pastebin.com Open in urlscan Pro
104.20.209.21 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://pastebin.com/raw/XLeVP82h
Effective URL:
https://pastebin.com/XLeVP82h
Submission: On July 13 via manual (July 13th 2018, 9:07:15 am UTC) from DE

Summary HTTP 132 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 30 IPs in 6 countries across 31 domains to perform 132 HTTP transactions. The main IP is 104.20.209.21, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is pastebin.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on April 27th 2018. Valid for: 6 months.

This is the only time pastebin.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	104.20.208.21 104.20.208.21	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
38	104.20.209.21 104.20.209.21	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	204.11.109.77 204.11.109.77	33419 (TRIBAL-FU...) (TRIBAL-FUSION - Exponential Interactive)
1	204.11.109.76 204.11.109.76	33419 (TRIBAL-FU...) (TRIBAL-FUSION - Exponential Interactive)
1	108.161.189.78 108.161.189.78	54104 (AS-STACKPATH) (AS-STACKPATH - netDNA)
1 2	2a00:1450:400... 2a00:1450:400e:803::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE - Google LLC)
14	204.11.109.66 204.11.109.66	33419 (TRIBAL-FU...) (TRIBAL-FUSION - Exponential Interactive)
6	204.11.109.68 204.11.109.68	33419 (TRIBAL-FU...) (TRIBAL-FUSION - Exponential Interactive)
2	13.32.222.128 13.32.222.128	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2400:cb00:204... 2400:cb00:2048:1::6814:180b	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2600:9000:20b... 2600:9000:20bb:4e00:10:3422:3f00:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	185.33.223.220 185.33.223.220	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
2	151.101.12.166 151.101.12.166	54113 (FASTLY) (FASTLY - Fastly)
2	34.251.186.139 34.251.186.139	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2400:cb00:204... 2400:cb00:2048:1::6814:10f3	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	74.214.194.133 74.214.194.133	59940 (PULSEPOIN...) (PULSEPOINT-EU)
2	2400:cb00:204... 2400:cb00:2048:1::681c:12e8	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	74.117.199.106 74.117.199.106	2762 (ADIFY-1) (ADIFY-1 - ADIFY CORPORATION)
10	34.254.68.9 34.254.68.9	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	173.241.240.143 173.241.240.143	36089 (OPENX-AS1) (OPENX-AS1 - OPENX TECHNOLOGIES)
8	34.249.237.101 34.249.237.101	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3 3	185.29.132.23 185.29.132.23	30419 (MEDIAMATH...) (MEDIAMATH-INC - MediaMath Inc)
1	52.48.10.158 52.48.10.158	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5 5	18.153.11.14 18.153.11.14	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	216.58.207.34 216.58.207.34	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	104.225.134.94 104.225.134.94	53340 (FIBERHUB) (FIBERHUB - VegasNAP)
1 3	104.108.51.30 104.108.51.30	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2 2	151.101.112.166 151.101.112.166	54113 (FASTLY) (FASTLY - Fastly)
2 2	151.101.14.2 151.101.14.2	54113 (FASTLY) (FASTLY - Fastly)
4 4	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY - Fastly)
3 3	54.77.182.202 54.77.182.202	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	8.41.222.241 8.41.222.241	26120 (RHYTHMONE) (RHYTHMONE - RhythmOne)
1	185.33.223.218 185.33.223.218	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1 1	74.117.199.102 74.117.199.102	2762 (ADIFY-1) (ADIFY-1 - ADIFY CORPORATION)
2 2	136.243.75.9 136.243.75.9	24940 (HETZNER-AS) (HETZNER-AS)
2	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2a00:1450:400... 2a00:1450:4001:825::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
8	172.217.22.98 172.217.22.98	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2a00:1450:400... 2a00:1450:4001:81d::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
3	13.32.222.209 13.32.222.209	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
132	30

2 104.20.208.21 (San Francisco, United States) 2 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

pastebin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 104.20.209.21 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

pastebin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.11.109.77 (Emeryville, United States)

ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US)
PTR: tags.expo9.exponential.com

tags.expo9.exponential.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.11.109.76 (Emeryville, United States)

ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US)
PTR: tags.expo9.exponential.com

tags.expo9.exponential.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.161.189.78 (Los Angeles, United States)

ASN54104 (AS-STACKPATH - netDNA, US)

m.servedby-buysellads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400e:803::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9d (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 204.11.109.66 (Emeryville, United States)

ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US)
PTR: a.tribalfusion.com

s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 204.11.109.68 (Emeryville, United States)

ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US)
PTR: a.tribalfusion.com

s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.222.128 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-222-128.fra56.r.cloudfront.net

d2na2p72vtqyok.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:cb00:2048:1::6814:180b (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

geoip.insticator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20bb:4e00:10:3422:3f00:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

df80k0z3fi8zg.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.223.220 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.12.166 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

tag-st.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.251.186.139 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-251-186-139.eu-west-1.compute.amazonaws.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:cb00:2048:1::6814:10f3 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

prebid.districtm.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.214.194.133 (Amsterdam, Netherlands)

ASN59940 (PULSEPOINT-EU, NL)

bid.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:cb00:2048:1::681c:12e8 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.117.199.106 (San Bruno, United States) 1 redirects

ASN2762 (ADIFY-1 - ADIFY CORPORATION, US)

ad.afy11.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.254.68.9 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-254-68-9.eu-west-1.compute.amazonaws.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.241.240.143 (New York, United States) 2 redirects

ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US)
PTR: ox-173-241-240-143.xa.dc.openx.org

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.249.237.101 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-249-237-101.eu-west-1.compute.amazonaws.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.23 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC - MediaMath Inc, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.10.158 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-48-10-158.eu-west-1.compute.amazonaws.com

partner.mediawallahscript.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.153.11.14 (Cambridge, United States) 5 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-153-11-14.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.207.34 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s24-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.225.134.94 (Las Vegas, United States) 2 redirects

ASN53340 (FIBERHUB - VegasNAP, LLC, US)
PTR: 104-225-134.hosted-by.fiberhub.net

pixel.s3xified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.108.51.30 (Amsterdam, Netherlands) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-51-30.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.112.166 (San Francisco, United States) 2 redirects

ASN54113 (FASTLY - Fastly, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.14.2 (San Francisco, United States) 2 redirects

ASN54113 (FASTLY - Fastly, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.14.49 (San Francisco, United States) 4 redirects

ASN54113 (FASTLY - Fastly, US)

match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.basebanner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.77.182.202 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-77-182-202.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.41.222.241 (United States) 2 redirects

ASN26120 (RHYTHMONE - RhythmOne, LLC, US)

sync.rhythmxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.223.218 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.117.199.102 (San Bruno, United States) 1 redirects

ASN2762 (ADIFY-1 - ADIFY CORPORATION, US)

ad.afy11.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 136.243.75.9 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: hosting.adhigh.net

px.adhigh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:825::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.22.98 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s18-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81d::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:817::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.222.209 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-222-209.fra56.r.cloudfront.net

cdnp1.stackassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdnp0.stackassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	pastebin.com 2 redirects pastebin.com	129 KB
20	sonobi.com apex.go.sonobi.com sync.go.sonobi.com	15 KB
20	tribalfusion.com s.tribalfusion.com	50 KB
11	doubleclick.net 2 redirects stats.g.doubleclick.net cm.g.doubleclick.net securepubads.g.doubleclick.net	82 KB
8	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	52 KB
6	contextweb.com 2 redirects tag-st.contextweb.com bid.contextweb.com bh.contextweb.com	25 KB
6	adnxs.com ib.adnxs.com	4 KB
5	bidswitch.net 5 redirects x.bidswitch.net	3 KB
4	taboola.com 4 redirects trc.taboola.com match.taboola.com	998 B
4	cloudfront.net d2na2p72vtqyok.cloudfront.net df80k0z3fi8zg.cloudfront.net	250 KB
3	stackassets.com cdnp1.stackassets.com cdnp0.stackassets.com	207 KB
3	adsrvr.org 3 redirects match.adsrvr.org	1 KB
3	bluekai.com 1 redirects tags.bluekai.com stags.bluekai.com	2 KB
3	mathtag.com 3 redirects sync.mathtag.com	2 KB
2	google.com adservice.google.com	342 B
2	google.de adservice.google.de	342 B
2	googletagservices.com www.googletagservices.com	8 KB
2	adhigh.net 2 redirects px.adhigh.net	821 B
2	rhythmxchange.com 2 redirects sync.rhythmxchange.com	642 B
2	basebanner.com 2 redirects match.basebanner.com	582 B
2	s3xified.com 2 redirects pixel.s3xified.com	774 B
2	openx.net 2 redirects us-u.openx.net	728 B
2	afy11.net 2 redirects ad.afy11.net	932 B
2	districtm.io cdn.districtm.io
2	districtm.ca prebid.districtm.ca	13 KB
2	insticator.com geoip.insticator.com	914 B
2	google-analytics.com 1 redirects www.google-analytics.com	14 KB
2	exponential.com tags.expo9.exponential.com	5 KB
1	mediawallahscript.com partner.mediawallahscript.com	367 B
1	servedby-buysellads.com m.servedby-buysellads.com	11 KB
1	googletagmanager.com www.googletagmanager.com	25 KB
132	31

	Domain	Requested by
40	pastebin.com	2 redirects pastebin.com s.tribalfusion.com securepubads.g.doubleclick.net
20	s.tribalfusion.com	tags.expo9.exponential.com s.tribalfusion.com
18	sync.go.sonobi.com	pastebin.com
8	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net pastebin.com
6	ib.adnxs.com	df80k0z3fi8zg.cloudfront.net prebid.districtm.ca
5	x.bidswitch.net	5 redirects
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net pastebin.com
4	tpc.googlesyndication.com	securepubads.g.doubleclick.net
3	match.adsrvr.org	3 redirects
3	sync.mathtag.com	3 redirects
2	cdnp1.stackassets.com	pastebin.com
2	adservice.google.com	www.googletagservices.com
2	adservice.google.de	www.googletagservices.com
2	www.googletagservices.com	d2na2p72vtqyok.cloudfront.net
2	px.adhigh.net	2 redirects
2	sync.rhythmxchange.com	2 redirects
2	match.basebanner.com	2 redirects
2	match.taboola.com	2 redirects
2	trc.taboola.com	2 redirects
2	bh.contextweb.com	2 redirects
2	tags.bluekai.com	1 redirects apex.go.sonobi.com
2	pixel.s3xified.com	2 redirects
2	cm.g.doubleclick.net	2 redirects
2	us-u.openx.net	2 redirects
2	ad.afy11.net	2 redirects
2	cdn.districtm.io	prebid.districtm.ca
2	bid.contextweb.com	tag-st.contextweb.com
2	prebid.districtm.ca	df80k0z3fi8zg.cloudfront.net
2	apex.go.sonobi.com	df80k0z3fi8zg.cloudfront.net
2	tag-st.contextweb.com	df80k0z3fi8zg.cloudfront.net
2	df80k0z3fi8zg.cloudfront.net	d2na2p72vtqyok.cloudfront.net
2	geoip.insticator.com	d2na2p72vtqyok.cloudfront.net
2	d2na2p72vtqyok.cloudfront.net	pastebin.com
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	tags.expo9.exponential.com	pastebin.com
1	cdnp0.stackassets.com	pastebin.com
1	stags.bluekai.com	pastebin.com
1	partner.mediawallahscript.com	pastebin.com
1	stats.g.doubleclick.net	pastebin.com
1	m.servedby-buysellads.com	pastebin.com
1	www.googletagmanager.com	pastebin.com
132	41

This site contains links to these domains. Also see Links.

Domain
deals.pastebin.com
creativecommons.org
steadfast.net
facebook.com
twitter.com

Subject Issuer	Validity	Valid
ssl509085.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-04-27` - `2018-11-03`	6 months	crt.sh
*.tribalfusion.com Go Daddy Secure Certificate Authority - G2	`2015-09-03` - `2018-10-07`	3 years	crt.sh
districtm.io CloudFlare Inc ECC CA-2	`2018-04-26` - `2019-04-26`	a year	crt.sh

This page contains 24 frames:

Primary Page: https://pastebin.com/XLeVP82h
Frame ID: EB8FD0BA0C202A71EBBE5C495DF79AB6
Requests: 38 HTTP requests in this frame

Frame: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Frame ID: 8B136A30321807394781B3ECD73A9C04
Requests: 3 HTTP requests in this frame

Frame: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Frame ID: A115F8052BF4CAD8D3EB2BCDF9312854
Requests: 3 HTTP requests in this frame

Frame: https://s.tribalfusion.com/real/tags/Pastebincom/SnackbarSafe/tags.js
Frame ID: D3E75BD6E22B44E96DF3D84E54C7F5A8
Requests: 2 HTTP requests in this frame

Frame: https://pastebin.com/adserver/160x600_custom_safe.php
Frame ID: AD50D02E62FBA25E05C84F89AA590DF7
Requests: 30 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aRmQgMmH3J3TQ93das5AjGmUQIYcnVXsF20s7unEb43rnRTrvEUAQ1QTQXPsMMQW3t1d7mT6nn4cY5XUZbJT6uu5mndQ6JK4HnO1dBZbmt2u36YP3GrgVsBaWGMfPPnxTHJVTFMX2barVEUsWanlQEBZdQVJCPFuwPHU8WVv34FTxmteOXqPv4WjHPVZbE4AYLmdXHpZdKZbmD&mediaDataID=6530936&mediaName=frame.html
Frame ID: DF1E4B59ED78F0A3E985638BCB72934C
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aUmQgM5Ev73diM5PrZdnUnEYcQX1sr41Vvxna7W3FY2VbFAUmf4REU4PsvqPd7r1WnwVmMx4sUW0FUJTmim4AYgQABF3WMOXHMAmW2O4mBS3sr9VVQjUsrhRmFvWdnTTUn12U2mVqUqWan6PavFSGQIRr6vRt7lUVQP5UmnotAOXaqp2d3FSsME56nZdoWImVWQPpdLPch&mediaDataID=6453196&mediaName=frame.html
Frame ID: 228B5587A2D22A5D4BF5EDAAC5DCE8FB
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aXmQgM5tEN5PbEnUUG0sM0XGnT0VZbMmEvT3b3UVUjZcW6U0Rqj1ScMoPd7y0dJuVAjn2cY30UYBV6qm4PZb8PmfI3tnm1WZbApt6o4PBT4cj6VcQaUVb8PAZbxUHFVWrJY2FPpVEjnWTn8PavKRcfCPbupPHviWcb22FTrnWAn0a2p2tvZdQGZbG2ABZdpt6qTdBd0bfUytf3ZaY&mediaDataID=6546596&mediaName=frame.html
Frame ID: 76F6BF5125CDC0DE518EFDC5C222D32E
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=a0mQgMpdeo5mY15VUeUV3jVcFiSPMvTtFWUFbY3rAuWTYtTaBbSTnKRGbLQbZavRdfkWGMW2FqvotirXqev2tnZbPcJD5mBHmtayUdQcYrfa1UBgXTiMPrBEUrBXTtM4nU3mQbrsXEMn4ajh5TYRmEMC1rZbfUtM1oAYZcncnspd3J3TQ73tIq3mnZcmb3ZaXsvV1cFjypihdp&mediaDataID=7423766&mediaName=frame.html
Frame ID: 6BB2FBD7B007B0CB33B019E2218230D4
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=a2mQgMmdiyTHJ7XUb7YrZb91EuqRbrGTFBYVHQ4mbZbxPrBm1qZbs3Tbh5qU1nEZbIYU3hUWbPoAMDpVvmoHfD3TY92WZan3mbGpbYEYsfWXsF2XG7upa745FZbUVbnFUAU3Qaf0PVZbrPtju0HBtWP3p2cB50UUDTAiv2PvbRP7A3WvO0H3Andau3PJQ4cU8TVY7UcMYn1fHuc&mediaDataID=6680176&mediaName=frame.html
Frame ID: 5EAC8C23899484D6E3885D0E6AE77081
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=a4mQ8yprQE0VQUXVU50cvOmErQ5FvRTFfFWPr4PqbXPGrNSdZbr0tFsWAnM3VB20FFJT6yw4mFgPmbC4WUr0tJZbmW6n5mB14GjbVcM9Ucb8RAQnUtF5WbfY5bAuVTvqTaU6STQJRGbZbQbEsSW7cUVM54U6moduOYaTu3HYDPcrG4AJZdptAOVHBbYrvbYUf9XdeGp3uuZb5&mediaDataID=5406476&mediaName=frame.html
Frame ID: EB7651AA6D92D81BA2D55BAD19A3B9A1
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=a6mQgM3sYgTs3dUVr7S6QoTdr5TUF02r2oWErmVEUlQqrLQcYIRrIsSWUbVGQ54bevmtit0qyn4tMFQGrG463FpHapVdFh0rUkXbYk1qqtPbQEWbYSTdB4mUQmRUBtXaJt4aUi5aY5naFHXFjfUWMRoAnBns7vmHYE2ark5dEN5PbGnr3Zc0s7RXsM40sfMpTvboAkA0n&mediaDataID=7665496&mediaName=frame.html
Frame ID: BD87A721BC3580C37DF595FD8D727CAF
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=a8mQgM0b3kYFFkXqerRF3ZbTrMQWdYXnbQnPbjtYTYy5q7g2TfXoTZbHXb76TWJXm67DnVvomHML5TUh3tmq5PjEmUYL0sv01svV1svymEvT5U3UTrfZcUPf3Pab0ScvqPWYN0HvmW63N3Gv0YbrDT6im2PUePPMJ4Wvt1dnKndeo5m3Y5sU6VVBbVsFgR6UNWdFct2pPwB&mediaDataID=6347136&mediaName=frame.html
Frame ID: B2F9241420C188D40586B596345F4486
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aamQgM1cnV0V7xmqjS2bQ2WbMDW631QTb1QVUqQdJr1WZbsTPjv4sn0YFvKU62w4mFgPmbC4WYMXHYKnd2u5mU14VQbVVrjUsB8S6FOTtFWWrbY5UEuUabmVqJaSTrZaRs3JQFunSHY7Vc3P5rXxmtqr0qmp2WbZaSGBA46BLpWiyTHZbhXbQa1bQh1qZarRUYBWUBeqAZcaF1&mediaDataID=6719746&mediaName=frame.html
Frame ID: 7868CE0F331FFC2336B5C4A1CC382BD0
Requests: 1 HTTP requests in this frame

