www.notepad.pw Open in urlscan Pro
151.139.128.11 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.notepad.pw/o0dmsyt1r
Submission: On December 04 via manual (December 4th 2020, 11:18:17 am UTC) from GB

Summary HTTP 99 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 33 IPs in 8 countries across 25 domains to perform 99 HTTP transactions. The main IP is 151.139.128.11, located in Dallas, United States and belongs to HIGHWINDS3, US. The main domain is www.notepad.pw.
TLS certificate: Issued by Sectigo ECC Domain Validation Secure ... on November 15th 2020. Valid for: 3 months.

This is the only time www.notepad.pw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
8	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	68.183.157.211 68.183.157.211	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
7	2606:4700:20:... 2606:4700:20::681a:18b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:814::2003	15169 (GOOGLE) (GOOGLE)
1	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE)
4	2606:4700:303... 2606:4700:3031::681b:8143	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
6	216.58.206.2 216.58.206.2	15169 (GOOGLE) (GOOGLE)
3	18.159.79.175 18.159.79.175	16509 (AMAZON-02) (AMAZON-02)
4	104.111.215.135 104.111.215.135	16625 (AKAMAI-AS) (AKAMAI-AS)
3	3.126.224.165 3.126.224.165	16509 (AMAZON-02) (AMAZON-02)
4	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
2	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1 3	95.101.55.60 95.101.55.60	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:219... 2600:9000:2190:2600:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
3	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:816::2001	15169 (GOOGLE) (GOOGLE)
6	37.157.4.29 37.157.4.29	198622 (ADFORM) (ADFORM)
1	69.173.144.152 69.173.144.152	26667 (RUBICONPR...) (RUBICONPROJECT)
3	37.157.2.249 37.157.2.249	198622 (ADFORM) (ADFORM)
2	184.24.15.122 184.24.15.122	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:401... 2a00:1450:4017:801::2003	15169 (GOOGLE) (GOOGLE)
2	2.21.37.33 2.21.37.33	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	151.101.13.108 151.101.13.108	54113 (FASTLY) (FASTLY)
3 3	3.121.79.35 3.121.79.35	16509 (AMAZON-02) (AMAZON-02)
2 2	18.196.214.144 18.196.214.144	16509 (AMAZON-02) (AMAZON-02)
99	33

8 151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

www.notepad.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
notepad.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.183.157.211 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: server1.wpcc.io

wpcc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:20::681a:18b (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.188.71.214 (United States)

ASN15169 (GOOGLE, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3031::681b:8143 (United States)

ASN13335 (CLOUDFLARENET, US)

live.notepad.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.206.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s20-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.159.79.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-79-175.eu-central-1.compute.amazonaws.com

grid.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.215.135 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-135.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.126.224.165 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.221.87 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 95.101.55.60 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-55-60.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:2600:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2626658dbae8fcbf8d3c529d714c3c22.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.226.36.58 (United States)

ASN15169 (GOOGLE, US)
PTR: 58.36.226.35.bc.googleusercontent.com

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:816::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.4.29 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.152 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

beacon-eu2.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.2.249 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.24.15.122 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-15-122.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4017:801::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.21.37.33 (France)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-21-37-33.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.121.79.35 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-79-35.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.214.144 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-214-144.eu-central-1.compute.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	notepad.pw www.notepad.pw notepad.pw live.notepad.pw	56 KB
11	pub.network a.pub.network d.pub.network c.pub.network	316 KB
9	adform.net track.adform.net s1.adform.net	119 KB
9	cloudflare.com cdnjs.cloudflare.com	204 KB
7	googlesyndication.com 2626658dbae8fcbf8d3c529d714c3c22.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	14 KB
6	adnxs.com ib.adnxs.com acdn.adnxs.com	5 KB
6	bidswitch.net 3 redirects grid.bidswitch.net x.bidswitch.net	2 KB
6	doubleclick.net securepubads.g.doubleclick.net	148 KB
5	rubiconproject.com fastlane.rubiconproject.com beacon-eu2.rubiconproject.com eus.rubiconproject.com	5 KB
4	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	176 B
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
3	sharethrough.com btlr.sharethrough.com	340 B
3	googletagservices.com www.googletagservices.com	76 KB
3	gstatic.com fonts.gstatic.com csi.gstatic.com	21 KB
2	creative-serving.com 2 redirects ads.creative-serving.com	1 KB
2	indexww.com js-sec.indexww.com
2	quantserve.com secure.quantserve.com pixel.quantserve.com	9 KB
2	casalemedia.com htlb.casalemedia.com	741 B
2	google-analytics.com www.google-analytics.com	19 KB
2	wpcc.io wpcc.io	5 KB
1	google.com adservice.google.com	803 B
1	google.de adservice.google.de	803 B
1	quantcount.com rules.quantcount.com	1 KB
1	googletagmanager.com www.googletagmanager.com	38 KB
1	googleapis.com fonts.googleapis.com	802 B
99	25

