pastelink.net Open in urlscan Pro
178.79.155.87  Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 49

• https://ad1.ad-srv.net/request.php?zone=8e93336o9ddx&nw=14&renderingType=javascript&namespace=5354850f89&subid=&uid=2fab91046ab7b483&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCJGGGB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgTrAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId3ItGR4G-b8VgzY7JgZlVXNnb7-S9PgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTL6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1kCNF19fi5jmUKWK8vl8Q4dTkx5A%26client%3Dca-pub-9070629843129312%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D146072%2526t%253D1633831688219%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D61624b07-000b-2a0a-08bb-e7534b0bdb3d%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Ff5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Ff5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=7240743639270&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
• https://ad1.ad-srv.net/request.php?zone=8e93336o9ddx&nw=14&renderingType=javascript&namespace=5354850f89&subid=&uid=2fab91046ab7b483&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCJGGGB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgTrAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId3ItGR4G-b8VgzY7JgZlVXNnb7-S9PgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTL6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1kCNF19fi5jmUKWK8vl8Q4dTkx5A%26client%3Dca-pub-9070629843129312%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D146072%2526t%253D1633831688219%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D61624b07-000b-2a0a-08bb-e7534b0bdb3d%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Ff5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Ff5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=7240743639270&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 52

• https://www.awin1.com/cshow.php?s=2470174&v=11354&q=371933&r=278235&pv=1&pref1=99759900012485901324213011743001&gdpr=&gdpr_consent= HTTP 302
• https://www.zenaps.com/cshow.php?pvr=e9af1670-296e-11ec-855b-692d0ae1a3be&v=11354&r=278235&q=371933&s=2470174&viewref=99759900012485901324213011743001&pv=1&gdpr=&gdpr_consent= HTTP 302
• https://www.conrad.de/ztpv.php?awc=11354_278235_1633831688_e9af1670-296e-11ec-855b-692d0ae1a3be&insert=AW

Request Chain 57

• https://www.awin1.com/cshow.php?s=2470174&v=11354&q=371933&r=278235&pref1=99759900012485901324213011743001&gdpr=&gdpr_consent= HTTP 302
• https://www.zenaps.com/cshow.php?pvr=e9b2e700-296e-11ec-855b-692d0ae1a3be&v=11354&r=278235&q=371933&s=2470174&viewref=99759900012485901324213011743001&gdpr=&gdpr_consent= HTTP 302
• https://asset.conrad.com/media10/isa/160267/c1/-/de/Haussicherheit_728x90?format=gif

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 9womt51w Show response pastelink.net/	15 KB 5 KB	320ms 58ms	Document text/html	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://pastelink.net/9womt51w Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash b6d529803a63fe30192a3de002646c83021eec85c21d171eba6ff28c61779d76 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :method GET :authority pastelink.net :scheme https :path /9womt51w pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers server nginx date Sun, 10 Oct 2021 02:08:07 GMT content-type text/html; charset=UTF-8 set-cookie PHPSESSID=a2jbpp5i3gm15ekcr7gi5lbfs8; secure; HttpOnly expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip
GET H2	200	css2 fonts.googleapis.com/	5 KB 1 KB	98ms 35ms	Stylesheet text/css	142.250.184.202 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap Requested by Host: pastelink.net URL: https://pastelink.net/9womt51w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.202 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f10.1e100.net Software ESF / Resource Hash 2c243eeac8e9c04aaddb3a8d759ab9b535faf21f7b292e61458ee5e45cb8a02a Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Sun, 10 Oct 2021 02:08:07 GMT server ESF date Sun, 10 Oct 2021 02:08:07 GMT x-frame-options SAMEORIGIN report-to {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cross-origin-opener-policy-report-only same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU" expires Sun, 10 Oct 2021 02:08:07 GMT
GET H2	200	styles.css pastelink.net/assets/css/	213 KB 214 KB	35ms 34ms	Stylesheet text/css	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://pastelink.net/assets/css/styles.css?q=15 Requested by Host: pastelink.net URL: https://pastelink.net/9womt51w Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 1786dd1d9c8276247374c106ab58b4963bfddffe0d836515f81e13a40ede3703 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/css/styles.css?q=15 pragma no-cache cookie PHPSESSID=a2jbpp5i3gm15ekcr7gi5lbfs8 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority pastelink.net referer https://pastelink.net/9womt51w :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/9womt51w User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT last-modified Wed, 06 Oct 2021 13:50:37 GMT server nginx etag "615da9ad-355b2" strict-transport-security max-age=31536000; includeSubDomains content-type text/css accept-ranges bytes content-length 218546
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 30 KB	49ms 17ms	Script application/javascript	69.16.175.10 HIGHWINDS2
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: pastelink.net URL: https://pastelink.net/9womt51w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 69.16.175.10 , United States, ASN33438 (HIGHWINDS2, US), Reverse DNS tlb.hwcdn.net Software nginx / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Request headers Referer https://pastelink.net/ Origin https://pastelink.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT content-encoding gzip last-modified Tue, 02 Mar 2021 17:27:20 GMT server nginx etag W/"603e7578-15d9d" vary Accept-Encoding x-hw 1633831687.dop109.am5.t,1633831687.cds256.am5.hn,1633831687.cds007.am5.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30875
GET H2	200	script.min.js Show response pastelink.net/assets/js/	28 KB 29 KB	18ms 17ms	Script application/javascript	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://pastelink.net/assets/js/script.min.js?q=15 Requested by Host: pastelink.net URL: https://pastelink.net/9womt51w Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash b4170c909c4f585adb37ad7ddccb8bed126ac434248651ccc5216bffcbd5ed56 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/js/script.min.js?q=15 pragma no-cache cookie PHPSESSID=a2jbpp5i3gm15ekcr7gi5lbfs8 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority pastelink.net referer https://pastelink.net/9womt51w :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/9womt51w User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT last-modified Wed, 06 Oct 2021 13:37:31 GMT server nginx etag "615da69b-71b1" strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript accept-ranges bytes content-length 29105
GET H2	200	js.cookie.min.js Show response cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/	2 KB 2 KB	39ms 17ms	Script application/javascript	104.16.19.94 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/js-cookie/latest/js.cookie.min.js Requested by Host: pastelink.net URL: https://pastelink.net/9womt51w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4b6d244a569a8befc0b901e3dca8e82f19b188e2d3e76f7c62fce96935ed6311 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 5600257 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 772 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:49 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec5-6d7" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cQNk9NWsdGEQiYgVxYDpAVs6LF%2FqD%2BScRbbP6Ew7miE7Sd9IXz5t1PzLilgWG0llKvxWCo3td8TjPZ8kAcMsqCRptVxCwsyJsj7HQEaaaYg%2Bpj5EJVvA6JrYXeKURmkqH37yS3IM"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 69bc4c8c39c2c4c2-DUS expires Fri, 30 Sep 2022 02:08:07 GMT
