VAYABBqIBFzE2Xy02OTYzMjgwNDQ4MDkyOTQ5MzU3qQEIrBxaZDvHP7IBGSACOg9yYWlvbiBzYWNoa2hlcmVCAmdlSAHCASYIAhC5lrwNGPSR4L4CIAEowCQwBTgIWJjPQGgBcAF4AogBAZABAcoBIGYzNGU5Njk5NWRkZjNmZjVlYjFiZmRlMTM4Y2ZlMjlj2AHl4vbHwYzrv5oB4QEAAAAAAMBQQOoBAmVu8AHfDPgBBYACAYgCAQ%3D%3D&esc=false&spent=ZEfbxQAJ6dQCJ5dJAATDEEf6hHH2sv6-dr75kQ
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.27.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.27.211.130.bc.googleusercontent.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 createjs-2015.11.26.min.js Show response
code.createjs.com/ Frame D901 186 KB
48 KB 536ms
142ms Script
text/javascript 23.48.23.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/createjs-2015.11.26.min.js
Requested by: Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.48.23.26 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-48-23-26.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Tue, 25 Apr 2023 14:10:18 GMT

GET
H2 200 480x320.js Show response
dsp-media.eskimi.com/upload/rm/upload/1682077577/480x320/ Frame D901 160 KB
31 KB 453ms
150ms Script
application/javascript 169.150.247.33
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://dsp-media.eskimi.com/upload/rm/upload/1682077577/480x320/480x320.js

Requested by

Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

unn-169-150-247-33.datapacket.com

Software

BunnyCDN-DE1-1076 /

Resource Hash

de833a93fe7604c1b82307d337a91c9424fc9198c4cb4667d6690095cfce5281

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Sun, 21 Apr 2024 14:19:17 GMT
date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1077
cdn-cachedat: 04/22/2023 14:19:17
cdn-pullzone: 692289
last-modified: Thu, 13 Apr 2023 21:14:56 GMT
server: BunnyCDN-DE1-1076
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"643870d0-28130"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: ce2848ff-13c5-49e5-873d-af24ad423612
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: f62f438d73e0eec7818c65ba909503ba
cdn-requestcountrycode: GE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 2_99236644277994d397_450215437.js Show response
dsp-media.eskimi.com/upload/js/ Frame D901 6 KB
3 KB 448ms
146ms Script
application/javascript 169.150.247.33
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://dsp-media.eskimi.com/upload/js/2_99236644277994d397_450215437.js?_=1682077593

Requested by

Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

unn-169-150-247-33.datapacket.com

Software

BunnyCDN-DE1-1076 /

Resource Hash

0e37baac587952dd1347ba448e3a3e943bef26902aa626bbadfe52d072cfcfd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Sun, 21 Apr 2024 14:19:17 GMT
date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1053
cdn-cachedat: 04/22/2023 14:19:17
cdn-pullzone: 692289
last-modified: Fri, 21 Apr 2023 11:46:33 GMT
server: BunnyCDN-DE1-1076
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"64427799-1744"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: ce2848ff-13c5-49e5-873d-af24ad423612
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 7c11044318a446d079825563debb7237
cdn-requestcountrycode: GE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 cap
dsp-trk.eskimi.com/ Frame D901 43 B
161 B 422ms
141ms Image
image/gif 34.120.139.69
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp-trk.eskimi.com/cap?id=16_-6963280448092949357&dc=5&tz=%2B04:00&sgid=10252176828&pid=668469492&cid=163427&crid=1058712
Requested by: Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.139.69 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 69.139.120.34.bc.googleusercontent.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 ad-choice.min.js Show response
dsp-media.eskimi.com/assets/js/e/ Frame D901 3 KB
2 KB 445ms
142ms Script
application/javascript 169.150.247.33
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://dsp-media.eskimi.com/assets/js/e/ad-choice.min.js?_=2.1.0.8

Requested by

Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

unn-169-150-247-33.datapacket.com

Software

BunnyCDN-DE1-1076 /

Resource Hash

cdc7862ae6f3ae80124d8c672dc6d7a4d892ba42f7d651dbf0bd74d1d9e353ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Wed, 29 Nov 2023 14:20:59 GMT
date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1054
cdn-cachedat: 11/29/2022 14:20:59
cdn-pullzone: 692289
last-modified: Mon, 14 Nov 2022 14:24:28 GMT
server: BunnyCDN-DE1-1076
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"63724f9c-bdd"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: ce2848ff-13c5-49e5-873d-af24ad423612
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 91d0ba213228afce83ed571ed0248034
cdn-requestcountrycode: GE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230420/r20110914/client/ Frame D901 3 KB
1 KB 283ms
216ms Script
text/javascript 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230420/r20110914/client/window_focus_fy2021.js

Requested by

Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f161.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 12:11:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6225
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 12:11:33 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230420/r20110914/client/ Frame D901 19 KB
8 KB 226ms
159ms Script
text/javascript 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230420/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f161.1e100.net

Software

cafe /

Resource Hash

2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 12:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6227
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11444945707709536616
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 12:11:31 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame D901 24 KB
7 KB 369ms
302ms Script
text/javascript 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f161.1e100.net

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 15:49:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 252347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 21 Apr 2024 15:49:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D901 159 KB
49 KB 345ms
344ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:55:18 GMT

GET
H2 200 prebid-universal-creative.js Show response
cdn4.buysellads.net/pub/ Frame E0B4 26 KB
9 KB 281ms
281ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/prebid-universal-creative.js?1.13.0
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: gzip
last-modified: Mon, 24 Apr 2023 18:51:17 GMT
server: AmazonS3
x-amz-request-id: HN0CTCPMW0ZD5RSF
etag: "6247b34aaaa023705aa5146179ffd119"
x-amz-server-side-encryption: AES256
x-hw: 1682430918.cds144.fr8.hn,1682430918.cds248.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 8892
x-amz-id-2: Or/WK46ET7bA03EEQhE530CTRANDeifs8l2JmqejJLVfdu0hm5SUYNms1Bm7l8RcKKFhAlh5G9k=

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E0B4 159 KB
49 KB 409ms
408ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:55:18 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8E78 663 B
590 B 518ms
173ms Document
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNiutpgCENGwxMYDGLaC_-ABMAE&v=APEucNUZ1-nsySB28RGIxd49F2ULtY0wxm4lJuBfykpSMpb5IQyeHMK_Dtcpj00qQ5XT_GWSiyNfMQEYR2ExW4xz3cwnjA3UJA

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

962d6dea088b031cd44d33f937adb5ba241a9435aa32a8be667d57482b8bbe1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 234
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 25 Apr 2023 13:55:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 677E 78 KB
27 KB 550ms
316ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:55:18 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 677E 42 B
63 B 402ms
167ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DRk7NiCcLFA1LqCQXdSp09wr-AwZZQ0ytF2czC2i6tlctPNF0DpEo_ufzgD7a6RUFkd0EVdttksibxPuGPnZHHd9P3N48hiPdzaxHlm50Rc29o5bU

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 677E 0
20 B 402ms
168ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13576015438087408768&x=8&ct=119

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 249c28c0-42c7-467a-a027-4653ca0b918d
beacon-fra2.rubiconproject.com/beacon/d/ Frame 677E 43 B
227 B 801ms
132ms Image
image/avif 69.173.144.152
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-fra2.rubiconproject.com/beacon/d/249c28c0-42c7-467a-a027-4653ca0b918d?oo=0&accountId=18812&siteId=468716&zoneId=2765554&sizeId=9&e=6A1E40E384DA563B5CC94B24C4B8CFCF03390D3233D22FEF45A6076F10D85ED45FC792159011E7D219497299FE948F8B6D748C0D8D7FAA227A094F6ED9525D9C919445E1DDDEA4B558F3483D31C5FB574A4B6C361B6AF630F738D0FA22E92D5B5496835297CE47EDDF4FD4250CA1EF05626AF1A9CC6671F822BB6E5A68990FD4F8173AA1652781232E07E90C0F193F6ACA2494FDE456AF7822D6EC87D4A90F563541E6D9F1878BF512D7C26AD3C12F1360C6B4B5C39E40FBE82A954C1004678A

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.173.144.152 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0895 13 KB
5 KB 488ms
487ms Document
text/html 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f161.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
age: 1097
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 25 Apr 2023 13:37:02 GMT
expires: Wed, 24 Apr 2024 13:37:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E821 783 B
918 B 175ms
174ms Document
text/html 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

GSE /

Resource Hash

b819f364a627460b8ec0ffd43252782e12a07ce682c37933d8a2eb40ed935f65

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-onBHB7MyKFm6DtDY55rN5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-onBHB7MyKFm6DtDY55rN5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 25 Apr 2023 13:55:18 GMT
expires: Tue, 25 Apr 2023 13:55:18 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 25D1 0
20 B 168ms
167ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3302055989881&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 25D1 0
20 B 167ms
166ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3302055989881&version=m202301230201&ct=119&x=8&cor=14227305223910582000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 25D1 82 KB
35 KB 180ms
180ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BPsiJ0lfQvMZu-t5XcW791M1JUMmm_GDk5FaraDdsI32LafA1YlgvmsPptb-zcNN3RQxyag3x12-O_z92HIjcKfdOVSbktUdbApiF-6b7ZK7FRYAMKYlxuw59yCe04-kNGXYKGM-1had7yz9VWXUWJRV9X5mMzz_YTCYTPpaJRPeEtzd4&cry=1&dbm_d=AKAmf-BLy3IPFuLW5MKgwRadZeRKKBsfJnyxiLA3fsGFE18mL64Rg6Llu1vnAif8qnjuY4PK5PizrqgngUhMUGvvMEEIlugxp-hrf-tc9Y_cbA6lek93NGbXrg7XJ0KLP-oUf8MpJdZ5fsx8owW1p741XeMLjmPXFrYcRvQWnjbjeRCueQBxbbxkWgD7G5SxgrTIaAzUPaHwZ_LQYw9FakjPrCxwQ-duyWY-xtFKy1D-1JTn-P1r0XZ0cChSX6AmbRiDPhN9sGVFWuVE_V6snDs2ovfud2kJrurKglyv_euiyRxZHd7CZ5XuK2wXCelNxTd59x2ALv1yYa9NxqI6NEgsZ_PRgeYfGCZETxIUMVQeUqtpqMgKwmbUzAJ2ZFt3kHetdLXNq6_x_09usx2sv9ZFGLky3dZEmSyhcJyN9ooZ4pCYsZVS_MLkjo3-rRao1Ovme6N9esNiatcnh4qU-G2JOdDhCda6rw9Jfzs55aM_DWbNM1v0ly34paua__9pJ8U6VkSS-MjQNbs83oOWc56CqfqcVsuUqXzAzL5WaF_nKRWku36E5Qy0-MlVhwrWKGTNDWWoIp_BU01-cbtpJsIz4uYBiLF8JnOAVAdwdmqPJ-Yy3lNJy2GqfK25VUKTzfuEa7QCJZZVI1u77FyWspS294Cn4ryWqwsu24eiQSDCfzZZ8oBCRn7qMo2DzOmvG8ajORWvkBW7TJ-q0gEkVVnnu8hFlMdZWsTSe-QjBcOvQTCmq-1qI7U7H2TeBiP2B2pYMqieQj-h8rtJtzswtGQJfmpYrLLq2JBMPl0iJPGJByBmbCokWyUdHnu50lZw1_v25FC1jBVRJKgGMIZHa9RHLWjqPmxQL40dcJdKyTqBH37FuLaJ5nfILFaJJwMvOmGt2iWt4_2bN9PmZehSkIubLzjy24oIThOzR5lK1tbdDka-eQwm83kN3jUyasMbmcOkLvocNgFHbvX-vTx9oh8Sj2Ej7w84OeCzFieYzHJg33dshzhR7jC4kpjNZvzKHKZZ0TD0D9BOGO4_sYjhvihQriJDoRcANYm6K_EQYOaWcW7Go0QthB7e4aBDv1ORRKECCO9VuE4J_usIVa5_7HkiGcC4IAJPwcZ9BL6JigpP1w-85LuYO4mjkLAan3p3l_E_R7Hh-pxkJlLXZXg_C4w8W55p8OHBcL5rLrs9EincEWRDIcbNISqNDxiqRp7CkVtaMLq4xP_9Z94KS4bp1DBFc4Rsagd0MdMvdIR_1utWrUPnrgRzsDF_wtaxxil_XF5xmb-Lx7ICX2dyvtBLFZYqWT2MgeYrlEsnGvT23gLKmo2BJTMM06P2yxE7Jxa2HFOZpxXcZuP7cxJocsxOv6UG4SOBIb59t2QvD1CY5MB9bO1BKfqgHCRK2wUZhCaHreiEfnxsr8cpNDlTjJzfy6nEVdMdXNhoMyv4c-WNJqEJUMGS2JTPiuOS1HoZOzlbUMDdtTcvzyQkWcdsUG0hOrjB9aChreraB6wcnibri-FQVRy7jEaeb-hj2OrVO7uh__fj0kRRT71nayexcyAg-Cxk4HPYl2e-ZjxDnPN3E-xFZi-VHRzQzkuzUOcghXpM6WikMwHe1_JkmtiZAxmDLE3dVRPz5ofJpEU60jLUsvaLJcsKCzPozwvz4HNjGO3pm6DMbXewYWK-syd3VF9Hmw1u8QNE9apT_g0ev2ahSyxG1AIhDn209HKBPnARUOxoeINYX1uG6rOR8xRLfvMGEzBfowjNaMJ-oRvhv5CT_wCPdLdOoxMTvnmNeullE3VJNiCsde7ibiyXmmxCzf3qqYjRowjed4Bq_rhZ39_sjNXAx-MvmEGMEe9JNXC8sU2-ntoXxalT5E9CugC51GGOYkR3Jsh6p9YN7EH4GTo3YmDyxayF1qcXzykVCRD0YJAa7QqBrxcY1op2xLsiGQoycUSA_aPCH6xZjJ5wHF4XFNW1gMcGOboYLJFRgLrwr7Rk-KSumZ00shfuT3-cyR0uagdseWH1ih5vFyypfX9Nzki82Ki5PuK0td1TumYOXTf0fI14nXOd-YQATuCNlf2jtkWpXYyHgZkmzK1QQOGlkBdMNmqT78k0fSZkUfHQb9oOavr3V-IkerAgzYwhR84aBh9eO9_Bjsga1i-Eqo-o_GEh2NB-Lt4aEc1r2IyvwkVzAv1dZfBwOFJY7waf1mvmhL-kmFJ3NWdQSznb8cVeMjGTexg-cQqnrBOxDBcmhbdWCk53uP4LqjDbeYki7drLYPwrm0tyrKcvRix54fWCJ2cwkJwAdAqEm1nQ2M6Mq68B8_IP5GLBrB_EIBu6AxUbpTxieXYS9ZF-T3NUE4e29c8zuqO9bDrNW6CW3qXh3octt3D0xtCxyk9mH37qTBgoxZRB5HCPdRozBL_xThw_-uSuU626gb4HcCS9VJUxpYvbP7esfZa6XPPs8WyuAYwuW7FwbZpVK_Xte-WVX3swBvp66CVFdskAN4if9rVtphXF8VyJjK-bcnfJVhWaH5uFDDwu-T8K75ZOBejH8emYmVJlmH-bxncD5Wi-1Guk9IyWnhqPpbjVvHGOTYzZiuc1BP1CrwyQkcZYi3zfbEaIGPKqyCQkoW-KpM1w6xSW7nXbDeKZNEl6O-KrNka8k0uNQ7F1kun0VWr1aobcoWrf13WN0qoWdlEN_YldCC5_CnIrElo7iLGtQs9_cVgNlXF3CcYlK1KrQjV1zfa8A7fdbEUQRP5NVJbAVVrCe9mvHDDQ98VVNg3IkM1TvjJdyRNEQeZczwTNFXo97ov4DmHHMjvkPx-ABb2HxyTH8wnZNI58ZP7ZYvpMWr23mOlh3Tm2G5lsV3yhs98rM9LMrD_bJ_yy-bOfP-6y72aEgpASnAf-l2p4Ov9wGhcbGG3OIKuhiR_okTRxiywIJifVk7pvNmhdx8jlyIDq53ME74Y5Cq0MQkrhMsondH8wCmosOnB6sPhv3GiJHFotxS8TB5Pl2AoeDIn_Qaej42z10vrRGj4sNaOtkjbOFkE47uvEltDJNEPLMH63vWjH42jri1z24wAaZ7yu8yKeROKyDG4pQaLcyZ1gi_aW6qZyrYAxGFA_t6SCU8TScD656V_xc0RIfOFThKW8IWbA2LVd8pVJ6MnohMxTRLGMdP_fRqqyAc6EkzxbzI584Jd5Bfcq6V-jgWP9WMLUu5gtYFEcg3sNoaGzJ0QECFPUH4Q7-XLFfjDUI_4O4ub8mjRnmQwqGRTmNTi3FWtJ45-sfxTjccpVJ2L_CQcB3hWKu6mSqJvHn2sT4XlRVRNEv7AaURhgoleag6AmGL1aaQl1mtgkW9YMoKVUHxINMdGjQQjtcLqG46S5VuZNi7pMnz0FwYUYg6FCdz20fHe4lhMteBn_SQjiUaZP3rPmVfdknvVuoZcQHkG_u8h3t4_qAe3-xxqGbIh2jNlxvdheXFNmfk1dYcPeVT6H6SWIpSJu4ieZ53MpxeF-e0P1G5xicigwK6E46D1RXbynd5NmcN6_Xo4yYdelwaNfX8TQDCoovRBMYm8nNdUJUAHnPv9WObs0QOyzZbikEHgDGgsx9dykVwM_uMJJyQRTL0JKYHwS-tYZ3lffs-iBI72gle0pvAgDv_ds4xoglI4gJP8Sna9Oga4&pr=8%3ADF1773F7F5843031&cid=CAQSGwBygQiDOO5CA50q-LX8guql3YXrb5btD-cImxgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&ds=l&xdt=0&iif=1&cor=14227305223910582000&adk=1814326990&idt=533&cac=0&dtd=12

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

0aa45374883284b3c3cc9729b1b2f0b6b616244f0752cda868be02d370aa5407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35439
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cs
cs.lkqd.net/ Frame 8E78
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESECNeGUhbCTRB4EloewhHQhA&google_cver=1

43 B
534 B

231ms
221ms

Image
image/gif

146.20.128.131
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESECNeGUhbCTRB4EloewhHQhA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNiutpgCENGwxMYDGLaC_-ABMAE&v=APEucNUZ1-nsySB28RGIxd49F2ULtY0wxm4lJuBfykpSMpb5IQyeHMK_Dtcpj00qQ5XT_GWSiyNfMQEYR2ExW4xz3cwnjA3UJA
Protocol: H2
Server: 146.20.128.131 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:19 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESECNeGUhbCTRB4EloewhHQhA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 296
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8E78
Redirect Chain

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=em5fSXZORGlZc0k

170 B
243 B

145ms
145ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=em5fSXZORGlZc0k

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNiutpgCENGwxMYDGLaC_-ABMAE&v=APEucNUZ1-nsySB28RGIxd49F2ULtY0wxm4lJuBfykpSMpb5IQyeHMK_Dtcpj00qQ5XT_GWSiyNfMQEYR2ExW4xz3cwnjA3UJA

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 25 Apr 2023 13:55:19 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=em5fSXZORGlZc0k
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8E78
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1

43 B
632 B

313ms
134ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNiutpgCENGwxMYDGLaC_-ABMAE&v=APEucNUZ1-nsySB28RGIxd49F2ULtY0wxm4lJuBfykpSMpb5IQyeHMK_Dtcpj00qQ5XT_GWSiyNfMQEYR2ExW4xz3cwnjA3UJA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8E78
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEfbx-kwIAmBLOpECWyZpwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1

43 B
766 B

131ms
130ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNiutpgCENGwxMYDGLaC_-ABMAE&v=APEucNUZ1-nsySB28RGIxd49F2ULtY0wxm4lJuBfykpSMpb5IQyeHMK_Dtcpj00qQ5XT_GWSiyNfMQEYR2ExW4xz3cwnjA3UJA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cs
cs.lkqd.net/ Frame E0E7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESECNeGUhbCTRB4EloewhHQhA&google_cver=1

43 B
535 B

230ms
222ms

Image
image/gif

146.20.128.131
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESECNeGUhbCTRB4EloewhHQhA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGIX0ueYBMAE&v=APEucNXxCTMZSGGQReJCY-LzG_ImCTtjPb2UfEBqkQrIW1ByX1l6I_4gOWrPv2QwE4sHZzItnopTxBkD-fSsCMwrVU4mFPreEg
Protocol: H2
Server: 146.20.128.131 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:19 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESECNeGUhbCTRB4EloewhHQhA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 296
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame E0E7
Redirect Chain

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=djRNdW03a1hUOE0

170 B
232 B

158ms
158ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=djRNdW03a1hUOE0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGIX0ueYBMAE&v=APEucNXxCTMZSGGQReJCY-LzG_ImCTtjPb2UfEBqkQrIW1ByX1l6I_4gOWrPv2QwE4sHZzItnopTxBkD-fSsCMwrVU4mFPreEg

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 25 Apr 2023 13:55:19 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=djRNdW03a1hUOE0
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E0E7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1

43 B
766 B

264ms
135ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGIX0ueYBMAE&v=APEucNXxCTMZSGGQReJCY-LzG_ImCTtjPb2UfEBqkQrIW1ByX1l6I_4gOWrPv2QwE4sHZzItnopTxBkD-fSsCMwrVU4mFPreEg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E0E7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEfbx-kwIAmBLOpECWyZpwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1