	Domain	Requested by
9	cdnjs.cloudflare.com	www.notepad.pw cdnjs.cloudflare.com
7	a.pub.network	www.notepad.pw a.pub.network securepubads.g.doubleclick.net
7	www.notepad.pw	www.notepad.pw
6	track.adform.net	www.notepad.pw s1.adform.net
6	securepubads.g.doubleclick.net	www.googletagservices.com www.notepad.pw
4	ib.adnxs.com	www.notepad.pw
4	live.notepad.pw	www.notepad.pw
3	x.bidswitch.net	3 redirects
3	s1.adform.net	track.adform.net s1.adform.net www.notepad.pw
3	c.pub.network	www.notepad.pw
3	pagead2.googlesyndication.com	www.notepad.pw
3	sb.scorecardresearch.com	1 redirects a.pub.network
3	btlr.sharethrough.com	www.notepad.pw
3	grid.bidswitch.net	www.notepad.pw
3	www.googletagservices.com	a.pub.network securepubads.g.doubleclick.net
2	ads.creative-serving.com	2 redirects
2	js-sec.indexww.com	a.pub.network
2	acdn.adnxs.com	a.pub.network
2	ads.pubmatic.com	a.pub.network
2	eus.rubiconproject.com	www.notepad.pw a.pub.network
2	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
2	2626658dbae8fcbf8d3c529d714c3c22.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	fastlane.rubiconproject.com	www.notepad.pw
2	hbopenbid.pubmatic.com	www.notepad.pw
2	htlb.casalemedia.com	www.notepad.pw
2	www.google-analytics.com	www.googletagmanager.com www.notepad.pw
2	fonts.gstatic.com	fonts.googleapis.com
2	wpcc.io	www.notepad.pw
1	csi.gstatic.com	securepubads.g.doubleclick.net
1	beacon-eu2.rubiconproject.com	www.notepad.pw
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	pixel.quantserve.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	a.pub.network
1	d.pub.network	www.notepad.pw
1	www.googletagmanager.com	www.notepad.pw
1	notepad.pw	www.notepad.pw
1	fonts.googleapis.com	www.notepad.pw
99	39

This site contains links to these domains. Also see Links.

Domain
www.internetcookies.org
freestar.com
notepad.pw
notepad-static.s3.amazonaws.com
about.notepad.pw
www.facebook.com
twitter.com
reddit.com

Subject Issuer	Validity	Valid
notepad.pw Sectigo ECC Domain Validation Secure Server CA	`2020-11-15` - `2021-02-13`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
wpcc.io Sectigo RSA Domain Validation Secure Server CA	`2020-06-22` - `2021-06-22`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2020-03-17` - `2021-05-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
grid.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-10-15` - `2021-10-23`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.sharethrough.com Amazon	`2020-09-09` - `2021-10-11`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-29` - `2021-04-14`	5 months	crt.sh

This page contains 13 frames:

Primary Page: https://www.notepad.pw/o0dmsyt1r
Frame ID: 92A2DDEF71EDFBE412FF43CF5B7FC6E7
Requests: 70 HTTP requests in this frame

Frame: https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Bg
Frame ID: 30B1A0D6542945781BEEA3DC75AA87A9
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssBFj59Xd8YvWWFTj_aikw2aW3aOWYPgkDyZ4UGRRI-NJn10RrQiP6O4hQLDqhV5S1ckvO2pqlvTZg73Y64NpmYFg8IMV1kavau8Ns4Rv9hnvBuetjHW5lWc3os_hPfaXjisd797DRG1foTt8uZJuASc0LHhcBxvlNpYUzZhvmE7aOg_Fh3nBcVB3A0_H6rmKoYEfxupGvb2LGLUcHHR4Osqs2K_ELXsv2P6PNc1iwv_oSxRikRYQ_ix0_fzx4zA0yXiNmx99yJM0z1ZNfuS2UAyu-5uCGvou7cdE3KGj0&sai=AMfl-YTFWu7W2xoN7CRMQ9e6TJoMFxQTP4y4eVjlH62CAOAj8pMzkPwa2aKyJgpa4SrHbp6kHRWe0WbVymfM73JKKklIM6gghUmRXYOwmQwxm84UJEGlNqfTc7STzcaDQbg&sig=Cg0ArKJSzJaVFqrZDK6UEAE&urlfix=1&adurl=
Frame ID: 69FA826CC15AE8C8E1D2987D075E5653
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 2D051CE2F41AA1B57F346F946E5568D4
Requests: 1 HTTP requests in this frame