GET H2	200	rules.js Show response cdn.adligature.com/pl/prod/	10 KB 3 KB	78ms 30ms	Script application/javascript	104.21.93.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.adligature.com/pl/prod/rules.js Requested by Host: pastelink.net URL: https://pastelink.net/9womt51w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.93.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 694b72ca62c120a3609b0a98f3921815f8a2fd48bd8a45b660937f4c1678eb15 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-goog-hash crc32c=Aof8Kg==, md5=IG6ex2Vvbp/O+MAXfh1Oog== date Sun, 10 Oct 2021 02:08:07 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 539 cf-polished origSize=18373 x-guploader-uploadid ADPycdukOkGCW7GRl6rmX4pKvPqd0srdWZ5BrnjrYNp9b7-VD0ssI8xWf8zJQwwyqJwXK2ykImotl6zS-oFvZFnXWtr0bL0wbA x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding identity cf-bgj minify alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Thu, 30 Sep 2021 19:27:15 GMT server cloudflare etag W/"206e9ec7656f6e9fcef8c0177e1d4ea2" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YizfQk1muTitExFaUrOxBH%2BZRJ0gfg9Dkz13tk6qSZbd5y5gILFUUhbMn7VFSFlw6e%2F4FKpG03isJ%2FifRQTjzCvwQ99tMZrjPZ0JHi%2B11BopjzVUHrfGEhA8kZl3FVqodmveSIs%3D"}],"group":"cf-nel","max_age":604800} x-goog-generation 1633030035918326 content-type application/javascript cache-control public, max-age=1800, s-maxage=600, must-revalidate x-goog-stored-content-length 18373 cf-ray 69bc4c8c684040ed-CDG expires Sun, 10 Oct 2021 02:09:07 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/	906 B 1006 B	79ms 29ms	Script text/javascript	142.250.181.228 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?onload=captchaLoaded Requested by Host: pastelink.net URL: https://pastelink.net/9womt51w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.181.228 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f4.1e100.net Software GSE / Resource Hash cf9c1afa201b13b6357107988725b98e7ae0eaf2dadf5cda2b6112655ba692c0 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 572 x-xss-protection 1; mode=block expires Sun, 10 Oct 2021 02:08:07 GMT
GET H2	200	pastelink-logo.svg pastelink.net/assets/images/logo/	3 KB 3 KB	17ms 17ms	Image image/svg+xml	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://pastelink.net/assets/images/logo/pastelink-logo.svg Requested by Host: pastelink.net URL: https://pastelink.net/9womt51w Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 01408f8061623faa6d2c0f015cd23483c3aa363c095e152f613ed94c87a5803d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/images/logo/pastelink-logo.svg pragma no-cache cookie PHPSESSID=a2jbpp5i3gm15ekcr7gi5lbfs8 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority pastelink.net referer https://pastelink.net/9womt51w :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/9womt51w User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT last-modified Wed, 06 Oct 2021 13:37:31 GMT server nginx etag "615da69b-d3d" strict-transport-security max-age=31536000; includeSubDomains content-type image/svg+xml accept-ranges bytes content-length 3389
GET H2	200	public.png pastelink.net/assets/images/	609 B 775 B	22ms 21ms	Image image/png	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://pastelink.net/assets/images/public.png Requested by Host: pastelink.net URL: https://pastelink.net/9womt51w Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 04bcd86676a40009fe53606bce88edf13537b712f218f9c6057e97c612513092 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/images/public.png pragma no-cache cookie PHPSESSID=a2jbpp5i3gm15ekcr7gi5lbfs8 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority pastelink.net referer https://pastelink.net/9womt51w :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/9womt51w User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT last-modified Thu, 27 May 2021 10:51:10 GMT server nginx etag "60af799e-261" strict-transport-security max-age=31536000; includeSubDomains content-type image/png accept-ranges bytes content-length 609
GET H2	200	gtm.js Show response www.googletagmanager.com/	185 KB 64 KB	100ms 35ms	Script application/javascript	142.250.74.200 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ Requested by Host: pastelink.net URL: https://pastelink.net/9womt51w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.74.200 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s02-in-f8.1e100.net Software Google Tag Manager / Resource Hash 53efd69524fe73e2b9c6abd3aa49b205e5a882c6af4aa8dd5d1ebecad517dd51 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 64834 x-xss-protection 0 last-modified Sun, 10 Oct 2021 00:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Sun, 10 Oct 2021 02:08:07 GMT
GET H2	200	advally-4.9.1.js Show response cdn.adligature.com/rules.js/	90 KB 24 KB	25ms 24ms	Script application/javascript	104.21.93.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.adligature.com/rules.js/advally-4.9.1.js Requested by Host: cdn.adligature.com URL: https://cdn.adligature.com/pl/prod/rules.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.93.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0529fd56af7972219982099af6886c06ef1220bbd2224d6851ee3f82bd0576e7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-goog-hash crc32c=6M2eAw==, md5=cO6GGLPX9u9tVaw36XT6yQ== date Sun, 10 Oct 2021 02:08:07 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2927 cf-polished origSize=153464 x-guploader-uploadid ADPycdtKQzHKSvGWXoAKg1ECFVwm4nm72E9XyxtJYgQdJ0NvKQNy_NFle-TDSFw5SmwtIHSjh-CqCG6Eg8eNqjozTmMX024mdQ x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding identity cf-bgj minify alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Thu, 30 Sep 2021 19:01:35 GMT server cloudflare etag W/"70ee8618b3d7f6ef6d55ac37e974fac9" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vK2xhDfRCk11VvpwdY4dUzfEb3Ge74dgPDt7CosyXU0CHd66CNGczUboy6UH5JFPf9LoGEy%2B1XVKm8EwafslbOFKNf1zpNtv4lmJsPql3jVJMQGkpUQiyOwPsyrUp25Vqc%2F2vQQ%3D"}],"group":"cf-nel","max_age":604800} x-goog-generation 1633028495082015 content-type application/javascript cache-control public, max-age=7200, s-maxage=7200, must-revalidate x-goog-stored-content-length 153464 cf-ray 69bc4c8cc88840ed-CDG expires Sun, 10 Oct 2021 03:19:20 GMT
GET H2	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/	346 KB 135 KB	80ms 26ms	Script text/javascript	142.250.185.195 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js?onload=captchaLoaded Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.195 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s52-in-f3.1e100.net Software sffe / Resource Hash 24888ff57c1714336f283a67e22f1207ef9826694a9078e1cda9d581ff148407 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://pastelink.net/ Origin https://pastelink.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 09 Oct 2021 23:21:46 GMT content-encoding gzip x-content-type-options nosniff age 9981 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 137921 x-xss-protection 0 last-modified Mon, 04 Oct 2021 04:21:56 GMT server sffe vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="recaptcha" expires Sun, 09 Oct 2022 23:21:46 GMT
GET H2	200	debut_light.png pastelink.net/assets/images/	4 KB 4 KB	20ms 20ms	Image image/png	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://pastelink.net/assets/images/debut_light.png Requested by Host: pastelink.net URL: https://pastelink.net/assets/css/styles.css?q=15 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash c24ccee9a35eef9e74411eac871935bdff6bcb895cce80b754b66d3e4292a3ce Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/images/debut_light.png pragma no-cache cookie PHPSESSID=a2jbpp5i3gm15ekcr7gi5lbfs8 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority pastelink.net referer https://pastelink.net/assets/css/styles.css?q=15 :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/assets/css/styles.css?q=15 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT last-modified Thu, 27 May 2021 10:51:09 GMT server nginx etag "60af799d-10c8" strict-transport-security max-age=31536000; includeSubDomains content-type image/png accept-ranges bytes content-length 4296