43 B
766 B

130ms
130ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGIX0ueYBMAE&v=APEucNXxCTMZSGGQReJCY-LzG_ImCTtjPb2UfEBqkQrIW1ByX1l6I_4gOWrPv2QwE4sHZzItnopTxBkD-fSsCMwrVU4mFPreEg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 publishertag.prebid.135.js Show response
static.criteo.net/js/ld/ 89 KB
29 KB 485ms
207ms Script
text/javascript 178.250.7.2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.135.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

08882d31df95daace0c23f1108f3e11fc53ef17334df446f3e3cb395c597c955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:19 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 06 Apr 2023 09:15:34 GMT
server: nginx
etag: W/"642e8db6-1638a"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 26 Apr 2023 13:55:19 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 677E 0
20 B 167ms
166ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2150753120456&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 677E 0
20 B 166ms
166ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2150753120456&version=m202301230201&ct=119&x=8&cor=13576015438087410000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 677E 82 KB
35 KB 186ms
185ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CRhscn4tDzwOr2gQpHJ_XbYIwTAhyH03WwLXvOvLLQI-X7yVyj37ScxhJG7lsaqM12ERQ8M4dz_MY5OWP5m9jnnwhn3YhMrQL9wgWftkN1jFQimf1xBlqFbaaWGMyYlQXpYaoeMBKfg65CXSCStNSnJuItVXbL6OF77B8aF7oJOb5Xu1Q&cry=1&dbm_d=AKAmf-DQHVOCvIGGntoH5NuPWG0Qg078_ltX9iqLS0w3Ru6Ga8SaXMhHm2DambFt5qWcmY1WZDcVSz1SN0Bwo2vsI6LfaVUviR-LH5Sz-DTu5Iqb4QcoyWt-iYF4s6KXAotYuaGyiHQYAyRRM6niL04nPOrnFyf9Y_Nt7JnfI4KEs8M0viVv6c2e5s9r7mbRjqtDsLsFqb81WWXP1MpBySo9562lodMr7dLcIO_jmdB2jkSy9IXeuM4ik9bMo1WLr-obeSUpX1WHAfBHe0KEhsFhYNryq4M5x28fFjRKngbqJcecqQL5n4TgVFcV9CpxZmFRVdCzn-dN7FFeyFZzdZ-BQ282vIMCrjL3RBic4r-7E3wz6vQpzBVRxNpTKsFa_AOIuzUSm1i7n8deQS5_JwufSNdN4sHBBeLmh2iCBGVuyoO4RCPDBX8IFjz-GpfEV9lE_7H9qNBbBeJHHvf5rJfyxikiSNdl8W7fk2e6fKRJfh0rrbrkxRk9JHCLXvSbZ9SyPS8irlEZ1g8UO7HDRIXqQGpfls-OL1GT2lW0HKqFnORN6NZwkKzmd7k0epYSo3EVwXUIEXsZaTrcqVE9K_HAAA8sRDuQB3Yesi-QdSdhIjlSsVpoHTsIeY-TzEyxdADhQuVEUfkxnc8VcM1Nvz-PDkE3BzTBmVhYuZdQRzhyMp17trcCcR5HdUNsLjohRJO22O70VMWfs0FrM3W1T23NCmpb83Jx52m_K9WasKPzCP2oL4FdH37UL0QuriRyLeJbGJ2tIK9Q8T3IlHlE4xOkMQvHI2JYHn7GrjIv0HZr4Tvl3Spu8uHOinlJM-4nG7jhgWL5klBtt-QPg22_nEMCI8_02AQbXydTJe1eUfiC6mOUHVwfAjkE6lXBSO0Iv_ozGWVXULNv5PGRmBI2GsQ4S3j8Cey-SsUXWhXPjGIpQhXyo8qTzbSGsshFmBypwUyh3iGSZ2ytpa_HUv7MfD2v97FrM8krBozX1j4bq7vdlYSpyjSoGSbWhzi_3ZaBg9K-CurptfpIFUEyE6shgiqz2Rt5jNrKX6WA1rgykpoElq0Cwm6-fWgXaDfuIL5p1cnQHK2Vq3ZCbPKtYJCeDcS_ISUnzuAbM11g0OBucVnuBd-j9qGJhEqSjdtyLTYPukWEfux_q4yxjN1RoYoGVUraUCw8cJWat78rGZOJw5XOZyzhsjIq5IFbD7c3f0FTbhimoYh7c-FCpZTu-orZk7pO2HyO9dJOYofPcO3AKx5Ofpz7jaDxMBscR4kk4PxtsnJpt-Byie8C3eHDRfEmot60N5l3cdLXCW2FEh2zJ1pgOe1KrtBnTKV59_AUtFUdOYObaB533rS_mG4bDGH7TyS1dcM-k8JV4eplqGCSfcvNe6sMD9yOXLt_16d4BrJVSUh5jxQDvo6KQLW2mIsSKJIekjFbS7pHKY_5oiR7wubSlltGxPW_VC-fInGZaANi9h0ko2cX5NBMnudSj5TlvcQRALaCGR96cpUPBN1muyznx5u8pnhqsQ5llD4ZPn_GymWcif-LH9PBsxYl0QalqZNBJFzMvhwQJJUi5mZchlT8LWLh0PPK1RnRRgA50CkjK1ZZ5FcE5Qui5ihHfIKjID7nlbWjBY3eCzS6tCM2cr0akCy3eLccwSBvw-9V0IoQFGD6dYJojqHY4rkgBHOLekmVEX-nXd-GDDjAxpdsXz-bpSQCkZwKEerm_Oh-sSyTuWaS3DpTewDrlzH4071_pQgDf6mI5_o7-YFxFUvD9BhhIK7JC8nI5LtDTAO68xMN0uGUqWaRuIfgN1rDwYYvprxZuCjiyqJIUw23ezqmOUHm_bRCYV02TBdz1vTgsnjODbJuSbKOJZmbxcR9qHCsfVLLzJiU7Pv2MQRlBZJ83eDEVnmu0sO9W6lg3F4b0-MMZevNlH9nYx6rumuxt4D4N4CRMO3rEq4-BXkwvUEJ5PDT2XkZHSX3-Akn7k_GQb9X0y46h5jDtGpehE1tXCyeFdhCmtRJ1Tlb-dkaQwYBwVm5qPqZyNYGlsCg8GsJR_9mHooMuKiZcShRgAL32ykHrJLuwwuKyZY7lgNxuCzr5ko50e7paGA6J4Kj-ccm5RbA1svqkFF-Z-Otd836q55LAoxCFzTnnWrhU_AGMJk2KrsAyaW93KPPVxSb3uhlE7CDMnNHF-uOKvMiXRN7QCokrDijmi-BmhsEgXM9zd4qbapJJgccj68zweIsM9yY-Zi0t9xUw-zMbSnN0nDiAjaNB3k_AqkyYx5PRs6rHNkqxoaNm9YeZF8zm5FcvIsLgAz53i6P6j_Vlc3Ag0Hhl3Ef2JFvzE48iOj0h_gsPbBdT-KyJvVkikjBXv6sVLnBiiYSnz5L913z7HaXTfVK1w8z0X2U6LwbpS0-lwvhT-Xr74fNhx-gibb9qKNLLflQZeORlorFbC35oevky423l3Mpu_ttlDYE3y2_dzaE8EIRsbbSQKhyvskGz9kMOuGp-YUD__EuzhtCb_W8RpETceTHuPkHafMyP_W0rUP8eCA07jm785-BXfs-Kkw8ZU-iYzjfnP5oM-Wo0ZfR8_XTIFqBYu15WTkHinF-JPqVPMUbUMAh_lsCakGusEdB_lNhXw5M0idGqXwnkk4YciSu7HZVZXBGu6ltsqpEbol16JSpX0kaOABn7U9OPRmJ0ghsDKkcOYWhZwEyTCcapTaCOeBzwhZtQbj6KKqBdov9FzMJJHBLjK6yl4HJSRxIoCWTVW0wCphVP9liHabIDVyJt-VRn6iwZ027DJ1OHby-p9ATZ3EHf25s9xaU30qfpgKI5Lt5clgyL41gGsVeLq5_1YBLB0rXStfLNAvkj3GsiVWtu8erILX-37X2-PzEXuF4VMR5xrb_Nqci5SW96jm5oymi4iUwgwkvBNdDUyZXMPq-j71BwV6lszxurPKU7PUo3rDoXfsHMmNgRbQoluuVT0XxDsFN174CPEwD0RH3IUHABh6GjP9_nnRSHUpopeJBFLoI0En89a1WFv8gXjBdDQ6DOhlROJOySj7z-RCi_gzTsNBy4GVJi23TfAz03Ifld4tR54jzwB2A08SKGTSA382XCepePx--JdsKtLFnwYZWwoQcLKMy031iLMXS7Qmnnaak-khcjKG4k1ILYR8CuG5uvgIm6UvTfeWYG37Qk0hIwjT8BH42WTf1vTnlXQA-IQ1HjMnxp4-nsKkxAmeqU82ve7GBLPQtWjKCua4yMuJayB2DZK1_-2oXheg_6dmw8uL5eAW2_RsYb0Exwy3cFu3EgbIayfWt37nmWq2NDEmDm8wtEqrAnlVB3lI&pr=8%3A642C3CDA14CBF680&cid=CAQSGwBygQiDKXNBz9QKUh-uW48Rk5UFtun5O5ucWBgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&ds=l&xdt=0&iif=1&cor=13576015438087410000&adk=724314706&idt=620&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

40d44b6cae4458b255046031b2b260654c4bb34901b2de542b22c7ecb337d7f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35380
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E821 0
0 167ms
167ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202304190101&jk=3842846794426725&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8141 663 B
297 B 218ms
217ms Document
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMr8ueYBMAE&v=APEucNUAYMA9ZgcKAU7HCzd2-J-4boQECJJVFjP84-pIgcgfAVWz0-Z0ojWyGRp52NmJiysHrAp5LUBxOQSgRVMMQ-p7OdaNqQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

962d6dea088b031cd44d33f937adb5ba241a9435aa32a8be667d57482b8bbe1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 234
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 25 Apr 2023 13:55:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E0B4 78 KB
27 KB 254ms
254ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:55:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E0B4 42 B
63 B 168ms
167ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A8HAlt6sMgC7hKxQ-pZYSBLI0jzO02l5BW8V57efpiGNGFM43k_lVnrHYo04kRxFRdrXcRihxnP1D20y3n6jJq1P7pnvm9g7pYbmW87-dCoxFQJg4

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E0B4 0
20 B 168ms
167ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4919490826750685453&x=8&ct=119

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4765c71f-58b8-4698-a246-56d1d1ff6307
beacon-fra2.rubiconproject.com/beacon/d/ Frame E0B4 43 B
75 B 163ms
133ms Image
image/avif 69.173.144.152
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-fra2.rubiconproject.com/beacon/d/4765c71f-58b8-4698-a246-56d1d1ff6307?oo=0&accountId=18812&siteId=468716&zoneId=2765554&sizeId=15&e=6A1E40E384DA563B3617196FD3E1DCE5A9E4671850E87A71AB31A7076C95A9162268C8C1A3FAA3D522DECD3A4449569C6D748C0D8D7FAA22FAEF1205A0757ECF919445E1DDDEA4B558F3483D31C5FB57CD559C8B88F7B0F5E1FA1B641BDA101E11BFA93E23EB2A14DDAE3CE022F331DE423840213391093238D01329CFE7876EA75BAB7B50C50C384B7130F5520553877C0FCB91877F63C1DFB689C0C053D46FBCF3BF111AEFEC540D9040E0B8E1152D9119632C0EE857F6535FAF19C84C12DE

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.173.144.152 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:18 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 adchoice_logo_15x15_v2.png
dsp-media.eskimi.com/upload/wl/eskimi/ Frame D901 360 B
832 B 146ms
145ms Image
image/png 169.150.247.33
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp-media.eskimi.com/upload/wl/eskimi/adchoice_logo_15x15_v2.png?_=2.1.0.8
Requested by: Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-247-33.datapacket.com
Software: BunnyCDN-DE1-1076 /
Resource Hash: 04dd17131968a07c34224fb2e34a25d3bdd06fed40c6025f20ecdfc9e6eff2a0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cdn-requestpullsuccess: True
date: Tue, 25 Apr 2023 13:55:19 GMT
cdn-edgestorageid: 1047
cdn-cachedat: 02/28/2023 09:40:28
cdn-pullzone: 692289
content-length: 360
last-modified: Tue, 28 Feb 2023 09:21:44 GMT
server: BunnyCDN-DE1-1076
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: "63fdc7a8-168"
content-type: image/png
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: ce2848ff-13c5-49e5-873d-af24ad423612
cache-control: public, max-age=31536000
cdn-requestid: 9dd0790b1b4cafd93ebc5c948f2e2d1e
accept-ranges: bytes
cdn-requestcountrycode: GE
cdn-status: 200
expires: Wed, 28 Feb 2024 09:40:28 GMT

GET
H2 200 utr.min.js Show response
dsp-media.eskimi.com/assets/js/e/ Frame D901 10 KB
5 KB 177ms
177ms Script
application/javascript 169.150.247.33
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://dsp-media.eskimi.com/assets/js/e/utr.min.js?vv=0&trv=0&fla=0&trve=0&src=utr&bId=1682430917768.2.g7GIesSgaSFjE9srfFOTIQ&baId=ead-d7c41aaa96e23dfef97de0d17a20ebf5&mr=0

Requested by

Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

unn-169-150-247-33.datapacket.com

Software

BunnyCDN-DE1-1076 /

Resource Hash

7f5feab8115fb17c8945b5b22a6382315c264a9878b2de8d1916013720e496ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Wed, 24 Apr 2024 13:55:19 GMT
date: Tue, 25 Apr 2023 13:55:19 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1049
cdn-cachedat: 04/25/2023 13:55:19
cdn-pullzone: 692289
last-modified: Thu, 01 Dec 2022 09:59:55 GMT
server: BunnyCDN-DE1-1076
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"63887b1b-29ad"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: MISS
cdn-uid: ce2848ff-13c5-49e5-873d-af24ad423612
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 167dfa923df2d5fdc7e7b78c2c7b218f
cdn-requestcountrycode: GE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 gtr.min.js Show response
dsp-media.eskimi.com/assets/js/e/ Frame D901 6 KB
3 KB 141ms
141ms Script
application/javascript 169.150.247.33
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://dsp-media.eskimi.com/assets/js/e/gtr.min.js?_=0.0.0.2

Requested by

Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

unn-169-150-247-33.datapacket.com

Software

BunnyCDN-DE1-1076 /

Resource Hash

c82c372cd5c4a3b46fddb13499d36d8818044e818b53a6794f340effeea5673a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Tue, 27 Feb 2024 09:17:18 GMT
date: Tue, 25 Apr 2023 13:55:19 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1082
cdn-cachedat: 02/27/2023 09:17:18
cdn-pullzone: 692289
last-modified: Fri, 24 Feb 2023 12:08:35 GMT
server: BunnyCDN-DE1-1076
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"63f8a8c3-19cc"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: ce2848ff-13c5-49e5-873d-af24ad423612
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: adb7677cfd48d93d0deeee5743f5945c
cdn-requestcountrycode: GE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
DATA 200
OK truncated
/ Frame D901 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4480fbc8fd7d5c211e97db310f84e93843634c965902c9e518680c6336cc1836

Request headers

accept-language: ka-GE,ka;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 25D1 106 KB
37 KB 408ms
133ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 09:27:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16086
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 09:27:13 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/ Frame 25D1 11 KB
4 KB 154ms
154ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BPsiJ0lfQvMZu-t5XcW791M1JUMmm_GDk5FaraDdsI32LafA1YlgvmsPptb-zcNN3RQxyag3x12-O_z92HIjcKfdOVSbktUdbApiF-6b7ZK7FRYAMKYlxuw59yCe04-kNGXYKGM-1had7yz9VWXUWJRV9X5mMzz_YTCYTPpaJRPeEtzd4&cry=1&dbm_d=AKAmf-BLy3IPFuLW5MKgwRadZeRKKBsfJnyxiLA3fsGFE18mL64Rg6Llu1vnAif8qnjuY4PK5PizrqgngUhMUGvvMEEIlugxp-hrf-tc9Y_cbA6lek93NGbXrg7XJ0KLP-oUf8MpJdZ5fsx8owW1p741XeMLjmPXFrYcRvQWnjbjeRCueQBxbbxkWgD7G5SxgrTIaAzUPaHwZ_LQYw9FakjPrCxwQ-duyWY-xtFKy1D-1JTn-P1r0XZ0cChSX6AmbRiDPhN9sGVFWuVE_V6snDs2ovfud2kJrurKglyv_euiyRxZHd7CZ5XuK2wXCelNxTd59x2ALv1yYa9NxqI6NEgsZ_PRgeYfGCZETxIUMVQeUqtpqMgKwmbUzAJ2ZFt3kHetdLXNq6_x_09usx2sv9ZFGLky3dZEmSyhcJyN9ooZ4pCYsZVS_MLkjo3-rRao1Ovme6N9esNiatcnh4qU-G2JOdDhCda6rw9Jfzs55aM_DWbNM1v0ly34paua__9pJ8U6VkSS-MjQNbs83oOWc56CqfqcVsuUqXzAzL5WaF_nKRWku36E5Qy0-MlVhwrWKGTNDWWoIp_BU01-cbtpJsIz4uYBiLF8JnOAVAdwdmqPJ-Yy3lNJy2GqfK25VUKTzfuEa7QCJZZVI1u77FyWspS294Cn4ryWqwsu24eiQSDCfzZZ8oBCRn7qMo2DzOmvG8ajORWvkBW7TJ-q0gEkVVnnu8hFlMdZWsTSe-QjBcOvQTCmq-1qI7U7H2TeBiP2B2pYMqieQj-h8rtJtzswtGQJfmpYrLLq2JBMPl0iJPGJByBmbCokWyUdHnu50lZw1_v25FC1jBVRJKgGMIZHa9RHLWjqPmxQL40dcJdKyTqBH37FuLaJ5nfILFaJJwMvOmGt2iWt4_2bN9PmZehSkIubLzjy24oIThOzR5lK1tbdDka-eQwm83kN3jUyasMbmcOkLvocNgFHbvX-vTx9oh8Sj2Ej7w84OeCzFieYzHJg33dshzhR7jC4kpjNZvzKHKZZ0TD0D9BOGO4_sYjhvihQriJDoRcANYm6K_EQYOaWcW7Go0QthB7e4aBDv1ORRKECCO9VuE4J_usIVa5_7HkiGcC4IAJPwcZ9BL6JigpP1w-85LuYO4mjkLAan3p3l_E_R7Hh-pxkJlLXZXg_C4w8W55p8OHBcL5rLrs9EincEWRDIcbNISqNDxiqRp7CkVtaMLq4xP_9Z94KS4bp1DBFc4Rsagd0MdMvdIR_1utWrUPnrgRzsDF_wtaxxil_XF5xmb-Lx7ICX2dyvtBLFZYqWT2MgeYrlEsnGvT23gLKmo2BJTMM06P2yxE7Jxa2HFOZpxXcZuP7cxJocsxOv6UG4SOBIb59t2QvD1CY5MB9bO1BKfqgHCRK2wUZhCaHreiEfnxsr8cpNDlTjJzfy6nEVdMdXNhoMyv4c-WNJqEJUMGS2JTPiuOS1HoZOzlbUMDdtTcvzyQkWcdsUG0hOrjB9aChreraB6wcnibri-FQVRy7jEaeb-hj2OrVO7uh__fj0kRRT71nayexcyAg-Cxk4HPYl2e-ZjxDnPN3E-xFZi-VHRzQzkuzUOcghXpM6WikMwHe1_JkmtiZAxmDLE3dVRPz5ofJpEU60jLUsvaLJcsKCzPozwvz4HNjGO3pm6DMbXewYWK-syd3VF9Hmw1u8QNE9apT_g0ev2ahSyxG1AIhDn209HKBPnARUOxoeINYX1uG6rOR8xRLfvMGEzBfowjNaMJ-oRvhv5CT_wCPdLdOoxMTvnmNeullE3VJNiCsde7ibiyXmmxCzf3qqYjRowjed4Bq_rhZ39_sjNXAx-MvmEGMEe9JNXC8sU2-ntoXxalT5E9CugC51GGOYkR3Jsh6p9YN7EH4GTo3YmDyxayF1qcXzykVCRD0YJAa7QqBrxcY1op2xLsiGQoycUSA_aPCH6xZjJ5wHF4XFNW1gMcGOboYLJFRgLrwr7Rk-KSumZ00shfuT3-cyR0uagdseWH1ih5vFyypfX9Nzki82Ki5PuK0td1TumYOXTf0fI14nXOd-YQATuCNlf2jtkWpXYyHgZkmzK1QQOGlkBdMNmqT78k0fSZkUfHQb9oOavr3V-IkerAgzYwhR84aBh9eO9_Bjsga1i-Eqo-o_GEh2NB-Lt4aEc1r2IyvwkVzAv1dZfBwOFJY7waf1mvmhL-kmFJ3NWdQSznb8cVeMjGTexg-cQqnrBOxDBcmhbdWCk53uP4LqjDbeYki7drLYPwrm0tyrKcvRix54fWCJ2cwkJwAdAqEm1nQ2M6Mq68B8_IP5GLBrB_EIBu6AxUbpTxieXYS9ZF-T3NUE4e29c8zuqO9bDrNW6CW3qXh3octt3D0xtCxyk9mH37qTBgoxZRB5HCPdRozBL_xThw_-uSuU626gb4HcCS9VJUxpYvbP7esfZa6XPPs8WyuAYwuW7FwbZpVK_Xte-WVX3swBvp66CVFdskAN4if9rVtphXF8VyJjK-bcnfJVhWaH5uFDDwu-T8K75ZOBejH8emYmVJlmH-bxncD5Wi-1Guk9IyWnhqPpbjVvHGOTYzZiuc1BP1CrwyQkcZYi3zfbEaIGPKqyCQkoW-KpM1w6xSW7nXbDeKZNEl6O-KrNka8k0uNQ7F1kun0VWr1aobcoWrf13WN0qoWdlEN_YldCC5_CnIrElo7iLGtQs9_cVgNlXF3CcYlK1KrQjV1zfa8A7fdbEUQRP5NVJbAVVrCe9mvHDDQ98VVNg3IkM1TvjJdyRNEQeZczwTNFXo97ov4DmHHMjvkPx-ABb2HxyTH8wnZNI58ZP7ZYvpMWr23mOlh3Tm2G5lsV3yhs98rM9LMrD_bJ_yy-bOfP-6y72aEgpASnAf-l2p4Ov9wGhcbGG3OIKuhiR_okTRxiywIJifVk7pvNmhdx8jlyIDq53ME74Y5Cq0MQkrhMsondH8wCmosOnB6sPhv3GiJHFotxS8TB5Pl2AoeDIn_Qaej42z10vrRGj4sNaOtkjbOFkE47uvEltDJNEPLMH63vWjH42jri1z24wAaZ7yu8yKeROKyDG4pQaLcyZ1gi_aW6qZyrYAxGFA_t6SCU8TScD656V_xc0RIfOFThKW8IWbA2LVd8pVJ6MnohMxTRLGMdP_fRqqyAc6EkzxbzI584Jd5Bfcq6V-jgWP9WMLUu5gtYFEcg3sNoaGzJ0QECFPUH4Q7-XLFfjDUI_4O4ub8mjRnmQwqGRTmNTi3FWtJ45-sfxTjccpVJ2L_CQcB3hWKu6mSqJvHn2sT4XlRVRNEv7AaURhgoleag6AmGL1aaQl1mtgkW9YMoKVUHxINMdGjQQjtcLqG46S5VuZNi7pMnz0FwYUYg6FCdz20fHe4lhMteBn_SQjiUaZP3rPmVfdknvVuoZcQHkG_u8h3t4_qAe3-xxqGbIh2jNlxvdheXFNmfk1dYcPeVT6H6SWIpSJu4ieZ53MpxeF-e0P1G5xicigwK6E46D1RXbynd5NmcN6_Xo4yYdelwaNfX8TQDCoovRBMYm8nNdUJUAHnPv9WObs0QOyzZbikEHgDGgsx9dykVwM_uMJJyQRTL0JKYHwS-tYZ3lffs-iBI72gle0pvAgDv_ds4xoglI4gJP8Sna9Oga4&pr=8%3ADF1773F7F5843031&cid=CAQSGwBygQiDOO5CA50q-LX8guql3YXrb5btD-cImxgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&ds=l&xdt=0&iif=1&cor=14227305223910582000&adk=1814326990&idt=533&cac=0&dtd=12