Frame: https://2626658dbae8fcbf8d3c529d714c3c22.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: DA6F3255FD95E6019C3AF79CD97DBEBE
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=dk
Frame ID: A7B2AF284FC1980EDA1260AF7262CAC0
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 63C07AF74D29FB4C6924FFA07689276E
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 0E88114849622E91368A920D9ED5E5B8
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 65ECA4719A0F9311B64132C7EA7410B7
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: A71C30CA875E57B3C4FA2F04A66068C6
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: FBABEAE29150C10B6169D13B040E59F5
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 921D2CEA9A836901B38F61755D30B445
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: CD1331A1383AD9F316310ED0AA89C69E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Fireblade (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /fbs/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Ionicons (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+ionicons(?:\.min)?\.css/i

Page Statistics

99
Requests

99 %
HTTPS

41 %
IPv6

25
Domains

39
Subdomains

33
IPs

8
Countries

1041 kB
Transfer

2790 kB
Size

10
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.internetcookies.org/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://freestar.com/?utm_medium=display
Title:

Search URL Search Domain Scan URL

URL: https://notepad.pw/account/remove_ads
Title: Remove Ads

Search URL Search Domain Scan URL

URL: https://notepad.pw/tools
Title: Tools

Search URL Search Domain Scan URL

URL: https://notepad-static.s3.amazonaws.com/Notepad.pw+Terms+of+Use.pdf
Title: Terms

Search URL Search Domain Scan URL

URL: https://about.notepad.pw/
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://notepad.pw/share/izdtz7728

Search URL Search Domain Scan URL

URL: http://twitter.com/share?text=notepad.pw&url=https://notepad.pw/share/izdtz7728

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://notepad.pw/share/izdtz7728&title=notepad.pw

Search URL Search Domain Scan URL

URL: https://freestar.com/?utm_medium=stickyFooter
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 56

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1607080681466&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20o0dmsyt1r%20%7C%20The%20napkin%20of%20the%20internet.&c7=https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1607080681466&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20o0dmsyt1r%20%7C%20The%20napkin%20of%20the%20internet.&c7=https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r&c9=&cs_ak_ss=1

Request Chain 98

https://x.bidswitch.net/sync?ssp=themediagrid HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=themediagrid&bsw_custom_parameter=d310377e-c080-47a7-bca9-39a7ff396ff3 HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=themediagrid&bsw_custom_parameter=d310377e-c080-47a7-bca9-39a7ff396ff3 HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=635ed48a-a0cd-4b2c-a15c-9b37730cc8d2&ssp=themediagrid&expires=30&user_group=5&bsw_param=d310377e-c080-47a7-bca9-39a7ff396ff3 HTTP 302
https://grid.bidswitch.net/getuids?bsw_uid=d310377e-c080-47a7-bca9-39a7ff396ff3&ssp_custom_data=

99 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request o0dmsyt1r Show response
www.notepad.pw/ 30 KB
13 KB 343ms
274ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 10914f26817b083573a9554fb72b7edeaf72a163c2528dfed7e638b1ce684475

Request headers

:method: GET
:authority: www.notepad.pw
:scheme: https
:path: /o0dmsyt1r
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
set-cookie: SPSI=23e634b36e2e7ed882ab85293edbf82a; path=/; HttpOnly; SPSE=V8svp87BohsAld2v+gCD12yUcRXDJqwuK72FfiDInP8kjFyZx7Kik8zq2VW4OtONy3xrPylBoJ0VleogGZUz7g==; path=/; HttpOnly; spcsrf=bcf608f745ec16ec8a8363d9f852b85c; path=/; SameSite=Strict; HttpOnly; expires=Fri, 04-Dec-20 13:17:59 GMT adOtr=obsvl; path=/; expires=Thu, 2 Aug 2001 20:47:11 UTC UTGv2=D-h4a2a9b2398654138478e7984649af8f6e41; path=/; expires=Sat, 04-Dec-21 11:17:59 GMT pad_cookie=40cc17250b398beca0308f5e234a7ae882526f4e; expires=Fri, 04-Dec-2020 13:19:19 GMT; Max-Age=7200; path=/; HttpOnly sp_lit=r/1wWKy6g+//0r/ZYxUvTQ==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 04-Dec-20 11:22:59 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: fbs
access-control-allow-origin: *
x-hw: 1607080679.cds056.sk1.hn,1607080679.cds072.sk1.sc,1607080679.cdn2-wafbe01-arn1.stackpath.systems.-.wx,1607080679.cds072.sk1.p

GET
H2 200 css
fonts.googleapis.com/ 5 KB
802 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Sans:400,700

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

51839cd54fbd59d491d731aa9f28bf46a0c44fd332a461e267e2e61c247adf1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 04 Dec 2020 09:54:37 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
date: Fri, 04 Dec 2020 11:17:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 04 Dec 2020 11:17:59 GMT