Frame: https://pastebin.com/adserver/728x90_custom_safe.php
Frame ID: 2226B16B58E39D5D71D5B3C44240E9CA
Requests: 29 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aTmQgM4WvO0H3IntPn4AUY4GM9UcB7VsMeR63xUtY3UUJ45UToUq3sWEMcPErFSsYAPb6nPHrkUGMU4F6nmt6MYTPy3trZdSVJZa5AJKptXsVWJ80Unk1FQg0EqsPbMETrZbXWHJ5nrfsQbZbnXqMy5EUk2avRmaML1rf8TWJPoP3BnVMwoHQD5qFf2dIs5mfKprbOn8nixq&mediaDataID=4056396&mediaName=frame.html
Frame ID: 203F929BD2196CFD2A69688F11582DDD
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aVmQgMSGBZa46QZcpHEmUHFhYF771FFf1qqtRUQEUF3SVWMYoFYnRUFnXTnr4E7a4EfPmEbA1rBhWWbRmAfLnVrupdQG2Tn75dZaN4mvLmbbZc0GnS1V3VXVnunqvU5UnUWbMFVm72QE32PVroPHjr1dvoT6Mp2GBV0UvATA2r5mvePm7K2WrrXdJImtaw5PQU3sjQMPq3q7&mediaDataID=6807466&mediaName=frame.html
Frame ID: 7D264921B36441505B413B5556937250
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aXmQ8y5tEN3PBIpFUKXcfTXG340cBOpT7U3FQVVrnHV6YWRTMQPcnpPWBx0WvnTmjv2cQUXrFBT6qo2PU8PArH3Hnn1HBCmW2M36rW3srgTs3kWsM6PAQxWdY3TUf35UAtUqMrWEM6PEMKRGQIRr6vRW7dUVf55U2pnHIsYTev2WbHPVjZd26YJptItTW7h0crUoQ5VDZd&mediaDataID=5436426&mediaName=frame.html
Frame ID: B1611373EA0A7DC1052CC73DAC6598AC
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: AA1781D5C8900693941215C09460A114
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 8D269DA1D52B1429D2184BEE09F15246
Requests: 1 HTTP requests in this frame

Frame: https://pastebin.com/adserver/160x600_criteo_pb_safe.php
Frame ID: 10F712FC0D94FAAFF50E1399C17D266E
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180709/r20110914/activeview/osd_listener.js
Frame ID: 6B9C0C2C68460027142B64E15A490F6B
Requests: 4 HTTP requests in this frame

Frame: https://pastebin.com/adserver/728x90_criteo_pb_safe.php
Frame ID: 6EDA3E16FF448B7CDBAA8CB4B5DF249D
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180709/r20110914/activeview/osd_listener.js
Frame ID: F62A2C8FF56B4B29C3AEF8B4F231E4AD
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://pastebin.com/raw/XLeVP82h HTTP 302
http://pastebin.com/XLeVP82h HTTP 301
https://pastebin.com/XLeVP82h Page URL

Detected technologies

BuySellAds (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

env /^_bsa/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

132
Requests

39 %
HTTPS

26 %
IPv6

31
Domains

41
Subdomains

30
IPs

6
Countries

893 kB
Transfer

3335 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://deals.pastebin.com/
Title: deals

Search URL Search Domain Scan URL

URL: http://creativecommons.org/licenses/by-sa/3.0/
Title: cc by-sa 3.0

Search URL Search Domain Scan URL

URL: http://steadfast.net/services/dedicated-servers.php?utm_source=pastebin.com&utm_medium=referral&utm_content=footer_link_dedicated_server_hosting_by&utm_campaign=referral_20140118_x_x_pastebin_partner&source=referral_20140118_x_x_pastebin_partner
Title: Dedicated Server Hosting

Search URL Search Domain Scan URL

URL: http://steadfast.net/?utm_source=pastebin.com&utm_medium=referral&utm_content=footer_link_steadfast&utm_campaign=referral_20140118_x_x_pastebin_partner&source=referral_20140118_x_x_pastebin_partner
Title: Steadfast

Search URL Search Domain Scan URL

URL: https://facebook.com/pastebin

Search URL Search Domain Scan URL

URL: https://twitter.com/pastebin

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://pastebin.com/raw/XLeVP82h HTTP 302
http://pastebin.com/XLeVP82h HTTP 301
https://pastebin.com/XLeVP82h Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 22

https://www.google-analytics.com/r/collect?v=1&_v=j68&a=1441932570&t=pageview&_s=1&dl=https%3A%2F%2Fpastebin.com%2FXLeVP82h&ul=en-us&de=UTF-8&dt=Pastebin.com%20-%20Page%20Removed&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1828557693&gjid=804865807&cid=1388229219.1531472805&tid=UA-58643-34&_gid=597443796.1531472805&_r=1&gtm=u6t&z=405864339 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-58643-34&cid=1388229219.1531472805&jid=1828557693&_gid=597443796.1531472805&gjid=804865807&_v=j68&z=405864339

Request Chain 73

https://ad.afy11.net/ad?mode=10&sspid=2585 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=gm&nuid=ChUI1JPNuPefz8ZhEKWz-vLvjYjfswE%3d

Request Chain 74

https://us-u.openx.net/w/1.0/cm?id=1be30a61-c15d-465d-b6e5-82da40df8212&r=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dopenx%26nuid%3D HTTP 302
https://sync.go.sonobi.com/us.gif?nw=openx&nuid=b1a35b07-2768-4f9b-b7bf-13a300b1661e

Request Chain 75

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]&mm_bnc&mm_bct HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=98385b48-5f3e-4400-8691-f37c39dc8e56

Request Chain 77

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=448ede80-afd7-4cd1-be3e-e78ed652b0c7 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm=&google_sc=&ssp=sonobi&bsw_param=448ede80-afd7-4cd1-be3e-e78ed652b0c7&google_tc= HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESECtLtcjgd2S5fWbR7B_KTgk&google_cver=1&ssp=sonobi&bsw_param=448ede80-afd7-4cd1-be3e-e78ed652b0c7 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=448ede80-afd7-4cd1-be3e-e78ed652b0c7

Request Chain 78

https://pixel.s3xified.com/sspsync/?ssp=1349 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=am&nuid=ef82c7f75ed3e0bda3af9426549644bf

Request Chain 79

https://tags.bluekai.com/site/30907?id=d83861ff-5fe5-47e4-9eb6-4da46b2f6daa HTTP 302
https://stags.bluekai.com/site/30907?dt=0&r=786517220&sig=2765401825&bkca=KJpnEnaBLEYt1eB1u21NEDLNNEDhEpUH+DhB1+1NuDA61DL0uMBnuDyW9B+lY0W=

Request Chain 80

https://bh.contextweb.com/bh/rtset?do=add&pid=561191&ev=d83861ff-5fe5-47e4-9eb6-4da46b2f6daa&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=ZvysgGrSluLe

Request Chain 81

https://trc.taboola.com/sg/sonobi-ssp-network/1/rtb-h?taboola_hm=1 HTTP 302
https://match.taboola.com/sg/sonobi-ssp-network/1/rtb-h?taboola_hm=1&tbid=91f6e6c5-b294-4b53-9f0b-7e1b707c3955-tuct241f128 HTTP 302
https://match.basebanner.com/match?tabid=91f6e6c5-b294-4b53-9f0b-7e1b707c3955-tuct241f128&extuid=1&excid=42&cijs=0 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=tb&nuid=91f6e6c5-b294-4b53-9f0b-7e1b707c3955-tuct241f128

Request Chain 82

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=eec73193-ac47-489c-9343-df7bdbb7c4fc

Request Chain 83

https://sync.rhythmxchange.com/usersync2/sonobi HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

Request Chain 92

https://ad.afy11.net/ad?mode=10&sspid=2585 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=gm&nuid=ChQIqZe5j4KC6cNzELXB8e_bwobqZw%3d%3d

Request Chain 93

https://us-u.openx.net/w/1.0/cm?id=1be30a61-c15d-465d-b6e5-82da40df8212&r=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dopenx%26nuid%3D HTTP 302
https://sync.go.sonobi.com/us.gif?nw=openx&nuid=b1a35b07-2768-4f9b-b7bf-13a300b1661e

Request Chain 94

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=98385b48-5f3e-4400-8691-f37c39dc8e56

Request Chain 95

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://px.adhigh.net/p/cm/bsw?bidswitch_ssp_id=sonobi HTTP 302
https://px.adhigh.net/p/cm/bsw?bidswitch_ssp_id=sonobi&bounced=1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=9&user_id=PIDEjhrabRt&expires=30&ssp=sonobi HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=448ede80-afd7-4cd1-be3e-e78ed652b0c7

Request Chain 96

https://pixel.s3xified.com/sspsync/?ssp=1349 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=am&nuid=ef82c7f75ed3e0bda3af9426549644bf

Request Chain 98

https://bh.contextweb.com/bh/rtset?do=add&pid=561191&ev=d83861ff-5fe5-47e4-9eb6-4da46b2f6daa&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=SlN0oKxlizXN

Request Chain 99

https://trc.taboola.com/sg/sonobi-ssp-network/1/rtb-h?taboola_hm=1 HTTP 302
https://match.taboola.com/sg/sonobi-ssp-network/1/rtb-h?taboola_hm=1&tbid=63a66926-0887-4585-9eb4-50ce020d1e4e-tuct241f128 HTTP 302
https://match.basebanner.com/match?tabid=63a66926-0887-4585-9eb4-50ce020d1e4e-tuct241f128&extuid=1&excid=42&cijs=0 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=tb&nuid=63a66926-0887-4585-9eb4-50ce020d1e4e-tuct241f128

Request Chain 100

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=eec73193-ac47-489c-9343-df7bdbb7c4fc

Request Chain 101

https://sync.rhythmxchange.com/usersync2/sonobi HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

132 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request XLeVP82h Show response
pastebin.com/
Redirect Chain

http://pastebin.com/raw/XLeVP82h
http://pastebin.com/XLeVP82h
https://pastebin.com/XLeVP82h

14 KB
5 KB

144ms
124ms

Document
text/html

104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf0c702ded13388fadf97120b5384dcb502ec1f596084d8a7fa3e943ff802e19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: pastebin.com
:scheme: https
:path: /XLeVP82h
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6

Response headers

status: 404
date: Fri, 13 Jul 2018 09:06:45 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 439a98681c04bec6-FRA

Redirect headers

Date: Fri, 13 Jul 2018 09:06:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
location: https://pastebin.com/XLeVP82h
X-XSS-Protection: 1; mode=block
Server: cloudflare
CF-RAY: 439a9867422d2684-FRA

GET
S 200 js Show response
www.googletagmanager.com/gtag/ 70 KB
25 KB 15ms
13ms Script
application/javascript 2a00:1450:4001:81d::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-58643-34

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

SPDY

Server

2a00:1450:4001:81d::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

056d25fde950d25309da2ad6b7d20b2b23b7963eda06d9795981eecc5705e3ee

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
content-encoding: gzip
server: Google Tag Manager (scaffolding)
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 25188
x-xss-protection: 1; mode=block
expires: Fri, 13 Jul 2018 09:06:45 GMT

GET
H2 200 jquery.min.js Show response
pastebin.com/js/ 82 KB
30 KB 16ms
15ms Script
application/x-javascript 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pastebin.com/js/jquery.min.js

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /js/jquery.min.js
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/XLeVP82h
:scheme: https
:method: GET
Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=7776000
cf-ray: 439a9868dc98bec6-FRA
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 pastebin.min.v2.js Show response
pastebin.com/js/ 35 KB
12 KB 11ms
9ms Script
application/x-javascript 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pastebin.com/js/pastebin.min.v2.js

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

125fd9e51c7727e0c0edb021f2d3ed8bdcaa048c7277992d134d794089ae3e36

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /js/pastebin.min.v2.js
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/XLeVP82h
:scheme: https
:method: GET
Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 May 2017 09:32:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=7776000
cf-ray: 439a9868dc99bec6-FRA
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 pastebin.min.v6.css
pastebin.com/i/ 40 KB
9 KB 23ms
22ms Stylesheet
text/css 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pastebin.com/i/pastebin.min.v6.css

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

37786f0724c1e728e8a1dfd225f12c5e9804c04a3a6eb0bc3795e7df67a51f64

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/pastebin.min.v6.css
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/XLeVP82h
:scheme: https
:method: GET
Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 14 Jun 2018 11:15:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=7776000
cf-ray: 439a9868dc9abec6-FRA
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 guest.png
pastebin.com/i/ 1 KB
1 KB 13ms
12ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/guest.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a0173182211c356718cc39291f5753a21fefe7422665f2bcd2a2798e02e846b

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/guest.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/XLeVP82h
:scheme: https
:method: GET
Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-480"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a9868dc9bbec6-FRA
content-length: 1152
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 t.gif
pastebin.com/i/ 43 B
125 B 22ms
21ms Image
image/gif 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/t.gif

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/t.gif
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/XLeVP82h
:scheme: https
:method: GET
Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-2b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a9868dc9cbec6-FRA
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H/1.1 200
OK tags.js Show response
tags.expo9.exponential.com/tags/Pastebincom/Safe/ 7 KB
3 KB 827ms
173ms Script
application/x-javascript 204.11.109.77
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.expo9.exponential.com/tags/Pastebincom/Safe/tags.js
Requested by: Host: pastebin.com
URL: https://pastebin.com/XLeVP82h
Protocol: HTTP/1.1
Server: 204.11.109.77 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: tags.expo9.exponential.com
Software: /
Resource Hash: c0e84e667672bf1c1c675beab334b374919c2a76172ddf890e48ac57b182f5ee

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:46 GMT
Content-Encoding: gzip
X-Function: 151
X-Reuse-Index: 1
ETag: 5909443542969422214
Vary: Accept-Encoding
P3P: CP="NOI DEVo TAIa OUR BUS"
Cache-Control: max-age=3600, public
Last-Modified: Fri, 21 Jun 2013 00:18:47 GMT
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 2306
Expires: Fri, 13 Jul 2018 10:06:46 GMT

GET
H2 200 gift.png
pastebin.com/i/ 2 KB
2 KB 15ms
15ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/gift.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

23396f2caca227b0433f07c7952518183b9ffbbaa4574a7da47857693f0e17d1

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/gift.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/XLeVP82h
:scheme: https
:method: GET
Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 25 Oct 2017 08:11:04 GMT
server: cloudflare
etag: "59f04718-78f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a9868dc9dbec6-FRA
content-length: 1935
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H/1.1 200
OK tags.js Show response
tags.expo9.exponential.com/tags/Pastebincom/SnackbarSafe/ 7 KB
3 KB 922ms
182ms Script
application/x-javascript 204.11.109.76
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.expo9.exponential.com/tags/Pastebincom/SnackbarSafe/tags.js
Requested by: Host: pastebin.com
URL: https://pastebin.com/XLeVP82h
Protocol: HTTP/1.1
Server: 204.11.109.76 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: tags.expo9.exponential.com
Software: /
Resource Hash: c0e84e667672bf1c1c675beab334b374919c2a76172ddf890e48ac57b182f5ee

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:46 GMT
Content-Encoding: gzip
X-Function: 151
X-Reuse-Index: 1
ETag: 5909443542969422214
Vary: Accept-Encoding
P3P: CP="NOI DEVo TAIa OUR BUS"
Cache-Control: max-age=3600, public
Last-Modified: Fri, 21 Jun 2013 00:18:47 GMT
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 2306
Expires: Fri, 13 Jul 2018 10:06:46 GMT

GET
H/1.1 200
OK monetization.js Show response
m.servedby-buysellads.com/ 36 KB
11 KB 25ms
6ms Script
application/javascript 108.161.189.78
netDNA

General

Check archive.org

Show headers Download Go to

Full URL: https://m.servedby-buysellads.com/monetization.js
Requested by: Host: pastebin.com
URL: https://pastebin.com/XLeVP82h
Protocol: HTTP/1.1
Server: 108.161.189.78 Los Angeles, United States, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: df9284981e4e607f45914a179a1d00b2618629ae99a8e139e7a9a78bd6f8acbf