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 16:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76946
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 08 May 2023 16:32:53 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/ Frame 25D1 28 KB
11 KB 136ms
136ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 09:25:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10768
x-xss-protection: 0
server: cafe
etag: 11141491900784070631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 09:25:08 GMT

GET
H2 200 gtr Show response
dsp-ap.eskimi.com/v2/ Frame D901 830 B
1 KB 433ms
144ms XHR
application/json 35.186.201.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dsp-ap.eskimi.com/v2/gtr?&t=1682430919093
Requested by: Host: dsp-media.eskimi.com
URL: https://dsp-media.eskimi.com/assets/js/e/gtr.min.js?_=0.0.0.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.201.99 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 99.201.186.35.bc.googleusercontent.com
Software: /
Resource Hash: ff28f21e35b9908ce885d423da61e8eba592786496bde7ef9f72da1eb4a21826

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
date: Tue, 25 Apr 2023 13:55:19 GMT
cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

GET
H2 200 trv
dsp-trk.eskimi.com/ Frame D901 43 B
99 B 140ms
140ms Image
image/gif 34.120.139.69
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp-trk.eskimi.com/trv?bId=1682430917768.2.g7GIesSgaSFjE9srfFOTIQ&trve=0&trv=0&src=utr&_=1682430919129
Requested by: Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.139.69 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 69.139.120.34.bc.googleusercontent.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 trv
dsp-trk.eskimi.com/ Frame D901 43 B
99 B 140ms
140ms Image
image/gif 34.120.139.69
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp-trk.eskimi.com/trv?bId=1682430917768.2.g7GIesSgaSFjE9srfFOTIQ&trve=1&trv=0&src=utr&_=1682430919129
Requested by: Host: f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
URL: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.139.69 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 69.139.120.34.bc.googleusercontent.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:18 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 677E 106 KB
37 KB 484ms
274ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 09:27:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16086
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 09:27:13 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/ Frame 677E 11 KB
4 KB 133ms
133ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CRhscn4tDzwOr2gQpHJ_XbYIwTAhyH03WwLXvOvLLQI-X7yVyj37ScxhJG7lsaqM12ERQ8M4dz_MY5OWP5m9jnnwhn3YhMrQL9wgWftkN1jFQimf1xBlqFbaaWGMyYlQXpYaoeMBKfg65CXSCStNSnJuItVXbL6OF77B8aF7oJOb5Xu1Q&cry=1&dbm_d=AKAmf-DQHVOCvIGGntoH5NuPWG0Qg078_ltX9iqLS0w3Ru6Ga8SaXMhHm2DambFt5qWcmY1WZDcVSz1SN0Bwo2vsI6LfaVUviR-LH5Sz-DTu5Iqb4QcoyWt-iYF4s6KXAotYuaGyiHQYAyRRM6niL04nPOrnFyf9Y_Nt7JnfI4KEs8M0viVv6c2e5s9r7mbRjqtDsLsFqb81WWXP1MpBySo9562lodMr7dLcIO_jmdB2jkSy9IXeuM4ik9bMo1WLr-obeSUpX1WHAfBHe0KEhsFhYNryq4M5x28fFjRKngbqJcecqQL5n4TgVFcV9CpxZmFRVdCzn-dN7FFeyFZzdZ-BQ282vIMCrjL3RBic4r-7E3wz6vQpzBVRxNpTKsFa_AOIuzUSm1i7n8deQS5_JwufSNdN4sHBBeLmh2iCBGVuyoO4RCPDBX8IFjz-GpfEV9lE_7H9qNBbBeJHHvf5rJfyxikiSNdl8W7fk2e6fKRJfh0rrbrkxRk9JHCLXvSbZ9SyPS8irlEZ1g8UO7HDRIXqQGpfls-OL1GT2lW0HKqFnORN6NZwkKzmd7k0epYSo3EVwXUIEXsZaTrcqVE9K_HAAA8sRDuQB3Yesi-QdSdhIjlSsVpoHTsIeY-TzEyxdADhQuVEUfkxnc8VcM1Nvz-PDkE3BzTBmVhYuZdQRzhyMp17trcCcR5HdUNsLjohRJO22O70VMWfs0FrM3W1T23NCmpb83Jx52m_K9WasKPzCP2oL4FdH37UL0QuriRyLeJbGJ2tIK9Q8T3IlHlE4xOkMQvHI2JYHn7GrjIv0HZr4Tvl3Spu8uHOinlJM-4nG7jhgWL5klBtt-QPg22_nEMCI8_02AQbXydTJe1eUfiC6mOUHVwfAjkE6lXBSO0Iv_ozGWVXULNv5PGRmBI2GsQ4S3j8Cey-SsUXWhXPjGIpQhXyo8qTzbSGsshFmBypwUyh3iGSZ2ytpa_HUv7MfD2v97FrM8krBozX1j4bq7vdlYSpyjSoGSbWhzi_3ZaBg9K-CurptfpIFUEyE6shgiqz2Rt5jNrKX6WA1rgykpoElq0Cwm6-fWgXaDfuIL5p1cnQHK2Vq3ZCbPKtYJCeDcS_ISUnzuAbM11g0OBucVnuBd-j9qGJhEqSjdtyLTYPukWEfux_q4yxjN1RoYoGVUraUCw8cJWat78rGZOJw5XOZyzhsjIq5IFbD7c3f0FTbhimoYh7c-FCpZTu-orZk7pO2HyO9dJOYofPcO3AKx5Ofpz7jaDxMBscR4kk4PxtsnJpt-Byie8C3eHDRfEmot60N5l3cdLXCW2FEh2zJ1pgOe1KrtBnTKV59_AUtFUdOYObaB533rS_mG4bDGH7TyS1dcM-k8JV4eplqGCSfcvNe6sMD9yOXLt_16d4BrJVSUh5jxQDvo6KQLW2mIsSKJIekjFbS7pHKY_5oiR7wubSlltGxPW_VC-fInGZaANi9h0ko2cX5NBMnudSj5TlvcQRALaCGR96cpUPBN1muyznx5u8pnhqsQ5llD4ZPn_GymWcif-LH9PBsxYl0QalqZNBJFzMvhwQJJUi5mZchlT8LWLh0PPK1RnRRgA50CkjK1ZZ5FcE5Qui5ihHfIKjID7nlbWjBY3eCzS6tCM2cr0akCy3eLccwSBvw-9V0IoQFGD6dYJojqHY4rkgBHOLekmVEX-nXd-GDDjAxpdsXz-bpSQCkZwKEerm_Oh-sSyTuWaS3DpTewDrlzH4071_pQgDf6mI5_o7-YFxFUvD9BhhIK7JC8nI5LtDTAO68xMN0uGUqWaRuIfgN1rDwYYvprxZuCjiyqJIUw23ezqmOUHm_bRCYV02TBdz1vTgsnjODbJuSbKOJZmbxcR9qHCsfVLLzJiU7Pv2MQRlBZJ83eDEVnmu0sO9W6lg3F4b0-MMZevNlH9nYx6rumuxt4D4N4CRMO3rEq4-BXkwvUEJ5PDT2XkZHSX3-Akn7k_GQb9X0y46h5jDtGpehE1tXCyeFdhCmtRJ1Tlb-dkaQwYBwVm5qPqZyNYGlsCg8GsJR_9mHooMuKiZcShRgAL32ykHrJLuwwuKyZY7lgNxuCzr5ko50e7paGA6J4Kj-ccm5RbA1svqkFF-Z-Otd836q55LAoxCFzTnnWrhU_AGMJk2KrsAyaW93KPPVxSb3uhlE7CDMnNHF-uOKvMiXRN7QCokrDijmi-BmhsEgXM9zd4qbapJJgccj68zweIsM9yY-Zi0t9xUw-zMbSnN0nDiAjaNB3k_AqkyYx5PRs6rHNkqxoaNm9YeZF8zm5FcvIsLgAz53i6P6j_Vlc3Ag0Hhl3Ef2JFvzE48iOj0h_gsPbBdT-KyJvVkikjBXv6sVLnBiiYSnz5L913z7HaXTfVK1w8z0X2U6LwbpS0-lwvhT-Xr74fNhx-gibb9qKNLLflQZeORlorFbC35oevky423l3Mpu_ttlDYE3y2_dzaE8EIRsbbSQKhyvskGz9kMOuGp-YUD__EuzhtCb_W8RpETceTHuPkHafMyP_W0rUP8eCA07jm785-BXfs-Kkw8ZU-iYzjfnP5oM-Wo0ZfR8_XTIFqBYu15WTkHinF-JPqVPMUbUMAh_lsCakGusEdB_lNhXw5M0idGqXwnkk4YciSu7HZVZXBGu6ltsqpEbol16JSpX0kaOABn7U9OPRmJ0ghsDKkcOYWhZwEyTCcapTaCOeBzwhZtQbj6KKqBdov9FzMJJHBLjK6yl4HJSRxIoCWTVW0wCphVP9liHabIDVyJt-VRn6iwZ027DJ1OHby-p9ATZ3EHf25s9xaU30qfpgKI5Lt5clgyL41gGsVeLq5_1YBLB0rXStfLNAvkj3GsiVWtu8erILX-37X2-PzEXuF4VMR5xrb_Nqci5SW96jm5oymi4iUwgwkvBNdDUyZXMPq-j71BwV6lszxurPKU7PUo3rDoXfsHMmNgRbQoluuVT0XxDsFN174CPEwD0RH3IUHABh6GjP9_nnRSHUpopeJBFLoI0En89a1WFv8gXjBdDQ6DOhlROJOySj7z-RCi_gzTsNBy4GVJi23TfAz03Ifld4tR54jzwB2A08SKGTSA382XCepePx--JdsKtLFnwYZWwoQcLKMy031iLMXS7Qmnnaak-khcjKG4k1ILYR8CuG5uvgIm6UvTfeWYG37Qk0hIwjT8BH42WTf1vTnlXQA-IQ1HjMnxp4-nsKkxAmeqU82ve7GBLPQtWjKCua4yMuJayB2DZK1_-2oXheg_6dmw8uL5eAW2_RsYb0Exwy3cFu3EgbIayfWt37nmWq2NDEmDm8wtEqrAnlVB3lI&pr=8%3A642C3CDA14CBF680&cid=CAQSGwBygQiDKXNBz9QKUh-uW48Rk5UFtun5O5ucWBgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&ds=l&xdt=0&iif=1&cor=13576015438087410000&adk=724314706&idt=620&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 16:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76946
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 08 May 2023 16:32:53 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/ Frame 677E 28 KB
11 KB 136ms
136ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 09:25:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10768
x-xss-protection: 0
server: cafe
etag: 11141491900784070631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 09:25:08 GMT

GET
H2

200

cs
cs.lkqd.net/ Frame 8141
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESECNeGUhbCTRB4EloewhHQhA&google_cver=1

43 B
535 B

219ms
219ms

Image
image/gif

146.20.128.131
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESECNeGUhbCTRB4EloewhHQhA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMr8ueYBMAE&v=APEucNUAYMA9ZgcKAU7HCzd2-J-4boQECJJVFjP84-pIgcgfAVWz0-Z0ojWyGRp52NmJiysHrAp5LUBxOQSgRVMMQ-p7OdaNqQ
Protocol: H2
Server: 146.20.128.131 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:19 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESECNeGUhbCTRB4EloewhHQhA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 296
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8141
Redirect Chain

https://cs.lkqd.net/cs?partnerId=59&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dlkqd_dbm%26google_hm%3D%24%24rawlkqduserid%7Cbase64%24%24
https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=eXRSRWo1TmliZEE

170 B
232 B

158ms
158ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=eXRSRWo1TmliZEE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMr8ueYBMAE&v=APEucNUAYMA9ZgcKAU7HCzd2-J-4boQECJJVFjP84-pIgcgfAVWz0-Z0ojWyGRp52NmJiysHrAp5LUBxOQSgRVMMQ-p7OdaNqQ

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 25 Apr 2023 13:55:19 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_hm=eXRSRWo1TmliZEE
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8141
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1

43 B
632 B

308ms
130ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMr8ueYBMAE&v=APEucNUAYMA9ZgcKAU7HCzd2-J-4boQECJJVFjP84-pIgcgfAVWz0-Z0ojWyGRp52NmJiysHrAp5LUBxOQSgRVMMQ-p7OdaNqQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8141
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEfbx35ojPVbcjqy-1Xq4gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1

43 B
766 B

130ms
130ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6TkZIDEPqn8pQDGMr8ueYBMAE&v=APEucNUAYMA9ZgcKAU7HCzd2-J-4boQECJJVFjP84-pIgcgfAVWz0-Z0ojWyGRp52NmJiysHrAp5LUBxOQSgRVMMQ-p7OdaNqQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9g9XUKYerwcx7EiNStQhU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E0B4 0
20 B 167ms
167ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6062371915745&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E0B4 0
20 B 167ms
166ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6062371915745&version=m202301230201&ct=119&x=8&cor=4919490826750685000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E0B4 83 KB
35 KB 173ms
173ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DHYsa-Qod0VcLzIOHSK-TfOSwQ5fevhc5gSELubricCs5FOkhlvuW3ClqLiSpVIela1_MatfDnneeWxsLvVWfxFDVWaha-W9ZXVd8DIIrcq5Vcy8zI_kFtdjCzh3rL8_lgk8AOGwkyYl9j5Wej-avTUm7fYVawjADpM_XmrVreO9gc_4U&cry=1&dbm_d=AKAmf-BRXAosMo24IsBwrBDjylcXQ8V0RSkPtdEdscDx816REoQEL57qCmM0_1Om7fdvG8MgRGOMXXsA6yqXCCCAfbrEHfCuTbd1y8pBXPMDgGDsq5dJSvRnbs3PouPBC_PK8kJfRGiW8TUcHiawXZXCF9dg4XS9qHPw2XmX_aiR3MEABDy_IAy032p6GF0Kni3rjTtLdLr2Yes9dRrgMjqbxa5MVqE6jPTkhu-1HtIZxEM3-93QDeVV_-Pe0iolqPJvAkoKYItKjmakf1huaNsLJIZYLNLrA8A8OpTx2xmUZX7r-VaNWbQMeZ1jAhmeiM-3Ks9bO9OGFTCg4bVGKQPASscZXfoz06j3xHrN55gB3Ss2ksCyGRdMg4wGg7C3-6VRFaI6SrfMYdmzj-oPpWQhtrwxgavPdu_qoxzZogShkKnOW7lG-XgwcF2YyU1tYbLE3pSezgZolew4Cunjwaxu4T07SmNPsdtYLHr7cGIsufVsuFxthS94nmAHCysssrztLgCWRn2vW_h_24YfTKSdZQuh2aqn-aRNEdL3KM4tmNhRmCB2V0SpLSb27uMaCYJ6lOSAtW6YI6LUCFfYlNvjwaw6KJgmuOEuYwUu9sI7zjTTIM9-nGu7dEM3w0YBfDkuRJtQCmkkpnNoPTGoWib68fc3VCOxTso7wB_a5ZTiVnDOPm8LALPi7notmEav_JBywWWUQ9KBDbElXHeqRuLQaCwCQ_aes_ye-fZ8R8xLSpUQ0OKjB1T4AKNaJGUSerFaXOguWwVbLp35rRPBD0JJjJIipQdkaRmXFqcDbSqBeJoymTNORgzqyDcI6NuOLJkdIOhFADAxd7AWaiV_QVJRCeF26SpPKXdzdB5qgZkb1ZyvtrsACILpQo6RyXBQAV0ImV7rR8oYRDGITfHlIAqIxbmEaFPZLmkhMpprjKGVYOLVjhqdfTDg0bGAePbrbaGziPNlyymVZU1VN2KojF8SjqzXvg0AHi1eUMU3xa4ruIWDmL7trYkk-n6no-vTmK8SAXF_vgALURGuXoh0YNqc-cgKrc7Eu0FhDt3Z9YtxLH1u5uQoHofx1n_FOXNeD457D5W9ITPyGI_AZhTpbJmXETD2KwMgFuvLKZnlFJ3ZGgxG6d9LalekMgu3rBt0Azrw8Q7EJoMJPtk0LUVjcdPXEUNkrLpE6wTwsDWYKjcdhuCu-42BFmWGSV3pFoopMYQwhYeJLP2r9Hw8ASVUvIB47iFqKvbceeB8m8Hmxh36pN68-0TY5yiCYrW52uEorNU8h05Zy7f_IOUdPB7G64sI9ESioMOoBsqvSYX1Ulc-CDPvI4TGlsZ-EWFDG4T5V33I2bkn_C0iAHY7u88ivY_6Cxfksytf5x7JDM8WgklmQ2JUr4XsYnWSGntkDdw3felh6LwOwcEBjaou0Bp15zkLCyiNahpZSiq5bojOdxVZiigAVokO7Zk2xg5UO1b0PZBi9-r7hGgXD8KxlcmWKP8xwp39R18a4scXJHpRHze_rAe1EdVP04H6MqBAVrwuq5KAD8nSwo1S59ME8S4NloNkbNEaC915hlRDc9ZXnan-r4WrHYKkei7gmM4sTPXmDioSBs0rA6k-7n7eJe3l_7c-thSOv00BuqO4-eFPrTGNElLI31f74ssJ-VsLvvpW82Sai7YfDlMUsy5NdY1wgEj1VBOAqusAHeH8cMVcqTN-YVraFfY7QkypD2LITEXAT3-aCw1DtZHCCmF3veholktRQQWcrJn7LXWn9GH81d9AFOHJnxQbl1YzV4fi9xKxoAIt785Yj4rdkHX3ZI-YtjcaT2dRfEZWWpQ4CHoJBzyhzfUw0GUXWqzV4EBOcNC-bj1mJIh2k7qd8ANdwLxFhNiV7uFZNmOLwQ_ndvjzNVtNIb9MUCkJltX6m-4EUsWSHq0ntaKRvJi5wOmkw6p32FkpR_Dm96_S_c5QUUK94tmCoLyt2WfPdeVejYuDfcBr5wT7DR_otMQCJpgHh1CRcs12xU7an5spgQ1cjsTh80aD5e1ETqJh5Yew1ALCEMQxTXKpwg3ts1Qk0ulIH7uq1QU45pVDm6ZdDGfd_FiGPnZmwUko59PUFLlCNUvIerDgmzZwTtEIdBIsh7FC9UdG5pal_HCnNw-C4BisdiNuHtdVhoXqBji5_4lIAyR7IDg4qhsY-JMr5OyFoM3siQFU-Ajizqw21M6bdlaGQMzVPTLvlns_RkCRFOnx_sDpa42PbULhZUNnmiyf3d0IaIHA3Oo-lEVSbLunegpjSUQSJ-vi9U8EyXWWtzS5HBFcNKYL5pF9QG91rJGyToVwWVNnor9158Og-JY8e9qmobQyJK-185XzNc5tH7tQ5JPM_c6p_spWjMWLh2iHE9rLDXytkOZ5BdPg0h1meuhNYbrnAFIJGkGvElND77gTbZEPVRztKTKWrmXFT94XkoN9zIGGycHG_O_-jVkZ_CmixdCXSnth14xXME1ce1G8H_zhhyzon9UOKF4M004RLGdCpbWb7dlT4P69_UfCk1bzkLXwh3XzlItl8axau--_OQ2niTc56mrV-iL-6xglVMs3eHBGd_wyBf1kjz1ka3URS6DeF2TfKqvHpcGtAPhh3MCTpWgIX2UmtRioDrJoic7ba7FzzpWg7q2NN8_X0wbd5A4Jb9efiaze3RG7w7rJLea-RA2rpAG3AszEZfXVQ24QFUH-zCsRJURK9Wbebtrsvpvcx-zu4XjWFBOTQ39lWZxQSoXB8lKUpYRfPXPUvfjOLhNsVnrZWP2PcKVe4kyZN7ewZpXmwwlgB7-LcNfA_Zv4aEa-xsTz8YDQtBt6GnF_-NlGwEI2Xb4BQCe05ubDj-6pZfJjWsUzINj0bPagIV9jIjdI1B4CvCIjzY_Kv-tFBz2eh1reRBsXFT3n0f7vtidHohrXJ-GUdrGC0hluxgdmpOhbLtdtj90ERskqnuogVqQG-NMVX_3iQGPVY-UUy3w1yZ-d7aIF9MAhjieKADatEJfMOu2HX3S3nhpxRCW8VlFi4IAUsXJcFUtY-LmSd6t7WMcoxqaktT2XieCkK5q7vtxx21D9ZTAbL8qEbSgSlhfkRNjkYhyShUnUwoonEx39XXZZlflqgEO0Uf7RTEVgdq-uLQCUmG99OgfjmHoJuf1XHqdt5rKC8ZxvLhLRC4K0CEZdNr00GuP6yauvtbqQcbj_a1FfRfWo9Rk6wfevJACmjO_ErDMEIug04XGTGAuR7VR_1II2wj7WzVzYYdjvBtyAtYvaDHxfVhZQ_fZhqGTZebFQVYSyGPUVTxOJ_V6VQ0niFc27jCOlBatkyf9sqdVQcNIaTappLE1f3Yb1txP-0OyAuodjLaIhr7OP0Ld-Utnazxi9DpAA0PYew-lnOJZvzkESomVT81Wnr0-htcbGO1ajqhFVKn8KbBlbBvQWTBSmqPZXJfroDbnd0iAp5pfVy8RFzXLQCyZkU211bnNYRjwSVjg_koHdzVhDCjuxLyH7Wr-p1eW-FX_09_e6N_3D-ot-hoNOdIt1WlJJGKeKrPRpekKvxBhb6oBtgKI-Z9umOUGsCih5x4WXN_vpZv5lie8JNkDIoQQ9RPTtz6xU3TIjDdC9y82k2FexvxhvEcUP5_4wMm8VI7o&pr=8%3A87E7D1C587BC6B69&cid=CAQSGwBygQiDdeT8WxTPXONdLwxGYs3wuyfiBO2gvBgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&ds=l&xdt=0&iif=1&cor=4919490826750685000&adk=2545910003&idt=296&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