GET H2	200	flag-sprite.png pastelink.net/assets/images/Sprited/	9 KB 9 KB	20ms 20ms	Image image/png	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://pastelink.net/assets/images/Sprited/flag-sprite.png?q=13 Requested by Host: pastelink.net URL: https://pastelink.net/assets/css/styles.css?q=15 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash cea32a344ff0d6b192d13bacaf72a65d139d767e8c7ff56b1179cd97897a0803 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/images/Sprited/flag-sprite.png?q=13 pragma no-cache cookie PHPSESSID=a2jbpp5i3gm15ekcr7gi5lbfs8 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority pastelink.net referer https://pastelink.net/assets/css/styles.css?q=15 :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/assets/css/styles.css?q=15 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT last-modified Wed, 06 Oct 2021 13:37:31 GMT server nginx etag "615da69b-23bd" strict-transport-security max-age=31536000; includeSubDomains content-type image/png accept-ranges bytes content-length 9149
GET H2	200	arrow-down-blue.svg pastelink.net/assets/images/	239 B 409 B	20ms 20ms	Image image/svg+xml	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://pastelink.net/assets/images/arrow-down-blue.svg Requested by Host: pastelink.net URL: https://pastelink.net/assets/css/styles.css?q=15 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 50a60e5e5f2e8f10a2f8685031ec9849ba8faff613139f3a402e89f25ccbbabc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/images/arrow-down-blue.svg pragma no-cache cookie PHPSESSID=a2jbpp5i3gm15ekcr7gi5lbfs8 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority pastelink.net referer https://pastelink.net/assets/css/styles.css?q=15 :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/assets/css/styles.css?q=15 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT last-modified Wed, 29 Sep 2021 15:26:32 GMT server nginx etag "615485a8-ef" strict-transport-security max-age=31536000; includeSubDomains content-type image/svg+xml accept-ranges bytes content-length 239
GET H2	200	sprites.png pastelink.net/assets/images/	4 KB 4 KB	20ms 20ms	Image image/png	178.79.155.87 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://pastelink.net/assets/images/sprites.png Requested by Host: pastelink.net URL: https://pastelink.net/assets/css/styles.css?q=15 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.155.87 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li274-87.members.linode.com Software nginx / Resource Hash 736e1679b341206c435156f566998d48ad309ec22e277c12da51973bb42671c3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :path /assets/images/sprites.png pragma no-cache cookie PHPSESSID=a2jbpp5i3gm15ekcr7gi5lbfs8 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority pastelink.net referer https://pastelink.net/assets/css/styles.css?q=15 :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/assets/css/styles.css?q=15 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT last-modified Thu, 27 May 2021 10:51:10 GMT server nginx etag "60af799e-e11" strict-transport-security max-age=31536000; includeSubDomains content-type image/png accept-ranges bytes content-length 3601
GET H2	200	pxiEyp8kv8JHgFVrJJfecg.woff2 fonts.gstatic.com/s/poppins/v15/	8 KB 8 KB	88ms 27ms	Font font/woff2	142.250.186.35 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.35 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s04-in-f3.1e100.net Software sffe / Resource Hash 41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://pastelink.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 04 Oct 2021 14:59:01 GMT x-content-type-options nosniff age 472146 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7900 x-xss-protection 0 last-modified Thu, 05 Nov 2020 22:02:01 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 04 Oct 2022 14:59:01 GMT
GET H2	200	JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2 fonts.gstatic.com/s/montserrat/v18/	19 KB 19 KB	119ms 58ms	Font font/woff2	142.250.186.35 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.35 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s04-in-f3.1e100.net Software sffe / Resource Hash 61519deaa156f24ad28ae848179016c7cc741270cb7b30043c24bd30203bdaf3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://pastelink.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 03 Oct 2021 14:39:52 GMT x-content-type-options nosniff age 559695 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19824 x-xss-protection 0 last-modified Tue, 10 Aug 2021 00:20:37 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Mon, 03 Oct 2022 14:39:52 GMT
GET H2	200	pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 fonts.gstatic.com/s/poppins/v15/	8 KB 8 KB	89ms 29ms	Font font/woff2	142.250.186.35 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&family=Poppins:wght@400;500;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.35 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s04-in-f3.1e100.net Software sffe / Resource Hash d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://pastelink.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 04 Oct 2021 15:20:39 GMT x-content-type-options nosniff age 470848 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7776 x-xss-protection 0 last-modified Thu, 05 Nov 2020 22:01:55 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 04 Oct 2022 15:20:39 GMT
GET H/1.1	200 OK	/ Show response pro.ip-api.com/csv/	6 B 154 B	43ms 8ms	XHR text/plain	51.77.64.70 OVH
General Check archive.org Show headers Download Go to Full URL https://pro.ip-api.com/csv/?key=ZxSSLwZtxrKxQbv&fields=countryCode,region Requested by Host: cdn.adligature.com URL: https://cdn.adligature.com/rules.js/advally-4.9.1.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.77.64.70 , Germany, ASN16276 (OVH, FR), Reverse DNS de-fra-1.pro.ip-api.com Software / Resource Hash 70eed4ae4f6f16678d18c5a3ffe7fa5ce9fc9595f16dcb1b8f730284d59d7a9d Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Sun, 10 Oct 2021 02:08:07 GMT Content-Length 6 Content-Type text/plain; charset=utf-8
GET H2	200	gpt.js Show response securepubads.g.doubleclick.net/tag/js/	78 KB 27 KB	101ms 38ms	Script text/javascript	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/tag/js/gpt.js Requested by Host: cdn.adligature.com URL: https://cdn.adligature.com/rules.js/advally-4.9.1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software sffe / Resource Hash cdcfd2c4489c22333d330be4860a63ba699409dc36bde582df1c25603d69be26 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1011 / 139 of 1000 / last-modified: 1633731109" vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 26826 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Sun, 10 Oct 2021 02:08:07 GMT
GET H3	200	prebid-4.43.4.js Show response cdn.adligature.com/prebid/	444 KB 133 KB	43ms 43ms	Script application/javascript	104.21.93.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.adligature.com/prebid/prebid-4.43.4.js Requested by Host: cdn.adligature.com URL: https://cdn.adligature.com/rules.js/advally-4.9.1.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.93.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4acafe4daf8d989eec849bdd8c025b2cda63bd1c3a91edaea56f948d04fd98a8 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-goog-hash crc32c=msxAWQ==, md5=z5RQdZzuWEiAct3OzqDEfQ== date Sun, 10 Oct 2021 02:08:07 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 589 cf-polished origSize=454478 x-guploader-uploadid ADPycdsNtVwitsbcOK1AfVBykN7LpiIIROyEyfE_cJLd0kkn_5wZ70Dc8TojGXSHS3mOKGaF1VaFqWO0P9buahWTUBs x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Tue, 24 Aug 2021 12:17:06 GMT server cloudflare etag W/"cf9450759cee58488072ddcecea0c47d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=35M%2Bf2jxFm%2Bgrjmz%2FIj9YMJNoDl9jGCTzvruaJYUJfBpRcCcU8cWc4sYlNKZc34hGWLC1MeG2neTv9XzE6yqh03F32vt08vFD7xoYNuflYfxVrbrFu0hDbAuatmzVyXR7es73h8%3D"}],"group":"cf-nel","max_age":604800} content-language en x-goog-generation 1629807426503184 content-type application/javascript expires Sun, 10 Oct 2021 02:08:17 GMT cache-control public, max-age=1800, s-maxage=600, must-revalidate x-goog-stored-content-length 454478 cf-ray 69bc4c8d6c58b7c9-CDG cf-bgj minify