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:45 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Jul 2018 18:57:35 GMT
Server: NetDNA-cache/2.2
x-amz-request-id: 22B194720805A532
ETag: W/"0d3bd65fb4a58257ca251707e419b604"
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
x-amz-id-2: W+g+VE4dPrVrkDhg1ooS9kt2x80AJH5uItO9TCnXwFuiXoAb9HGVe6QS5SH7i592+D04bSl5wxc=
Expires: Sat, 14 Jul 2018 09:06:45 GMT

GET
S 200 analytics.js Show response
www.google-analytics.com/ 34 KB
14 KB 13ms
12ms Script
text/javascript 2a00:1450:400e:803::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-58643-34

Protocol

SPDY

Server

2a00:1450:400e:803::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 18 May 2018 01:10:24 GMT
server: Golfe2
age: 257
date: Fri, 13 Jul 2018 09:02:28 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 14386
expires: Fri, 13 Jul 2018 11:02:28 GMT

GET
H2 200 linebg.png
pastebin.com/i/ 375 B
451 B 11ms
10ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/linebg.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d45d1b49b5918ea0ffa0b3d119995b96b558147f618f0ea1897906252be7bcb4

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/linebg.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-177"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a98693cdbbec6-FRA
content-length: 375
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 pro_btn_hover.png
pastebin.com/i/ 729 B
805 B 9ms
8ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/pro_btn_hover.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5154cd93dc27142f30bf0d10c32b64f107b81f89cc4801e296623cdbafef6bc

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/pro_btn_hover.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-2d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a98693cdcbec6-FRA
content-length: 729
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 header_bg.png
pastebin.com/i/ 191 B
265 B 13ms
12ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/header_bg.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a735f35356d3ca513b6c242e3f4c1034557e01faaa774b4e14feaef46ecdaac

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/header_bg.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a98693cddbec6-FRA
content-length: 191
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 dd_settings.png
pastebin.com/i/ 1 KB
1 KB 12ms
12ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/dd_settings.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2aa1657cc01cbd5e50c8a6de27ea8e811cf8c2bb8d182d8946c628ad3fe0b4e3

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/dd_settings.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-4ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a98693cdebec6-FRA
content-length: 1262
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 dd_alerts.png
pastebin.com/i/ 915 B
991 B 13ms
12ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/dd_alerts.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

df418a54adb533554fec3e2a4fb348625f539469f11380963942511835a3c771

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/dd_alerts.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-393"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a98693cdfbec6-FRA
content-length: 915
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 dd_messages.png
pastebin.com/i/ 1 KB
1 KB 20ms
20ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/dd_messages.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd1fd8dff30cc102766aa53409d2f292e413e5b9b4be66814c697c90e1c48da3

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/dd_messages.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-44b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a98693ce1bec6-FRA
content-length: 1099
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 dd_pastebin.png
pastebin.com/i/ 667 B
743 B 11ms
11ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/dd_pastebin.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7fc2927c6ecc0e0402558ef08cdac15420bf7699cc9c5976f2ae72a3af10d0d1

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/dd_pastebin.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-29b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a98693ce2bec6-FRA
content-length: 667
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 menu_down.png
pastebin.com/i/ 506 B
581 B 9ms
8ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/menu_down.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c4ce67d315f88d68e3e1a5a52049bc892096c4aab3e534226c29704886af20

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/menu_down.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-1fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a98693ce3bec6-FRA
content-length: 506
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 search.png
pastebin.com/i/ 1 KB
1 KB 12ms
11ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/search.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcf1268c850c2e448c01958bd3fc92fe2ae6a661353ac6238104ebfb57b04cbd

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/search.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-595"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a98693ce4bec6-FRA
content-length: 1429
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 add_2.png
pastebin.com/i/ 491 B
566 B 13ms
13ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/add_2.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

637dd01675f7015d068b7cadcfdf32607fec872ed3ef04ef9013d203a57e2f59

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/add_2.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-1eb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a98693ce5bec6-FRA
content-length: 491
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
H2 200 pastebin_logo_side_outline.png
pastebin.com/i/ 18 KB
18 KB 17ms
16ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/pastebin_logo_side_outline.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0bb893da5412b75e25ef7bb44285e3e0de74c550f7a2a7e40cb5fd29f82ba41

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/pastebin_logo_side_outline.png
pragma: no-cache
cookie: __cfduid=d30ab5faabad801e55f7e60ea1c49b56e1531472804
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:45 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-4660"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a98694cedbec6-FRA
content-length: 18016
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:45 GMT

GET
S

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j68&a=1441932570&t=pageview&_s=1&dl=https%3A%2F%2Fpastebin.com%2FXLeVP82h&ul=en-us&de=UTF-8&dt=Pastebin.com%20-%20Page%20Removed&sd=24-bit&sr=1600x...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-58643-34&cid=1388229219.1531472805&jid=1828557693&_gid=597443796.1531472805&gjid=804865807&_v=j68&z=405864339

35 B
102 B

16ms
15ms

Image
image/gif

2a00:1450:400c:c07::9d
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-58643-34&cid=1388229219.1531472805&jid=1828557693&_gid=597443796.1531472805&gjid=804865807&_v=j68&z=405864339

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

SPDY

Server

2a00:1450:400c:c07::9d , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 13 Jul 2018 09:06:45 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 13 Jul 2018 09:06:45 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-58643-34&cid=1388229219.1531472805&jid=1828557693&_gid=597443796.1531472805&gjid=804865807&_v=j68&z=405864339
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 415
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK tags.js Show response
s.tribalfusion.com/real/tags/Pastebincom/Safe/ Frame 8B13 58 KB
14 KB 819ms
174ms Script
application/x-javascript 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Requested by: Host: tags.expo9.exponential.com
URL: https://tags.expo9.exponential.com/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash: f9a12108fbbe82e3cc882d935fdbf1aaf80ec4d74b09947d574919f60eadf199

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:46 GMT
Content-Encoding: gzip
X-Function: 151
X-Reuse-Index: 1
ETag: 16581811717367587091
Vary: Accept-Encoding
P3P: CP="NOI DEVo TAIa OUR BUS"
Cache-Control: max-age=3600, private
Last-Modified: Mon, 11 Jun 2018 04:07:30 GMT
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 13900
Expires: Fri, 13 Jul 2018 10:06:46 GMT

GET
H/1.1 200
OK tags.js Show response
s.tribalfusion.com/real/tags/Pastebincom/Safe/ Frame A115 58 KB
14 KB 902ms
189ms Script
application/x-javascript 204.11.109.68
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Requested by: Host: tags.expo9.exponential.com
URL: https://tags.expo9.exponential.com/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Server: 204.11.109.68 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash: f9a12108fbbe82e3cc882d935fdbf1aaf80ec4d74b09947d574919f60eadf199

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:46 GMT
Content-Encoding: gzip
X-Function: 151
X-Reuse-Index: 1
ETag: 16581811717367587091
Vary: Accept-Encoding
P3P: CP="NOI DEVo TAIa OUR BUS"
Cache-Control: max-age=3600, private
Last-Modified: Mon, 11 Jun 2018 04:07:30 GMT
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 13900
Expires: Fri, 13 Jul 2018 10:06:46 GMT

GET
H2 200 twitter_circle.png
pastebin.com/i/ 954 B
1 KB 12ms
11ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/twitter_circle.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9db7a21dd14ba20bee6dc27da7e4cd799a936e9b1b5dee203f24d503b2e89b7f

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/twitter_circle.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 954
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-3ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e38dbbec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H2 200 facebook_circle.png
pastebin.com/i/ 818 B
898 B 12ms
11ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/facebook_circle.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

71f870b7243ed05cae8e4707adb82c8d6b30174bcd83e5d9b7c60bdee8bdbb6b

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/facebook_circle.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 818
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-332"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e38dcbec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H2 200 footer_linux.png
pastebin.com/i/ 4 KB
5 KB 16ms
16ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/footer_linux.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e1ec9f1acf0830d76c1a807a32cd47398e0bcbc6dfac6d4792f2a3ab78cd4a29

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/footer_linux.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 4571
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-11db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e38debec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H2 200 footer_opera.png
pastebin.com/i/ 3 KB
3 KB 17ms
16ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/footer_opera.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

520fcb233d72b3e30c4491aab4ac425baac5faa0918b47491419a8d7bdeff387

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/footer_opera.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 2756
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-ac4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e38dfbec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H2 200 footer_macosx.png
pastebin.com/i/ 3 KB
3 KB 15ms
15ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/footer_macosx.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea834ee6d3c746a617db8d9bcfe8fb91cda36b1ff34c1c5771f45f833bdcec3b

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/footer_macosx.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 2865
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-b31"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e38e1bec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H2 200 footer_android.png
pastebin.com/i/ 2 KB
3 KB 13ms
12ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/footer_android.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

79b2fa9032215e3dff51865bbe0024d7cb9b3f1914b1fb79944347dbfe48374b

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/footer_android.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 2469
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-9a5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e38e3bec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H2 200 footer_windows.png
pastebin.com/i/ 2 KB
2 KB 84ms
83ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/footer_windows.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e46d7ead177a073e065d10eead66856f03521f60ebab4def0d58c9c971ecd16

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/footer_windows.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 1808
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-710"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e48f2bec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H2 200 footer_ios.png
pastebin.com/i/ 3 KB
3 KB 42ms
42ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/footer_ios.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

df85c7193b05044e0cc8443a8122e92051590e6b86eb0668e43e175a7e7868f8

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/footer_ios.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 3011
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-bc3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e48f4bec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H2 200 footer_firefox.png
pastebin.com/i/ 3 KB
3 KB 9ms
9ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/footer_firefox.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

de9f869660ffdfc25464f11930933413a3e1efa363dfd35267b9ba7843731adc

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/footer_firefox.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 3178
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-c6a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e48efbec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H2 200 footer_chrome.png
pastebin.com/i/ 3 KB
3 KB 22ms
21ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/footer_chrome.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

96a39b4bca3cb02f0fd18724047cff37cf7ca2ed43240e1631a101e2e308dbd9

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/footer_chrome.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 2990
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-bae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e48f5bec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H2 200 close_promo.png
pastebin.com/i/ 1 KB
1 KB 18ms
18ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/close_promo.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e2c5ee3e670df454c774cd417f12f4ca3083db68091f9184fb29efd2af4877b

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/close_promo.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 1428
x-xss-protection: 1; mode=block
last-modified: Fri, 05 May 2017 08:52:39 GMT
server: cloudflare
etag: "590c3d57-594"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e48f6bec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H2 200 info.png
pastebin.com/i/ 2 KB
2 KB 76ms
76ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/info.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

703d23efcb49183ab7f2795739f547fcd42c3d73e77f47b6c614892bb6666cea

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/info.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 1676
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-68c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e48f0bec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H2 200 steadfast_1.png
pastebin.com/i/ 1 KB
1 KB 80ms
80ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/steadfast_1.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fb852db1cd132dda2e5b283b43d7cc7debe88e4ec803db31613aa472ae72009

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/steadfast_1.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
status: 200
content-length: 1245
x-xss-protection: 1; mode=block
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-4dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=7776000
set-cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; expires=Sat, 13-Jul-19 09:06:46 GMT; path=/; domain=.pastebin.com; HttpOnly
accept-ranges: bytes
cf-ray: 439a986e48f1bec6-FRA
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H/1.1 200
OK tags.js Show response
s.tribalfusion.com/real/tags/Pastebincom/SnackbarSafe/ Frame D3E7 58 KB
14 KB 833ms
176ms Script
application/x-javascript 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/real/tags/Pastebincom/SnackbarSafe/tags.js
Requested by: Host: tags.expo9.exponential.com
URL: https://tags.expo9.exponential.com/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash: 519da9ab367d112f8fe3fec314abf6bc3fb23aba4f0e2414679b61692de3b796

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:46 GMT
Content-Encoding: gzip
X-Function: 151
X-Reuse-Index: 1
ETag: 15443014881432072688
Vary: Accept-Encoding
P3P: CP="NOI DEVo TAIa OUR BUS"
Cache-Control: max-age=3600, private
Last-Modified: Mon, 11 Jun 2018 04:07:30 GMT
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 13906
Expires: Fri, 13 Jul 2018 10:06:46 GMT

GET
H2 200 cd-top-arrow.png
pastebin.com/i/ 451 B
526 B 10ms
10ms Image
image/png 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/cd-top-arrow.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b800c476dbffdc764f06f0267e3d5b0f8ae0a0c3764ff4e7787f7f388455dd27

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/cd-top-arrow.png
pragma: no-cache
cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/i/pastebin.min.v6.css
:scheme: https
:method: GET
Referer: https://pastebin.com/i/pastebin.min.v6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:46 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 04:15:00 GMT
server: cloudflare
etag: "5670e544-1c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=7776000
accept-ranges: bytes
cf-ray: 439a986f1973bec6-FRA
content-length: 451
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:46 GMT

GET
H/1.1 200
OK displayAd.js Show response
s.tribalfusion.com/ Frame 8B13 678 B
853 B 172ms
172ms Script
application/x-javascript 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/displayAd.js?dver=0.8&th=7415410238
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash: b4cda31585a53eaa84a9fb9d4765dbc033de7caa049692089c387481e7a95c82

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:47 GMT
Content-Encoding: gzip
X-Function: 153
X-Reuse-Index: 2
Vary: Accept-Encoding
P3P: CP="NOI DEVo TAIa OUR BUS"
Cache-Control: private
Last-Modified: Tue, 04 Apr 2017 05:09:56 GMT
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 331
Expires: Thu, 11 Oct 2018 09:06:47 GMT

GET
H/1.1 200
OK displayAd.js Show response
s.tribalfusion.com/ Frame A115 679 B
851 B 194ms
193ms Script
application/x-javascript 204.11.109.68
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/displayAd.js?dver=0.8&th=7415410238
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Server: 204.11.109.68 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash: 49b501c7b1aba5b1a7b1d8ad000837d5d9a063ad73688c72a6c09aca98617af8

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:47 GMT
Content-Encoding: gzip
X-Function: 153
X-Reuse-Index: 2
Vary: Accept-Encoding
P3P: CP="NOI DEVo TAIa OUR BUS"
Cache-Control: private
Last-Modified: Tue, 04 Apr 2017 05:09:56 GMT
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 333
Expires: Thu, 11 Oct 2018 09:06:47 GMT

GET
H/1.1 200
OK displayAd.js Show response
s.tribalfusion.com/ Frame D3E7 677 B
850 B 171ms
170ms Script
application/x-javascript 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/displayAd.js?dver=0.8&th=7415410238
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/SnackbarSafe/tags.js
Protocol: HTTP/1.1
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash: e26ee13562832c81e85fdc85b702f2c498926143aea9d177f39ce5c339438a9c

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:47 GMT
Content-Encoding: gzip
X-Function: 153
X-Reuse-Index: 2
Vary: Accept-Encoding
P3P: CP="NOI DEVo TAIa OUR BUS"
Cache-Control: private
Last-Modified: Tue, 04 Apr 2017 05:09:56 GMT
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 332
Expires: Thu, 11 Oct 2018 09:06:47 GMT

GET
H/1.1 200
OK j.ad Show response
s.tribalfusion.com/ Frame 8B13 8 KB
4 KB 167ms
167ms Script
application/x-javascript 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.28&th=7415410238&tagKey=3415125809&loaderVer=0.1&site=pastebincom&adSpace=safe&center=1&json=1&callback=e9Manager.setSingleAdResponse&env=display&size=160x600,120x600&busted=1&url=https%3A%2F%2Fpastebin.com%2FXLeVP82h&f=0&p=12735586&tKey=aLmneMQTvZdQcYKQbAnRtn61bvaSQjT8U&a=1&adContainerId=richmedia_2&rnd=12735689
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash: 41f91bef546c6ef3f1c7bbc364961452592171269d23c6434f39a22dd2bc3622

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Content-Encoding: gzip
X-Function: 101
X-Reuse-Index: 3
Vary: Accept-Encoding
P3P: CP="NOI DEVo TAIa OUR BUS"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 3450
Expires: 0

GET
H/1.1 200
OK j.ad Show response
s.tribalfusion.com/ Frame A115 3 KB
2 KB 184ms
183ms Script
application/x-javascript 204.11.109.68
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.28&th=7415410238&tagKey=3415125809&loaderVer=0.1&site=pastebincom&adSpace=safe&center=1&json=1&callback=e9Manager.setSingleAdResponse&env=display&size=970x250,728x90&busted=1&url=https%3A%2F%2Fpastebin.com%2FXLeVP82h&f=0&p=12735586&tKey=aSmneM2d3FSsME56nZdoWImXaZbPSQj4AC&a=3&adContainerId=richmedia_4&rnd=12734764
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Server: 204.11.109.68 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash: 0e78e147dfab46f0731d9f751edbf4d6032b0e85dcc53fe1ab63347d292e7f05

Request headers

Referer: https://pastebin.com/XLeVP82h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Content-Encoding: gzip
X-Function: 101
X-Reuse-Index: 3
Vary: Accept-Encoding
P3P: CP="NOI DEVo TAIa OUR BUS"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1529
Expires: 0

GET
H2 200 160x600_custom_safe.php Show response
pastebin.com/adserver/ Frame AD50 1 KB
792 B 109ms
109ms Document
text/html 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pastebin.com/adserver/160x600_custom_safe.php