780317dd36b1a63f2f5db94f53ea70dad72fc8198944992a51aeaebe9d111349

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35609
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js Show response
pagead2.googlesyndication.com/bg/ Frame 0895 36 KB
14 KB 133ms
133ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

089573faad72e10708f3a9071a67b4e677bd61e26c8b7a67351057b4812bbbfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 08:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 106090
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14219
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Apr 2024 08:27:09 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 25D1 41 KB
15 KB 134ms
133ms Script
text/javascript 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f161.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 06:02:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287597
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 06:02:02 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 3AE4 281 B
554 B 413ms
136ms Document
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 Apr 2023 13:55:19 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 25D1 0
0 184ms
183ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssLsHx9YRRG-eWmi6O4ynaPzABxT1K4TCGY70QsAY_x9irTDmH2LCPGh9tAzx-bc9A4t1ul6UQGdifuLOaHehCz_bWZWEnGCXFH4YdhXC0g4rB91miseff1y3zSSQM0_RsNYq7tr1RtR6GkErdyVePNkCtft3zPwLaqBHxusW7hEK2C5RUi3F5n3laxDJsVpv4leQSSeC93besfvDXB3Awv17wlW3R8i4MYgjOMt2VxCrk1YVgSi4ffRrOLsPkik2nlw2rEIIaItpZJbOpzgn4LEPEK9UrqLsbegvSri4YrFAYXcD-CGcFccDZixUwKU5Ihhm5so65-vWS4-u9fkC-pfQKIJg&sai=AMfl-YTisaMZzDmYDrSRwaB6GzgRAIe3Qe0UZSy7AW8KanxqXa7HonSRyRi8nps0scx2hvQJzXuUnmdkLO9U73lpxoS-ceyCGcRUGEIt9VYJfmTGWPaLT7JDGU_BIClejUdHG046BvV6qeIB4r1wqMno&sig=Cg0ArKJSzIcUCU_4sVk-EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 25 Apr 2023 13:55:19 GMT

GET
DATA 200
OK truncated
/ Frame 25D1 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7e19b83e8b3b96c5ed11f6de41c27ee2fa7be145a4f48375ab0b5b4e286c1ea

Request headers

accept-language: ka-GE,ka;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 480x320_atlas_P_.png
dsp-media.eskimi.com/upload/rm/upload/1682077577/480x320/ Frame D901 17 KB
18 KB 167ms
167ms Image
image/png 169.150.247.33
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp-media.eskimi.com/upload/rm/upload/1682077577/480x320/480x320_atlas_P_.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-247-33.datapacket.com
Software: BunnyCDN-DE1-1076 /
Resource Hash: 9ae355ad4680f0aee5c40c3d88a81234057b95d87f2ee261d5d0f0d00c6fea46

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cdn-requestpullsuccess: True
date: Tue, 25 Apr 2023 13:55:19 GMT
cdn-edgestorageid: 1049
cdn-cachedat: 04/22/2023 13:52:15
cdn-pullzone: 692289
content-length: 17642
last-modified: Fri, 14 Apr 2023 08:53:38 GMT
server: BunnyCDN-DE1-1076
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: "64391492-44ea"
content-type: image/png
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: ce2848ff-13c5-49e5-873d-af24ad423612
cache-control: public, max-age=31536000
cdn-requestid: 62dee08459549618779fe433ddf79458
accept-ranges: bytes
cdn-requestcountrycode: GE
cdn-status: 200
expires: Sun, 21 Apr 2024 13:52:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 677E 41 KB
15 KB 138ms
138ms Script
text/javascript 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f161.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 06:02:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287597
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 06:02:02 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 64A5 281 B
554 B 400ms
133ms Document
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 Apr 2023 13:55:19 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 677E 0
0 178ms
178ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuufmKeZoNNYgljlrDFe9R5AYIfqoQM_OtwXpkBM3V5Oy_mOQYno60EJGG9eXneqdTDFaUCEg3d-8ashgbLknWsdTMaYAW16ZXsV227dBnMuEVvqq-r4InjZEcGPlqUbkvlBNHvj-zkyvD-s09HTFysF5f5YPA_JgcK4uJRXtFwNPVM4KokYxhDBzUe_L57A2XJ19QKVflNlNQL27eMO2dODHZRpUYCPSRPxC2sGU7y5lhUI_ghnn-9r5o87uGCvqbznNctIjkS_RfIqdItxyJhgRaZyMwgQdnUC1h2TMSalLlQ8vLAhmv2YfWOk3vEvyj6Y0Ma8fmYbUraRpimTwhL&sai=AMfl-YT6X43XYHUxnvU2mU6ldSCM9YWE42xOh8SL4Enwp1n7cVnDkJ0wJeHcvjx5iiW58AWfHPOapgAVTI_Y4lh7idf40Cgj9LO933KO-hxTmCs6l9LqJ9zqoAtYiioD8ErHkldWwtuWRHwS7w9JglpF&sig=Cg0ArKJSzD-jUR7toEAnEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 25 Apr 2023 13:55:19 GMT

GET
DATA 200
OK truncated
/ Frame 677E 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 03182c0784cdb86baad1ec7858096661200fb81b2bf08457d77106e852eb8744

Request headers

accept-language: ka-GE,ka;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 2EF3 15 KB
6 KB 425ms
141ms Document
text/html 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=pastelink.net

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3014acc16bf3744b41bb869785bf686290d9834a5e6f69d4583c4e39fca26bff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 25 Apr 2023 13:55:19 GMT
server: Kestrel
server-processing-duration-in-ticks: 351370
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.135.js Show response
static.criteo.net/js/ld/ 89 KB
29 KB 857ms
578ms XHR
text/javascript 178.250.7.2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.135.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

08882d31df95daace0c23f1108f3e11fc53ef17334df446f3e3cb395c597c955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:20 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 06 Apr 2023 09:15:34 GMT
server: nginx
etag: W/"642e8db6-1638a"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 26 Apr 2023 13:55:20 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9CCC 22 KB
8 KB 134ms
133ms Document
text/html 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f161.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
age: 227648
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 22:41:11 GMT
expires: Sun, 21 Apr 2024 22:41:11 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 480x320_atlas_NP_.jpg
dsp-media.eskimi.com/upload/rm/upload/1682077577/480x320/ Frame D901 10 KB
10 KB 158ms
157ms Image
image/jpeg 169.150.247.33
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dsp-media.eskimi.com/upload/rm/upload/1682077577/480x320/480x320_atlas_NP_.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.247.33 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

unn-169-150-247-33.datapacket.com

Software

BunnyCDN-DE1-1076 /

Resource Hash

9a748f6285b70486fd706549f680c706e840ff7affdb2ba5aa9e556c6da16ec6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cdn-requestpullsuccess: True
date: Tue, 25 Apr 2023 13:55:19 GMT
x-content-type-options: nosniff
cdn-edgestorageid: 860
cdn-cachedat: 04/22/2023 13:52:15
cdn-pullzone: 692289
content-length: 10232
last-modified: Fri, 14 Apr 2023 08:53:38 GMT
server: BunnyCDN-DE1-1076
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: "64391492-27f8"
content-type: image/jpeg
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: ce2848ff-13c5-49e5-873d-af24ad423612
cache-control: public, max-age=31536000
cdn-requestid: ee9f0e066137bd922b8a5059ba0091bc
accept-ranges: bytes
cdn-requestcountrycode: GE
cdn-status: 200
expires: Sun, 21 Apr 2024 13:52:15 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0895 0
10 B 133ms
133ms Image
text/plain 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ksGwQA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.58.212.161 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f161.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:19 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 546F 22 KB
8 KB 133ms
133ms Document
text/html 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f161.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
age: 227648
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 22:41:11 GMT
expires: Sun, 21 Apr 2024 22:41:11 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame E0B4 106 KB
37 KB 197ms
196ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Origin: https://pastelink.net
accept-language: ka-GE,ka;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 09:27:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16086
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 09:27:13 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/ Frame E0B4 11 KB
4 KB 133ms
133ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DHYsa-Qod0VcLzIOHSK-TfOSwQ5fevhc5gSELubricCs5FOkhlvuW3ClqLiSpVIela1_MatfDnneeWxsLvVWfxFDVWaha-W9ZXVd8DIIrcq5Vcy8zI_kFtdjCzh3rL8_lgk8AOGwkyYl9j5Wej-avTUm7fYVawjADpM_XmrVreO9gc_4U&cry=1&dbm_d=AKAmf-BRXAosMo24IsBwrBDjylcXQ8V0RSkPtdEdscDx816REoQEL57qCmM0_1Om7fdvG8MgRGOMXXsA6yqXCCCAfbrEHfCuTbd1y8pBXPMDgGDsq5dJSvRnbs3PouPBC_PK8kJfRGiW8TUcHiawXZXCF9dg4XS9qHPw2XmX_aiR3MEABDy_IAy032p6GF0Kni3rjTtLdLr2Yes9dRrgMjqbxa5MVqE6jPTkhu-1HtIZxEM3-93QDeVV_-Pe0iolqPJvAkoKYItKjmakf1huaNsLJIZYLNLrA8A8OpTx2xmUZX7r-VaNWbQMeZ1jAhmeiM-3Ks9bO9OGFTCg4bVGKQPASscZXfoz06j3xHrN55gB3Ss2ksCyGRdMg4wGg7C3-6VRFaI6SrfMYdmzj-oPpWQhtrwxgavPdu_qoxzZogShkKnOW7lG-XgwcF2YyU1tYbLE3pSezgZolew4Cunjwaxu4T07SmNPsdtYLHr7cGIsufVsuFxthS94nmAHCysssrztLgCWRn2vW_h_24YfTKSdZQuh2aqn-aRNEdL3KM4tmNhRmCB2V0SpLSb27uMaCYJ6lOSAtW6YI6LUCFfYlNvjwaw6KJgmuOEuYwUu9sI7zjTTIM9-nGu7dEM3w0YBfDkuRJtQCmkkpnNoPTGoWib68fc3VCOxTso7wB_a5ZTiVnDOPm8LALPi7notmEav_JBywWWUQ9KBDbElXHeqRuLQaCwCQ_aes_ye-fZ8R8xLSpUQ0OKjB1T4AKNaJGUSerFaXOguWwVbLp35rRPBD0JJjJIipQdkaRmXFqcDbSqBeJoymTNORgzqyDcI6NuOLJkdIOhFADAxd7AWaiV_QVJRCeF26SpPKXdzdB5qgZkb1ZyvtrsACILpQo6RyXBQAV0ImV7rR8oYRDGITfHlIAqIxbmEaFPZLmkhMpprjKGVYOLVjhqdfTDg0bGAePbrbaGziPNlyymVZU1VN2KojF8SjqzXvg0AHi1eUMU3xa4ruIWDmL7trYkk-n6no-vTmK8SAXF_vgALURGuXoh0YNqc-cgKrc7Eu0FhDt3Z9YtxLH1u5uQoHofx1n_FOXNeD457D5W9ITPyGI_AZhTpbJmXETD2KwMgFuvLKZnlFJ3ZGgxG6d9LalekMgu3rBt0Azrw8Q7EJoMJPtk0LUVjcdPXEUNkrLpE6wTwsDWYKjcdhuCu-42BFmWGSV3pFoopMYQwhYeJLP2r9Hw8ASVUvIB47iFqKvbceeB8m8Hmxh36pN68-0TY5yiCYrW52uEorNU8h05Zy7f_IOUdPB7G64sI9ESioMOoBsqvSYX1Ulc-CDPvI4TGlsZ-EWFDG4T5V33I2bkn_C0iAHY7u88ivY_6Cxfksytf5x7JDM8WgklmQ2JUr4XsYnWSGntkDdw3felh6LwOwcEBjaou0Bp15zkLCyiNahpZSiq5bojOdxVZiigAVokO7Zk2xg5UO1b0PZBi9-r7hGgXD8KxlcmWKP8xwp39R18a4scXJHpRHze_rAe1EdVP04H6MqBAVrwuq5KAD8nSwo1S59ME8S4NloNkbNEaC915hlRDc9ZXnan-r4WrHYKkei7gmM4sTPXmDioSBs0rA6k-7n7eJe3l_7c-thSOv00BuqO4-eFPrTGNElLI31f74ssJ-VsLvvpW82Sai7YfDlMUsy5NdY1wgEj1VBOAqusAHeH8cMVcqTN-YVraFfY7QkypD2LITEXAT3-aCw1DtZHCCmF3veholktRQQWcrJn7LXWn9GH81d9AFOHJnxQbl1YzV4fi9xKxoAIt785Yj4rdkHX3ZI-YtjcaT2dRfEZWWpQ4CHoJBzyhzfUw0GUXWqzV4EBOcNC-bj1mJIh2k7qd8ANdwLxFhNiV7uFZNmOLwQ_ndvjzNVtNIb9MUCkJltX6m-4EUsWSHq0ntaKRvJi5wOmkw6p32FkpR_Dm96_S_c5QUUK94tmCoLyt2WfPdeVejYuDfcBr5wT7DR_otMQCJpgHh1CRcs12xU7an5spgQ1cjsTh80aD5e1ETqJh5Yew1ALCEMQxTXKpwg3ts1Qk0ulIH7uq1QU45pVDm6ZdDGfd_FiGPnZmwUko59PUFLlCNUvIerDgmzZwTtEIdBIsh7FC9UdG5pal_HCnNw-C4BisdiNuHtdVhoXqBji5_4lIAyR7IDg4qhsY-JMr5OyFoM3siQFU-Ajizqw21M6bdlaGQMzVPTLvlns_RkCRFOnx_sDpa42PbULhZUNnmiyf3d0IaIHA3Oo-lEVSbLunegpjSUQSJ-vi9U8EyXWWtzS5HBFcNKYL5pF9QG91rJGyToVwWVNnor9158Og-JY8e9qmobQyJK-185XzNc5tH7tQ5JPM_c6p_spWjMWLh2iHE9rLDXytkOZ5BdPg0h1meuhNYbrnAFIJGkGvElND77gTbZEPVRztKTKWrmXFT94XkoN9zIGGycHG_O_-jVkZ_CmixdCXSnth14xXME1ce1G8H_zhhyzon9UOKF4M004RLGdCpbWb7dlT4P69_UfCk1bzkLXwh3XzlItl8axau--_OQ2niTc56mrV-iL-6xglVMs3eHBGd_wyBf1kjz1ka3URS6DeF2TfKqvHpcGtAPhh3MCTpWgIX2UmtRioDrJoic7ba7FzzpWg7q2NN8_X0wbd5A4Jb9efiaze3RG7w7rJLea-RA2rpAG3AszEZfXVQ24QFUH-zCsRJURK9Wbebtrsvpvcx-zu4XjWFBOTQ39lWZxQSoXB8lKUpYRfPXPUvfjOLhNsVnrZWP2PcKVe4kyZN7ewZpXmwwlgB7-LcNfA_Zv4aEa-xsTz8YDQtBt6GnF_-NlGwEI2Xb4BQCe05ubDj-6pZfJjWsUzINj0bPagIV9jIjdI1B4CvCIjzY_Kv-tFBz2eh1reRBsXFT3n0f7vtidHohrXJ-GUdrGC0hluxgdmpOhbLtdtj90ERskqnuogVqQG-NMVX_3iQGPVY-UUy3w1yZ-d7aIF9MAhjieKADatEJfMOu2HX3S3nhpxRCW8VlFi4IAUsXJcFUtY-LmSd6t7WMcoxqaktT2XieCkK5q7vtxx21D9ZTAbL8qEbSgSlhfkRNjkYhyShUnUwoonEx39XXZZlflqgEO0Uf7RTEVgdq-uLQCUmG99OgfjmHoJuf1XHqdt5rKC8ZxvLhLRC4K0CEZdNr00GuP6yauvtbqQcbj_a1FfRfWo9Rk6wfevJACmjO_ErDMEIug04XGTGAuR7VR_1II2wj7WzVzYYdjvBtyAtYvaDHxfVhZQ_fZhqGTZebFQVYSyGPUVTxOJ_V6VQ0niFc27jCOlBatkyf9sqdVQcNIaTappLE1f3Yb1txP-0OyAuodjLaIhr7OP0Ld-Utnazxi9DpAA0PYew-lnOJZvzkESomVT81Wnr0-htcbGO1ajqhFVKn8KbBlbBvQWTBSmqPZXJfroDbnd0iAp5pfVy8RFzXLQCyZkU211bnNYRjwSVjg_koHdzVhDCjuxLyH7Wr-p1eW-FX_09_e6N_3D-ot-hoNOdIt1WlJJGKeKrPRpekKvxBhb6oBtgKI-Z9umOUGsCih5x4WXN_vpZv5lie8JNkDIoQQ9RPTtz6xU3TIjDdC9y82k2FexvxhvEcUP5_4wMm8VI7o&pr=8%3A87E7D1C587BC6B69&cid=CAQSGwBygQiDdeT8WxTPXONdLwxGYs3wuyfiBO2gvBgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpastelink.net%2F0hjg5kw0&ds=l&xdt=0&iif=1&cor=4919490826750685000&adk=2545910003&idt=296&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 16:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76946
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 08 May 2023 16:32:53 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/ Frame E0B4 28 KB
11 KB 133ms
133ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230420/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 09:25:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10768
x-xss-protection: 0
server: cafe
etag: 11141491900784070631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 09 May 2023 09:25:08 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame D901
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=8855&uid=c79b4b4b-413b-4814-a807-7c0bc2e45ef6
https://sync.search.spotxchange.com/partner?adv_id=8855&uid=c79b4b4b-413b-4814-a807-7c0bc2e45ef6&__user_check__=1&sync_id=d198aedc-e370-11ed-9f8d-18a305860106

43 B
549 B

139ms
139ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=8855&uid=c79b4b4b-413b-4814-a807-7c0bc2e45ef6&__user_check__=1&sync_id=d198aedc-e370-11ed-9f8d-18a305860106
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 Apr 2023 13:55:21 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 109
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Tue, 25 Apr 2023 13:55:21 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=8855&uid=c79b4b4b-413b-4814-a807-7c0bc2e45ef6&__user_check__=1&sync_id=d198aedc-e370-11ed-9f8d-18a305860106
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 58
Connection: keep-alive
Content-Length: 0