GET H3	200	js Show response www.googletagmanager.com/gtag/	126 KB 49 KB	70ms 39ms	Script application/javascript	142.250.74.200 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.74.200 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s02-in-f8.1e100.net Software Google Tag Manager / Resource Hash a86ed55db1aade472e2e51b83a161c4057b1b5ee22b91d70288bb6b58245c333 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 50176 x-xss-protection 0 expires Sun, 10 Oct 2021 02:08:07 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	48 KB 20 KB	51ms 14ms	Script text/javascript	216.58.212.174 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-55WHPWQ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.58.212.174 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s01-in-f14.1e100.net Software Golfe2 / Resource Hash fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 11 Aug 2021 00:32:57 GMT server Golfe2 age 421 date Sun, 10 Oct 2021 02:01:06 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19747 expires Sun, 10 Oct 2021 04:01:06 GMT
GET H3	200	pubads_impl_2021100401.js Show response securepubads.g.doubleclick.net/gpt/	344 KB 120 KB	59ms 30ms	Script text/javascript	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100401.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software sffe / Resource Hash 7770fb287496ea4c36d2ac2f7ee6200008b73da0ec061c4d7e6d7a591df92fd5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:07 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 122419 x-xss-protection 0 last-modified Mon, 04 Oct 2021 08:37:19 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Sun, 10 Oct 2021 02:08:07 GMT
GET H3	200	ppub_config Show response securepubads.g.doubleclick.net/pagead/	70 B 97 B	60ms 32ms	XHR application/json	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pastelink.net Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash 39c0b8be3e2bd4ecc61b4a789ac1e94d6a6812a15499181634db22e64fe7221c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Sun, 10 Oct 2021 02:08:07 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private, max-age=3600, stale-while-revalidate=3600 cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 72 x-xss-protection 0 expires Sun, 10 Oct 2021 02:08:07 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	1 B 21 B	48ms 24ms	XHR text/plain	216.58.212.174 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j93&a=2132985385&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F9womt51w&ul=en-us&de=UTF-8&dt=Fixed%20Odds%20Casino%20Games%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=475957917&gjid=297374181&cid=1267298666.1633831687&tid=UA-55088947-2&_gid=564440102.1633831687&_r=1&gtm=2wga6055WHPWQ&z=1465781009 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 216.58.212.174 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s01-in-f14.1e100.net Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://pastelink.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Sun, 10 Oct 2021 02:08:07 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://pastelink.net cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	collect www.google-analytics.com/g/	0 17 B	24ms 24ms	Ping text/plain	216.58.212.174 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/g/collect?v=2&tid=G-S3DKHVPF03&gtm=2oea60&_p=2132985385&sr=1600x1200&ul=en-us&cid=1267298666.1633831687&_s=1&dl=https%3A%2F%2Fpastelink.net%2F9womt51w&dt=Fixed%20Odds%20Casino%20Games%20-%20Pastelink.net&sid=1633831687&sct=1&seg=0&en=page_view&_fv=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-S3DKHVPF03&l=dataLayer&cx=c Protocol H3 Security QUIC, , AES_128_GCM Server 216.58.212.174 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s01-in-f14.1e100.net Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://pastelink.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Sun, 10 Oct 2021 02:08:07 GMT server Golfe2 content-type text/plain access-control-allow-origin https://pastelink.net cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	2 B 22 B	23ms 23ms	XHR text/plain	216.58.212.174 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j93&aip=1&a=2132985385&t=pageview&_s=1&dl=https%3A%2F%2Fpastelink.net%2F9womt51w&ul=en-us&de=UTF-8&dt=Fixed%20Odds%20Casino%20Games%20-%20Pastelink.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=799500239&gjid=1200005696&cid=1267298666.1633831687&tid=UA-197326395-9&_gid=564440102.1633831687&_r=1&_slc=1&z=441863288 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 216.58.212.174 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s01-in-f14.1e100.net Software Golfe2 / Resource Hash a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://pastelink.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Sun, 10 Oct 2021 02:08:07 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://pastelink.net cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET DATA	200 OK	truncated /	346 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ebd635d843d43673dd737988e3383b01614cfca991785e481a47e7bd6b8aea17 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H2	200	integrator.js Show response adservice.google.de/adsid/	107 B 853 B	79ms 30ms	Script application/javascript	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=pastelink.net Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100401.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Sun, 10 Oct 2021 02:08:07 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 570 B	88ms 34ms	Script application/javascript	142.250.184.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=pastelink.net Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100401.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f2.1e100.net Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Sun, 10 Oct 2021 02:08:07 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	21 KB 8 KB	497ms 497ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2555708242184727&correlator=1898155414277685&output=ldjh&impl=fifs&eid=31062930&vrg=2021100401&ptt=17&sc=1&sfv=1-0-38&ecs=20211010&iu_parts=22405481091%2Cpastelink.net%2CBottom_adhesion_banner%2CTop_leaderboard%2CInline_banner%2CSidebar_MPU&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F4%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5&prev_iu_szs=728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C160x600&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1633831687&dt=1633831687567&dlt=1633831687028&idt=478&frm=20&biw=1600&bih=1200&oid=2&adxs=436%2C246%2C281%2C281%2C281%2C1119&adys=1104%2C291%2C662%2C1008%2C1400%2C372&adks=3402602959%2C2883060502%2C4220404771%2C4220404772%2C4220404773%2C2108190548&ucis=1%7C2%7C3%7C4%7C5%7C6&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fpastelink.net%2F9womt51w&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1%7C797x237%7C757x90%7C757x90%7C757x90%7C197x652&msz=728x-1%7C797x-1%7C728x-1%7C728x-1%7C728x-1%7C160x-1&ga_vid=1267298666.1633831687&ga_sid=1633831688&ga_hid=2132985385&ga_fc=false&ga_cid=564440102.1633831687&fws=516%2C4%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600&btvi=0%7C0%7C0%7C0%7C1%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100401.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash 3100a019bf652ad4312777e65d7d337ba9aa68e446efce3ea7628a507daf4a54 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:08 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2,-2,-2,-2,-2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8658 x-xss-protection 0 google-lineitem-id -2,-2,-2,-2,-1,-2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2,-2,-2,-2,-1,-2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://pastelink.net cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html Show response f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4E27	6 KB 4 KB	115ms 29ms	Document text/html	142.250.185.193 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100401.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.193 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s52-in-f1.1e100.net Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://pastelink.net/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} timing-allow-origin * content-length 3108 date Sun, 10 Oct 2021 02:08:07 GMT expires Mon, 10 Oct 2022 02:08:07 GMT cache-control public, immutable, max-age=31536000 last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	container.html Show response f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2E1D	6 KB 3 KB	56ms 26ms	Document text/html	142.250.185.193 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100401.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.193 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s52-in-f1.1e100.net Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://pastelink.net/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} timing-allow-origin * content-length 3108 date Sun, 10 Oct 2021 02:08:07 GMT expires Mon, 10 Oct 2022 02:08:07 GMT last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, immutable, max-age=31536000 age 1 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	sodar Show response pagead2.googlesyndication.com/getconfig/	11 KB 9 KB	96ms 35ms	XHR application/json	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021100401&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100401.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software cafe / Resource Hash 39d3bdbb1dbad125d8307169a1129e1d3aae576f0f01857cc3d496899b9b7628 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Sun, 10 Oct 2021 02:08:08 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8512 x-xss-protection 0