Requested by

Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

558100561843d20afe325e0e04c0742827a8c575ecd7ea1142749bb93d9c14cd

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: pastebin.com
:scheme: https
:path: /adserver/160x600_custom_safe.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://pastebin.com/XLeVP82h
accept-encoding: gzip, deflate
cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

status: 200
date: Fri, 13 Jul 2018 09:06:47 GMT
content-type: text/html
vary: Accept-Encoding
x-xss-protection: 1; mode=block
content-encoding: gzip
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 439a98768ee1bec6-FRA

GET
H/1.1 200
OK p.media
s.tribalfusion.com/ Frame DF1E 0
0 162ms
161ms Document
text/html 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aRmQgMmH3J3TQ93das5AjGmUQIYcnVXsF20s7unEb43rnRTrvEUAQ1QTQXPsMMQW3t1d7mT6nn4cY5XUZbJT6uu5mndQ6JK4HnO1dBZbmt2u36YP3GrgVsBaWGMfPPnxTHJVTFMX2barVEUsWanlQEBZdQVJCPFuwPHU8WVv34FTxmteOXqPv4WjHPVZbE4AYLmdXHpZdKZbmD&mediaDataID=6530936&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash

Request headers

Host: s.tribalfusion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://pastebin.com/XLeVP82h
Accept-Encoding: gzip, deflate
Cookie: ANON_ID=aCnrmeO5nPuQPRo7UVbvwWXuJrNZacrBhTwSbrows5RZbpXXWTqNCTYq3GvobDUyRL7Hd7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 4
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 232
Expires: 0
Connection: keep-alive

GET
H/1.1 200
OK p.media
s.tribalfusion.com/ Frame 228B 0
0 163ms
163ms Document
text/html 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aUmQgM5Ev73diM5PrZdnUnEYcQX1sr41Vvxna7W3FY2VbFAUmf4REU4PsvqPd7r1WnwVmMx4sUW0FUJTmim4AYgQABF3WMOXHMAmW2O4mBS3sr9VVQjUsrhRmFvWdnTTUn12U2mVqUqWan6PavFSGQIRr6vRt7lUVQP5UmnotAOXaqp2d3FSsME56nZdoWImVWQPpdLPch&mediaDataID=6453196&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash

Request headers

Host: s.tribalfusion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://pastebin.com/XLeVP82h
Accept-Encoding: gzip, deflate
Cookie: ANON_ID=aCnrmeO5nPuQPRo7UVbvwWXuJrNZacrBhTwSbrows5RZbpXXWTqNCTYq3GvobDUyRL7Hd7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 3
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 201
Expires: 0
Connection: keep-alive

GET
H/1.1 200
OK p.media
s.tribalfusion.com/ Frame 76F6 0
0 290ms
177ms Document
text/html 204.11.109.68
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aXmQgM5tEN5PbEnUUG0sM0XGnT0VZbMmEvT3b3UVUjZcW6U0Rqj1ScMoPd7y0dJuVAjn2cY30UYBV6qm4PZb8PmfI3tnm1WZbApt6o4PBT4cj6VcQaUVb8PAZbxUHFVWrJY2FPpVEjnWTn8PavKRcfCPbupPHviWcb22FTrnWAn0a2p2tvZdQGZbG2ABZdpt6qTdBd0bfUytf3ZaY&mediaDataID=6546596&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 204.11.109.68 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash

Request headers

Host: s.tribalfusion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://pastebin.com/XLeVP82h
Accept-Encoding: gzip, deflate
Cookie: ANON_ID=aCnrmeO5nPuQPRo7UVbvwWXuJrNZacrBhTwSbrows5RZbpXXWTqNCTYq3GvobDUyRL7Hd7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 4
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 288
Expires: 0
Connection: keep-alive

GET
H/1.1 200
OK p.media
s.tribalfusion.com/ Frame 6BB2 0
0 307ms
163ms Document
text/html 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=a0mQgMpdeo5mY15VUeUV3jVcFiSPMvTtFWUFbY3rAuWTYtTaBbSTnKRGbLQbZavRdfkWGMW2FqvotirXqev2tnZbPcJD5mBHmtayUdQcYrfa1UBgXTiMPrBEUrBXTtM4nU3mQbrsXEMn4ajh5TYRmEMC1rZbfUtM1oAYZcncnspd3J3TQ73tIq3mnZcmb3ZaXsvV1cFjypihdp&mediaDataID=7423766&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash

Request headers

Host: s.tribalfusion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://pastebin.com/XLeVP82h
Accept-Encoding: gzip, deflate
Cookie: ANON_ID=aCnrmeO5nPuQPRo7UVbvwWXuJrNZacrBhTwSbrows5RZbpXXWTqNCTYq3GvobDUyRL7Hd7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 5
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 169
Expires: 0
Connection: keep-alive

GET
H/1.1 200
OK p.media
s.tribalfusion.com/ Frame 5EAC 0
0 312ms
161ms Document
text/html 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=a2mQgMmdiyTHJ7XUb7YrZb91EuqRbrGTFBYVHQ4mbZbxPrBm1qZbs3Tbh5qU1nEZbIYU3hUWbPoAMDpVvmoHfD3TY92WZan3mbGpbYEYsfWXsF2XG7upa745FZbUVbnFUAU3Qaf0PVZbrPtju0HBtWP3p2cB50UUDTAiv2PvbRP7A3WvO0H3Andau3PJQ4cU8TVY7UcMYn1fHuc&mediaDataID=6680176&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash

Request headers

Host: s.tribalfusion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://pastebin.com/XLeVP82h
Accept-Encoding: gzip, deflate
Cookie: ANON_ID=aCnrmeO5nPuQPRo7UVbvwWXuJrNZacrBhTwSbrows5RZbpXXWTqNCTYq3GvobDUyRL7Hd7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 4
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 198
Expires: 0
Connection: keep-alive

GET
H/1.1 200
OK p.media
s.tribalfusion.com/ Frame EB76 0
0 458ms
177ms Document
text/html 204.11.109.68
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=a4mQ8yprQE0VQUXVU50cvOmErQ5FvRTFfFWPr4PqbXPGrNSdZbr0tFsWAnM3VB20FFJT6yw4mFgPmbC4WUr0tJZbmW6n5mB14GjbVcM9Ucb8RAQnUtF5WbfY5bAuVTvqTaU6STQJRGbZbQbEsSW7cUVM54U6moduOYaTu3HYDPcrG4AJZdptAOVHBbYrvbYUf9XdeGp3uuZb5&mediaDataID=5406476&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 204.11.109.68 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash

Request headers

Host: s.tribalfusion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://pastebin.com/XLeVP82h
Accept-Encoding: gzip, deflate
Cookie: ANON_ID=aCnrmeO5nPuQPRo7UVbvwWXuJrNZacrBhTwSbrows5RZbpXXWTqNCTYq3GvobDUyRL7Hd7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 5
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 270
Expires: 0
Connection: keep-alive

GET
H/1.1 200
OK p.media
s.tribalfusion.com/ Frame BD87 0
0 458ms
161ms Document
text/html 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=a6mQgM3sYgTs3dUVr7S6QoTdr5TUF02r2oWErmVEUlQqrLQcYIRrIsSWUbVGQ54bevmtit0qyn4tMFQGrG463FpHapVdFh0rUkXbYk1qqtPbQEWbYSTdB4mUQmRUBtXaJt4aUi5aY5naFHXFjfUWMRoAnBns7vmHYE2ark5dEN5PbGnr3Zc0s7RXsM40sfMpTvboAkA0n&mediaDataID=7665496&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash

Request headers

Host: s.tribalfusion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://pastebin.com/XLeVP82h
Accept-Encoding: gzip, deflate
Cookie: ANON_ID=aCnrmeO5nPuQPRo7UVbvwWXuJrNZacrBhTwSbrows5RZbpXXWTqNCTYq3GvobDUyRL7Hd7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 6
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 179
Expires: 0
Connection: keep-alive

GET
H/1.1 200
OK p.media
s.tribalfusion.com/ Frame B2F9 0
0 459ms
161ms Document
text/html 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=a8mQgM0b3kYFFkXqerRF3ZbTrMQWdYXnbQnPbjtYTYy5q7g2TfXoTZbHXb76TWJXm67DnVvomHML5TUh3tmq5PjEmUYL0sv01svV1svymEvT5U3UTrfZcUPf3Pab0ScvqPWYN0HvmW63N3Gv0YbrDT6im2PUePPMJ4Wvt1dnKndeo5m3Y5sU6VVBbVsFgR6UNWdFct2pPwB&mediaDataID=6347136&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash

Request headers

Host: s.tribalfusion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://pastebin.com/XLeVP82h
Accept-Encoding: gzip, deflate
Cookie: ANON_ID=aCnrmeO5nPuQPRo7UVbvwWXuJrNZacrBhTwSbrows5RZbpXXWTqNCTYq3GvobDUyRL7Hd7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 5
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 234
Expires: 0
Connection: keep-alive

GET
H/1.1 200
OK p.media
s.tribalfusion.com/ Frame 7868 0
0 478ms
167ms Document
text/html 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aamQgM1cnV0V7xmqjS2bQ2WbMDW631QTb1QVUqQdJr1WZbsTPjv4sn0YFvKU62w4mFgPmbC4WYMXHYKnd2u5mU14VQbVVrjUsB8S6FOTtFWWrbY5UEuUabmVqJaSTrZaRs3JQFunSHY7Vc3P5rXxmtqr0qmp2WbZaSGBA46BLpWiyTHZbhXbQa1bQh1qZarRUYBWUBeqAZcaF1&mediaDataID=6719746&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash

Request headers

Host: s.tribalfusion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://pastebin.com/XLeVP82h
Accept-Encoding: gzip, deflate
Cookie: ANON_ID=aCnrmeO5nPuQPRo7UVbvwWXuJrNZacrBhTwSbrows5RZbpXXWTqNCTYq3GvobDUyRL7Hd7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 322
Expires: 0
Connection: keep-alive

GET
H/1.1 200
OK 024e069d-525f-46a7-911a-7c59471d8c75.js Show response
d2na2p72vtqyok.cloudfront.net/client-embed/ Frame AD50 677 KB
164 KB 39ms
8ms Script
application/javascript 13.32.222.128
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js
Requested by: Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php
Protocol: HTTP/1.1
Server: 13.32.222.128 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-222-128.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fa279350e5f6e6255e6baf14ba3f1f93a5be1024ef7ee06b75134b5d62e378ad

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 05:06:52 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Jul 2018 14:59:40 GMT
Server: AmazonS3
Age: 14395
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
x-amz-version-id: sqpbrGV5SCvVAeZ3B.vwjXdQrrpQ2YeZ
Via: 1.1 3c2476383ec2dd20b3b952b944a0f17d.cloudfront.net (CloudFront)
Cache-Control: max-age=900,public
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: application/javascript
X-Amz-Cf-Id: m8NGvtXlsE31gnoKqm11d9aeei90cC_cccpgJ-3ExvMopqHG_3I6-g==

GET
H2 200 728x90_custom_safe.php Show response
pastebin.com/adserver/ Frame 2226 1 KB
733 B 282ms
274ms Document
text/html 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pastebin.com/adserver/728x90_custom_safe.php

Requested by

Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e0be450b0ad7f16cbf145edfa3f727f0c16bfafd24f7cf2fab717f0a8fa982f

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: pastebin.com
:scheme: https
:path: /adserver/728x90_custom_safe.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://pastebin.com/XLeVP82h
accept-encoding: gzip, deflate
cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

status: 200
date: Fri, 13 Jul 2018 09:06:47 GMT
content-type: text/html
vary: Accept-Encoding
x-xss-protection: 1; mode=block
content-encoding: gzip
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 439a98777f70bec6-FRA

GET
H/1.1 200
OK p.media
s.tribalfusion.com/ Frame 203F 0
0 521ms
177ms Document
text/html 204.11.109.68
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aTmQgM4WvO0H3IntPn4AUY4GM9UcB7VsMeR63xUtY3UUJ45UToUq3sWEMcPErFSsYAPb6nPHrkUGMU4F6nmt6MYTPy3trZdSVJZa5AJKptXsVWJ80Unk1FQg0EqsPbMETrZbXWHJ5nrfsQbZbnXqMy5EUk2avRmaML1rf8TWJPoP3BnVMwoHQD5qFf2dIs5mfKprbOn8nixq&mediaDataID=4056396&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 204.11.109.68 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash

Request headers

Host: s.tribalfusion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://pastebin.com/XLeVP82h
Accept-Encoding: gzip, deflate
Cookie: ANON_ID=a3nrmeM0inmSPBmSUT9LGmYN3Fx41QGYIGYVZaUpHRPhAbI4q3IZbbjv2rqHfqMWRL7vrL
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 6
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 196
Expires: 0
Connection: keep-alive

GET
H/1.1 200
OK p.media
s.tribalfusion.com/ Frame 7D26 0
0 505ms
161ms Document
text/html 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aVmQgMSGBZa46QZcpHEmUHFhYF771FFf1qqtRUQEUF3SVWMYoFYnRUFnXTnr4E7a4EfPmEbA1rBhWWbRmAfLnVrupdQG2Tn75dZaN4mvLmbbZc0GnS1V3VXVnunqvU5UnUWbMFVm72QE32PVroPHjr1dvoT6Mp2GBV0UvATA2r5mvePm7K2WrrXdJImtaw5PQU3sjQMPq3q7&mediaDataID=6807466&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash

Request headers

Host: s.tribalfusion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://pastebin.com/XLeVP82h
Accept-Encoding: gzip, deflate
Cookie: ANON_ID=a3nrmeM0inmSPBmSUT9LGmYN3Fx41QGYIGYVZaUpHRPhAbI4q3IZbbjv2rqHfqMWRL7vrL
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 7
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 251
Expires: 0
Connection: keep-alive

GET
H/1.1 200
OK p.media
s.tribalfusion.com/ Frame B161 0
0 504ms
161ms Document
text/html 204.11.109.66
Exponential Inter...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aXmQ8y5tEN3PBIpFUKXcfTXG340cBOpT7U3FQVVrnHV6YWRTMQPcnpPWBx0WvnTmjv2cQUXrFBT6qo2PU8PArH3Hnn1HBCmW2M36rW3srgTs3kWsM6PAQxWdY3TUf35UAtUqMrWEM6PEMKRGQIRr6vRW7dUVf55U2pnHIsYTev2WbHPVjZd26YJptItTW7h0crUoQ5VDZd&mediaDataID=5436426&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/real/tags/Pastebincom/Safe/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 204.11.109.66 Emeryville, United States, ASN33419 (TRIBAL-FUSION - Exponential Interactive, Inc., US),
Reverse DNS: a.tribalfusion.com
Software: /
Resource Hash

Request headers

Host: s.tribalfusion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://pastebin.com/XLeVP82h
Accept-Encoding: gzip, deflate
Cookie: ANON_ID=a3nrmeM0inmSPBmSUT9LGmYN3Fx41QGYIGYVZaUpHRPhAbI4q3IZbbjv2rqHfqMWRL7vrL
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/XLeVP82h

Response headers

P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 6
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 263
Expires: 0
Connection: keep-alive

GET
S 200 / Show response
geoip.insticator.com/json/ Frame AD50 189 B
577 B 418ms
397ms XHR
application/json 2400:cb00:2048:1::6814:180b
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://geoip.insticator.com/json/
Requested by: Host: d2na2p72vtqyok.cloudfront.net
URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js
Protocol: SPDY
Server: 2400:cb00:2048:1::6814:180b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe5d90987bf2ca2df28ab7ebf44be9a6b99433f6827577c7e5e7fc92c09ac49f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pastebin.com/adserver/160x600_custom_safe.php
Origin: https://pastebin.com

Response headers

cf-ray: 439a9877fccf6385-FRA
date: Fri, 13 Jul 2018 09:06:48 GMT
via: 1.1 vegur
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: application/json
access-control-allow-origin: https://pastebin.com
x-ratelimit-remaining: 9999
access-control-allow-credentials: true
x-ratelimit-reset: 3600
x-ratelimit-limit: 10000
x-database-date: Thu, 12 Jul 2018 17:54:33 GMT
content-encoding: gzip

GET
S 200 instbid_pubwise.js Show response
df80k0z3fi8zg.cloudfront.net/files/ Frame AD50 138 KB
43 KB 40ms
20ms Script
application/javascript 2600:9000:20bb:4e00:10:3422:3f00:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_pubwise.js
Requested by: Host: d2na2p72vtqyok.cloudfront.net
URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js
Protocol: SPDY
Server: 2600:9000:20bb:4e00:10:3422:3f00:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5c2b1bed79700fe5d259a53ba106725d3b0cd135cde665db35a2134f45c1eb6a

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 22:14:36 GMT
content-encoding: gzip
last-modified: Tue, 10 Jul 2018 18:58:06 GMT
server: AmazonS3
age: 39132
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: txw80dM1pP2UiWWgdFVCHLsY5s5GkDtM
status: 200
content-type: application/javascript
x-amz-cf-id: BwWWMIlRGEA4qkYB-KqfkhUf6ZbAgdlXFlgYnyFNqzrr4FX-lJ7w7Q==
via: 1.1 89934ce37ea0d70a19ace48a847ae306.cloudfront.net (CloudFront)