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame D901
Redirect Chain

https://eu-u.openx.net/w/1.0/sd?id=539901412&val=c79b4b4b-413b-4814-a807-7c0bc2e45ef6&gdpr=0&gdpr_consent=
https://eu-u.openx.net/w/1.0/sd?cc=1&id=539901412&val=c79b4b4b-413b-4814-a807-7c0bc2e45ef6&gdpr=0&gdpr_consent=

43 B
180 B

151ms
151ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?cc=1&id=539901412&val=c79b4b4b-413b-4814-a807-7c0bc2e45ef6&gdpr=0&gdpr_consent=
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://eu-u.openx.net/w/1.0/sd?cc=1&id=539901412&val=c79b4b4b-413b-4814-a807-7c0bc2e45ef6&gdpr=0&gdpr_consent=
date: Tue, 25 Apr 2023 13:55:20 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2 200 match
a4p.adpartner.pro/ssp/ Frame D901 43 B
458 B 485ms
161ms Image
image/gif 137.74.6.209
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a4p.adpartner.pro/ssp/match?dsp_id=27&user_id=c79b4b4b-413b-4814-a807-7c0bc2e45ef6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 137.74.6.209 Warsaw, Poland, ASN16276 (OVH, FR),
Reverse DNS: app-ngx-pl-02.adpartner.pro
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
last-modified: Tue, 25 Apr 2023 13:55:19 GMT
server: nginx
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-store no-transform
content-length: 43
expires: Wed, 11 Nov 1998 11:11:11 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame D901 170 B
232 B 146ms
144ms Image
image/png 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=eskimi&google_hm=c79b4b4b-413b-4814-a807-7c0bc2e45ef6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK tap.php
pixel.rubiconproject.com/ Frame D901 42 B
678 B 525ms
130ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=103804&nid=3846&put=c79b4b4b-413b-4814-a807-7c0bc2e45ef6&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET /
csync.loopme.me/ Frame D901 0
0

GET sync
x.bidswitch.net/ Frame D901 0
0

GET
H2 200 /
s-cs.rmp.rakuten.com/ Frame D901 43 B
275 B 517ms
241ms Image
image/gif 34.95.81.88
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-cs.rmp.rakuten.com/?d=23&uid=c79b4b4b-413b-4814-a807-7c0bc2e45ef6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.81.88 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 88.81.95.34.bc.googleusercontent.com
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:19 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H3 200 CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js Show response
pagead2.googlesyndication.com/bg/ Frame 9CCC 36 KB
14 KB 134ms
133ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

089573faad72e10708f3a9071a67b4e677bd61e26c8b7a67351057b4812bbbfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 08:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 106090
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14219
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Apr 2024 08:27:09 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/1789578079973882148/ Frame EA3F 69 KB
19 KB 727ms
148ms Document
text/html 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1789578079973882148/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

6cba53a41f462f49403ba4f94d2325fc558f9670fca449bf6a1e90095810deef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 235346
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 19431
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 20:32:54 GMT
expires: Sun, 21 Apr 2024 20:32:54 GMT
last-modified: Wed, 12 Apr 2023 10:01:10 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 25D1 0
0 463ms
180ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsthrO32F0xSIwx9fHZV5TYlwHYDw_G6qjm005IkGHcmuc-KSwMtrT-Jbcs5EWFE0i5UB5yTSR7Y6lBJ3wypMpFWmrSSJwct5jLXXOZfhZ3_1tqH2q47FrVKXXUlC8FbXZBRIXVCAyQhjol-JrUxRfC5Iywc3gWjUpelvUbMzOvt2QjfUAi8Ajv2n3GK1W_TeDs_1a2t_B06IZey5NmFh6gv7P1ucDmWgSvQqvhYRNTErYArtdP-HCZn9lEVzjcw0xQBHS5z_s_wDaWHMk9q0bEflSy1z_P0udhqt6Rrq_hkcmooABEEVP6HBeSWkw28_28BS3bW-yQafHwOKYOwP-lz-qPKqliAm9RLj2WfJsPbgcT9nHHi9rPOk8BLGSrX_89aamWIjz_2mNfV0L7foT3vUJP8RUHbYD2ZUg4Hg6TNfsbqeyLhHqo9KKxVPLpiI1yeieuofM5j-nh5_Y3_H5mKf3uXqAIfAKz2NNC_CR878CP0LN_jHGsaDn6owiiEazVP1xqya2EWv5qZEA_xz3fKb7t3PaxOpO0OPp0AA-fXWnMN2bBZI3Mx9zkDtBNTd0H0WkUki2XLgoI5IRLhMw4YsRebTg4HvSvLY7iNwxN7v9foCJKpkP11I4MUIkk9Bvpc7ykA3ySqzOixLv4RDqCHaKvf7GBezZbmyWjI5vZdy5GeBVk0MJeZiwW7fU6ODSQT68WlnFP3xF1qZfJxb_EFkHTLVtqRh3l9C9NuvvYcvrDrT0Vt-vG6mmWDbBSaiP4947oLGiXmFfH3l5RByL6221o51L8owQr6pD5lwawOtv2kxX0nEIANU99E_lrO07L5Xcf4lLtwv_KRlgTcFKhYuGVBMBIgvBEpIPPC---babPkKjqe78PAYzX04qBDO3W8NZTelw9gdosynFBRaS6JmTMSZkqZI5MqS1lL70jZK4zVueZoFoTTyiBYrrpL_39h1lQPH93VcE02BJ2ufQPs5hgT6ECF9e31V68wbgN3w6L4CJtNeqC4BASSiXzS-_CqHhTtF0eeXh4Bi04JdyOYbIttmPQFDKrG63Hg6aiuw_wXCV8OkYnUwAD0X5S7U1rxzz4vlSa2&sai=AMfl-YSWHypa_uR0zP4n4LCzUMP6cd5PDkpJdnm4hMQ9j2ciR_YCeRNh-QmyjMIeuR2wImSbScpe-ka-hdlEhU3WL8aceXRcfpJ_n8ZqNik77KlJ1GHJbIurXXajYYHu8PW4yKm_tmXmFewgRal_JSNiVrJ9899yrNBwejl4cnPzhNYN7RsyXHk&sig=Cg0ArKJSzOPMzRkm-AbVEAE&uach_m=[UACH]&pr=8:DF1773F7F5843031&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=573&cbvp=1&cstd=569&cisv=r20230420.05034&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:55:20 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 3AE4 34 KB
10 KB 246ms
246ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 32335829bee547a8dde843667ce86df35cde4d25dd073edd3a7cc54e5f798c9c

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 Apr 2023 13:55:19 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Apr 2023 05:25:58 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=55839
Connection: keep-alive
Content-Length: 10020
Expires: Wed, 26 Apr 2023 05:25:58 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E0B4 41 KB
15 KB 133ms
133ms Script
text/javascript 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f161.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 06:02:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287597
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 06:02:02 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 7AF6 281 B
554 B 160ms
156ms Document
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 Apr 2023 13:55:19 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H3 200 CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js Show response
pagead2.googlesyndication.com/bg/ Frame 546F 36 KB
14 KB 133ms
133ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

089573faad72e10708f3a9071a67b4e677bd61e26c8b7a67351057b4812bbbfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 08:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 106090
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14219
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Apr 2024 08:27:09 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 64A5 34 KB
10 KB 264ms
149ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 32335829bee547a8dde843667ce86df35cde4d25dd073edd3a7cc54e5f798c9c

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 Apr 2023 13:55:19 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Apr 2023 05:25:58 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=55839
Connection: keep-alive
Content-Length: 10020
Expires: Wed, 26 Apr 2023 05:25:58 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/6062960869303244307/geo_160x600/ Frame 000F 6 KB
2 KB 621ms
140ms Document
text/html 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6062960869303244307/geo_160x600/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

8bfb29b65c379334559c46706eb79b1929062c3a25ac4ac3d65b5d122716b1a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 286231
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2105
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 06:24:49 GMT
expires: Sun, 21 Apr 2024 06:24:49 GMT
last-modified: Fri, 10 Feb 2023 11:32:34 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 677E 0
0 371ms
185ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstgF66gz3vdL4qW_w9ISNcdc0FF8GeJljNOxJQQRGkEYGPtxcPy2A0Gd6YTjkK8l9NNYkjnIO_t1MM9qZ8xWA468T0Sw3IEUSK3eHldBkHA8tb2BJolDElDzGD_LI7MXAEnTxO3KUlDaO2eiCNYWZ3u4wBxJ5avtStUksRlz4UK4BucdC0wajJiCHs6qtc0Itu5zZeS8o0JlsYhQ-bWOKqAz6KQ8o3bWEKvfKbwbELAnoNEIUkZ2WFKwvI4Jue3SQMCpHf28sKTx0jN6YajH3mGozbVP1uTxz4fwRevBwlEuZ2-9FdKYWxQSLl7L1gFipZqIBJsNl8-M2rhfFPxxhzi68Me-lTtp2OhgeETpHTXJWXY0nTawnO9Q-l1tcyMri0SEdY7LuDMGsJU6c6op8dOayn8bPxtJS91hpzVuheYwbkXowa_MBcS1YwxnwA52mnvdWJXplegLYlgz_Qj9gISXSxenfiMw6JcLWq0G4L4bqEHXEWrQ45B0GmxsJhnsTwHBAXhB1NiXZLmpdZZal4pCaJZZerjG6B7FzeVNA4guKibv2rx7NF5oZIkIovXmLmIxSNHrH-Lv7f9cCBaPBFRi8oHRSVVUFMe4eOtJtL0HvFfBNV1mLy9LvBNz66bXCjjDjeN6BmjkgpFWWFYgbh7gpxXZFCrrN1PHi2vu5de2yxkg1xg04F73wbi2hYSQALMXkSSbjlN56nF3h6T8oppl-IVJVpUP5JGxqHXwHFOB-iajZ_Pl5mrE_9MyxMYR6baHvu8lcZmS81Qx18XaMm3EnhXtoF8r9JF3SxxhAP1YkmTS61ziA5DM_En_uMaQVskgv6oAdVFo3Gm-qjhO86cL-sWElDbCJvyltuQk3BxVSuf6EYop4ZxvfaUZZrHGSBl2_2Wrr4ugJbfhSLNggIrpf8vQxSXcIiSyU2_cmQoKXzyc4AGCFycne2xpbhDW7l19JK8732ncdeb6bni91Ph7TCaE3gjT2BTPGOdA2VulyUcbCasaGaUCD5yAr0AYvq7WlHLWQlfovlbDQq-kXNPfEkJAXrovFPzu2xlaYq4d5s8FOGzBzvYBGkq8ieHHPeGK1-zCc6MZw&sai=AMfl-YT_5K0vwZClGiinn6n7kKDydsJggvmWmrVGSm63QmPzHj2ZALuS-IJmJmLdzKBRDM5Jo5nZAwDCJC5zypWXxr4_ZpV3WxA0HjitzslzyRGfYFkDB3rLCOzAMVs7iazemXE8DlxxO8DMfm3_1NhBA_S8p8BmpdtNNFqX5VvyWAMJReby_ms&sig=Cg0ArKJSzATyp4fe1ALbEAE&uach_m=[UACH]&pr=8:642C3CDA14CBF680&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=604&cbvp=1&cstd=602&cisv=r20230420.75673&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:55:20 GMT

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 2EF3 425 B
551 B 142ms
142ms Fetch
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertag&domain=pastelink.net&sn=ChromeSyncframe&so=0&topUrl=pastelink.net&cw=1&lsw=1&topicsavail=0&fledgeavail=0

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=pastelink.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d91b8da245e0da8f5b9583c8dc04ac63b313221170685d619ca0670e32eb5558

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=pastelink.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:19 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1533586
expires: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/3218427552362664649/ Frame CB7E 69 KB
19 KB 588ms
200ms Document
text/html 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3218427552362664649/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

a32689b91e3b126a730b0ef22054269fa9dde5abca91223e857569d22ef4711e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 226090
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 19429
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 23:07:10 GMT
expires: Sun, 21 Apr 2024 23:07:10 GMT
last-modified: Wed, 12 Apr 2023 10:00:25 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E0B4 0
0 278ms
185ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst2eMy_mmlXbaO62G4kgp12dkWwmQhzM74VSZgXPrFE7xZ31uqmgmnNhu5-dakd_RhonK5JH4cmus7MtUW-F4Y2kDlh7_7zgBTWMUFTaazF5X3xyf1G6dC03niqt99JGiCUpgFLVgQgzEjO7_-QYo_ucEufC6mKFgoWVfIgxwT4ixFv_ReZRtDEJQbgE3JaJTvs5EV8V9C7xLCB5XSEy_KTevh73jjnvQx0GejsOu0fHISU_WxH2HSCEuE--c8V4o6xiTNHOKRB3I5L8t3ANd1Po6fUGIGBtv8WDTAzTpS8h1rvZf01A0sfgBQ6Efaj_OImOyb_la5X8ZtcAZ9NWmPH_b8CRUmWE4X7sFAEz0IduMfQCH4OZ9mkgkPEDMJoQ9K7oEk6LGTQbAaxShrIbaUouithCtsm84ndDTLGwwPiOxUdpZbMLiguNaL_2qiKjSzviqs84gt_zhP4HG2NCRp4mqOp0XquypKc-rciJEXwHI8bAx0SyNTuSlLRbO903IdAkqxFqRAxhx0OYMFiKH91lKdP5irlazH2K4c2TAOYfZWDwjyO5-zSG3FgFzokOBY6KbbK2omUTVZkhTkyywm09kLJYU_Y3gq2lAgAyfJUtQH1AfpUt9LIirRuF1SlHYSPmW6DTLE2hFF09GUQPOnc9M2VmFZoK5zeU8eNhddHqkcdHoGwXUJVzaDRyq0MCi68GJZx40MhK0c83-EunlBTdmE46mpnD-0wvkQ8IcgQ0BBucQw96gxQzmj-3tLjhXNESoOCtZZ6RNZ1-I1v78jwg35TqaZsbdQ66nt3nwohzr10qYt7RRG1t5cwGnX3HETqv-J_dOT6hgOIuEWcazTewUj6sIKeIm9LKC4Dy5kb-OSD3QKJzdt6gJV8nB7NU7yO0Y9JChDxo343c5utzJEAJRIkr4ks0sJnMVVXSwc-cln8dzrbA72TpXPXEQci7r4hxmiLfmowc_ORN87Y62hDMdurLCdiqK_am4Kn5C7Kcod1D8XcaD7QvtfuC8CE7xfEcypLXSx4GicwtmOzJgH9uwa2Jk6uTwdszK2t-OEnNxyYaDtDrwv5HRB1uiRKFe37UpokvdYxs5fhNg&sai=AMfl-YRmy4ekkWrQOnH8-8s1ypBm9p4LpNfESaBSPKAVuNRjWhAKZF_STq38hI0uRCVbsksfGLGkZBMGcZJ1tYuZTR49bzBZ4QHIdMcNhGD96WJtndPUj3e9lfzQxxd3RSB-SzZFAneSpskOAGtttyBF2jlWWAs3Gf_rx-t_vzLcUKNXnvv3XFQ&sig=Cg0ArKJSzIl-sfe4HwesEAE&uach_m=[UACH]&pr=8:87E7D1C587BC6B69&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=342&cbvp=1&cstd=340&cisv=r20230420.46894&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:55:20 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 7AF6 34 KB
10 KB 285ms
214ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 32335829bee547a8dde843667ce86df35cde4d25dd073edd3a7cc54e5f798c9c

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 Apr 2023 13:55:20 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Apr 2023 05:25:58 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=55838
Connection: keep-alive
Content-Length: 10020
Expires: Wed, 26 Apr 2023 05:25:58 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9CCC 0
20 B 170ms
170ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bqyz9xttHZPvMNZij3wPyxo6IAgAAAAA4AeAEAg&bg=!1dal1oLNAAYfNdXmPzU7ADkAdvg8WjTAzaKl4I_kncc0tf6FO0T2d6kgyJ4x31gFNBQmD11B0iyj6oRLsFVXIEaBOKFLNTjBGx0CAAAARFIAAAABaAEHmQLKWpzgo6G38Jh042XXORRqvzSnT4EPh6-WKF2tt9qBZmZIPkEcloipQaDKqqPESWDhcJuw39A62aUoueumFyJgnAUs0nh92bv_zXW5ZvhL57zfLuzG0bKQDcBGHEvpNnhDfNEIyOxzqeelw7EDv4bNTeGT-5i-IozKSePvPaZv8prjf82PNLISMi_ALNKREf4AybEspL3TC9zB9ZTGBLF1PuhjksfOXwbSDJvtq90ojXvtdagKn9FrPcqSu-_IAa9_f7xDEz_8zS3LReMwnLvblbey_Gg7OWdfLcugKpi5e0BNyvaHE4QzoFDExh851QYt3sQpGIZpLkioIs_Cg5_FReiJvWrMqZRVFbgyKBYowaKALfZgnaCNFJS08zhZj89icTLzVLvnT9jWyNWdTV9XLyzwetKgiUHQiUJvThOz97bXiPe5Mb6nkBrkHgi_oMcmWpREtEW6qOmnkQg-RgUOLgT3R68Xb-iSWEzgi-EOTrI-64HSqALyP99wGGy32ML-ZYLVxjeYq5wTJ1FR4LYjRkOQoYtsB-Z7-2yr5qarwZtcEHdfv7lKlCLyO9FCvEXy73nHBsHflDLzFYASI6VqnmGcMPqxDU0dZjGEogRM6vZruonUJA8PWBOdDKpAPW78k48zwxjDN6Ns-gm8NDHlqyGgyTYuZqcYNGgtyCQvtXZMMBR3rObNL8EQYCrFSlDrG_whUxgxswUhOFpFx2lgCHOnzdnCUbwi2FdCORo1nWKqWoiOroqt_vIke1-VOQCQAcivyHNhN7UOXB52V40MltmVr2C9KFQct95lQQfywWeJ5twbnXSZJdq-60634eNfqtfcVoD5S9SFk5PS1gvhq9reyiwWwtiPh6jaaICRm59j6HrDO8fj1TuGWViMzc5F_aPoSWQbGGafqsnk8YTbxt-HoIpxMWlpohlRoRgwvgSFF3uRsFSAyiNR

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 171ms
171ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202304190101&jk=3842846794426725&bg=!5Oel57PNAAYfNdXmPzU7ADkAdvg8WjqcLjAC5O9doNEh3HktSvLKigQVFbMMMrCCddrUFZAZqt4mTgE1bHZprwcTOIAJoUi35DMCAAAAYlIAAAADaAEHmQKaekL6rndI98jqsapXxx-0w_kbBB3tuAx5ZyGyIwr1GqVvsmIUhrOte-9PA_gFeGERzIJvLuwlLVSOvgGm5f1dk4qeBQy0k9tvM6BMW4lClOsiJ7oOAq3q8iS9YTmWMyo-JKWjwAxTxJVxiPMeFHfwVLwqcwknE6MwL51V_pX-G53H-gvf-tfAUfWjgSXTgyOp5JZYhviTAIYi9LJV04S_P997p_05FDY1lxT19-gv97ighXMBlcMhUG6NUdIoXWYGMT3Sou1X9NOXw4l5hQLADOwpep-L2ycAJBLP9GNzU7wzPJ8oOPy_ZC1ouIluAmJ6apCGCLGCb_TGxzzGcjn5INs22g-lZJuDHhz_Qz2-EYdyKtBTp9KW0HsWdREfw9ElY5go4YpTG441GiFCP5rEFFy3_BtaK-dcuAMIMS-pjLfBtGIPbu-Bjtr0a2WAqsFPHDxepy4NQBWTKMj6a6G__go3MV904z47ZekM63Mb_v9oTJsCadFZnIYIsnEAYs3lP6MsFl3A4CIh9pZ-U3IwJPodBwBD78rkBtETdxeXcOvuKmXoy7wWNaBOS4uHj7nqjz90XXwVWoNIhgGS9oNFUYOL6-veqG40inPOtT96uMH_5xvxJZ-eB7Ocdg8vTvFPaiMDX6NEdjDEGUzERPKEQFSpjjMdUuYBPCRGFsd6Niqf2FZ7ZP0u_1anAB1at70MnBU2HO0dNhf40HsJgvdN5NXqBNu_MuRaEVvNIMzihQ3eu2Mx3zw4H8dkpoyfR262yoGFHuk8HpuksT-gudltLiXbClrqfH98M0wkYa_NcxVg-iFnAA6n3Q9B-8PMIYLyr-LRvgG52_Av5e3BL2MvDwvNdksOux6vGSVSmd4_t2xUIQauWBacM2g-
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A917 22 KB
8 KB 134ms
134ms Document
text/html 216.58.212.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f161.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

accept-ranges: bytes
age: 227649
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 22:41:11 GMT
expires: Sun, 21 Apr 2024 22:41:11 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 3AE4
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=1TxC94hmR_mUGx5Qdbsrww&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=1TxC94hmR_mUGx5Qdbsrww

43 B
479 B

158ms
158ms

Image
image/gif

54.239.33.158
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=1TxC94hmR_mUGx5Qdbsrww

Protocol

HTTP/1.1

Server

54.239.33.158 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:21 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: SQBKGVGMM6HPMBN9CD5H
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=1TxC94hmR_mUGx5Qdbsrww
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 3AE4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEFR3SDC6X8HsZ8oBpGv2RX8&google_cver=1

42 B
678 B

131ms
131ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEFR3SDC6X8HsZ8oBpGv2RX8&google_cver=1
Requested by: Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEFR3SDC6X8HsZ8oBpGv2RX8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3AE4
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEdXQlhGUUYtNC1MUUhY
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIgkQErBluiu4iqSn7rWNBE&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdXQlhGUUYtNC1MUUhY&google_push=