GET H3	200	adview securepubads.g.doubleclick.net/pagead/ Frame 2E1D	0 0	59ms 59ms	Fetch text/html	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/adview?ai=CwmkmB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgToAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId2KtmnqkQc6bvAepRPHu9o756rgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTKACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItOTA3MDYyOTg0MzEyOTMxMhj63nw&sigh=nYDSWzCVQkY Requested by Host: pastelink.net URL: https://pastelink.net/9womt51w Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H/1.1	200	Cookie set ShowAd Show response brain.rvty.net/RTB/ Frame 38F6	2 KB 2 KB	52ms 13ms	Document text/html	89.163.211.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=146072&e=3&p=YWJLBwAJyAsIu8h_AAsVwrqzk8PnL4kCa7L5NQ&penc=&bp=53846&a=61624b07-000b-2a0a-08bb-e7534b0bdb3d&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F9womt51w&rawReferrerURL=&uid=8ff5e9bc-adf4-4d22-ba90-802fedd16b11&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLgEZcAbEgczgAOAHQJBAZnG48EMjXgAxCixIBrAGZEKZAAQsAtjoCyLCCWYBnMmwCmtABI2LFm+Z5s4KJMI4cEAdgBfIA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJGGGB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgTrAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId3ItGR4G-b8VgzY7JgZlVXNnb7-S9PgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTL6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1kCNF19fi5jmUKWK8vl8Q4dTkx5A%26client%3Dca-pub-9070629843129312%26adurl%3D&gdpr=1&gdpr_consent= Requested by Host: f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com URL: https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash b4a7f5fefa8edf164689f854791d6bc42725fe1b0e714eaa3555c52e03abd4fa Request headers Host brain.rvty.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/ Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/ Response headers Server nginx/1.13.4 Date Sun, 10 Oct 2021 02:08:08 GMT Content-Type text/html;charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie RTBUserId=8ff5e9bc-adf4-4d22-ba90-802fedd16b11; path=/; SameSite=None; secure; Expires=Mon, 10 Oct 2022 04:08:08 CEST RTBUserId-Old=8ff5e9bc-adf4-4d22-ba90-802fedd16b11; path=/; secure; Expires=Mon, 10 Oct 2022 04:08:08 CEST RTBUserId-Plain=8ff5e9bc-adf4-4d22-ba90-802fedd16b11; path=/; Expires=Mon, 10 Oct 2022 04:08:08 CEST P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Content-Encoding gzip
GET H2	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/ Frame 2E1D	3 KB 1 KB	58ms 20ms	Script text/javascript	172.217.16.129 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/window_focus_fy2019.js Requested by Host: f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com URL: https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.129 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s46-in-f1.1e100.net Software cafe / Resource Hash 5120f35e394e169ac0839405dbd6e680163a4e02f060f5a6a833ebfacf35d966 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 01:42:15 GMT content-encoding gzip x-content-type-options nosniff age 1553 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1344 x-xss-protection 0 server cafe etag 10107448882299530629 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Sun, 24 Oct 2021 01:42:15 GMT
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 2E1D	123 KB 38 KB	87ms 42ms	Script text/javascript	172.217.16.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com URL: https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s46-in-f2.1e100.net Software sffe / Resource Hash e96cb07afdac92a8c77fbd5b9bb721e548070f4657f4f1e71329d2fd9032be47 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:08 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37898 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1633547226118934" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Sun, 10 Oct 2021 02:08:08 GMT
GET H2	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/ Frame 2E1D	14 KB 7 KB	54ms 16ms	Script text/javascript	172.217.16.129 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/qs_click_protection_fy2019.js Requested by Host: f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com URL: https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.129 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s46-in-f1.1e100.net Software cafe / Resource Hash 51896cb4e932803b983cf59d85b20c705f42a891fa0c9c408e3cb267b5bb949c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 01:52:01 GMT content-encoding gzip x-content-type-options nosniff age 967 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6219 x-xss-protection 0 server cafe etag 4041254270185007295 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Sun, 24 Oct 2021 01:52:01 GMT
GET H3	204	l www.google.com/ads/measurement/ Frame 2E1D	0 0	78ms 28ms	Image text/html	142.250.181.228 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/measurement/l?ebcid=ALh7CaTyT3_xtyBRyyeie1aK2SBSixsC7CzjStytLa9qZyUGWl9PUgc1w3VpuWZ39PXUde9h4SxCs6Lh2sY-_1D4xTLRl6qw2A Requested by Host: f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com URL: https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.228 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f4.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H2	200	ext.js Show response tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 2E1D	22 KB 7 KB	56ms 18ms	Script text/javascript	172.217.16.129 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js Requested by Host: f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com URL: https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.129 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s46-in-f1.1e100.net Software sffe / Resource Hash 0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://f5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 07 Oct 2021 04:39:13 GMT content-encoding gzip x-content-type-options nosniff age 250135 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7022 x-xss-protection 0 last-modified Tue, 02 Mar 2021 20:17:03 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control public, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Fri, 07 Oct 2022 04:39:13 GMT
GET H2	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 7 KB	43ms 42ms	Script text/javascript	172.217.16.129 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100401.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.129 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s46-in-f1.1e100.net Software sffe / Resource Hash a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 10 Oct 2021 02:08:08 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1624308425655142" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6467 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" expires Sun, 10 Oct 2021 02:08:08 GMT