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame AD50 21 B
712 B 14ms
13ms XHR
application/json 185.33.223.220
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_pubwise.js

Protocol

HTTP/1.1

Server

185.33.223.220 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

Software

nginx/1.13.4 /

Resource Hash

aaaabde3f68c325033b37bb3ebff887e3b589b7137e717e96648a52221881429

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
Origin: https://pastebin.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:49 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 309.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.133:80
AN-X-Request-Uuid: 46b0e16c-d2f4-4d66-a8f2-c6b527495fbd
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://pastebin.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 21
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK getjs.static.js Show response
tag-st.contextweb.com/ Frame AD50 32 KB
11 KB 24ms
6ms Script
application/x-javascript 151.101.12.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://tag-st.contextweb.com/getjs.static.js
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_pubwise.js
Protocol: HTTP/1.1
Server: 151.101.12.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: 2797a5a31f878305121024bf4f2271f8059dcc6c2b24efde2994c09631bed34f

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:47 GMT
Content-Encoding: gzip
Age: 244
X-Cache: HIT
P3P: policyref="/TagPublish/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Connection: keep-alive
CW-FEServer: ams-prts08.pulse.prod
Content-Length: 11149
X-Served-By: cache-fra19123-FRA
Server: nginx
X-Timer: S1531472808.736289,VS0,VE0
ETag: 24e3b1b6dd83b252f1213e42689762834e238463
Content-Type: application/x-javascript
Via: 1.1 varnish
Cache-Control: max-age=432000, public
Accept-Ranges: bytes
X-Cache-Hits: 217

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame AD50 21 B
712 B 30ms
17ms XHR
application/json 185.33.223.220
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_pubwise.js

Protocol

HTTP/1.1

Server

185.33.223.220 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

Software

nginx/1.13.4 /

Resource Hash

aaaabde3f68c325033b37bb3ebff887e3b589b7137e717e96648a52221881429

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
Origin: https://pastebin.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:49 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 309.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.176:80
AN-X-Request-Uuid: f5a8af67-9e6a-46e4-be6d-4f98cd3694bc
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://pastebin.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 21
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK trinity.js Show response
apex.go.sonobi.com/ Frame AD50 2 KB
2 KB 193ms
105ms Script
text/javascript 34.251.186.139
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.js?key_maker={%2285abfd424b8f3c%22:%224c4c920a6cf262ee66db|160x600%22}&cv=sbi_79b288758f0cd3&ref=pastebin.com

Requested by

Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_pubwise.js

Protocol

HTTP/1.1

Server

34.251.186.139 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-251-186-139.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

ec28a8c1e590f3998833df958f9b65c2c0f8b508cdb72d62cc4a5bb4d2b68563

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:47 GMT
Content-Encoding: gzip
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-dub-1-6-196
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private, no-cache="set-cookie"
Tcn: Choice
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 962
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
S 200 lib.js Show response
prebid.districtm.ca/ Frame AD50 21 KB
7 KB 36ms
11ms Script
text/javascript 2400:cb00:2048:1::6814:10f3
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.districtm.ca/lib.js
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_pubwise.js
Protocol: SPDY
Server: 2400:cb00:2048:1::6814:10f3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed6ad3c41fd07450891bcb21c80e5bf2a742c6e9415d7ae7caa125edae136650

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:47 GMT
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: C0B84EEFC45CE018
status: 200
x-amz-version-id: 3bS4VITibJMcxm4G6C3aLv4zyVPcsnkF
x-amz-id-2: pnOQwTAJXBHFfD9BR8iaSw5rW9sNqOEUVTFfiqpqHdcy2PMlgsaXHfMQ1XMGvL63GWo7gpTxZUE=
last-modified: Thu, 05 Apr 2018 16:30:36 GMT
server: cloudflare
etag: W/"f85ea173704c12c034ed19a7a9389068"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=86400
cf-ray: 439a98786ac596d6-FRA
expires: Sat, 14 Jul 2018 09:06:47 GMT

GET
H/1.1 204
No Content tag Show response
bid.contextweb.com/header/ Frame AD50 0
603 B 65ms
21ms XHR
text/plain 74.214.194.133
PULSEPOINT-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/tag?tagver=1&ca=BID&cp=561664&ct=633319&cf=160X600&rq=1&dw=160&cwu=https%3A%2F%2Fpastebin.com%2FXLeVP82h&cwr=&mrnd=66382507&if=2&tl=1&pxy=1229,182&cxy=160,600&dxy=1600,1018&tz=0&ln=en-US
Requested by: Host: tag-st.contextweb.com
URL: https://tag-st.contextweb.com/getjs.static.js
Protocol: HTTP/1.1
Server: 74.214.194.133 Amsterdam, Netherlands, ASN59940 (PULSEPOINT-EU, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
Origin: https://pastebin.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: text/plain

Response headers

Date: Fri, 13 Jul 2018 09:06:47 GMT
Server: nginx
CWDL: 22/2528
Access-Control-Allow-Origin: https://pastebin.com
Access-Control-Expose-Headers: Access-Control-Allow-Origin
Access-Control-Allow-Credentials: true
Connection: keep-alive
CW-FEServer: ams-prts05.pulse.prod
CW-Server: ams-bid02
Content-Length: 0

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame AA17 0
0 127ms
106ms Document
text/html 2400:cb00:2048:1::681c:12e8
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: prebid.districtm.ca
URL: https://prebid.districtm.ca/lib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2400:cb00:2048:1::681c:12e8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://pastebin.com/adserver/160x600_custom_safe.php
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/adserver/160x600_custom_safe.php

Response headers

status: 200
date: Fri, 13 Jul 2018 09:06:47 GMT
content-type: text/html
set-cookie: __cfduid=dde3e4515ee1bf2c0de8d766232979ed41531472807; expires=Sat, 13-Jul-19 09:06:47 GMT; path=/; domain=.districtm.io; HttpOnly
last-modified: Fri, 15 Jun 2018 18:20:32 GMT
cache-control: s-maxage=1209600, max-age=14400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 439a9878bd0497bc-FRA
content-encoding: gzip

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame AD50 19 B
708 B 14ms
13ms XHR
application/json 185.33.223.220
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: prebid.districtm.ca
URL: https://prebid.districtm.ca/lib.js

Protocol

HTTP/1.1

Server

185.33.223.220 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

Software

nginx/1.13.4 /

Resource Hash

2544182fb9a0a2f65dac966c91bcbcb8239798c4c5d8278f0fd6d9f4056d301e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
Origin: https://pastebin.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:49 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 309.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.6:80
AN-X-Request-Uuid: cb6635ba-459f-4699-aa85-cdf7fecf6a48
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://pastebin.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 304
Not Modified 024e069d-525f-46a7-911a-7c59471d8c75.js Show response
d2na2p72vtqyok.cloudfront.net/client-embed/ Frame 2226 677 KB
402 B 9ms
9ms Script
application/javascript 13.32.222.128
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js
Requested by: Host: pastebin.com
URL: https://pastebin.com/adserver/728x90_custom_safe.php
Protocol: HTTP/1.1
Server: 13.32.222.128 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-222-128.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fa279350e5f6e6255e6baf14ba3f1f93a5be1024ef7ee06b75134b5d62e378ad

Request headers

If-Modified-Since: Tue, 10 Jul 2018 14:59:40 GMT
Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:47 GMT
Via: 1.1 3c2476383ec2dd20b3b952b944a0f17d.cloudfront.net (CloudFront)
Server: AmazonS3
Age: 14395
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
x-amz-version-id: sqpbrGV5SCvVAeZ3B.vwjXdQrrpQ2YeZ
Cache-Control: max-age=900,public
Connection: keep-alive
X-Amz-Cf-Id: WxlWsL69yetue4V_ZdbOi6za7_1VOcGaaHJNOajApN8zquNJ5cykxw==

GET
S 200 / Show response
geoip.insticator.com/json/ Frame 2226 189 B
337 B 377ms
377ms XHR
application/json 2400:cb00:2048:1::6814:180b
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://geoip.insticator.com/json/
Requested by: Host: d2na2p72vtqyok.cloudfront.net
URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js
Protocol: SPDY
Server: 2400:cb00:2048:1::6814:180b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe5d90987bf2ca2df28ab7ebf44be9a6b99433f6827577c7e5e7fc92c09ac49f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pastebin.com/adserver/728x90_custom_safe.php
Origin: https://pastebin.com

Response headers

cf-ray: 439a98794dd36385-FRA
date: Fri, 13 Jul 2018 09:06:48 GMT
via: 1.1 vegur
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: application/json
access-control-allow-origin: https://pastebin.com
x-ratelimit-remaining: 9999
access-control-allow-credentials: true
x-ratelimit-reset: 3600
x-ratelimit-limit: 10000
x-database-date: Thu, 12 Jul 2018 18:53:26 GMT
content-encoding: gzip

GET
S 200 instbid_pubwise.js Show response
df80k0z3fi8zg.cloudfront.net/files/ Frame 2226 138 KB
43 KB 8ms
8ms Script
application/javascript 2600:9000:20bb:4e00:10:3422:3f00:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_pubwise.js
Requested by: Host: d2na2p72vtqyok.cloudfront.net
URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js
Protocol: SPDY
Server: 2600:9000:20bb:4e00:10:3422:3f00:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5c2b1bed79700fe5d259a53ba106725d3b0cd135cde665db35a2134f45c1eb6a

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 22:14:36 GMT
content-encoding: gzip
last-modified: Tue, 10 Jul 2018 18:58:06 GMT
server: AmazonS3
age: 39132
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: txw80dM1pP2UiWWgdFVCHLsY5s5GkDtM
status: 200
content-type: application/javascript
x-amz-cf-id: SlNhClPd4d_HSypnQp0QFEzFqjA_hd2MEzYMwK4OnPUDNVqGLpF47g==
via: 1.1 89934ce37ea0d70a19ace48a847ae306.cloudfront.net (CloudFront)

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame AD50
Redirect Chain

https://ad.afy11.net/ad?mode=10&sspid=2585
https://sync.go.sonobi.com/us.gif?nw=gm&nuid=ChUI1JPNuPefz8ZhEKWz-vLvjYjfswE%3d

49 B
599 B

28ms
28ms

Image
image/gif

34.254.68.9
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=gm&nuid=ChUI1JPNuPefz8ZhEKWz-vLvjYjfswE%3d

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php

Protocol

HTTP/1.1

Server

34.254.68.9 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-254-68-9.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: //sync.go.sonobi.com/us.gif?nw=gm&nuid=ChUI1JPNuPefz8ZhEKWz-vLvjYjfswE%3d
Date: Fri, 13 Jul 2018 09:06:47 GMT
Server: Microsoft-IIS/8.5, AdifyServer
Connection: close
Content-Length: 0
P3P: policyref="https://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame AD50
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=1be30a61-c15d-465d-b6e5-82da40df8212&r=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dopenx%26nuid%3D
https://sync.go.sonobi.com/us.gif?nw=openx&nuid=b1a35b07-2768-4f9b-b7bf-13a300b1661e

49 B
819 B

129ms
28ms

Image
image/gif

34.249.237.101
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=openx&nuid=b1a35b07-2768-4f9b-b7bf-13a300b1661e

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php

Protocol

HTTP/1.1

Server

34.249.237.101 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-249-237-101.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private, no-cache="set-cookie"
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Fri, 13 Jul 2018 09:06:47 GMT
server: OXGW/16.46.0
status: 302
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://sync.go.sonobi.com/us.gif?nw=openx&nuid=b1a35b07-2768-4f9b-b7bf-13a300b1661e
content-type: image/gif
content-length: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame AD50
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]&mm_bnc&mm_bct
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=98385b48-5f3e-4400-8691-f37c39dc8e56

49 B
819 B

64ms
27ms

Image
image/gif

34.254.68.9
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=98385b48-5f3e-4400-8691-f37c39dc8e56

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php

Protocol

HTTP/1.1

Server

34.254.68.9 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-254-68-9.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private, no-cache="set-cookie"
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: MT3 1.26.7.0 e3db8da DPLAT-363 zrh-pixel-x22
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=98385b48-5f3e-4400-8691-f37c39dc8e56
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 13 Jul 2018 09:06:47 GMT

GET
H/1.1 200
OK /
partner.mediawallahscript.com/ Frame AD50 32 B
367 B 121ms
27ms Image
image/png 52.48.10.158
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.mediawallahscript.com/?account_id=1037&partner_id=1041&uid=d83861ff-5fe5-47e4-9eb6-4da46b2f6daa&custom=&tag_format=img&tag_action=sync&custom=&cb=115083
Requested by: Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php
Protocol: HTTP/1.1
Server: 52.48.10.158 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-48-10-158.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 853b983923a033223e4f391790e6e86619b31d542b40e7e1e8221fb0d6957ab1

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.12.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, no-cache, must-revalidate, no-store, max-age=0
Connection: keep-alive
Content-Type: image/png
Content-Length: 32
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame AD50
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=448ede80-afd7-4cd1-be3e-e78ed652b0c7
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm=&google_sc=&ssp=sonobi&bsw_param=448ede80-afd7-4cd1-be3e-e78ed652b0c7&google_tc=
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESECtLtcjgd2S5fWbR7B_KTgk&google_cver=1&ssp=sonobi&bsw_param=448ede80-afd7-4cd1-be3e-e78ed652b0c7
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=448ede80-afd7-4cd1-be3e-e78ed652b0c7

49 B
905 B

78ms
29ms

Image
image/gif

34.249.237.101
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=448ede80-afd7-4cd1-be3e-e78ed652b0c7

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php

Protocol

HTTP/1.1

Server

34.249.237.101 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-249-237-101.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private, no-cache="set-cookie"
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.12.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=448ede80-afd7-4cd1-be3e-e78ed652b0c7
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame AD50
Redirect Chain

https://pixel.s3xified.com/sspsync/?ssp=1349
https://sync.go.sonobi.com/us.gif?nw=am&nuid=ef82c7f75ed3e0bda3af9426549644bf

49 B
685 B

28ms
28ms

Image
image/gif

34.249.237.101
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=am&nuid=ef82c7f75ed3e0bda3af9426549644bf

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php

Protocol

HTTP/1.1

Server

34.249.237.101 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-249-237-101.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=am&nuid=ef82c7f75ed3e0bda3af9426549644bf
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: openresty
Connection: keep-alive
Content-Length: 154
Content-Type: text/html

GET
H/1.1

200
OK

30907
stags.bluekai.com/site/ Frame AD50
Redirect Chain

https://tags.bluekai.com/site/30907?id=d83861ff-5fe5-47e4-9eb6-4da46b2f6daa
https://stags.bluekai.com/site/30907?dt=0&r=786517220&sig=2765401825&bkca=KJpnEnaBLEYt1eB1u21NEDLNNEDhEpUH+DhB1+1NuDA61DL0uMBnuDyW9B+lY0W=

62 B
527 B

117ms
97ms

Image
image/gif

104.108.51.30
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/30907?dt=0&r=786517220&sig=2765401825&bkca=KJpnEnaBLEYt1eB1u21NEDLNNEDhEpUH+DhB1+1NuDA61DL0uMBnuDyW9B+lY0W=
Requested by: Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php
Protocol: HTTP/1.1
Server: 104.108.51.30 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-108-51-30.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 62
BK-Server: 53d5
Expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

Location: https://stags.bluekai.com/site/30907?dt=0&r=786517220&sig=2765401825&bkca=KJpnEnaBLEYt1eB1u21NEDLNNEDhEpUH+DhB1+1NuDA61DL0uMBnuDyW9B+lY0W=
Date: Fri, 13 Jul 2018 09:06:48 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 38ea
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame AD50
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=561191&ev=d83861ff-5fe5-47e4-9eb6-4da46b2f6daa&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=ZvysgGrSluLe

49 B
795 B

115ms
29ms

Image
image/gif

34.254.68.9
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=pp&nuid=ZvysgGrSluLe

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php

Protocol

HTTP/1.1

Server

34.254.68.9 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-254-68-9.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private, no-cache="set-cookie"
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 13 Jul 2018 09:06:47 GMT
Via: 1.1 varnish
Server: Jetty(9.4.6.v20170531)
P3P: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Transfer-Encoding: chunked
X-Cache: MISS
Content-Language: en-US
Location: https://sync.go.sonobi.com/us.gif?nw=pp&nuid=ZvysgGrSluLe
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: private, max-age=0, no-cache, no-store
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
CW-Server: ams-bh02
X-Served-By: cache-hhn1544-HHN

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame AD50
Redirect Chain

https://trc.taboola.com/sg/sonobi-ssp-network/1/rtb-h?taboola_hm=1
https://match.taboola.com/sg/sonobi-ssp-network/1/rtb-h?taboola_hm=1&tbid=91f6e6c5-b294-4b53-9f0b-7e1b707c3955-tuct241f128
https://match.basebanner.com/match?tabid=91f6e6c5-b294-4b53-9f0b-7e1b707c3955-tuct241f128&extuid=1&excid=42&cijs=0
https://sync.go.sonobi.com/us.gif?nw=tb&nuid=91f6e6c5-b294-4b53-9f0b-7e1b707c3955-tuct241f128