170 B
188 B

144ms
144ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdXQlhGUUYtNC1MUUhY&google_push=

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdXQlhGUUYtNC1MUUhY&google_push=
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3AE4
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=M2M3Mzk4ZjIzNmViY2ZjMzZiODEwMTQ4MDkwYTUxMThlMzYwYWFmNQ

170 B
188 B

143ms
142ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=M2M3Mzk4ZjIzNmViY2ZjMzZiODEwMTQ4MDkwYTUxMThlMzYwYWFmNQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=M2M3Mzk4ZjIzNmViY2ZjMzZiODEwMTQ4MDkwYTUxMThlMzYwYWFmNQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 3AE4
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon
https://match.adsrvr.org/track/cmb/rubicon?
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3767e262-38e9-452d-b449-3be4a4168cad&gdpr=0&gdpr_consent=&expires=30

42 B
678 B

170ms
131ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3767e262-38e9-452d-b449-3be4a4168cad&gdpr=0&gdpr_consent=&expires=30
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:21 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3767e262-38e9-452d-b449-3be4a4168cad&gdpr=0&gdpr_consent=&expires=30
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 289

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 3AE4
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=c1ap7k-BQdSTdEky1taa0g&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=c1ap7k-BQdSTdEky1taa0g

43 B
479 B

225ms
225ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=c1ap7k-BQdSTdEky1taa0g

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:21 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: SWQM62BX1YVQVWPV70N5
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=c1ap7k-BQdSTdEky1taa0g
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 3AE4
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LGWBXFQF-4-LQHX

0
511 B

502ms
245ms

Image
text/plain

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LGWBXFQF-4-LQHX
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:20 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: B25F63EC0C80494CB22915DF6E242C11 Ref B: VIEEDGE4418 Ref C: 2023-04-25T13:55:21Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX6KXlpDfrfdV1di2hDCw==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LGWBXFQF-4-LQHX
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 3AE4
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/IyH_U9eUGuDJEFxNk2R3RA?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-E__Kd2RE2oLaW1TzEqpfsLetUqWhv8OSFhYKBA--~A

42 B
678 B

157ms
131ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-E__Kd2RE2oLaW1TzEqpfsLetUqWhv8OSFhYKBA--~A
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Tue, 25 Apr 2023 13:55:21 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-E__Kd2RE2oLaW1TzEqpfsLetUqWhv8OSFhYKBA--~A
content-length: 0

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D901 42 B
108 B 469ms
468ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssG68IsbkyeC83M_MedFruXhUZ-USbPHqdIjyJY8AM7KIYNtAKfe5OokiVxmORKj582sfcz1s9r43B45CjnK6bkrfoG&sig=Cg0ArKJSzCDt8oVw1ewCEAE&id=lidar2&mcvt=1008&p=351,423,671,903&mtos=1008,1008,1008,1008,1008&tos=1008,0,0,0,0&v=20230419&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3944560474&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682430918091&rpt=1003&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 546F 0
20 B 172ms
171ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BMSVBxttHZNjMPI_Kx_APo8-y6A8AAAAAOAHgBAI&bg=!ODulO2_NAAYfNdXmPzU7ADkAdvg8WliqN4dGQaKTHlR2D_J1G91VqiOsKm1WKVYkA45RO9WViCrwAsQC0s_tbmA9YuBBd95J1hoCAAAAWVIAAAADaAEHCgB8CPjbnVH4C1QXY_FUWTrp7ZY-KkI-OH5OzU166jcNtTjKrDLqa7hDE5zb8YtjrPSpG-G9g8CQT_ccH5RAInArlxR5NApO3PU__i7Qp0RdpTvipscXCwed_hyGIoPxZb2rrp5elH7sqbdijJzNOOnjLhcKYbgB0WLLNBFDqZkCr-wUqXVsTMjgNy5IG9AX80vcmG7f-GtnnW0vYHnYt2lSSpG3di9ayPHIWG_46C9QktrdoOSD8oAdVb6m1FfRMY6xObl4stAKmMFhXuUgSZASLEU_xFriP2rI8EqO1jJOS-_dKdnSNaCf6EPRx2wjpFa7H5kMxUGzGt07gnh7Z8KG2TAO-AfmDds7y7SDHuk_bg0A7uDuF5T7kiAxLpv0F1_fDuH-ITKlX4ZdWXXqGAqp7_rzes-7blZi5T93xaHoQiXlRuFlrThU-yA36vy35HMcVzqKRb1AamlezG-I3hhGCQVTmRrKGFaFii_vk9W7vquBObiJ8JVnryOHeZ6hynwNE9p_EV-P-j-HEY3Ln06DZX0gN-kgUHqWSrXcEDpgQ5R2CAuMfm7C0PuEYnhvxa3GOUQXQDQKyAyUlmsxhLHI23NZNMk-fCoBANM9rz5zG7yRLZjyJHgb9yj8lgCIgFekrEdpnUX0GgICk-s4raLiWTPyJzdQXtgppYEykddNhxGCqeOm-4k4IWMt2kL7HlXewbwSXW7PqisQv3xzu0tNpkkRcEKhMLRg2HWXYelvgRrBhGG2qlKda-GaNgmSrd-Ht2ZwiOpvykVynl2nKePG4Dp0aG_MHZVZbV9ZHgS1cn_c1W5Wto2Qf8K1AYcwG1sMeWkmBAZ76Ace9Plb6utpornANa92Xp7KSh-FvXeAiQBqfujssi6Cmt_nxGtebjAN-pdBipehsVXR7ztfUY3A3kCDK2_HQBkHJhG7puA7jWK2DeYiCSFmFd4TwQ1lpjvTCx9Svz_lD89ogSvjCSXF5w6FSoxoMhW4RgISpqP4sZcOg5BHtlcv-mXykdTPPSlKt0wwbXQ2R-U_PS8lKjSRP0i8ToKSq32LHynVXigSzu4ZMz0jIuk8XQ8t-0V2EQ

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 trv
dsp-trk.eskimi.com/ Frame D901 43 B
54 B 147ms
147ms Image
image/gif 34.120.139.69
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp-trk.eskimi.com/trv?bId=1682430917768.2.g7GIesSgaSFjE9srfFOTIQ&trve=1&trv=1&src=utr&_=1682430920130
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.120.139.69 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 69.139.120.34.bc.googleusercontent.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:19 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H3 200 CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js Show response
pagead2.googlesyndication.com/bg/ Frame A917 36 KB
14 KB 133ms
133ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

089573faad72e10708f3a9071a67b4e677bd61e26c8b7a67351057b4812bbbfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 08:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 106091
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14219
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Apr 2024 08:27:09 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 25D1 42 B
174 B 244ms
244ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstd637YN2eYMIlU80XoQTi7_tskYO9vx8pWL0d2LST9G8N3BKZbTobQYdf5h4Xh1vZ8ZWMxemae_GYBiZhNHfIL16Y75-sILc0VsqM9zehaDB8RbK9j&sig=Cg0ArKJSzILdA61anogCEAE&id=lidar2&mcvt=1001&p=1105,436,1195,1164&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230419&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=840525636&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682430918079&rpt=1176&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 000F 236 KB
63 KB 185ms
185ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6062960869303244307/geo_160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6062960869303244307/geo_160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Apr 2023 13:55:20 GMT

GET
H3 200 index.js Show response
s0.2mdn.net/sadbundle/6062960869303244307/geo_160x600/ Frame 000F 88 KB
14 KB 140ms
139ms Script
application/x-javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6062960869303244307/geo_160x600/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6062960869303244307/geo_160x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

4aa601fd88ef979c679f62243f66ce558cd267a82b9fad2b26b9e98e3c9cd964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6062960869303244307/geo_160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 21:34:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231644
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14782
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 11:32:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 21:34:36 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame EA3F 29 KB
10 KB 200ms
200ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1789578079973882148/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1789578079973882148/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 03:57:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35876
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 03:57:24 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A917 0
20 B 370ms
370ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5uXjx9tHZIW3Eu2XjuwP5KIaAAAAADgB4AQC&bg=!a2ilaDzNAAYfNdXmPzU7ADkAdvg8Wh-NkOZqK7xoUSvc7aGAX9WgoOUbOZuWHRbdKVj3my-vj9LSBt9U5oM_LqgjFfyO4d9A-UACAAAAT1IAAAABaAEHCgBo5vuyBrYLwijUUfDpNwVDvj_m98WzgzwTElw19AY-ppcEIigP-HTSGEX0_MKaAis4bKAbTu0aAbhMv0vEYTRpivOA90TL0rkEU6BIqY0xonzEvA9_AEgc89xrwChCyBQc7y1eQ9UEo-eZAsuQAV2dd3gjmfeMMLzJdlTpYbfXl7AHASPO4I6fMGZ_bYEMAs6vrjNR7l41MAi09Y9lnfwU_mEiPAIQ3FoUaPyjg6-aMAMnsIFQjhINVJ4Ig-binWxzFR8kdFEJvedvdFfNGv0tYpqDqmf_u2o6KSZQxGxZwHijrRfDVgOt7mPrrzQP0XQql_I-WBRG5Zf0cSAeDN9zvIbByRJft2ZaPGoorUifur4ExnEtFbRL2X1aX0Dbkg72DgJ_fTxCDAxt7MvZgYG7M_mubdIkMdMFb_b0SkUiU6r80J5I4BCuTl9s5UZ5KgIpdhz5NXwamrXdDLLF0ZA-ZF2TDfPvmu4Sa4t5sRHZ5NGt6ayjoPt2x5wBDFtRCX3awrlgqgSpW0A1wcLI-qAGActVkPi832J5rvsV8NkdfAXKDK04clT4xZYUFYBfQE_VkK_wbfx6AY259qc5d6MWWdEO--gzTaYx6IhVNwM7awzaOk-PYZ-OYP30wOiYgKkK_wuRfb_jMXX__FZUZVFUVAhNkSJacRl8kpTlzxULig6kr0A8Mym9G-5DYDLH0QF8zhH-QbkAxGVCZpWJCJPUZQ-tFqH32yStNwJQEpbDiDspup-ZnvzW4xJw7AggWJigUzmFimeLRPSeZss8UH6EcbHnqX3hQnBuBbz-GEziLCwR3u3MMUfXUokIFFHN_5AnPBBQI0cbXjLwYhclrzRkHUopAirAg7oiGNXsNlm0QSkWaRya1M17D_GpB5MkeleBL8FSLBaHNmoHsmJJpybFYIeSdA6kJtdQ0nlZxENY28yltbvMOyRzEd-aEm7JsBHUzTO17-dEni8eEWdeyGe1Gkd9ki8Oyrv6qaRFASSMuNOT7ICO2zkXU6tvd2ZCDNzuGwNYBQV0ZrEqsuPisGbOkUtRR8VYoMs7JoyvZdx7IYaG0HA4TxGPo07RmxuIzRCIKeZyipr4

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame CB7E 29 KB
10 KB 170ms
169ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3218427552362664649/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3218427552362664649/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 03:57:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35876
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 03:57:24 GMT

GET user_sync.html
ads.pubmatic.com/AdServer/js/ Frame C703 0
0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 8F62 52 KB
17 KB 1758ms
200ms Document
text/html 23.35.236.188

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.188 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 25 Apr 2023 13:55:22 GMT
ETag: "623de86a-cf34"
Expires: Wed, 26 Apr 2023 13:55:24 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Unused62: 8096267
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 9ED0 281 B
554 B 134ms
134ms Document
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 Apr 2023 13:55:20 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 5ABE 37 KB
12 KB 1435ms
159ms Document
text/html 88.221.168.23

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

88.221.168.23 -, , ASN (),

Reverse DNS

Software

Apache /

Resource Hash

55fba04ad10c2021f460d09163d137b720bd5876c5dc377e09ea2991f22e8ed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 12182
content-type: text/html; charset=UTF-8
date: Tue, 25 Apr 2023 13:55:21 GMT
expires: Thu, 27 Apr 2023 13:55:21 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 usync.html Show response
u.4dex.io/ Frame 97A5 580 B
778 B 414ms
143ms Document
text/html 34.149.40.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.4dex.io/usync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.40.38 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 38.40.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 1abdd435842595c2a4c62b248f3a28d2787d0a58e73e19ad14e09d955e360b0f

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
content-length: 580
content-type: text/html; charset=utf-8
date: Tue, 25 Apr 2023 13:55:20 GMT
expires: 0
pragma: no-cache
vary: Origin Accept-Encoding
via: 1.1 google

GET sync.html
public.servenobid.com/ Frame 67BA 0
0

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame A1FB 4 KB
2 KB 144ms
143ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1682430916790

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/pastelink.js?1682430600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

3579ac5c706d382bb1f9b7d9a36bc78bdf2525e8a018137b5892990ce3818433

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://pastelink.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 1372
content-type: text/html
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
strict-transport-security: max-age=15552000

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/
Redirect Chain

https://b1sync.zemanta.com/usersync/smart/?cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D116%26partneruserid%3D__ZUID__&gdpr=0&gdpr_consent=
https://stags.bluekai.com/site/23178?id=-TfcynS3qpRQgnR7TjeE&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIWWG43ZNZRS443NMFZHIYLEONSXE5TFOIXGG33N...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIWWG43ZNZRS443NMFZHIYLEONSXE5TFOIXGG33NF5ZGKZDJOIXT6ZLYMNUGC3THMU6XG3LBOJ2CMZ3EOBZD2MBGNFZXG2J5GETHAYLSORXGK4TJMQ6TCMJWEZYGC...
https://rtb-csync.smartadserver.com/redir/?gdpr=0&issi=1&partnerid=116&partneruserid=-TfcynS3qpRQgnR7TjeE

43 B
482 B

144ms
143ms

Image
image/gif

185.86.138.155
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?gdpr=0&issi=1&partnerid=116&partneruserid=-TfcynS3qpRQgnR7TjeE
Protocol: HTTP/1.1
Server: 185.86.138.155 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 25 Apr 2023 13:55:21 GMT
cache-control: no-cache,no-store
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:22 GMT
Content-Type: text/html; charset=utf-8
Location: https://rtb-csync.smartadserver.com/redir/?gdpr=0&issi=1&partnerid=116&partneruserid=-TfcynS3qpRQgnR7TjeE
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 140
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/
Redirect Chain

https://eu-u.openx.net/w/1.0/cm?id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D100%2...
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=100&partneruserid=1b23f7b7-0a65-475d-852f-113e788cf1b1

43 B
426 B

414ms
143ms

Image
image/gif

185.86.138.155
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=100&partneruserid=1b23f7b7-0a65-475d-852f-113e788cf1b1
Protocol: HTTP/1.1
Server: 185.86.138.155 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
cache-control: no-cache,no-store
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

date: Tue, 25 Apr 2023 13:55:20 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=100&partneruserid=1b23f7b7-0a65-475d-852f-113e788cf1b1
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=76&partneruserid=GOOGLE_HOSTED_SI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_sc...
https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=MzY1MjM5NTI2NzYyMzE2Nzg3&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEB1BcZIc3v7Pjjh1D7uBT00&gdpr=0&gdpr_consent=&google_cver=1

43 B
457 B

144ms
144ms

Image
image/gif

185.86.138.155
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEB1BcZIc3v7Pjjh1D7uBT00&gdpr=0&gdpr_consent=&google_cver=1
Protocol: HTTP/1.1
Server: 185.86.138.155 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
cache-control: no-cache,no-store
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEB1BcZIc3v7Pjjh1D7uBT00&gdpr=0&gdpr_consent=&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 345
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=...
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=94&partneruserid=ZEfbygAFWvUwbQAp&gdpr=0&gdpr_consent=&_test=ZEfbygAFWvUwbQAp

43 B
502 B

144ms
144ms

Image
image/gif

185.86.138.155
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=94&partneruserid=ZEfbygAFWvUwbQAp&gdpr=0&gdpr_consent=&_test=ZEfbygAFWvUwbQAp
Protocol: HTTP/1.1
Server: 185.86.138.155 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 25 Apr 2023 13:55:21 GMT
cache-control: no-cache,no-store
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

x-served-by: cache-mxp6951-MXP
pragma: no-cache
date: Tue, 25 Apr 2023 13:55:22 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1682430922.363956,VS0,VE0
x-cache: HIT
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=94&partneruserid=ZEfbygAFWvUwbQAp&gdpr=0&gdpr_consent=&_test=ZEfbygAFWvUwbQAp
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET get
a.audrte.com/ 0
0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 9ED0 34 KB
10 KB 146ms
146ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 32335829bee547a8dde843667ce86df35cde4d25dd073edd3a7cc54e5f798c9c

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 25 Apr 2023 13:55:20 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Apr 2023 05:25:58 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=55838
Connection: keep-alive
Content-Length: 10020
Expires: Wed, 26 Apr 2023 05:25:58 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 25D1 0
0 174ms
174ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsthrO32F0xSIwx9fHZV5TYlwHYDw_G6qjm005IkGHcmuc-KSwMtrT-Jbcs5EWFE0i5UB5yTSR7Y6lBJ3wypMpFWmrSSJwct5jLXXOZfhZ3_1tqH2q47FrVKXXUlC8FbXZBRIXVCAyQhjol-JrUxRfC5Iywc3gWjUpelvUbMzOvt2QjfUAi8Ajv2n3GK1W_TeDs_1a2t_B06IZey5NmFh6gv7P1ucDmWgSvQqvhYRNTErYArtdP-HCZn9lEVzjcw0xQBHS5z_s_wDaWHMk9q0bEflSy1z_P0udhqt6Rrq_hkcmooABEEVP6HBeSWkw28_28BS3bW-yQafHwOKYOwP-lz-qPKqliAm9RLj2WfJsPbgcT9nHHi9rPOk8BLGSrX_89aamWIjz_2mNfV0L7foT3vUJP8RUHbYD2ZUg4Hg6TNfsbqeyLhHqo9KKxVPLpiI1yeieuofM5j-nh5_Y3_H5mKf3uXqAIfAKz2NNC_CR878CP0LN_jHGsaDn6owiiEazVP1xqya2EWv5qZEA_xz3fKb7t3PaxOpO0OPp0AA-fXWnMN2bBZI3Mx9zkDtBNTd0H0WkUki2XLgoI5IRLhMw4YsRebTg4HvSvLY7iNwxN7v9foCJKpkP11I4MUIkk9Bvpc7ykA3ySqzOixLv4RDqCHaKvf7GBezZbmyWjI5vZdy5GeBVk0MJeZiwW7fU6ODSQT68WlnFP3xF1qZfJxb_EFkHTLVtqRh3l9C9NuvvYcvrDrT0Vt-vG6mmWDbBSaiP4947oLGiXmFfH3l5RByL6221o51L8owQr6pD5lwawOtv2kxX0nEIANU99E_lrO07L5Xcf4lLtwv_KRlgTcFKhYuGVBMBIgvBEpIPPC---babPkKjqe78PAYzX04qBDO3W8NZTelw9gdosynFBRaS6JmTMSZkqZI5MqS1lL70jZK4zVueZoFoTTyiBYrrpL_39h1lQPH93VcE02BJ2ufQPs5hgT6ECF9e31V68wbgN3w6L4CJtNeqC4BASSiXzS-_CqHhTtF0eeXh4Bi04JdyOYbIttmPQFDKrG63Hg6aiuw_wXCV8OkYnUwAD0X5S7U1rxzz4vlSa2&sai=AMfl-YSWHypa_uR0zP4n4LCzUMP6cd5PDkpJdnm4hMQ9j2ciR_YCeRNh-QmyjMIeuR2wImSbScpe-ka-hdlEhU3WL8aceXRcfpJ_n8ZqNik77KlJ1GHJbIurXXajYYHu8PW4yKm_tmXmFewgRal_JSNiVrJ9899yrNBwejl4cnPzhNYN7RsyXHk&sig=Cg0ArKJSzOPMzRkm-AbVEAE&uach_m=[UACH]&pr=8:DF1773F7F5843031&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1568&vt=11&dtpt=995&dett=3&cstd=569&cisv=r20230420.05034&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 25 Apr 2023 13:55:20 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame A1FB
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D1%26uid%3D%5BMM_UUID%5D%26gdpr%3D1%26gdpr_consent%3D
https://onetag-sys.com/match/?int_id=1&uid=0f4a6447-dbca-4f00-85f7-368c1b1b7f16&gdpr=1&gdpr_consent=

0
291 B

143ms
142ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=1&uid=0f4a6447-dbca-4f00-85f7-368c1b1b7f16&gdpr=1&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682430916790

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Tue, 25 Apr 2023 13:55:22 GMT
Server: MT3 830 785530e master cdg-pixel-x15 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://onetag-sys.com/match/?int_id=1&uid=0f4a6447-dbca-4f00-85f7-368c1b1b7f16&gdpr=1&gdpr_consent=
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 25 Apr 2023 13:55:21 GMT

GET sync.php
pixel-eu.rubiconproject.com/exchange/ Frame A1FB 0
0

GET
H2

200

/
onetag-sys.com/match/ Frame A1FB
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D1%26gdpr_consent%3D%26uid%3D$UID
https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=7656236649959587680

0
291 B

142ms
141ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=7656236649959587680

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682430916790

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Tue, 25 Apr 2023 13:55:20 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 91.239.206.129; 91.239.206.129; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e6412018-ab53-48d0-85b0-5158d9b9c898
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=7656236649959587680
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK tap.php
pixel.rubiconproject.com/ Frame A1FB 42 B
678 B 132ms
130ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=brA0Yfp5w4QMshf43oOBKl_AfgMag2Ko7-r1OyOi4g0
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682430916790
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A1FB
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7iyiBt38sII32jz77HliGBYxL2PUQrKyA