GET H/1.1	200 OK	ads_view.js Show response cdn.rvty.net/view/ Frame 38F6	3 KB 4 KB	42ms 11ms	Script application/javascript	89.163.211.242 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://cdn.rvty.net/view/ads_view.js Requested by Host: brain.rvty.net URL: https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=146072&e=3&p=YWJLBwAJyAsIu8h_AAsVwrqzk8PnL4kCa7L5NQ&penc=&bp=53846&a=61624b07-000b-2a0a-08bb-e7534b0bdb3d&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F9womt51w&rawReferrerURL=&uid=8ff5e9bc-adf4-4d22-ba90-802fedd16b11&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLgEZcAbEgczgAOAHQJBAZnG48EMjXgAxCixIBrAGZEKZAAQsAtjoCyLCCWYBnMmwCmtABI2LFm+Z5s4KJMI4cEAdgBfIA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJGGGB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgTrAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId3ItGR4G-b8VgzY7JgZlVXNnb7-S9PgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTL6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1kCNF19fi5jmUKWK8vl8Q4dTkx5A%26client%3Dca-pub-9070629843129312%26adurl%3D&gdpr=1&gdpr_consent= Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.242 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash 00bb2f69ab06efff6555f6ccae10902e87bb6aea861e83de082a45a07e525054 Request headers Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 10 Oct 2021 02:08:08 GMT Last-Modified Fri, 20 Dec 2019 09:27:25 GMT Server nginx/1.13.4 ETag "5dfc93fd-d40" Content-Type application/javascript Access-Control-Allow-Origin * Connection keep-alive Accept-Ranges bytes Content-Length 3392
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/224/ Frame 9292	12 KB 5 KB	37ms 14ms	Document text/html	172.217.16.129 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.16.129 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s46-in-f1.1e100.net Software sffe / Resource Hash 4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/sodar2/224/runner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://pastelink.net/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-length 5029 date Sat, 09 Oct 2021 16:29:25 GMT expires Sun, 09 Oct 2022 16:29:25 GMT last-modified Wed, 02 Jun 2021 17:09:45 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 34723 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	aframe Show response www.google.com/recaptcha/api2/ Frame BE38	783 B 534 B	33ms 33ms	Document text/html	142.250.181.228 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.228 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f4.1e100.net Software GSE / Resource Hash 2f28b1d129f074bcdca2e1cf18a70db1900f4075d3ccda76a49913a6574d056f Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-GaGW2/K0OMBeyiYXBnsixA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/aframe pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://pastelink.net/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy-report-only require-corp; report-to="recaptcha" report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} expires Sun, 10 Oct 2021 02:08:08 GMT date Sun, 10 Oct 2021 02:08:08 GMT cache-control private, max-age=300 content-type text/html; charset=utf-8 content-security-policy script-src 'report-sample' 'nonce-GaGW2/K0OMBeyiYXBnsixA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 512 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H/1.1	200 OK	8e93336o9ddx Show response ad.ad-srv.net/zone/ Frame 38F6	11 KB 4 KB	42ms 12ms	Script text/html	88.99.219.174 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://ad.ad-srv.net/zone/8e93336o9ddx?subid=&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCJGGGB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgTrAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId3ItGR4G-b8VgzY7JgZlVXNnb7-S9PgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTL6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1kCNF19fi5jmUKWK8vl8Q4dTkx5A%26client%3Dca-pub-9070629843129312%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D146072%2526t%253D1633831688219%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D61624b07-000b-2a0a-08bb-e7534b0bdb3d%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D Requested by Host: brain.rvty.net URL: https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=146072&e=3&p=YWJLBwAJyAsIu8h_AAsVwrqzk8PnL4kCa7L5NQ&penc=&bp=53846&a=61624b07-000b-2a0a-08bb-e7534b0bdb3d&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F9womt51w&rawReferrerURL=&uid=8ff5e9bc-adf4-4d22-ba90-802fedd16b11&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLgEZcAbEgczgAOAHQJBAZnG48EMjXgAxCixIBrAGZEKZAAQsAtjoCyLCCWYBnMmwCmtABI2LFm+Z5s4KJMI4cEAdgBfIA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJGGGB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgTrAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId3ItGR4G-b8VgzY7JgZlVXNnb7-S9PgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTL6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1kCNF19fi5jmUKWK8vl8Q4dTkx5A%26client%3Dca-pub-9070629843129312%26adurl%3D&gdpr=1&gdpr_consent= Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.174.219.99.88.clients.your-server.de Software Apache / Resource Hash d0a2ff9d1d1daa1daef08ced9ea63c34fcc1d31b3715a7ad6f92834b0101e758 Request headers Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 10 Oct 2021 02:08:08 GMT Content-Encoding gzip Server Apache Connection close Content-Length 3504 Vary Accept-Encoding Content-Type text/html; charset=UTF-8
GET DATA	200 OK	truncated / Frame 2E1D	217 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d6d84ed28b21cd39b5281178584392ca5d41426f83cfbce02c27ce63701c4a5f Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	request.php Show response ad1.ad-srv.net/ Frame 38F6 Redirect Chain https://ad1.ad-srv.net/request.php?zone=8e93336o9ddx&nw=14&renderingType=javascript&namespace=5354850f89&subid=&uid=2fab91046ab7b483&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90... https://ad1.ad-srv.net/request.php?zone=8e93336o9ddx&nw=14&renderingType=javascript&namespace=5354850f89&subid=&uid=2fab91046ab7b483&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90...	2 KB 1 KB	74ms 52ms	Script application/x-javascript	46.4.10.49 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://ad1.ad-srv.net/request.php?zone=8e93336o9ddx&nw=14&renderingType=javascript&namespace=5354850f89&subid=&uid=2fab91046ab7b483&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCJGGGB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgTrAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId3ItGR4G-b8VgzY7JgZlVXNnb7-S9PgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTL6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1kCNF19fi5jmUKWK8vl8Q4dTkx5A%26client%3Dca-pub-9070629843129312%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D146072%2526t%253D1633831688219%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D61624b07-000b-2a0a-08bb-e7534b0bdb3d%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Ff5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Ff5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=7240743639270&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1 Requested by Host: brain.rvty.net URL: https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=146072&e=3&p=YWJLBwAJyAsIu8h_AAsVwrqzk8PnL4kCa7L5NQ&penc=&bp=53846&a=61624b07-000b-2a0a-08bb-e7534b0bdb3d&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F9womt51w&rawReferrerURL=&uid=8ff5e9bc-adf4-4d22-ba90-802fedd16b11&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLgEZcAbEgczgAOAHQJBAZnG48EMjXgAxCixIBrAGZEKZAAQsAtjoCyLCCWYBnMmwCmtABI2LFm+Z5s4KJMI4cEAdgBfIA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJGGGB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgTrAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId3ItGR4G-b8VgzY7JgZlVXNnb7-S9PgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTL6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1kCNF19fi5jmUKWK8vl8Q4dTkx5A%26client%3Dca-pub-9070629843129312%26adurl%3D&gdpr=1&gdpr_consent= Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.49.10.4.46.clients.your-server.de Software Apache / Resource Hash a7d6a2df3b2f20f390fb33b5568ed83a23d77ea4621135dd706fa1bdfdaa6d70 Request headers Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Sun, 10 Oct 2021 02:08:08 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Cache-Control no-store, no-cache, must-revalidate, max-age=0 