49 B
615 B

30ms
29ms

Image
image/gif

34.249.237.101
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=tb&nuid=91f6e6c5-b294-4b53-9f0b-7e1b707c3955-tuct241f128

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php

Protocol

HTTP/1.1

Server

34.249.237.101 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-249-237-101.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Fri, 13 Jul 2018 09:06:48 GMT
via: 1.1 varnish
server: nginx/1.9.12
x-timer: S1531472808.222142,VS0,VE8
x-served-by: cache-fra19144-FRA
status: 302
x-cache: MISS
p3p: policyref="http://null/w3c/p3p.xml", CP="NOI IDC DSP COR CURa ADMa OUR IND COM STA NOR UNI"
location: https://sync.go.sonobi.com/us.gif?nw=tb&nuid=91f6e6c5-b294-4b53-9f0b-7e1b707c3955-tuct241f128
accept-ranges: bytes
access-control-allow-headers: X-Requested-With, X-Prototype-Version, Content-Type, Origin, Allow
content-length: 0
x-cache-hits: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame AD50
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1
https://sync.go.sonobi.com/us.gif?nw=td&nuid=eec73193-ac47-489c-9343-df7bdbb7c4fc

49 B
819 B

66ms
28ms

Image
image/gif

34.254.68.9
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=eec73193-ac47-489c-9343-df7bdbb7c4fc

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php

Protocol

HTTP/1.1

Server

34.254.68.9 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-254-68-9.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private, no-cache="set-cookie"
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 13 Jul 2018 09:06:48 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=eec73193-ac47-489c-9343-df7bdbb7c4fc
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 193

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame AD50
Redirect Chain

https://sync.rhythmxchange.com/usersync2/sonobi
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

49 B
482 B

28ms
28ms

Image
image/gif

34.249.237.101
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php

Protocol

HTTP/1.1

Server

34.249.237.101 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-249-237-101.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx
ETag: OPTOUT
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H/1.1 200
OK trinity.js Show response
apex.go.sonobi.com/ Frame 2226 2 KB
2 KB 134ms
134ms Script
text/javascript 34.251.186.139
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.js?key_maker={%22297e959b232537%22:%224c4c920a6cf262ee66db|728x90%22}&cv=sbi_176f60de94573e&ref=pastebin.com

Requested by

Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_pubwise.js

Protocol

HTTP/1.1

Server

34.251.186.139 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-251-186-139.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

975689a7f05c131974c466fdfae6dc72a45125832642da45140c9be4f2cae6ae

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Content-Encoding: gzip
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-dub-1-6-196
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 885
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 2226 21 B
711 B 14ms
13ms XHR
application/json 185.33.223.220
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_pubwise.js

Protocol

HTTP/1.1

Server

185.33.223.220 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

Software

nginx/1.13.4 /

Resource Hash

aaaabde3f68c325033b37bb3ebff887e3b589b7137e717e96648a52221881429

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
Origin: https://pastebin.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:49 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 309.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.46:80
AN-X-Request-Uuid: a0aa7cf5-6b00-41f3-9d77-31d579724c58
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://pastebin.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 21
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 2226 21 B
712 B 13ms
12ms XHR
application/json 185.33.223.218
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_pubwise.js

Protocol

HTTP/1.1

Server

185.33.223.218 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

Software

nginx/1.13.4 /

Resource Hash

aaaabde3f68c325033b37bb3ebff887e3b589b7137e717e96648a52221881429

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
Origin: https://pastebin.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:49 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 313.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.138:80
AN-X-Request-Uuid: 2b9f246c-efb6-4990-b681-3161bae1cd39
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://pastebin.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 21
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
S 200 lib.js Show response
prebid.districtm.ca/ Frame 2226 21 KB
6 KB 11ms
10ms Script
text/javascript 2400:cb00:2048:1::6814:10f3
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.districtm.ca/lib.js
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_pubwise.js
Protocol: SPDY
Server: 2400:cb00:2048:1::6814:10f3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed6ad3c41fd07450891bcb21c80e5bf2a742c6e9415d7ae7caa125edae136650

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:47 GMT
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: C0B84EEFC45CE018
status: 200
x-amz-version-id: 3bS4VITibJMcxm4G6C3aLv4zyVPcsnkF
x-amz-id-2: pnOQwTAJXBHFfD9BR8iaSw5rW9sNqOEUVTFfiqpqHdcy2PMlgsaXHfMQ1XMGvL63GWo7gpTxZUE=
last-modified: Thu, 05 Apr 2018 16:30:36 GMT
server: cloudflare
etag: W/"f85ea173704c12c034ed19a7a9389068"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=86400
cf-ray: 439a98798bac96d6-FRA
expires: Sat, 14 Jul 2018 09:06:47 GMT

GET
H/1.1 200
OK getjs.static.js Show response
tag-st.contextweb.com/ Frame 2226 32 KB
11 KB 7ms
6ms Script
application/x-javascript 151.101.12.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://tag-st.contextweb.com/getjs.static.js
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instbid_pubwise.js
Protocol: HTTP/1.1
Server: 151.101.12.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: 2797a5a31f878305121024bf4f2271f8059dcc6c2b24efde2994c09631bed34f

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 13 Jul 2018 09:06:48 GMT
Content-Encoding: gzip
Age: 244
X-Cache: HIT
P3P: policyref="/TagPublish/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Connection: keep-alive
CW-FEServer: ams-prts08.pulse.prod
Content-Length: 11149
X-Served-By: cache-fra19123-FRA
Server: nginx
X-Timer: S1531472808.072528,VS0,VE0
ETag: 24e3b1b6dd83b252f1213e42689762834e238463
Content-Type: application/x-javascript
Via: 1.1 varnish
Cache-Control: max-age=432000, public
Accept-Ranges: bytes
X-Cache-Hits: 218

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 8D26 0
0 103ms
102ms Document
text/html 2400:cb00:2048:1::681c:12e8
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: prebid.districtm.ca
URL: https://prebid.districtm.ca/lib.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2400:cb00:2048:1::681c:12e8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://pastebin.com/adserver/728x90_custom_safe.php
accept-encoding: gzip, deflate
cookie: __cfduid=dde3e4515ee1bf2c0de8d766232979ed41531472807
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/adserver/728x90_custom_safe.php

Response headers

status: 200
date: Fri, 13 Jul 2018 09:06:48 GMT
content-type: text/html
last-modified: Fri, 15 Jun 2018 18:20:32 GMT
cache-control: s-maxage=1209600, max-age=14400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 439a9879bdd197bc-FRA
content-encoding: gzip

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 2226 21 B
712 B 13ms
13ms XHR
application/json 185.33.223.220
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: prebid.districtm.ca
URL: https://prebid.districtm.ca/lib.js

Protocol

HTTP/1.1

Server

185.33.223.220 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

Software

nginx/1.13.4 /

Resource Hash

aaaabde3f68c325033b37bb3ebff887e3b589b7137e717e96648a52221881429

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
Origin: https://pastebin.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:49 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 309.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.237:80
AN-X-Request-Uuid: d8dc07c2-32bb-442c-955b-a81e4828df29
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://pastebin.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 21
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 204
No Content tag Show response
bid.contextweb.com/header/ Frame 2226 0
521 B 14ms
14ms XHR
text/plain 74.214.194.133
PULSEPOINT-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/tag?tagver=1&ca=BID&cp=561664&ct=633314&cf=728X90&rq=1&dw=728&cwu=https%3A%2F%2Fpastebin.com%2FXLeVP82h&cwr=&mrnd=31444206&if=2&tl=1&pxy=211,60&cxy=728,90&dxy=1600,1018&tz=0&ln=en-US
Requested by: Host: tag-st.contextweb.com
URL: https://tag-st.contextweb.com/getjs.static.js
Protocol: HTTP/1.1
Server: 74.214.194.133 Amsterdam, Netherlands, ASN59940 (PULSEPOINT-EU, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
Origin: https://pastebin.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: text/plain

Response headers

Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx
CWDL: 22/2528
Access-Control-Allow-Origin: https://pastebin.com
Access-Control-Expose-Headers: Access-Control-Allow-Origin
Access-Control-Allow-Credentials: true
Connection: keep-alive
CW-FEServer: ams-prts05.pulse.prod
CW-Server: ams-bid12
Content-Length: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 2226
Redirect Chain

https://ad.afy11.net/ad?mode=10&sspid=2585
https://sync.go.sonobi.com/us.gif?nw=gm&nuid=ChQIqZe5j4KC6cNzELXB8e_bwobqZw%3d%3d

49 B
599 B

29ms
28ms

Image
image/gif

34.249.237.101
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=gm&nuid=ChQIqZe5j4KC6cNzELXB8e_bwobqZw%3d%3d

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/728x90_custom_safe.php

Protocol

HTTP/1.1

Server

34.249.237.101 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-249-237-101.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: //sync.go.sonobi.com/us.gif?nw=gm&nuid=ChQIqZe5j4KC6cNzELXB8e_bwobqZw%3d%3d
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: Microsoft-IIS/8.5, AdifyServer
Connection: close
Content-Length: 0
P3P: policyref="https://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 2226
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=1be30a61-c15d-465d-b6e5-82da40df8212&r=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dopenx%26nuid%3D
https://sync.go.sonobi.com/us.gif?nw=openx&nuid=b1a35b07-2768-4f9b-b7bf-13a300b1661e

49 B
603 B

27ms
27ms

Image
image/gif

34.254.68.9
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=openx&nuid=b1a35b07-2768-4f9b-b7bf-13a300b1661e

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/728x90_custom_safe.php

Protocol

HTTP/1.1

Server

34.254.68.9 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-254-68-9.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Fri, 13 Jul 2018 09:06:48 GMT
server: OXGW/16.46.0
status: 302
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://sync.go.sonobi.com/us.gif?nw=openx&nuid=b1a35b07-2768-4f9b-b7bf-13a300b1661e
content-type: image/gif
content-length: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 2226
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=98385b48-5f3e-4400-8691-f37c39dc8e56

49 B
603 B

29ms
28ms

Image
image/gif

34.249.237.101
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=98385b48-5f3e-4400-8691-f37c39dc8e56

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/728x90_custom_safe.php

Protocol

HTTP/1.1

Server

34.249.237.101 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-249-237-101.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: MT3 1.26.7.0 e3db8da DPLAT-363 zrh-pixel-x18
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=98385b48-5f3e-4400-8691-f37c39dc8e56
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 13 Jul 2018 09:06:47 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 2226
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://px.adhigh.net/p/cm/bsw?bidswitch_ssp_id=sonobi
https://px.adhigh.net/p/cm/bsw?bidswitch_ssp_id=sonobi&bounced=1
https://x.bidswitch.net/sync?dsp_id=9&user_id=PIDEjhrabRt&expires=30&ssp=sonobi
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=448ede80-afd7-4cd1-be3e-e78ed652b0c7

49 B
603 B

28ms
28ms

Image
image/gif

34.254.68.9
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=448ede80-afd7-4cd1-be3e-e78ed652b0c7

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/728x90_custom_safe.php

Protocol

HTTP/1.1

Server

34.254.68.9 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-254-68-9.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.12.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=448ede80-afd7-4cd1-be3e-e78ed652b0c7
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 2226
Redirect Chain

https://pixel.s3xified.com/sspsync/?ssp=1349
https://sync.go.sonobi.com/us.gif?nw=am&nuid=ef82c7f75ed3e0bda3af9426549644bf

49 B
599 B

29ms
28ms

Image
image/gif

34.249.237.101
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=am&nuid=ef82c7f75ed3e0bda3af9426549644bf

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/728x90_custom_safe.php

Protocol

HTTP/1.1

Server

34.249.237.101 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-249-237-101.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=am&nuid=ef82c7f75ed3e0bda3af9426549644bf
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: openresty
Connection: keep-alive
Content-Length: 154
Content-Type: text/html

GET
H/1.1 200
OK 30907
tags.bluekai.com/site/ Frame 2226 62 B
526 B 102ms
100ms Image
image/gif 104.108.51.30
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/30907?id=d83861ff-5fe5-47e4-9eb6-4da46b2f6daa
Requested by: Host: apex.go.sonobi.com
URL: https://apex.go.sonobi.com/trinity.js?key_maker={%22297e959b232537%22:%224c4c920a6cf262ee66db|728x90%22}&cv=sbi_176f60de94573e&ref=pastebin.com
Protocol: HTTP/1.1
Server: 104.108.51.30 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-108-51-30.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 62
BK-Server: 327
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 2226
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=561191&ev=d83861ff-5fe5-47e4-9eb6-4da46b2f6daa&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=SlN0oKxlizXN

49 B
579 B

29ms
28ms

Image
image/gif

34.254.68.9
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=pp&nuid=SlN0oKxlizXN

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/728x90_custom_safe.php

Protocol

HTTP/1.1

Server

34.254.68.9 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-254-68-9.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 13 Jul 2018 09:06:48 GMT
Via: 1.1 varnish
Server: Jetty(9.4.6.v20170531)
P3P: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Transfer-Encoding: chunked
X-Cache: MISS
Content-Language: en-US
Location: https://sync.go.sonobi.com/us.gif?nw=pp&nuid=SlN0oKxlizXN
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: private, max-age=0, no-cache, no-store
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
CW-Server: ams-bh02
X-Served-By: cache-hhn1544-HHN

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 2226
Redirect Chain

https://trc.taboola.com/sg/sonobi-ssp-network/1/rtb-h?taboola_hm=1
https://match.taboola.com/sg/sonobi-ssp-network/1/rtb-h?taboola_hm=1&tbid=63a66926-0887-4585-9eb4-50ce020d1e4e-tuct241f128
https://match.basebanner.com/match?tabid=63a66926-0887-4585-9eb4-50ce020d1e4e-tuct241f128&extuid=1&excid=42&cijs=0
https://sync.go.sonobi.com/us.gif?nw=tb&nuid=63a66926-0887-4585-9eb4-50ce020d1e4e-tuct241f128

49 B
615 B

29ms
28ms

Image
image/gif

34.254.68.9
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=tb&nuid=63a66926-0887-4585-9eb4-50ce020d1e4e-tuct241f128

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/728x90_custom_safe.php

Protocol

HTTP/1.1

Server

34.254.68.9 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-254-68-9.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Fri, 13 Jul 2018 09:06:48 GMT
via: 1.1 varnish
server: nginx/1.9.12
x-timer: S1531472808.222126,VS0,VE8
x-served-by: cache-fra19144-FRA
status: 302
x-cache: MISS
p3p: policyref="http://null/w3c/p3p.xml", CP="NOI IDC DSP COR CURa ADMa OUR IND COM STA NOR UNI"
location: https://sync.go.sonobi.com/us.gif?nw=tb&nuid=63a66926-0887-4585-9eb4-50ce020d1e4e-tuct241f128
accept-ranges: bytes
access-control-allow-headers: X-Requested-With, X-Prototype-Version, Content-Type, Origin, Allow
content-length: 0
x-cache-hits: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 2226
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1
https://sync.go.sonobi.com/us.gif?nw=td&nuid=eec73193-ac47-489c-9343-df7bdbb7c4fc

49 B
603 B

29ms
28ms

Image
image/gif

34.254.68.9
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=eec73193-ac47-489c-9343-df7bdbb7c4fc

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/728x90_custom_safe.php

Protocol

HTTP/1.1

Server

34.254.68.9 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-254-68-9.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 13 Jul 2018 09:06:48 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=eec73193-ac47-489c-9343-df7bdbb7c4fc
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 193

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 2226
Redirect Chain

https://sync.rhythmxchange.com/usersync2/sonobi
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

49 B
482 B

29ms
28ms

Image
image/gif

34.254.68.9
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/728x90_custom_safe.php

Protocol

HTTP/1.1

Server

34.254.68.9 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-254-68-9.eu-west-1.compute.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-dub-1-6-72
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 13 Jul 2018 09:06:48 GMT
Server: nginx
ETag: OPTOUT
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
S 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame AD50 20 KB
8 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: d2na2p72vtqyok.cloudfront.net
URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js

Protocol

SPDY

Server

2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

62f5e1e1f4ecace8af8ef23f918fa428633ba1ca8a5ab04b33a9703f87e6e7de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "5 / 485 of 1000 / last-modified: 1531433151"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 7870
x-xss-protection: 1; mode=block
expires: Fri, 13 Jul 2018 09:06:49 GMT

GET
S 200 integrator.js Show response
adservice.google.de/adsid/ Frame AD50 109 B
171 B 15ms
15ms Script
application/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=pastebin.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Server

2a00:1450:4001:825::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 13 Jul 2018 09:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
S 200 integrator.js Show response
adservice.google.com/adsid/ Frame AD50 109 B
171 B 15ms
15ms Script
application/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastebin.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Server

2a00:1450:4001:825::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 13 Jul 2018 09:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
S 200 pubads_impl_231.js Show response
securepubads.g.doubleclick.net/gpt/ Frame AD50 178 KB
61 KB 40ms
40ms Script
text/javascript 172.217.22.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Server