170 B
188 B

146ms
146ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7iyiBt38sII32jz77HliGBYxL2PUQrKyA

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682430916790

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABh7iyiBt38sII32jz77HliGBYxL2PUQrKyA
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET sync
ssbsync-global.smartadserver.com/api/ Frame A1FB 0
0

GET
H2 400 711916.gif
id.rlcdn.com/ Frame A1FB 0
0 1530ms
148ms Image
text/plain 35.244.174.68

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/711916.gif?ct=4&cv=
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682430916790
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame A1FB
Redirect Chain

https://onetag-sys.com/match/?int_id=113&gdpr=1&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=5ZOV02xj0ogLhNj3oa6KuHKH3S935C9yaiVMzzzzx4M

43 B
479 B

607ms
222ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=5ZOV02xj0ogLhNj3oa6KuHKH3S935C9yaiVMzzzzx4M

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682430916790

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:21 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: SENCGFGG7J9E98PXHS8R
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=5ZOV02xj0ogLhNj3oa6KuHKH3S935C9yaiVMzzzzx4M
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 200 ImgSync
image8.pubmatic.com/AdServer/ Frame A1FB 0
42 B 1866ms
145ms Image
text/plain 185.64.190.79

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=1&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26uid%3D%23PMUID
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682430916790
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.79 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:21 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame A1FB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEES5BcUOYltYTAw1H8gAFxk&google_cver=1

0
291 B

142ms
142ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=106&google_gid=CAESEES5BcUOYltYTAw1H8gAFxk&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682430916790

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=106&google_gid=CAESEES5BcUOYltYTAw1H8gAFxk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58488/ Frame A1FB 0
125 B 1857ms
137ms Image
text/plain 3.71.149.231

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=1&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682430916790

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 -, , ASN (),

Reverse DNS

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:22 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/match/ Frame A1FB
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://onetag-sys.com/match/?int_id=29&uid=13cf2bf7-215c-4ed5-a397-49f7919fb11b&gdpr=0&gdpr_consent=

0
291 B

142ms
141ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=29&uid=13cf2bf7-215c-4ed5-a397-49f7919fb11b&gdpr=0&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1682430916790

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:21 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/match/?int_id=29&uid=13cf2bf7-215c-4ed5-a397-49f7919fb11b&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 233

GET sync
x.bidswitch.net/ Frame A1FB 0
0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E0B4 0
0 242ms
241ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst2eMy_mmlXbaO62G4kgp12dkWwmQhzM74VSZgXPrFE7xZ31uqmgmnNhu5-dakd_RhonK5JH4cmus7MtUW-F4Y2kDlh7_7zgBTWMUFTaazF5X3xyf1G6dC03niqt99JGiCUpgFLVgQgzEjO7_-QYo_ucEufC6mKFgoWVfIgxwT4ixFv_ReZRtDEJQbgE3JaJTvs5EV8V9C7xLCB5XSEy_KTevh73jjnvQx0GejsOu0fHISU_WxH2HSCEuE--c8V4o6xiTNHOKRB3I5L8t3ANd1Po6fUGIGBtv8WDTAzTpS8h1rvZf01A0sfgBQ6Efaj_OImOyb_la5X8ZtcAZ9NWmPH_b8CRUmWE4X7sFAEz0IduMfQCH4OZ9mkgkPEDMJoQ9K7oEk6LGTQbAaxShrIbaUouithCtsm84ndDTLGwwPiOxUdpZbMLiguNaL_2qiKjSzviqs84gt_zhP4HG2NCRp4mqOp0XquypKc-rciJEXwHI8bAx0SyNTuSlLRbO903IdAkqxFqRAxhx0OYMFiKH91lKdP5irlazH2K4c2TAOYfZWDwjyO5-zSG3FgFzokOBY6KbbK2omUTVZkhTkyywm09kLJYU_Y3gq2lAgAyfJUtQH1AfpUt9LIirRuF1SlHYSPmW6DTLE2hFF09GUQPOnc9M2VmFZoK5zeU8eNhddHqkcdHoGwXUJVzaDRyq0MCi68GJZx40MhK0c83-EunlBTdmE46mpnD-0wvkQ8IcgQ0BBucQw96gxQzmj-3tLjhXNESoOCtZZ6RNZ1-I1v78jwg35TqaZsbdQ66nt3nwohzr10qYt7RRG1t5cwGnX3HETqv-J_dOT6hgOIuEWcazTewUj6sIKeIm9LKC4Dy5kb-OSD3QKJzdt6gJV8nB7NU7yO0Y9JChDxo343c5utzJEAJRIkr4ks0sJnMVVXSwc-cln8dzrbA72TpXPXEQci7r4hxmiLfmowc_ORN87Y62hDMdurLCdiqK_am4Kn5C7Kcod1D8XcaD7QvtfuC8CE7xfEcypLXSx4GicwtmOzJgH9uwa2Jk6uTwdszK2t-OEnNxyYaDtDrwv5HRB1uiRKFe37UpokvdYxs5fhNg&sai=AMfl-YRmy4ekkWrQOnH8-8s1ypBm9p4LpNfESaBSPKAVuNRjWhAKZF_STq38hI0uRCVbsksfGLGkZBMGcZJ1tYuZTR49bzBZ4QHIdMcNhGD96WJtndPUj3e9lfzQxxd3RSB-SzZFAneSpskOAGtttyBF2jlWWAs3Gf_rx-t_vzLcUKNXnvv3XFQ&sig=Cg0ArKJSzIl-sfe4HwesEAE&uach_m=[UACH]&pr=8:87E7D1C587BC6B69&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1165&vt=11&dtpt=823&dett=3&cstd=340&cisv=r20230420.46894&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 25 Apr 2023 13:55:20 GMT

GET
H3 200 Untitled_design__1_.gif
s0.2mdn.net/sadbundle/1789578079973882148/ Frame EA3F 592 KB
592 KB 140ms
139ms Image
image/gif 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1789578079973882148/Untitled_design__1_.gif

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

3ea905d7ec224966192e2e3fbee570c183e4e42728355f34fccaac9c05c058d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1789578079973882148/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 21:00:49 GMT
x-content-type-options: nosniff
age: 233671
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 606338
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 10:01:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 21:00:49 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 25D1 42 B
64 B 168ms
168ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssEEQxbkeEEFIFDlcRQWthnB8A3wOR2fGfMiEy4Hyu9Dcf2xoyEiltJBkF_Vt3-hgqr2uQucN5QGZpQXJdqam9fZlOddRJ7Snw&sig=Cg0ArKJSzLAM-1hkP0A2EAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230419&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=34&adk=1814326990&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682430918079&rpt=1606&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 677E 42 B
64 B 168ms
168ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuuY52M-BUbTqfzE0vm20aDjnbqHlQJd6eRqj0X1IKekcCOexk-xU1n6Re9BaWUZzFWthylPnIXBexq2ag60MYo5ISrpsxu6H8&sig=Cg0ArKJSzFR7SxXGjINrEAE&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230419&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=34&adk=724314706&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682430918094&rpt=1676&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 677E 42 B
64 B 167ms
167ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvgxzzEbDB9_Wz3aOrsA9dnbM7uFAfxxo7oQKHTjh9ZgaAUXnMLkkZi3aatRyW8OQj_tv8IjSrDnuX8mB5MCKv2b3uHFyy0F5LyMkJxUxYd8DuWUm3j&sig=Cg0ArKJSzGSXi4k0FBfwEAE&id=lidar2&mcvt=1002&p=521,1190,561,1231&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20230419&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3798138915&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682430918094&rpt=1222&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 geo.jpg
s0.2mdn.net/sadbundle/6062960869303244307/geo_160x600/images/ Frame 000F 112 KB
112 KB 154ms
154ms Image
image/jpeg 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6062960869303244307/geo_160x600/images/geo.jpg

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

e1aa27dcfbbfbb76e753f426fe4918b91507ef4cd8ed690f2dab2f389aa8782b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6062960869303244307/geo_160x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 02:19:17 GMT
x-content-type-options: nosniff
age: 387363
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 114456
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 11:32:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 20 Apr 2024 02:19:17 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 677E 0
0 175ms
174ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstgF66gz3vdL4qW_w9ISNcdc0FF8GeJljNOxJQQRGkEYGPtxcPy2A0Gd6YTjkK8l9NNYkjnIO_t1MM9qZ8xWA468T0Sw3IEUSK3eHldBkHA8tb2BJolDElDzGD_LI7MXAEnTxO3KUlDaO2eiCNYWZ3u4wBxJ5avtStUksRlz4UK4BucdC0wajJiCHs6qtc0Itu5zZeS8o0JlsYhQ-bWOKqAz6KQ8o3bWEKvfKbwbELAnoNEIUkZ2WFKwvI4Jue3SQMCpHf28sKTx0jN6YajH3mGozbVP1uTxz4fwRevBwlEuZ2-9FdKYWxQSLl7L1gFipZqIBJsNl8-M2rhfFPxxhzi68Me-lTtp2OhgeETpHTXJWXY0nTawnO9Q-l1tcyMri0SEdY7LuDMGsJU6c6op8dOayn8bPxtJS91hpzVuheYwbkXowa_MBcS1YwxnwA52mnvdWJXplegLYlgz_Qj9gISXSxenfiMw6JcLWq0G4L4bqEHXEWrQ45B0GmxsJhnsTwHBAXhB1NiXZLmpdZZal4pCaJZZerjG6B7FzeVNA4guKibv2rx7NF5oZIkIovXmLmIxSNHrH-Lv7f9cCBaPBFRi8oHRSVVUFMe4eOtJtL0HvFfBNV1mLy9LvBNz66bXCjjDjeN6BmjkgpFWWFYgbh7gpxXZFCrrN1PHi2vu5de2yxkg1xg04F73wbi2hYSQALMXkSSbjlN56nF3h6T8oppl-IVJVpUP5JGxqHXwHFOB-iajZ_Pl5mrE_9MyxMYR6baHvu8lcZmS81Qx18XaMm3EnhXtoF8r9JF3SxxhAP1YkmTS61ziA5DM_En_uMaQVskgv6oAdVFo3Gm-qjhO86cL-sWElDbCJvyltuQk3BxVSuf6EYop4ZxvfaUZZrHGSBl2_2Wrr4ugJbfhSLNggIrpf8vQxSXcIiSyU2_cmQoKXzyc4AGCFycne2xpbhDW7l19JK8732ncdeb6bni91Ph7TCaE3gjT2BTPGOdA2VulyUcbCasaGaUCD5yAr0AYvq7WlHLWQlfovlbDQq-kXNPfEkJAXrovFPzu2xlaYq4d5s8FOGzBzvYBGkq8ieHHPeGK1-zCc6MZw&sai=AMfl-YT_5K0vwZClGiinn6n7kKDydsJggvmWmrVGSm63QmPzHj2ZALuS-IJmJmLdzKBRDM5Jo5nZAwDCJC5zypWXxr4_ZpV3WxA0HjitzslzyRGfYFkDB3rLCOzAMVs7iazemXE8DlxxO8DMfm3_1NhBA_S8p8BmpdtNNFqX5VvyWAMJReby_ms&sig=Cg0ArKJSzATyp4fe1ALbEAE&uach_m=[UACH]&pr=8:642C3CDA14CBF680&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1685&vt=11&dtpt=1081&dett=3&cstd=602&cisv=r20230420.75673&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: pastelink.net
URL: https://pastelink.net/0hjg5kw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 25 Apr 2023 13:55:20 GMT

GET
H2

200

setuid
u.4dex.io/ Frame 97A5
Redirect Chain

https://u.openx.net/w/1.0/cm?id=3cc4b2f6-c7e1-439a-8174-b6dbb96bcabf&r=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%7BOPENX_ID%7D
https://u.4dex.io/setuid?bidder=openx&uid=82a064da-4ccf-4af9-8e14-9225851d239f

0
544 B

143ms
142ms

Image
text/plain

34.149.40.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.4dex.io/setuid?bidder=openx&uid=82a064da-4ccf-4af9-8e14-9225851d239f
Requested by: Host: u.4dex.io
URL: https://u.4dex.io/usync.html
Protocol: H2
Server: 34.149.40.38 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 38.40.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://u.4dex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:21 GMT
via: 1.1 google
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: 0

Redirect headers

date: Tue, 25 Apr 2023 13:55:21 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://u.4dex.io/setuid?bidder=openx&uid=82a064da-4ccf-4af9-8e14-9225851d239f
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 25D1 0
20 B 323ms
322ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3302055989881&version=m202301230201&ct=119&x=8&cor=14227305223910582000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E0B4 0
20 B 300ms
300ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6062371915745&version=m202301230201&ct=119&x=8&cor=4919490826750685000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 677E 0
20 B 168ms
168ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2150753120456&version=m202301230201&ct=119&x=8&cor=13576015438087410000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://pastelink.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET user-matching
ads.stickyadstv.com/ Frame 97A5 0
0

GET
H2 200 sync Show response
gum.criteo.com/ Frame 5ABE 88 B
328 B 142ms
142ms Script
text/javascript 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?r=2&c=321&gdpr=0&gdpr_pd=0&gdpr_consent=&us_privacy=&j=window.advBidxc.mnetRtusId

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c9c2996520e3665e9a668ada2a01ba24c3741653a3c0a8c066cba91027690991

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:55:21 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 1633819
expires: 60

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame F586
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=medianet
https://eus.rubiconproject.com/usync.html?p=medianet

281 B
554 B

134ms
134ms

Document
text/html

23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=medianet
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://contextual.media.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 Apr 2023 13:55:22 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 25 Apr 2023 13:55:22 GMT
location: https://eus.rubiconproject.com/usync.html?p=medianet
server: AkamaiGHost

GET
H2

200

cksync.html Show response
contextual.media.net/ Frame D8E8
Redirect Chain

https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3254325214262558000V10%26type%3Drkt%26refUrl%3D%26vid%3D243092206132543252142625580...
https://contextual.media.net/cksync.html?cs=8&vsid=3254325214262558000V10&type=rkt&refUrl=&vid=24309220613254325214262558000V10&ovsid=5142336722875449073

235 B
668 B

169ms
169ms

Document
text/html

88.221.168.23

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/cksync.html?cs=8&vsid=3254325214262558000V10&type=rkt&refUrl=&vid=24309220613254325214262558000V10&ovsid=5142336722875449073

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

88.221.168.23 -, , ASN (),

Reverse DNS

Software

Apache /

Resource Hash

7adfac299561b9d5ab03c88e9d582cf76bd31746a4c0564d7d0d428199c943df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://contextual.media.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: ka-GE,ka;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-length: 235
content-type: text/html;charset=UTF-8
date: Tue, 25 Apr 2023 13:55:22 GMT
expires: Tue, 25 Apr 2023 13:55:22 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
pragma: no-cache
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

Redirect headers

Content-Length: 0
Date: Tue, 25 Apr 2023 13:55:22 GMT
Location: https://contextual.media.net/cksync.html?cs=8&vsid=3254325214262558000V10&type=rkt&refUrl=&vid=24309220613254325214262558000V10&ovsid=5142336722875449073
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.3.29.v20201019)

GET user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4FCC 0
0

GET

cksync.php
contextual.media.net/ Frame 5ABE
Redirect Chain

https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=3254325214262558000V10&type=son&refUrl=&vid=24309220613254325214262558000V10&ovsid=[UID]
https://contextual.media.net/cksync.php?cs=8&vsid=3254325214262558000V10&type=son&refUrl=&vid=24309220613254325214262558000V10&ovsid=6fd8f03a-1959-400a-b2a9-b3e4ad916289

0
0

GET
H2

200

cksync.html
contextual.media.net/ Frame 5ABE
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3254325214262558...
https://contextual.media.net/cksync.html?cs=8&vsid=3254325214262558000V10&type=opx&refUrl=&vid=24309220613254325214262558000V10&ovsid=c68609d0-30a7-42d1-a1f2-d16cec70b8ab

235 B
235 B

165ms
165ms

Image
text/html

88.221.168.23

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.html?cs=8&vsid=3254325214262558000V10&type=opx&refUrl=&vid=24309220613254325214262558000V10&ovsid=c68609d0-30a7-42d1-a1f2-d16cec70b8ab

Requested by

Protocol

Server

88.221.168.23 -, , ASN (),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Tue, 25 Apr 2023 13:55:22 GMT
server: Apache
vary: Accept-Encoding
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: text/html;charset=UTF-8
cache-control: max-age=0, no-cache, no-store
content-length: 235
x-mnet-hl2: E
expires: Tue, 25 Apr 2023 13:55:22 GMT

Redirect headers

date: Tue, 25 Apr 2023 13:55:22 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://contextual.media.net/cksync.html?cs=8&vsid=3254325214262558000V10&type=opx&refUrl=&vid=24309220613254325214262558000V10&ovsid=c68609d0-30a7-42d1-a1f2-d16cec70b8ab
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET rmp1r1
sync.1rx.io/usersync2/ Frame 5ABE 0
0

GET
H/1.1

200
OK

cksync
cs.media.net/ Frame 5ABE
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=MzI1NDMyNTIxNDI2MjU1ODAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEGdfsuU_RDPtwSTDyujae-U&google_cver=1

61 B
626 B

735ms
221ms

Image
image/gif

23.35.228.23

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEGdfsuU_RDPtwSTDyujae-U&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Server: 23.35.228.23 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:22 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 61
x-mnet-hl2: E
Expires: Tue, 25 Apr 2023 13:55:22 GMT

Redirect headers

pragma: no-cache
date: Tue, 25 Apr 2023 13:55:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEGdfsuU_RDPtwSTDyujae-U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET ping_match.gif
pm.w55c.net/ Frame 5ABE 0
0

GET usersync.aspx
dis.criteo.com/dis/ Frame 5ABE 0
0

GET sync
x.bidswitch.net/ Frame 5ABE 0
0

GET

cksync.php
contextual.media.net/ Frame 5ABE
Redirect Chain

https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php...
https://stags.bluekai.com/site/23178?id=-TfcynS3qpRQgnR7TjeE&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TD...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPJNKRTGG6LOKMZXC4CSKFTW4URXKRVGK...
https://contextual.media.net/cksync.php?cs=1&ovsid=-TfcynS3qpRQgnR7TjeEhttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=243092206132543252142625...

0
0

GET sync
rtb.mfadsrvr.com/ Frame 5ABE 0
0

GET

cksync
cs.media.net/ Frame 5ABE
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent=
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=3767e262-38e9-452d-b449-3be4a4168cad

0
0

GET
H/1.1 200
OK log
c21lg-d.media.net/ Frame 5ABE 35 B
296 B 548ms
276ms Image
image/gif 2.23.192.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c21lg-d.media.net/log?logid=kfk&evtid=cs&origin=1&pvgid=data-c&ovsid=5VEgPnXXHz0jEHlbdFpDejgUEkK8wdgm&cs=15&vsid=3254325214262558000V10
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.192.21 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:22 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Tue, 25 Apr 2023 13:55:22 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 8F62 0
861 B 136ms
136ms Script
text/html 185.89.210.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: ka-GE,ka;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 13:55:22 GMT
AN-X-Request-Uuid: bb0c0e14-6e7b-4899-a621-36df10f5c1ec
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 91.239.206.129; 91.239.206.129; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET sync
ssbsync.smartadserver.com/api/ Frame 1328 0
0

GET usync.js
eus.rubiconproject.com/ Frame F586 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: csync.loopme.me
URL: https://csync.loopme.me/?partner_id=2157&gdpr=0&gdpr_consent=&uid=c79b4b4b-413b-4814-a807-7c0bc2e45ef6

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/sync?dsp_id=364&user_id=c79b4b4b-413b-4814-a807-7c0bc2e45ef6&expires=30&gdpr=0&gdpr_consent=

Domain: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161102

Domain: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Domain: a.audrte.com
URL: https://a.audrte.com/get?p=M501991648&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D141%26partneruserid%3D$UID&gdpr=0&gdpr_consent=

Domain: pixel-eu.rubiconproject.com
URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag&gdpr=1&gdpr_consent=

Domain: ssbsync-global.smartadserver.com
URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/sync?ssp=onetag&gdpr=1&gdpr_consent=

Domain: ads.stickyadstv.com
URL: https://ads.stickyadstv.com/user-matching?id=3656

Domain: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159463&userIdMacro=PM_UID&predirect=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254325214262558000V10%26type%3Dpba%26refUrl%3D%26vid%3D24309220613254325214262558000V10%26ovsid%3DPM_UID

Domain: contextual.media.net
URL: https://contextual.media.net/cksync.php?cs=8&vsid=3254325214262558000V10&type=son&refUrl=&vid=24309220613254325214262558000V10&ovsid=6fd8f03a-1959-400a-b2a9-b3e4ad916289

Domain: sync.1rx.io
URL: https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254325214262558000V10%26type%3Dr1%26refUrl%3D%26vid%3D24309220613254325214262558000V10%26ovsid%3D%5BRX_UUID%5D

Domain: pm.w55c.net
URL: https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3254325214262558000V10%26type%3Ddxu%26refUrl%3D%26vid%3D24309220613254325214262558000V10%26ovsid%3D_wfivefivec_

Domain: dis.criteo.com
URL: https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1

Domain: contextual.media.net
URL: https://contextual.media.net/cksync.php?cs=1&ovsid=-TfcynS3qpRQgnR7TjeEhttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=24309220613254325214262558000V10&vsid=3254325214262558000V10

Domain: rtb.mfadsrvr.com
URL: https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=3254325214262558000V10

Domain: cs.media.net
URL: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=3767e262-38e9-452d-b449-3be4a4168cad