X-NEORY-SubId 99759900012485901324213011743001 Connection close Content-Type application/x-javascript; charset=utf-8 Content-Length 731 Expires Sun, 10 Oct 2021 03:08:08 +0200 Redirect headers Pragma no-cache Date Sun, 10 Oct 2021 02:08:08 GMT Server Apache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Location request.php?zone=8e93336o9ddx&nw=14&renderingType=javascript&namespace=5354850f89&subid=&uid=2fab91046ab7b483&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCJGGGB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgTrAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId3ItGR4G-b8VgzY7JgZlVXNnb7-S9PgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTL6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1kCNF19fi5jmUKWK8vl8Q4dTkx5A%26client%3Dca-pub-9070629843129312%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D146072%2526t%253D1633831688219%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D61624b07-000b-2a0a-08bb-e7534b0bdb3d%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Ff5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Ff5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=7240743639270&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1 Cache-Control no-store, no-cache, must-revalidate, max-age=0 Connection close Content-Type text/html; charset=UTF-8 Content-Length 0 Expires Sun, 10 Oct 2021 03:08:08 +0200
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame BE38	0 0	81ms 49ms	Image text/html	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021100401&jk=2555708242184727&rc= Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H3	200	Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js Show response pagead2.googlesyndication.com/bg/ Frame 9292	35 KB 13 KB	55ms 25ms	Script text/javascript	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software sffe / Resource Hash 3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 09 Oct 2021 16:17:44 GMT content-encoding br x-content-type-options nosniff age 35424 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13306 x-xss-protection 0 last-modified Tue, 05 Oct 2021 11:38:00 GMT server sffe vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="botguard-scs" expires Sun, 09 Oct 2022 16:17:44 GMT
GET H2	200	ztpv.php Show response www.conrad.de/ Frame 052C Redirect Chain https://www.awin1.com/cshow.php?s=2470174&v=11354&q=371933&r=278235&pv=1&pref1=99759900012485901324213011743001&gdpr=&gdpr_consent= https://www.zenaps.com/cshow.php?pvr=e9af1670-296e-11ec-855b-692d0ae1a3be&v=11354&r=278235&q=371933&s=2470174&viewref=99759900012485901324213011743001&pv=1&gdpr=&gdpr_consent= https://www.conrad.de/ztpv.php?awc=11354_278235_1633831688_e9af1670-296e-11ec-855b-692d0ae1a3be&insert=AW	0 710 B	83ms 52ms	Document text/html	104.18.127.5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.conrad.de/ztpv.php?awc=11354_278235_1633831688_e9af1670-296e-11ec-855b-692d0ae1a3be&insert=AW Requested by Host: ad1.ad-srv.net URL: https://ad1.ad-srv.net/request.php?zone=8e93336o9ddx&nw=14&renderingType=javascript&namespace=5354850f89&subid=&uid=2fab91046ab7b483&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCJGGGB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgTrAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId3ItGR4G-b8VgzY7JgZlVXNnb7-S9PgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTL6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1kCNF19fi5jmUKWK8vl8Q4dTkx5A%26client%3Dca-pub-9070629843129312%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D146072%2526t%253D1633831688219%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D61624b07-000b-2a0a-08bb-e7534b0bdb3d%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Ff5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Ff5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=7240743639270&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.127.5 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers :method GET :authority www.conrad.de :scheme https :path /ztpv.php?awc=11354_278235_1633831688_e9af1670-296e-11ec-855b-692d0ae1a3be&insert=AW pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://brain.rvty.net/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ Response headers date Sun, 10 Oct 2021 02:08:08 GMT content-type text/html; charset=UTF-8 server-timing intid;desc=12379c37e9c0cccf intid;desc=c3053e7f49d2dd4c cache-control no-cache expires -1 set-cookie HTLP_timestamp=1633831688; expires=Fri, 15-Oct-2021 02:08:08 GMT; Max-Age=432000; path=/; secure; SameSite=None CEAffHA=YD; expires=Fri, 15-Oct-2021 02:08:08 GMT; Max-Age=432000; path=/; secure; SameSite=None __cf_bm=U4M2dYUnQnORtKmi0Nt9C5jCA73UJeCaFnJZkBQW5uQ-1633831688-0-AamDIus8JraHuBg+G4ttHXafM4GirV/lj49/z7RpcEufPeCk4h99nnjBhr4eVtb0MVtOvUShPbhz21HzZz7STQY=; path=/; expires=Sun, 10-Oct-21 02:38:08 GMT; domain=.www.conrad.de; HttpOnly; Secure; SameSite=None p3p policyref="http://www.conrad.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR" age 0 strict-transport-security max-age=15552000 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 69bc4c9639872175-DUS content-encoding br Redirect headers Location https://www.conrad.de/ztpv.php?awc=11354_278235_1633831688_e9af1670-296e-11ec-855b-692d0ae1a3be&insert=AW Node Helix P3P policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV" Content-Length 0 Date Sun, 10 Oct 2021 02:08:08 GMT Connection keep-alive Set-Cookie awpv11354=278235|1633831688|e9af1670-296e-11ec-855b-692d0ae1a3be;domain=.zenaps.com;path=/;expires=Wednesday, 13-Oct-2021 02:08:08 UTC;Secure;SameSite=None AWSESS=377133:2470174;domain=.zenaps.com;path=/;Secure;SameSite=None Strict-Transport-Security max-age=86400 Awin-Akamai-Rule-Set default
GET H/1.1	200 OK	request_content.php Show response ad1.ad-srv.net/ Frame 74C9	6 KB 2 KB	34ms 12ms	Document text/html	46.4.10.49 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://ad1.ad-srv.net/request_content.php?s=99759900012485901324213011743001&a=174e60aa Requested by Host: ad1.ad-srv.net URL: https://ad1.ad-srv.net/request.php?zone=8e93336o9ddx&nw=14&renderingType=javascript&namespace=5354850f89&subid=&uid=2fab91046ab7b483&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCJGGGB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgTrAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId3ItGR4G-b8VgzY7JgZlVXNnb7-S9PgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTL6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1kCNF19fi5jmUKWK8vl8Q4dTkx5A%26client%3Dca-pub-9070629843129312%26adurl%3Dhttp%253A%252F%252Fbrain.rvty.net%252FRTB%252FClick%253Fx%253DEASY-X-COORDINATE%2526y%253DEASY-Y-COORDINATE%2526s%253D97944753%2526a%253D146072%2526t%253D1633831688219%2526l%253D662259%2526p%253D3%2526appid%253D%2526aa%253D61624b07-000b-2a0a-08bb-e7534b0bdb3d%2526gdpr%253D1%2526gdpr_consent%253D%2526dest%253D&documentReferer=https%3A%2F%2Ff5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Ff5b418092373a5ae78f34ba0a4f167ea.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fpastelink.net&random=7240743639270&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.49.10.4.46.clients.your-server.de Software Apache / Resource Hash 55a4d1bb6d5cd420482b9f4d993679ee83279eb6824e04db689e97b674fefb1a Request headers Host ad1.ad-srv.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://brain.rvty.net/ Accept-Encoding gzip, deflate, br Cookie kdb0xdq3ls8m_uid=34c8e8f853f8451d Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ Response headers Date Sun, 10 Oct 2021 02:08:08 GMT Server Apache Cache-Control no-store, no-cache, must-revalidate, max-age=0 Expires Sun, 10 Oct 2021 03:08:08 +0200 Pragma no-cache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Vary Accept-Encoding Content-Encoding gzip Content-Length 2063 Connection close Content-Type text/html; charset=utf-8
GET H/1.1	200 OK	jquery-1.10.2.min.js Show response cdn.rvty.net/_files/js/ Frame 2E6C	91 KB 91 KB	21ms 20ms	Script application/javascript	89.163.211.242 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js Requested by Host: cdn.rvty.net URL: https://cdn.rvty.net/view/ads_view.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.242 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988 Request headers Accept-Language de-DE,de;q=0.9 Referer https://brain.rvty.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 10 Oct 2021 02:08:08 GMT Last-Modified Wed, 08 Jan 2020 08:13:37 GMT Server nginx/1.13.4 ETag "5e158f31-16bb3" Content-Type application/javascript Access-Control-Allow-Origin * Connection keep-alive Accept-Ranges bytes Content-Length 93107