172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s18-in-f2.1e100.net

Software

sffe /

Resource Hash

1c80619aa99b4bce0b57edaeaf2bae35ad0e1929096a51d0ced52df4dfa68e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 06 Jul 2018 21:28:59 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 62603
x-xss-protection: 1; mode=block
expires: Fri, 13 Jul 2018 09:06:49 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame AD50 3 KB
2 KB 135ms
135ms XHR
text/javascript 172.217.22.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2565998390765508&correlator=3205599086998246&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fif&adsid=NT&eid=21061673%2C21061865%2C21061501%2C21062069&vrg=231&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F27794161%2Fpastebin.com_Web_160x600_1&sz=160x600&scp=refurl%3Dpastebin.com%26floor_group%3Dexp_group_3%26hour%3D9%26tier%3D1%26instBid_bidder%3Dnofill%26instBid_pb%3D0%26instBid_adid%3Dnofill%26instBid_size%3D160x600%26impression_type%3Dinitial_load&cookie_enabled=1&cdm=pastebin.com&bc=7&lmt=1531472809&dt=1531472809782&ea=0&frm=23&biw=1600&bih=1200&isw=160&ish=600&oid=3&adx=1229&ady=182&adk=1503365569&gut=v2&ifi=1&ifk=1320065300&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&iag=15&url=https%3A%2F%2Fpastebin.com%2Fadserver%2F160x600_custom_safe.php&ref=https%3A%2F%2Fpastebin.com%2FXLeVP82h&top=https%3A%2F%2Fpastebin.com%2FXLeVP82h&dssz=11&icsg=131114&std=3&vis=1&dmc=8&scr_x=0&scr_y=0&ga_vid=1430266799.1531472810&ga_sid=1531472810&ga_hid=1218958966

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

SPDY

Server

172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s18-in-f2.1e100.net

Software

cafe /

Resource Hash

9a8114e9fe119ef73d4f9f238b86b083235c151d2cda7db8936e90d95338553c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pastebin.com/adserver/160x600_custom_safe.php
Origin: https://pastebin.com

Response headers

date: Fri, 13 Jul 2018 09:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1944
x-xss-protection: 1; mode=block
google-lineitem-id: 4695132887
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138235173509
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://pastebin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 pubads_impl_rendering_231.js Show response
securepubads.g.doubleclick.net/gpt/ Frame AD50 42 KB
16 KB 40ms
40ms Script
text/javascript 172.217.22.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_231.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

SPDY

Server

172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s18-in-f2.1e100.net

Software

sffe /

Resource Hash

2b18451f41f398f69d9e7435f3b80e11b53b9afc9395b42742c41e36928bde0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 06 Jul 2018 21:28:59 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 16423
x-xss-protection: 1; mode=block
expires: Fri, 13 Jul 2018 09:06:49 GMT

GET
S 200 container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ Frame AD50 0
0 30ms
6ms Other
text/html 2a00:1450:4001:81d::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js
Protocol: SPDY
Server: 2a00:1450:4001:81d::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Purpose: prefetch
Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

expires: Sun, 30 Jun 2019 22:31:59 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Mon, 11 Jun 2018 14:38:59 GMT
content-type: text/html

GET
S 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 2226 20 KB
0 42ms
42ms Script
text/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: d2na2p72vtqyok.cloudfront.net
URL: https://d2na2p72vtqyok.cloudfront.net/client-embed/024e069d-525f-46a7-911a-7c59471d8c75.js

Protocol

SPDY

Server

2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

62f5e1e1f4ecace8af8ef23f918fa428633ba1ca8a5ab04b33a9703f87e6e7de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Response headers

date: Fri, 13 Jul 2018 09:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "5 / 485 of 1000 / last-modified: 1531433151"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 7870
x-xss-protection: 1; mode=block
expires: Fri, 13 Jul 2018 09:06:49 GMT

GET
S 200 integrator.js Show response
adservice.google.de/adsid/ Frame 2226 109 B
171 B 15ms
14ms Script
application/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=pastebin.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Server

2a00:1450:4001:825::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 13 Jul 2018 09:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
S 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2226 109 B
171 B 17ms
17ms Script
application/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pastebin.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Server

2a00:1450:4001:825::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 13 Jul 2018 09:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
S 200 pubads_impl_231.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 2226 178 KB
0 40ms
40ms Script
text/javascript 172.217.22.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Server

172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s18-in-f2.1e100.net

Software

sffe /

Resource Hash

1c80619aa99b4bce0b57edaeaf2bae35ad0e1929096a51d0ced52df4dfa68e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Response headers

date: Fri, 13 Jul 2018 09:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 06 Jul 2018 21:28:59 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 62603
x-xss-protection: 1; mode=block
expires: Fri, 13 Jul 2018 09:06:49 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2226 3 KB
2 KB 95ms
95ms XHR
text/plain 172.217.22.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4046861891405925&correlator=2380492987292607&output=ldjh&callback=googletag.impl.pubads.callbackProxy1&impl=fif&eid=21061674&vrg=231&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F27794161%2Fpastebin.com_Web_728x90_1&sz=728x90&scp=refurl%3Dpastebin.com%26floor_group%3Dctrl_group%26hour%3D9%26tier%3D1%26instBid_bidder%3Dnofill%26instBid_pb%3D0%26instBid_adid%3Dnofill%26instBid_size%3D728x90%26impression_type%3Dinitial_load&cookie_enabled=1&cdm=pastebin.com&bc=7&lmt=1531472809&dt=1531472809899&ea=0&frm=23&biw=1600&bih=1200&isw=728&ish=90&oid=3&adx=211&ady=60&adk=1949062477&gut=v2&ifi=1&ifk=3995772453&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&iag=15&url=https%3A%2F%2Fpastebin.com%2Fadserver%2F728x90_custom_safe.php&ref=https%3A%2F%2Fpastebin.com%2FXLeVP82h&top=https%3A%2F%2Fpastebin.com%2FXLeVP82h&dssz=11&icsg=131114&std=3&vis=1&dmc=8&scr_x=0&scr_y=0&ga_vid=537126999.1531472810&ga_sid=1531472810&ga_hid=589415290

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

SPDY

Server

172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s18-in-f2.1e100.net

Software

cafe /

Resource Hash

cec6420a1147f1e5c02fad3811e1ec68603171936f99e3da1405d47bab412dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pastebin.com/adserver/728x90_custom_safe.php
Origin: https://pastebin.com

Response headers

date: Fri, 13 Jul 2018 09:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1876
x-xss-protection: 1; mode=block
google-lineitem-id: 4699964571
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138235650765
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pastebin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 pubads_impl_rendering_231.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 2226 42 KB
0 40ms
40ms Script
text/javascript 172.217.22.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_231.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

SPDY

Server

172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s18-in-f2.1e100.net

Software

sffe /

Resource Hash

2b18451f41f398f69d9e7435f3b80e11b53b9afc9395b42742c41e36928bde0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Response headers

date: Fri, 13 Jul 2018 09:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 06 Jul 2018 21:28:59 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 16423
x-xss-protection: 1; mode=block
expires: Fri, 13 Jul 2018 09:06:49 GMT

GET
S 200 container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ Frame 2226 0
0 6ms
6ms Other
text/html 2a00:1450:4001:81d::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js
Protocol: SPDY
Server: 2a00:1450:4001:81d::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Purpose: prefetch
Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

expires: Sun, 30 Jun 2019 22:31:59 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Mon, 11 Jun 2018 14:38:59 GMT
content-type: text/html

GET
H2 200 160x600_criteo_pb_safe.php Show response
pastebin.com/adserver/ Frame 10F7 6 KB
2 KB 230ms
229ms Document
text/html 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pastebin.com/adserver/160x600_criteo_pb_safe.php

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

648f362df2629b1a532e7738cf196245899fff10a3d6b1f33774382563bce8ea

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: pastebin.com
:scheme: https
:path: /adserver/160x600_criteo_pb_safe.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://pastebin.com/adserver/160x600_custom_safe.php
accept-encoding: gzip, deflate
cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; visitorGeo=DE; Insticator.geoBlockAds-024e069d-525f-46a7-911a-7c59471d8c75=false; Insticator.geoBlockedEmbeds-024e069d-525f-46a7-911a-7c59471d8c75=[]; __gads=ID=87186ba4e2bf686b:T=1531472809:S=ALNI_MbqeYVuAxWFdDc7iYNkin4MHC12BQ
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/adserver/160x600_custom_safe.php

Response headers

status: 200
date: Fri, 13 Jul 2018 09:06:50 GMT
content-type: text/html
vary: Accept-Encoding
x-xss-protection: 1; mode=block
content-encoding: gzip
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 439a98860a8cbec6-FRA

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180709/r20110914/activeview/ Frame 6B9C 70 KB
26 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81d::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180709/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

SPDY

Server

2a00:1450:4001:81d::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

8ea4f7f54dbdebf20c10d45c3a3e1f93dbb364571408447a2c936443487de7d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 10 Jul 2018 07:09:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 266237
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26035
x-xss-protection: 1; mode=block
server: cafe
etag: 9944366705485990115
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 24 Jul 2018 07:09:32 GMT

GET
S 200 osd.js Show response
pagead2.googlesyndication.com/pagead/ Frame AD50 70 KB
26 KB 17ms
5ms Script
text/javascript 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

SPDY

Server

2a00:1450:4001:817::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

579c18b0959f9855c71862e8fe81cbb663a9f9577c22acf8114c687527e8b032

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 08:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3050
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26250
x-xss-protection: 1; mode=block
server: cafe
etag: 12353362456419765373
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Fri, 13 Jul 2018 09:15:59 GMT

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6B9C 0
83 B 16ms
16ms Image
text/html 172.217.22.98
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvjiqHqlxbHrVkwQYnkADmkNDpDhlWWc3bDArev-xQ7qrOq8jHX0BJUFhB3eEQ7tqeR07jR3ztJ1tBU9AvDPFdO-4NrIIzGQq3kG1EYjcC900VeqiS0owL4-J75q7wPPElkmEtGlx15WMuXvU5FB1jWCSqOb39QDiO5fijsqyMDd9ntPSaRlYssAdn0eZZz9VqE6L8t8p19WlF-GxoC1BNfbU0xMtJ4fuecdne5ZWHJ9zhjRvzVX_h3FPcSFOXb8WireDAFwp5s&sai=AMfl-YTUhoBMTBY469GOHZsfqHQcfOzvP9iiY7PMqdcKbbuGMgDi_fszUfPy9pL5qt15s0r9DyyOOj-SvOjt8IA-p-OVXyh35z-SG4rDs0z9ZZqbQ-GFsWck8vouXze0&sig=Cg0ArKJSzIqLh3A7Kq6QEAE&urlfix=1&adurl=
Requested by: Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_custom_safe.php
Protocol: SPDY
Server: 172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s18-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 6B9C 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 091f9c768b7ef18bb1c2b9e221b5303b97424366ea910cceb997118a3b1373e2

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
H2 200 728x90_criteo_pb_safe.php Show response
pastebin.com/adserver/ Frame 6EDA 1 KB
752 B 116ms
116ms Document
text/html 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pastebin.com/adserver/728x90_criteo_pb_safe.php

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

860bd5c73a1002326a45c61510f16c93ff38bd9361fc795b3db87bdd21b0bbdb

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: pastebin.com
:scheme: https
:path: /adserver/728x90_criteo_pb_safe.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://pastebin.com/adserver/728x90_custom_safe.php
accept-encoding: gzip, deflate
cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; visitorGeo=DE; Insticator.geoBlockAds-024e069d-525f-46a7-911a-7c59471d8c75=false; Insticator.geoBlockedEmbeds-024e069d-525f-46a7-911a-7c59471d8c75=[]; __gads=ID=bbd3ae7243547616:T=1531472809:S=ALNI_Mb20DkC91qbZHUJ9SfRhfVS5A1Ahw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EB8FD0BA0C202A71EBBE5C495DF79AB6
Referer: https://pastebin.com/adserver/728x90_custom_safe.php

Response headers

status: 200
date: Fri, 13 Jul 2018 09:06:50 GMT
content-type: text/html
vary: Accept-Encoding
x-xss-protection: 1; mode=block
content-encoding: gzip
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 439a98868ae0bec6-FRA

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180709/r20110914/activeview/ Frame F62A 70 KB
0 6ms
6ms Script
text/javascript 2a00:1450:4001:81d::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180709/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

SPDY

Server

2a00:1450:4001:81d::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

8ea4f7f54dbdebf20c10d45c3a3e1f93dbb364571408447a2c936443487de7d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Response headers

date: Tue, 10 Jul 2018 07:09:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 266237
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26035
x-xss-protection: 1; mode=block
server: cafe
etag: 9944366705485990115
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 24 Jul 2018 07:09:32 GMT

GET
DATA 200
OK truncated
/ Frame F62A 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ace9b0af6a44a31778055170bb0e899ba1a2d79c420ecc0d14ac2ca1f135b026

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
S 200 osd.js Show response
pagead2.googlesyndication.com/pagead/ Frame 2226 70 KB
0 17ms
5ms Script
text/javascript 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

SPDY

Server

2a00:1450:4001:817::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

579c18b0959f9855c71862e8fe81cbb663a9f9577c22acf8114c687527e8b032

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Response headers

date: Fri, 13 Jul 2018 08:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3050
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26250
x-xss-protection: 1; mode=block
server: cafe
etag: 12353362456419765373
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Fri, 13 Jul 2018 09:15:59 GMT

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame F62A 0
47 B 18ms
18ms Image
text/html 172.217.22.98
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsukFnp5Rf3XkM1tqmFhc9QwJQvTGOemM7ID_zCIduXbw7dTudimICFxa4MxHGAVekcu7UmTv5pt0nvLf8OcHIbGakOeSPxM-NjmS_zQs181p6UFHI8rH-WOmh7kEySmNzMfdeaGaQNjdjEOYIyqcYH1_X04jcM7RHv8oU8krIRpRq29Obxz8dH1diNQDIUn9am3FqTDVsMlBT-Znt7OF1vgbogJNl54bJcK3fTZom5aEsZ0xweJcE5z2z0P7r_x5JqKB4987bo&sai=AMfl-YRQWPcwarHvc4juoSNW3g4K31Mbc3n8NIN7KOBuJRMGYNlITx7JlJg9YjykApvXk2jhvRAjdB5RaY2OcEOV8ShOheC0ZRbE7EDVV-LMDNxNfCmbALy3EeFDQdxF&sig=Cg0ArKJSzA-IUbwM_nNbEAE&urlfix=1&adurl=
Requested by: Host: pastebin.com
URL: https://pastebin.com/adserver/728x90_custom_safe.php
Protocol: SPDY
Server: 172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s18-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
H2 200 pastebin.min.css
pastebin.com/i/ Frame 6EDA 38 KB
8 KB 14ms
14ms Stylesheet
text/css 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pastebin.com/i/pastebin.min.css

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/728x90_criteo_pb_safe.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc9de0c2b33ce0e2f14b915c2b63d752a8d194322abd709230a1b532a14f8cf4

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/pastebin.min.css
pragma: no-cache
cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; visitorGeo=DE; Insticator.geoBlockAds-024e069d-525f-46a7-911a-7c59471d8c75=false; Insticator.geoBlockedEmbeds-024e069d-525f-46a7-911a-7c59471d8c75=[]; __gads=ID=bbd3ae7243547616:T=1531472809:S=ALNI_Mb20DkC91qbZHUJ9SfRhfVS5A1Ahw
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/adserver/728x90_criteo_pb_safe.php
:scheme: https
:method: GET
Referer: https://pastebin.com/adserver/728x90_criteo_pb_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:50 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 26 Apr 2017 12:20:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=7776000
cf-ray: 439a98874b60bec6-FRA
x-xss-protection: 1; mode=block
expires: Thu, 11 Oct 2018 09:06:50 GMT

GET
H2 200 deals-ribbon.svg
pastebin.com/i/ Frame 10F7 103 B
260 B 12ms
11ms Image
image/svg+xml 104.20.209.21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pastebin.com/i/deals-ribbon.svg

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_criteo_pb_safe.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.20.209.21 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4398cc2de1c610a9268600b04ac981c6d6d4cca8ee5020613c4edfaa1e75171

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:path: /i/deals-ribbon.svg
pragma: no-cache
cookie: __cfduid=d4bba5380d7751d6ed3407d75637cb9d71531472806; visitorGeo=DE; Insticator.geoBlockAds-024e069d-525f-46a7-911a-7c59471d8c75=false; Insticator.geoBlockedEmbeds-024e069d-525f-46a7-911a-7c59471d8c75=[]; __gads=ID=bbd3ae7243547616:T=1531472809:S=ALNI_Mb20DkC91qbZHUJ9SfRhfVS5A1Ahw
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pastebin.com
referer: https://pastebin.com/adserver/160x600_criteo_pb_safe.php
:scheme: https
:method: GET
Referer: https://pastebin.com/adserver/160x600_criteo_pb_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 09:06:50 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 24 May 2016 16:37:17 GMT
server: cloudflare
etag: W/"5744833d-67"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: public, max-age=7200
cf-ray: 439a98878b8dbec6-FRA
x-xss-protection: 1; mode=block
expires: Fri, 13 Jul 2018 11:06:50 GMT

GET
S 200 sale_15369_primary_image.png
cdnp1.stackassets.com/5bfe8941db1d3291b658747b0ff62c7686b59d2e/store/742e42f9d00309d36d2235f49a732de5c62f7939c108b30968a3de758f21/ Frame 10F7 92 KB
92 KB 41ms
12ms Image
image/png 13.32.222.209
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnp1.stackassets.com/5bfe8941db1d3291b658747b0ff62c7686b59d2e/store/742e42f9d00309d36d2235f49a732de5c62f7939c108b30968a3de758f21/sale_15369_primary_image.png