Domain: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=43&gdpr=0&gdpr_consent=

Domain: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js

Verdicts & Comments Add Verdict or Comment

96 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

49 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
pastelink.net/	1970-01-20 12:10:30	Name: PHPSESSID Value: pes3ffqobehqgme1db3pvvjtnv
.pastelink.net/	1970-01-20 13:30:06	Name: _gcl_au Value: 1.1.264187627.1682430915
.pastelink.net/	1970-01-20 20:56:30	Name: _ga Value: GA1.2.722270160.1682430915
.pastelink.net/	1970-01-20 11:21:57	Name: _gid Value: GA1.2.1400003710.1682430916
.pastelink.net/	1970-01-20 11:20:30	Name: _gat_UA-55088947-2 Value: 1
.smartadserver.com/	1970-01-20 20:07:33	Name: pbw Value: %24b%3d16890%3b%24o%3d11100
.smartadserver.com/	1969-12-31 23:59:59	Name: vs Value: 587752=5423875
.smartadserver.com/	1969-12-31 23:59:59	Name: TestIfCookie Value: ok
.smartadserver.com/	1970-01-20 20:07:33	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-20 11:21:57	Name: sasd Value: %24qc%3D1314590126%3B%24ql%3DUnknown%3B%24qpc%3D380000%3B%24qt%3D107_7_29856t%3B%24dma%3D0
pastelink.net/	1970-01-20 11:20:34	Name: _ublock Value: 1
.smartadserver.com/	1970-01-20 20:07:33	Name: pid Value: 365239526762316787
.smartadserver.com/	1970-01-20 11:21:57	Name: sasd2 Value: q=%24qc%3D1314590126%3B%24ql%3DUnknown%3B%24qpc%3D380000%3B%24qt%3D107_7_29856t%3B%24dma%3D0&c=1&l=1224194952&lo=1424563188&lt=638180277169048642&o=1
.adnxs.com/	1970-01-20 13:30:06	Name: icu Value: ChgIvahBEAoYASABKAEwxLefogY4AUABSAEQxLefogYYAA..
.adnxs.com/	1970-01-20 13:30:06	Name: uuid2 Value: 7656236649959587680
.rubiconproject.com/	1970-01-20 20:06:06	Name: khaos Value: LGWBXFQF-4-LQHX
.omnitagjs.com/	1970-01-20 12:03:42	Name: ayl_visitor Value: 003ef6b810173ec7bf5b66f043e44789
.pastelink.net/	1970-01-20 20:42:06	Name: __gads Value: ID=b9db2b885b5d5771:T=1682430917:S=ALNI_Maq62rt4TKwRcOqLL9XAc1k3F0E-g
.pastelink.net/	1970-01-20 20:42:06	Name: __gpi Value: UID=00000c0a8915af49:T=1682430917:RT=1682430917:S=ALNI_Mahewcnwn2PYfIEkeGXb7WLELfZMw
.pastelink.net/	1970-01-20 20:56:30	Name: _ga_S3DKHVPF03 Value: GS1.1.1682430915.1.0.1682430918.0.0.0
.doubleclick.net/	1970-01-20 20:56:30	Name: IDE Value: AHWqTUmh_kzPKstJYKsInon3vtvPKXbS3ZU9xMY2APzK72ggr10NFjFhgFdWA4zY
.casalemedia.com/	1970-01-20 13:30:06	Name: CMPS Value: 2146
.lkqd.net/	1970-01-20 20:06:06	Name: lkqdidts Value: 1682430919
.lkqd.net/	1970-01-20 20:06:06	Name: sr59 Value: 1\|CAESECNeGUhbCTRB4EloewhHQhA\|1682430919
.eskimi.com/	1970-01-20 12:03:42	Name: __eConsent Value: 1
.eskimi.com/	1970-01-20 12:03:42	Name: __eDId Value: c79b4b4b-413b-4814-a807-7c0bc2e45ef6
.eskimi.com/	1970-01-20 11:40:40	Name: __eP Value: 1
.lkqd.net/	1970-01-20 20:06:06	Name: lkqdid Value: pZXRMG9AP9E
.casalemedia.com/	1970-01-20 20:06:06	Name: CMID Value: ZEfbx-kwIAmBLOpECWyZpwAA
.casalemedia.com/	1970-01-20 13:30:06	Name: CMPRO Value: 2146
.criteo.com/	1970-01-20 20:42:06	Name: uid Value: eef00600-3978-4e31-99a2-49a5228ed249
.pastelink.net/	1970-01-20 20:42:06	Name: cto_bundle Value: Va8M5l95dkVkSFFHZUdxU0xEUjRiaVNPdlNaRjRVUjN5eExoN1VSJTJCRzBON0VhODZrRnV4TGd0cW5aQkFkWnoxcmtiTFN0cFNJbzdQRmJUV01TRXRBNldsc3lDMHNVVHNQb3lPVlU1Y2dScVNpYVY3RGdtcWtJQk9LanpDYlhoWCUyRkk2bnNEREtHNVlZcUN4dHElMkJHUGlMcnRoZFElM0QlM0Q
a4p.adpartner.pro/	1970-01-20 12:46:54	Name: apuid Value: 69b051a8-fd4e-4d86-ae61-9aa9c9c2d7a7
a4p.adpartner.pro/	1970-01-20 20:06:06	Name: buyeruid_27 Value: c79b4b4b-413b-4814-a807-7c0bc2e45ef6
.rmp.rakuten.com/	1970-01-20 12:03:42	Name: Rp Value: c089e3dee5f990b963636cad87d16447dbc75fa297958024
.openx.net/	1970-01-20 20:06:06	Name: i Value: dd065f16-3220-47c6-986b-67ea3ab8198a\|1682430920
.onetag-sys.com/	1970-01-20 20:56:30	Name: OTP Value: 5ZOV02xj0ogLhNj3oa6KuHKH3S935C9yaiVMzzzzx4M
.adsrvr.org/	1970-01-20 20:07:33	Name: TDID Value: 3767e262-38e9-452d-b449-3be4a4168cad
.adsrvr.org/	1970-01-20 20:07:33	Name: TDCPM Value: CAESFgoHcnViaWNvbhILCPyv4eDX5-I7EAUYBSABKAIyCwj6546M7ufiOxAFOAE.
.spotxchange.com/	1970-01-20 12:00:50	Name: audience Value: d198ae76-e370-11ed-9f8d-18a305860106
.linkedin.com/	1970-01-20 20:06:06	Name: bcookie Value: "v=2&7fedf301-e6e3-4a66-8923-7a47a205ede4"
.linkedin.com/	1970-01-20 11:21:57	Name: lidc Value: "b=VGST01:s=V:r=V:a=V:p=V:g=2905:u=1:x=1:i=1682430921:t=1682517321:v=2:sig=AQGukfQCVRnhsaX2ycsJr5V8uBcmlxwT"
.4dex.io/	1970-01-20 12:46:54	Name: uids Value: eyJzeW5jcyI6eyJpbmRleGV4Y2hhbmdlIjoiMjAyMy0wNC0yNVQxMzo1NToxNi43MDEwOTQ4ODlaIiwicHVibWF0aWMiOiIyMDIzLTA0LTI1VDEzOjU1OjE2LjcwMTAyODI5NFoiLCJydWJpY29uIjoiMjAyMy0wNC0yNVQxMzo1NToxNi43MDEwNzY5ODFaIn0sInVpZHMiOnsiYWRhZ2lvIjp7InVpZCI6IjNiYzZmODE2LTk2NzgtNGE5MS1iM2M3LTNmYzU5YTYwYzE1NSIsImV4cGlyZXMiOiIyMDIzLTA2LTI0VDEzOjU1OjE2LjY5OTExNTAzM1oifSwib3BlbngiOnsidWlkIjoiODJhMDY0ZGEtNGNjZi00YWY5LThlMTQtOTIyNTg1MWQyMzlmIiwiZXhwaXJlcyI6IjIwMjMtMDYtMjRUMTM6NTU6MjEuMTQ5NDg5MDYxWiJ9fSwiYmRheSI6IjIwMjMtMDQtMjVUMTM6NTU6MTYuNjk4OTgwNDMyWiJ9
.smartadserver.com/	1970-01-20 20:07:33	Name: csync Value: 76:CAESEB1BcZIc3v7Pjjh1D7uBT00\|100:1b23f7b7-0a65-475d-852f-113e788cf1b1
.amazon-adsystem.com/	1970-01-20 20:56:30	Name: ad-privacy Value: 0
.zemanta.com/	1970-01-20 20:06:06	Name: zuid Value: -TfcynS3qpRQgnR7TjeE
.yahoo.com/	1970-01-20 20:06:28	Name: A3 Value: d=AQABBMnbR2QCENp5Um9W4YDUFwj1aJ-H5YEFEgEBAQEtSWRRZAAAAAAA_eMAAA&S=AQAAAuqy3jz7uTzTZdZExD8zeNU
.rubiconproject.com/	1970-01-20 20:06:06	Name: audit Value: 1\|hLZGFuTafB2z5Er7pJTdXO1ArEyWu9IO8o4YPv4NG7nMS3jmYCXqV4CywZhaqLKPDcJZWBbPH93MboWaW1ii7VcR1aWtdTEq
.amazon-adsystem.com/	1970-01-20 17:21:57	Name: ad-id Value: A4q_d5iAcUZ_twtMsYiPKbU

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://id.rlcdn.com/711916.gif?ct=4&cv= Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
a4p.adpartner.pro
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.pubmatic.com
ads.servenobid.com
ads.stickyadstv.com
adservice.google.com
adservice.google.ge
api.btloader.com
b1sync.zemanta.com
beacon-fra2.rubiconproject.com
bidder.criteo.com
btloader.com
c21lg-d.media.net
cdn4.buysellads.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.createjs.com
code.jquery.com
contextual.media.net
cs.lkqd.net
cs.media.net
csync.loopme.me
dis.criteo.com
dsp-ap.eskimi.com
dsp-media.eskimi.com
dsp-trk.eskimi.com
dsum-sec.casalemedia.com
eu-u.openx.net
eus.rubiconproject.com
f6a20f92abee908a808b2ae95c49ab14.safeframe.googlesyndication.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hb-api.omnitagjs.com
hbopenbid.pubmatic.com
ib.adnxs.com
id.rlcdn.com
image8.pubmatic.com
match.adsrvr.org
mp.4dex.io
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pastelink.net
pixel-eu.rubiconproject.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.media.net
prg.smartadserver.com
public.servenobid.com
px.ads.linkedin.com
rtb-csync.smartadserver.com
rtb.mfadsrvr.com
s-cs.rmp.rakuten.com
s.amazon-adsystem.com
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
securepubads.g.doubleclick.net
srv.buysellads.com
ssbsync-global.smartadserver.com
ssbsync.smartadserver.com
stags.bluekai.com
static.criteo.net
sync-tm.everesttech.net
sync.1rx.io
sync.mathtag.com
sync.search.spotxchange.com
token.rubiconproject.com
tpc.googlesyndication.com
u.4dex.io
u.openx.net
ups.analytics.yahoo.com
us-u.openx.net
win.eskimi.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
a.audrte.com
ads.pubmatic.com
ads.stickyadstv.com
contextual.media.net
cs.media.net
csync.loopme.me
dis.criteo.com
eus.rubiconproject.com
pixel-eu.rubiconproject.com
pm.w55c.net
public.servenobid.com
rtb.mfadsrvr.com
ssbsync-global.smartadserver.com
ssbsync.smartadserver.com
sync.1rx.io
x.bidswitch.net
104.17.24.14
104.18.3.114
104.26.2.70
104.26.6.139
104.26.8.169
104.80.242.37
13.107.42.14
130.211.23.194
130.211.27.62
137.74.6.209
142.250.181.226
142.250.181.232
142.250.184.194
142.250.184.225
142.250.185.100
142.250.185.194
142.250.185.226
142.250.185.78
142.250.185.98
142.250.185.99
142.250.186.131
142.250.186.134
142.250.186.42
142.250.186.70
146.20.128.131
15.197.193.217
151.101.194.49
151.139.128.10
161.35.94.134
169.150.247.33
172.217.16.194
178.250.1.11
178.250.7.10
178.250.7.2
178.32.210.226
185.255.84.151
185.29.134.248
185.64.189.112
185.64.190.79
185.80.39.216
185.86.138.155
185.89.210.153
185.94.180.125
193.0.160.131
2.23.192.21
2.23.197.190
209.54.182.161
216.58.212.130
216.58.212.161
216.58.212.162
23.35.228.23
23.35.236.188
23.37.42.132
23.48.23.26
3.71.149.231
34.107.148.139
34.120.139.69
34.149.40.38
34.248.233.188
34.95.81.88
34.98.64.218
35.186.201.99
35.244.174.68
51.89.9.251
52.48.207.187
54.239.33.158
64.202.112.159
69.16.175.10
69.173.144.140
69.173.144.152
69.173.144.165
88.221.168.23
89.35.29.15
01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d
03182c0784cdb86baad1ec7858096661200fb81b2bf08457d77106e852eb8744
04dd17131968a07c34224fb2e34a25d3bdd06fed40c6025f20ecdfc9e6eff2a0
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08882d31df95daace0c23f1108f3e11fc53ef17334df446f3e3cb395c597c955
089573faad72e10708f3a9071a67b4e677bd61e26c8b7a67351057b4812bbbfb
0aa45374883284b3c3cc9729b1b2f0b6b616244f0752cda868be02d370aa5407
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c428367c7cb37f9089c9fa7b0dca779f518f18f6ef3b2901ca229b97d1db76c
0e37baac587952dd1347ba448e3a3e943bef26902aa626bbadfe52d072cfcfd3
1159abe5cc504088525f8af0791bf5127f836bbf1be3d0937131b1e067f1f7c6
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13100cd3879e5c1385581d7c88153e60cd7c3e4b0578fe2838daa56da689769b
13ce1ffd71c6690d9122a0c231c3dadc0140b95c1ca4010f11930f1856477a1f
15f20e02ef301e62ed325d633f971c506dcf1be3458c2371b849b505bb8673dc
16750ab679c3941c3459154252f03b2916b3e9384fdb4b5320d90ab4d69b9ea1
190d542d8e593c755fd16e67ca62583e183957829dfb69cc2e00c7bf67df237d
1abdd435842595c2a4c62b248f3a28d2787d0a58e73e19ad14e09d955e360b0f
1c9e4c65f9d921b1c0829958cc7b2f307a3e22ac7a23e8315b6db4c0954e1107
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
21a5ba176b5e077b89f9ecb8252d0e9de75010082b29898d25e343b01353eb6e
2702607d13c6fb6f41b20d7794bef6c4ce9640011d5a37341a8d85fe972c7498
28206f4189052daa1630edbe12c03c5e58d4993e7192eaf1629c77759ac6df84
2c470984efff845d5290f15d3a01552b4bff15c1e40a48c944233a5bc5f69539
2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc
3014acc16bf3744b41bb869785bf686290d9834a5e6f69d4583c4e39fca26bff
3077c047c7210f4e52a637ba10a8d5346ed72d4e29956c96aaa8f8aac58d440c
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32335829bee547a8dde843667ce86df35cde4d25dd073edd3a7cc54e5f798c9c
3579ac5c706d382bb1f9b7d9a36bc78bdf2525e8a018137b5892990ce3818433
362ee6590413841d5076ac5bc201f3d298119845533319dfbd051c1b6fbf3d78
36b51237a514c8362d64d43c17abd3d4fd2e3a586c8a55c32bfde0c0e1c114aa
3a73b36061944ebbb33696553917d393280f796e212afcd09057b441c1168606
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3ea905d7ec224966192e2e3fbee570c183e4e42728355f34fccaac9c05c058d3
3f3e1cbe829f2a7fe05a78842adb78070c3a4c1314fd0c245418c0477986df3c
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40d44b6cae4458b255046031b2b260654c4bb34901b2de542b22c7ecb337d7f4
4480fbc8fd7d5c211e97db310f84e93843634c965902c9e518680c6336cc1836
45b5465229b3d2f0348a4cfcd69e52df10b6059122d41cff6f9854a30bf111cf
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143
4aa601fd88ef979c679f62243f66ce558cd267a82b9fad2b26b9e98e3c9cd964
4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311
4b79ae7526be652a8b9c2525fd6ceeeec70fabf817604e4fdd1c24c0aa382390
4cd800db84fcc5c0f0554b994b9c23e455f3b76c300ce069f35572b18e6ca6fc
4ce37f09420b29f874f11bf6fd1418a013b8a776dd8a45d0c63bf413759b600a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc
50fb7a74467a7c8eff5584b3c0ef64577cf0e84e3256387a0e3f17a1a1be0f7f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55fba04ad10c2021f460d09163d137b720bd5876c5dc377e09ea2991f22e8ed6
57226adbc32c91a8cd4ec9ee08e4f155f3450e79256731c04f81709a58c4c1fc
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
601950f24fa6240b97d1f7887b87077902e0ff789e53d2a813e46e3782d099de
6034cf3e2d9adb48d84f3600a5348e9fb3aa350fdd89dfabbba82ff4b092c805
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
694e625dc02fa5acaf8447d2928b7f558f54335c8c5bccaf8dd4f24e17d29190
6cba53a41f462f49403ba4f94d2325fc558f9670fca449bf6a1e90095810deef
6f0fef1778678fd7b5436ebd0ba183edb1e28d93136539e8beb4e4d60efdeceb
70a2cbd8021e2ea73d296d362b2a3f26c423f30932ea4c7c3b295d61d2d0d851
73f5bea8ad17369a5d7d4169383952d16544b54d029b3fe0d621b3c41d5e687b
780317dd36b1a63f2f5db94f53ea70dad72fc8198944992a51aeaebe9d111349
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7adfac299561b9d5ab03c88e9d582cf76bd31746a4c0564d7d0d428199c943df
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7f5feab8115fb17c8945b5b22a6382315c264a9878b2de8d1916013720e496ef
831997ce334905a4fc3c7f0673c30bd34701f9810d87b19335aea228804ae38a
88f94fc9bb9bada786c28d661a00855994d18fbeda03d3834cf0c8a55fa79384
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8af24d7350dbdc8eea22e4737deaa35a795b19b0560d7173113bec7e8a3effb7
8bfb29b65c379334559c46706eb79b1929062c3a25ac4ac3d65b5d122716b1a7
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
9613f838798d1aed5da373796f9180a1531b4670d6762a7db38dde12ae032934
962d6dea088b031cd44d33f937adb5ba241a9435aa32a8be667d57482b8bbe1a
977fec2807d31f9cda9b855a04aec643ed99e64f2d963806aea4221bd4586d98
9a748f6285b70486fd706549f680c706e840ff7affdb2ba5aa9e556c6da16ec6
9ae355ad4680f0aee5c40c3d88a81234057b95d87f2ee261d5d0f0d00c6fea46
9d2a1bd035ccc0274c7333c015d2e927ab47b4d256fcd544d2dcb7c05f9cb68e
9d8c65de4f672a8b673ae2210d3300205856ee3ca210d5de54285a3cfadec541
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a32689b91e3b126a730b0ef22054269fa9dde5abca91223e857569d22ef4711e
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
b07fc25523bee53d607b8220afb66cafda92652ffe192daae20aed20536d69a8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b42ccfc9b92963d83a5459f6585c19c7c335f79f647e78959c3aba1dddd21395
b819f364a627460b8ec0ffd43252782e12a07ce682c37933d8a2eb40ed935f65
bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce
c5663a1ab2a975aedc88dbbf644d92980a966b614286321a39baac756077b738
c82c372cd5c4a3b46fddb13499d36d8818044e818b53a6794f340effeea5673a
c9c2996520e3665e9a668ada2a01ba24c3741653a3c0a8c066cba91027690991
cb5324b739486087ff90039a0e13dc311dbda5475ad406e5fbe65611540b6bcd
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cdc7862ae6f3ae80124d8c672dc6d7a4d892ba42f7d651dbf0bd74d1d9e353ad
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d91b8da245e0da8f5b9583c8dc04ac63b313221170685d619ca0670e32eb5558
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de833a93fe7604c1b82307d337a91c9424fc9198c4cb4667d6690095cfce5281
e1aa27dcfbbfbb76e753f426fe4918b91507ef4cd8ed690f2dab2f389aa8782b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5d563ffd8db6e460ac4a8eba1934c4ca7c5415b34f06f2c65371ad03665bafe
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ec237517566b85a5797425cebe748d7248a7d8c698bdb113f9615946b7434a78
ed6cd01c384db70bedbe24986aa85b0745f994ad71b7e5712f8a60e1ff457d7f
ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f63176263e5a9f08c29da36c980255eee48ee4672be12581811d28153684aa2a
f7e19b83e8b3b96c5ed11f6de41c27ee2fa7be145a4f48375ab0b5b4e286c1ea
fc88f7053cc02fa49d877214ca893f0753ebe7687a319512ebc4914de2b84258
fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff28f21e35b9908ce885d423da61e8eba592786496bde7ef9f72da1eb4a21826

pastelink.net Open in urlscan Pro 89.35.29.15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

258 Requests

79 %HTTPS

0 %IPv6

53 Domains

89 Subdomains

66 IPs

9 Countries

2932 kBTransfer

6781 kBSize

49 Cookies

16 Outgoing links

Redirected requests

258 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pastelink.net Open in urlscan Pro
89.35.29.15 Public Scan

Screenshot
Live screenshot

Full Image

258
Requests

79 %
HTTPS

0 %
IPv6

53
Domains

89
Subdomains

66
IPs

9
Countries

2932 kB
Transfer

6781 kB
Size

49
Cookies

258 HTTP transactions
4 data transactions