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	60ms 60ms	Image image/gif	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021100401&jk=2555708242184727&bg=!ERKlElbNAAbGFvHlxhY7ACkAdvg8WpelhGsfcETWI9FTPVLBEZgH2QSr1wWzqImR5g4SbXwa_85XiQIAAABZUgAAAAloAQeZAoIkTvGQsUC-sT4BhoJZPY2OVNaCe4nLry-ifvHPlDFrxv3z18dpBSyhLKBeXevxPDDIeNFkOfSpopbDObKYLlLzZdnxEQVA2DNwYAXBH-A_V9S6chQX1yX7TgQWmb6UDtm1CO896hVTxRgvTIclvfUB8G1qVoxv9MEJklhlRWHh-6Ex6wc195a4byFv6d5L0Ae8qFBDycjx1fs1vPG9X3qr0Hx1Tw__v0MhWMV_DA_OiYiT3hIOizfcDudDO1jIIB7SLcmb6kCSIqphp_92pqrwiZfSHLWEfLGfqfHgskfCswbT0kZCZy2BMkqEF07j2pP8FFZSqiRKT44VQaozCaOTu0EiedqUV5kPw95p5JPiQOjGp24k8xHyRSyFVZkDrAiEpgFp3Ol_F4tjFOCMGhxFwKc-nk-FGSAFto_ZavB7uDXe7Gt61L6DtedZj8ZS1LlQ3wYnv-zaftR0p8jNoq_dX94zNd6ANjbIFmgXGr1dHZ_l7QLcgt3ZaU8MW-HSmS9p-EWWiK5qPw9PWqoBL5yBnHTQc3XNj64Dd2T6rEx2TVOIp-F38jz5BthiF8bfD5NlIUdyQNLWJPCBPnYDnNG3kyIZaOiCxt0o-rNEgHKZaNBJc1e-ZuR54QO2-TivSHv5FMAFR-XvaRXhz9-kPXFsGz5GLdfsuq5d-KDsjetAWAnSreZs6Z2EyU7Lv5g7sKWBZYPt4H1g_00us6ZH91aQQS5dKetiBzTJM8b9Z3D1AnV9Bpn5Gw4EqxTToHrGjSB-4-GH3-URPUsxikm9sqwAooBRTH_zh_zPaZ26JMtX-8VQgXtk08wKXfbfJRx-s4FLpuxjZtX0Xz-eVHJW2ZyqZS4 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pastelink.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Sun, 10 Oct 2021 02:08:08 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H/1.1	200	Visibility Show response brain.rvty.net/RTB/ Frame 2E6C	0 119 B	10ms 10ms	XHR text/plain	89.163.211.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://brain.rvty.net/RTB/Visibility Requested by Host: cdn.rvty.net URL: https://cdn.rvty.net/_files/js/jquery-1.10.2.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.163.211.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS Software nginx/1.13.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept */* Referer https://brain.rvty.net/RTB/ShowAd?adHeight=90&adWidth=728&adFormat=4&adslotId=&siteId=97944753&bannerId=146072&e=3&p=YWJLBwAJyAsIu8h_AAsVwrqzk8PnL4kCa7L5NQ&penc=&bp=53846&a=61624b07-000b-2a0a-08bb-e7534b0bdb3d&n=1&geo=662259&rawURL=https%3A%2F%2Fpastelink.net%2F9womt51w&rawReferrerURL=&uid=8ff5e9bc-adf4-4d22-ba90-802fedd16b11&euid=&encn=N4IgXglgDiBcIDYAMBWATAThAGhAYwHsBXAOwBcAnATzhABEBRHEAQzLgEZcAbEgczgAOAHQJBAZnG48EMjXgAxCixIBrAGZEKZAAQsAtjoCyLCCWYBnMmwCmtABI2LFm+Z5s4KJMI4cEAdgBfIA&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJGGGB0tiYYuQJ_-Q7_UPwqus4Azm_qP3XO6LrIhfwI23ARABIABgleKQgqAHggEXY2EtcHViLTkwNzA2Mjk4NDMxMjkzMTLIAQmpAp1sC-cGa7M-4AIAqAMBqgTrAU_QzUeF9cMMR8H4q6nIXfu0p0WF7_5mEROw1FRT9KP0fGWBISVOpxvQwDdoX2cc52BYTw3-65FFJAngCu21a_6wC21zeh0fyjaQXJuXjrc-ZiqKEfNq2AukZuBKOn90xoNCMPbGJmzXFs2ES7zz_n9IYmkg80akdf49sB1rrxhpLRHTiPIu_S77iwsVI8i52i8vwt_GirBTevdYE-ktIF676r3A_mgHp58rFhNxg6pAPoVBQPGX18xMdqrx95nv2lGwKF12F2qx9t8GaJfU4n8HpcNOId3ItGR4G-b8VgzY7JgZlVXNnb7-S9PgBAGABpz2ofje8uXM8QGgBiGoB6a-G6gH8NkbqAfy2RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YAQEAHyCBthZHgtc3Vic3luLTI3MjcwOTgxNTA4NTczNTL6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1kCNF19fi5jmUKWK8vl8Q4dTkx5A%26client%3Dca-pub-9070629843129312%26adurl%3D&gdpr=1&gdpr_consent= X-Requested-With XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Sun, 10 Oct 2021 02:08:08 GMT Server nginx/1.13.4 Connection keep-alive Content-Length 0
GET H2	200	Haussicherheit_728x90 asset.conrad.com/media10/isa/160267/c1/-/de/ Frame 74C9 Redirect Chain https://www.awin1.com/cshow.php?s=2470174&v=11354&q=371933&r=278235&pref1=99759900012485901324213011743001&gdpr=&gdpr_consent= https://www.zenaps.com/cshow.php?pvr=e9b2e700-296e-11ec-855b-692d0ae1a3be&v=11354&r=278235&q=371933&s=2470174&viewref=99759900012485901324213011743001&gdpr=&gdpr_consent= https://asset.conrad.com/media10/isa/160267/c1/-/de/Haussicherheit_728x90?format=gif	48 KB 48 KB	144ms 31ms	Image image/gif	178.79.242.245 LLNW
General Check archive.org Show headers Download Go to Show image Full URL https://asset.conrad.com/media10/isa/160267/c1/-/de/Haussicherheit_728x90?format=gif Requested by Host: ad1.ad-srv.net URL: https://ad1.ad-srv.net/request_content.php?s=99759900012485901324213011743001&a=174e60aa Protocol H2 Security TLS 1.3, , AES_256_GCM Server 178.79.242.245 , United States, ASN22822 (LLNW, US), Reverse DNS https-178-79-242-245.fra.llnw.net Software Cliplister GmbH / Resource Hash 8f4be32c866ec9be82c2af136391a0386c71f305e54b1889ac0888ad89215def Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ad1.ad-srv.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=15768000 etag "615aa382-bee8" last-modified Mon, 04 Oct 2021 06:47:30 GMT server Cliplister GmbH age 155469 date Sun, 10 Oct 2021 02:08:08 GMT content-type image/gif access-control-allow-origin * cache-control max-age=172800 x-server c07 reporting eyJjb25zdW1lcmlkIjoxNjAyNjcsIm93bmVyaWQiOjE2MDI2NywidW5pcXVlaWQiOiIxNjAyNjdjZFFONzZGQU5WTTluX1VDNXVLYmxmQVQiLCJ1dWlkIjoiYThmY2NhYzQ4YjI3MjQwNjc4MThkOTdjZDZiMGZjOWI3IiwiYXNzZXR0eXBlIjoicGljdHVyZSJ9 x-llid 21ea962d67efda81be9effd8e55776bf content-length 48872 accept-ranges bytes expires Sun, 10 Oct 2021 06:56:59 GMT Redirect headers Date Sun, 10 Oct 2021 02:08:08 GMT Strict-Transport-Security max-age=86400 P3P policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV" Location https://asset.conrad.com/media10/isa/160267/c1/-/de/Haussicherheit_728x90?format=gif Awin-Akamai-Rule-Set default Node Helix Connection keep-alive Content-Length 0
GET H/1.1	200 OK	viewability Show response ad1.ad-srv.net/ Frame 74C9	0 150 B	34ms 12ms	Script text/html	46.4.10.49 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://ad1.ad-srv.net/viewability?s=99759900012485901324213011743001&a=d30c1e96&vb=m Requested by Host: ad1.ad-srv.net URL: https://ad1.ad-srv.net/request_content.php?s=99759900012485901324213011743001&a=174e60aa Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.49.10.4.46.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ad1.ad-srv.net/request_content.php?s=99759900012485901324213011743001&a=174e60aa User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 10 Oct 2021 02:08:08 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8
GET DATA	200 OK	truncated / Frame 74C9	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/gif
GET H/1.1	200 OK	addDoubleBorder.js Show response cdn.contentspread.net/oliro/tools/js/ Frame 74C9	851 B 1 KB	50ms 10ms	Script application/javascript	85.114.131.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://cdn.contentspread.net/oliro/tools/js/addDoubleBorder.js Requested by Host: ad1.ad-srv.net URL: https://ad1.ad-srv.net/request_content.php?s=99759900012485901324213011743001&a=174e60aa Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 85.114.131.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS srv21037.dus4.fastwebserver.de Software nginx / Resource Hash abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ad1.ad-srv.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 10 Oct 2021 02:08:08 GMT Last-Modified Sun, 01 Mar 2015 14:40:33 GMT Server nginx ETag "54f324e1-353" Content-Type application/javascript Connection close Accept-Ranges bytes Content-Length 851
GET H/1.1	200 OK	oba_icon.png cdn.contentspread.net/oliro/oba/ Frame 74C9	3 KB 3 KB	44ms 10ms	Image image/png	85.114.131.233 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.contentspread.net/oliro/oba/oba_icon.png Requested by Host: ad1.ad-srv.net URL: https://ad1.ad-srv.net/request_content.php?s=99759900012485901324213011743001&a=174e60aa Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 85.114.131.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS srv21037.dus4.fastwebserver.de Software nginx / Resource Hash 2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ad1.ad-srv.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 10 Oct 2021 02:08:08 GMT Last-Modified Fri, 05 Aug 2016 12:57:49 GMT Server nginx ETag "57a48d4d-c35" Content-Type image/png Connection close Accept-Ranges bytes Content-Length 3125