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_criteo_pb_safe.php

Protocol

SPDY

Server

13.32.222.209 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-222-209.fra56.r.cloudfront.net

Software

nginx/1.12.1 /

Resource Hash

fd8fb0074912f1f25523ee1f1c8c62bd3d8a05a0b5413eb088e450ad30fc5744

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastebin.com/adserver/160x600_criteo_pb_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Jun 2018 04:49:49 GMT
via: 1.1 c4ada86230c95b165d889d1f1d10389d.cloudfront.net (CloudFront)
x-content-type-options: nosniff
last-modified: Thu, 07 Jun 2018 04:49:49 GMT
server: nginx/1.12.1
age: 3125821
status: 200
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="sale_15369_primary_image.png"
content-length: 93979
x-amz-cf-id: rYk82G_70rn9YXt_exkoKH0VADdDFjFCNo7lF0JZxz9iymbySDO7OA==
expires: Fri, 07 Jun 2019 04:49:49 GMT

GET
S 200 edb7eb158df815dda6d60bd8cb49e78b1b7df9ac_main_hero_image.jpg
cdnp0.stackassets.com/c18eca17fefe6ada3cadb9e90e8c072521c38907/store/f52065ea5662206f11d274148ab334e4f453aeb802681fc86903d97e83bf/ Frame 10F7 82 KB
83 KB 34ms
8ms Image
image/jpeg 13.32.222.209
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnp0.stackassets.com/c18eca17fefe6ada3cadb9e90e8c072521c38907/store/f52065ea5662206f11d274148ab334e4f453aeb802681fc86903d97e83bf/edb7eb158df815dda6d60bd8cb49e78b1b7df9ac_main_hero_image.jpg

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_criteo_pb_safe.php

Protocol

SPDY

Server

13.32.222.209 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-222-209.fra56.r.cloudfront.net

Software

nginx/1.12.1 /

Resource Hash

e6fb8e48a2203d164a8dab78e05ea1c8896a0d2c31f0a41dca1cc0dd1b8e9c5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastebin.com/adserver/160x600_criteo_pb_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 16 May 2018 20:01:44 GMT
via: 1.1 c4ada86230c95b165d889d1f1d10389d.cloudfront.net (CloudFront)
x-content-type-options: nosniff
last-modified: Wed, 16 May 2018 20:01:44 GMT
server: nginx/1.12.1
age: 4971906
status: 200
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="edb7eb158df815dda6d60bd8cb49e78b1b7df9ac_main_hero_image.jpg"
content-length: 84378
x-amz-cf-id: hxc2Y0JlnKClz54pHSdEb1Tnggh7CU8sSOlUynp4AvGgw9y6HFffpw==
expires: Thu, 16 May 2019 20:01:44 GMT

GET
S 200 sale_14725_primary_image.jpg
cdnp1.stackassets.com/939a5728cd8cc814e565ba241ba169398050453f/store/b3f84fcc7a204a4024ff8b3ab772e4bd8e71ca2d2c1c37fd908c13793aec/ Frame 10F7 32 KB
32 KB 46ms
17ms Image
image/jpeg 13.32.222.209
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnp1.stackassets.com/939a5728cd8cc814e565ba241ba169398050453f/store/b3f84fcc7a204a4024ff8b3ab772e4bd8e71ca2d2c1c37fd908c13793aec/sale_14725_primary_image.jpg

Requested by

Host: pastebin.com
URL: https://pastebin.com/adserver/160x600_criteo_pb_safe.php

Protocol

SPDY

Server

13.32.222.209 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-222-209.fra56.r.cloudfront.net

Software

nginx/1.12.1 /

Resource Hash

f4a5ad6696c01aeb55208eb6d597948cc96c4649cebf19c344fa6e54c8f668b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pastebin.com/adserver/160x600_criteo_pb_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 16 May 2018 22:01:48 GMT
via: 1.1 c4ada86230c95b165d889d1f1d10389d.cloudfront.net (CloudFront)
x-content-type-options: nosniff
last-modified: Wed, 16 May 2018 22:01:48 GMT
server: nginx/1.12.1
age: 4964702
status: 200
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="sale_14725_primary_image.jpg"
content-length: 32281
x-amz-cf-id: MwQmlWQoXXS_LB_StB3LnHBDxXtWt4Nacz2ss57AfM6ihWESH4qf8A==
expires: Thu, 16 May 2019 22:01:48 GMT

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame F62A 42 B
178 B 15ms
14ms Image
image/gif 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss7DiNFxkEuYcSL9peQvDMU4RxBtk-FZJZeXBT1vCJLw_895ntlHeEmTEarTJpLEV8_cAkyVsbtjPw7zoVQPl-6CLi5IwUolF4&sig=Cg0ArKJSzD2ynoZsXYDsEAE&adk=1949062477&tt=1010&bs=1600%2C1200&mtos=1013%2C1013%2C1013%2C1013%2C1013&tos=1013%2C0%2C0%2C0%2C0&p=60%2C211%2C150%2C939&mcvt=1013&rs=3&ht=0&tfs=9&tls=1022&mc=1&lte=1&bas=0&bac=0&avms=geo&bos=1600%2C1200&ps=1600%2C1108&ss=1600%2C1200&pt=13&deb=1-1-1-7-12-0-65-10&tvt=1014&is=728%2C90&op=1&iframe_loc=https%3A%2F%2Fpastebin.com%2Fadserver%2F728x90_custom_safe.php&r=v&id=osdim&ti=1&uc=64&tgt=IFRAME&cl=1&cec=5&clc=1&cac=0&cd=728x90&v=r20180709

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

SPDY

Server

2a00:1450:4001:817::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastebin.com/adserver/728x90_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jul 2018 09:06:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 6B9C 42 B
110 B 15ms
14ms Image
image/gif 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstjmLwWVxEB0IrH6fpkpn1KlbYn5qRvmbUcoDRGZmLTDqzJ_sHYxAtxSVh9qy5k3d5l0PWgXqJLdgb-GNzo7hNqUgeUVuClpZc&sig=Cg0ArKJSzIoSJJtn4XEZEAE&adk=1503365569&tt=1094&bs=1600%2C1200&mtos=1010%2C1010%2C1010%2C1010%2C1010&tos=1010%2C0%2C0%2C0%2C0&p=182%2C1229%2C782%2C1389&mcvt=1010&rs=3&ht=0&tfs=93&tls=1103&mc=1&lte=1&bas=0&bac=0&avms=geo&bos=1600%2C1200&ps=1600%2C1108&ss=1600%2C1200&pt=9&deb=1-1-1-3-12-2-69-10&tvt=1093&is=160%2C600&op=1&iframe_loc=https%3A%2F%2Fpastebin.com%2Fadserver%2F160x600_custom_safe.php&r=v&id=osdim&ti=1&uc=68&tgt=IFRAME&cl=1&cec=5&clc=1&cac=0&cd=160x600&v=r20180709

Requested by

Host: pastebin.com
URL: https://pastebin.com/XLeVP82h

Protocol

SPDY

Server

2a00:1450:4001:817::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pastebin.com/adserver/160x600_custom_safe.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jul 2018 09:06:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.afy11.net
adservice.google.com
adservice.google.de
apex.go.sonobi.com
bh.contextweb.com
bid.contextweb.com
cdn.districtm.io
cdnp0.stackassets.com
cdnp1.stackassets.com
cm.g.doubleclick.net
d2na2p72vtqyok.cloudfront.net
df80k0z3fi8zg.cloudfront.net
geoip.insticator.com
ib.adnxs.com
m.servedby-buysellads.com
match.adsrvr.org
match.basebanner.com
match.taboola.com
pagead2.googlesyndication.com
partner.mediawallahscript.com
pastebin.com
pixel.s3xified.com
prebid.districtm.ca
px.adhigh.net
s.tribalfusion.com
securepubads.g.doubleclick.net
stags.bluekai.com
stats.g.doubleclick.net
sync.go.sonobi.com
sync.mathtag.com
sync.rhythmxchange.com
tag-st.contextweb.com
tags.bluekai.com
tags.expo9.exponential.com
tpc.googlesyndication.com
trc.taboola.com
us-u.openx.net
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
104.108.51.30
104.20.208.21
104.20.209.21
104.225.134.94
108.161.189.78
13.32.222.128
13.32.222.209
136.243.75.9
151.101.112.166
151.101.12.166
151.101.14.2
151.101.14.49
172.217.22.98
173.241.240.143
18.153.11.14
185.29.132.23
185.33.223.218
185.33.223.220
204.11.109.66
204.11.109.68
204.11.109.76
204.11.109.77
216.58.207.34
2400:cb00:2048:1::6814:10f3
2400:cb00:2048:1::6814:180b
2400:cb00:2048:1::681c:12e8
2600:9000:20bb:4e00:10:3422:3f00:93a1
2a00:1450:4001:806::2002
2a00:1450:4001:817::2002
2a00:1450:4001:81d::2001
2a00:1450:4001:81d::2008
2a00:1450:4001:825::2002
2a00:1450:400c:c07::9d
2a00:1450:400e:803::200e
34.249.237.101
34.251.186.139
34.254.68.9
52.48.10.158
54.77.182.202
74.117.199.102
74.117.199.106
74.214.194.133
8.41.222.241
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
056d25fde950d25309da2ad6b7d20b2b23b7963eda06d9795981eecc5705e3ee
091f9c768b7ef18bb1c2b9e221b5303b97424366ea910cceb997118a3b1373e2
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0e78e147dfab46f0731d9f751edbf4d6032b0e85dcc53fe1ab63347d292e7f05
125fd9e51c7727e0c0edb021f2d3ed8bdcaa048c7277992d134d794089ae3e36
1c80619aa99b4bce0b57edaeaf2bae35ad0e1929096a51d0ced52df4dfa68e3d
1e0be450b0ad7f16cbf145edfa3f727f0c16bfafd24f7cf2fab717f0a8fa982f
1e46d7ead177a073e065d10eead66856f03521f60ebab4def0d58c9c971ecd16
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
23396f2caca227b0433f07c7952518183b9ffbbaa4574a7da47857693f0e17d1
2544182fb9a0a2f65dac966c91bcbcb8239798c4c5d8278f0fd6d9f4056d301e
2797a5a31f878305121024bf4f2271f8059dcc6c2b24efde2994c09631bed34f
2aa1657cc01cbd5e50c8a6de27ea8e811cf8c2bb8d182d8946c628ad3fe0b4e3
2b18451f41f398f69d9e7435f3b80e11b53b9afc9395b42742c41e36928bde0d
37786f0724c1e728e8a1dfd225f12c5e9804c04a3a6eb0bc3795e7df67a51f64
3a0173182211c356718cc39291f5753a21fefe7422665f2bcd2a2798e02e846b
3e2c5ee3e670df454c774cd417f12f4ca3083db68091f9184fb29efd2af4877b
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
3fb852db1cd132dda2e5b283b43d7cc7debe88e4ec803db31613aa472ae72009
41f91bef546c6ef3f1c7bbc364961452592171269d23c6434f39a22dd2bc3622
49b501c7b1aba5b1a7b1d8ad000837d5d9a063ad73688c72a6c09aca98617af8
519da9ab367d112f8fe3fec314abf6bc3fb23aba4f0e2414679b61692de3b796
520fcb233d72b3e30c4491aab4ac425baac5faa0918b47491419a8d7bdeff387
558100561843d20afe325e0e04c0742827a8c575ecd7ea1142749bb93d9c14cd
56c4ce67d315f88d68e3e1a5a52049bc892096c4aab3e534226c29704886af20
579c18b0959f9855c71862e8fe81cbb663a9f9577c22acf8114c687527e8b032
5c2b1bed79700fe5d259a53ba106725d3b0cd135cde665db35a2134f45c1eb6a
62f5e1e1f4ecace8af8ef23f918fa428633ba1ca8a5ab04b33a9703f87e6e7de
637dd01675f7015d068b7cadcfdf32607fec872ed3ef04ef9013d203a57e2f59
648f362df2629b1a532e7738cf196245899fff10a3d6b1f33774382563bce8ea
703d23efcb49183ab7f2795739f547fcd42c3d73e77f47b6c614892bb6666cea
71f870b7243ed05cae8e4707adb82c8d6b30174bcd83e5d9b7c60bdee8bdbb6b
79b2fa9032215e3dff51865bbe0024d7cb9b3f1914b1fb79944347dbfe48374b
7a735f35356d3ca513b6c242e3f4c1034557e01faaa774b4e14feaef46ecdaac
7fc2927c6ecc0e0402558ef08cdac15420bf7699cc9c5976f2ae72a3af10d0d1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
853b983923a033223e4f391790e6e86619b31d542b40e7e1e8221fb0d6957ab1
860bd5c73a1002326a45c61510f16c93ff38bd9361fc795b3db87bdd21b0bbdb
8ea4f7f54dbdebf20c10d45c3a3e1f93dbb364571408447a2c936443487de7d2
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
96a39b4bca3cb02f0fd18724047cff37cf7ca2ed43240e1631a101e2e308dbd9
975689a7f05c131974c466fdfae6dc72a45125832642da45140c9be4f2cae6ae
9a8114e9fe119ef73d4f9f238b86b083235c151d2cda7db8936e90d95338553c
9db7a21dd14ba20bee6dc27da7e4cd799a936e9b1b5dee203f24d503b2e89b7f
a0bb893da5412b75e25ef7bb44285e3e0de74c550f7a2a7e40cb5fd29f82ba41
aaaabde3f68c325033b37bb3ebff887e3b589b7137e717e96648a52221881429
ace9b0af6a44a31778055170bb0e899ba1a2d79c420ecc0d14ac2ca1f135b026
b4cda31585a53eaa84a9fb9d4765dbc033de7caa049692089c387481e7a95c82
b800c476dbffdc764f06f0267e3d5b0f8ae0a0c3764ff4e7787f7f388455dd27
bf0c702ded13388fadf97120b5384dcb502ec1f596084d8a7fa3e943ff802e19
c0e84e667672bf1c1c675beab334b374919c2a76172ddf890e48ac57b182f5ee
cec6420a1147f1e5c02fad3811e1ec68603171936f99e3da1405d47bab412dbe
d4398cc2de1c610a9268600b04ac981c6d6d4cca8ee5020613c4edfaa1e75171
d45d1b49b5918ea0ffa0b3d119995b96b558147f618f0ea1897906252be7bcb4
dcf1268c850c2e448c01958bd3fc92fe2ae6a661353ac6238104ebfb57b04cbd
de9f869660ffdfc25464f11930933413a3e1efa363dfd35267b9ba7843731adc
df418a54adb533554fec3e2a4fb348625f539469f11380963942511835a3c771
df85c7193b05044e0cc8443a8122e92051590e6b86eb0668e43e175a7e7868f8
df9284981e4e607f45914a179a1d00b2618629ae99a8e139e7a9a78bd6f8acbf
e1ec9f1acf0830d76c1a807a32cd47398e0bcbc6dfac6d4792f2a3ab78cd4a29
e26ee13562832c81e85fdc85b702f2c498926143aea9d177f39ce5c339438a9c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6fb8e48a2203d164a8dab78e05ea1c8896a0d2c31f0a41dca1cc0dd1b8e9c5c
ea834ee6d3c746a617db8d9bcfe8fb91cda36b1ff34c1c5771f45f833bdcec3b
ec28a8c1e590f3998833df958f9b65c2c0f8b508cdb72d62cc4a5bb4d2b68563
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
ed6ad3c41fd07450891bcb21c80e5bf2a742c6e9415d7ae7caa125edae136650
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4a5ad6696c01aeb55208eb6d597948cc96c4649cebf19c344fa6e54c8f668b4
f5154cd93dc27142f30bf0d10c32b64f107b81f89cc4801e296623cdbafef6bc
f9a12108fbbe82e3cc882d935fdbf1aaf80ec4d74b09947d574919f60eadf199
fa279350e5f6e6255e6baf14ba3f1f93a5be1024ef7ee06b75134b5d62e378ad
fc9de0c2b33ce0e2f14b915c2b63d752a8d194322abd709230a1b532a14f8cf4
fd1fd8dff30cc102766aa53409d2f292e413e5b9b4be66814c697c90e1c48da3
fd8fb0074912f1f25523ee1f1c8c62bd3d8a05a0b5413eb088e450ad30fc5744
fe5d90987bf2ca2df28ab7ebf44be9a6b99433f6827577c7e5e7fc92c09ac49f

pastebin.com Open in urlscan Pro 104.20.209.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

132 Requests

39 %HTTPS

26 %IPv6

31 Domains

41 Subdomains

30 IPs

6 Countries

893 kBTransfer

3335 kBSize

0 Cookies

6 Outgoing links

Page URL History

Redirected requests

132 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pastebin.com Open in urlscan Pro
104.20.209.21 Public Scan

Screenshot
Live screenshot

Full Image

132
Requests

39 %
HTTPS

26 %
IPv6

31
Domains

41
Subdomains

30
IPs

6
Countries

893 kB
Transfer

3335 kB
Size

0
Cookies

132 HTTP transactions
2 data transactions