GET
H2 200 global.css
www.notepad.pw/content/css/ 6 KB
2 KB 243ms
242ms Stylesheet
text/css 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notepad.pw/content/css/global.css?229
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 2b60310189012686567c541c72a40acf74adb416bdc524008822d6c7c73ccd97

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: gzip
last-modified: Mon, 02 Oct 2017 03:48:05 GMT
server: fbs
etag: "59d1b6f5-1821"
x-hw: 1607080679.cds056.sk1.hn,1607080679.cds233.sk1.sc,1607080679.cdn2-wafbe02-arn1.stackpath.systems.-.wx,1607080679.cds233.sk1.p
content-type: text/css
access-control-allow-origin: *
accept-ranges: bytes

GET
H2 200 normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/ 2 KB
1 KB 20ms
20ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 168685
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 742
cf-request-id: 06cf12302300002b410e240000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:31 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f2b-8a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Htrw2mok5t2r5OptsrQO6HmA%2F0V%2BlEO%2FoohiinvzOw98cbqrKV3gKSJwPFd1fY%2Bk%2FzAnYefLC2a0O6T6XaThRPkW9XIa7%2FUF2L%2BtawAcY%2FP9Tyyo6e%2BifT2xR9ipcOVyuA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc51fc6985e2b41-FRA
expires: Wed, 24 Nov 2021 11:17:59 GMT

GET
H2 200 ionicons.min.css
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ 50 KB
7 KB 19ms
19ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 25021
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 6642
cf-request-id: 06cf12302000002b4164b73000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ea8-c854"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2Fa6P%2FXt70wIEip1my3fKaw8qGFf8IyFdl2cfWTHyOG51FuyhZ9Lm%2FdGAVgNfwI%2F4Jr9bKjJT5t930DYof43Wti1s0yFv1lG6aY8ljfZfeOuresABqp5ywjAc2ovNubA6Mw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc51fc698632b41-FRA
expires: Wed, 24 Nov 2021 11:17:59 GMT

GET
H2 200 logo-dark.png
notepad.pw/content/images/ 22 KB
22 KB 357ms
356ms Image
image/png 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notepad.pw/content/images/logo-dark.png
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:00 GMT
last-modified: Thu, 30 Aug 2018 21:59:20 GMT
server: fbs
etag: "5b8868b8-57f4"
x-hw: 1607080679.cds056.sk1.hn,1607080679.cds042.sk1.sc,1607080680.cdn2-redis02-arn1.stackpath.systems.-.wx,1607080680.cds042.sk1.p
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 22516

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/ 82 KB
27 KB 14ms
14ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 25461
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 26646
cf-request-id: 06cf12303600002b415e9cc000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-1499c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hoRX0q%2BJw32ysDADRc8RcH8EBmq5VpYS%2B8ydyufiI%2FjjbPpt%2F7floN4giJxNKLXu%2BWyCOiUtaz%2FQhoBb%2FFcFV1%2Fvlb2pJ7lnN91RzcoV%2BZHyAeTU2hl9qaR78KgZS6KtyA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc51fc6b8c02b41-FRA
expires: Wed, 24 Nov 2021 11:17:59 GMT

GET
H2 200 angular.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/ 156 KB
49 KB 18ms
17ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 32848
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 49420
cf-request-id: 06cf12304900002b413b90a000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:55 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d27-27130"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LTsx%2B7dCiUJLj5KJX8V6jvNawfl1jNfvO6cdDcoTiSWi3iiQn4mp44jvU8625qu7bP995OGu8TD7w60nq%2BCL8gVAuI%2FRof3LHEfTs7PU5YSDhm%2BE8dMCfV1uGbCVONMsVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc51fc6d9042b41-FRA
expires: Wed, 24 Nov 2021 11:17:59 GMT

GET
H2 200 angular-cookies.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/ 1 KB
999 B 13ms
13ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 168695
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 677
cf-request-id: 06cf12306100002b41100e8000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:55 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d27-5a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Xu7lT9q3kgzaqkipUlMvPj4oEUwNAC2kAGMMp4sj9HrEtpMm9LGGtiM3TXL%2FRqbLaK4TcSg%2B4yQ5oFD%2FbzjeI1MihXFpF9rVnnnOyJSaFxIKDPn2pgLUuOxUku3ttYzbJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc51fc709832b41-FRA
expires: Wed, 24 Nov 2021 11:17:59 GMT

GET
H2 200 socket.io.min.js Show response
cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/ 68 KB
19 KB 14ms
14ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 168707
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 19101
cf-request-id: 06cf12307200002b415107f000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd5-10ec3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aFToo9UkPUGocQAi%2BaFGWPeEnkefBznFD4ylVR8tmTwT35Ug7ImErnLgMDeTZSOFjhlqkmFaahawXcrTV%2FZIc9wMZ4iRNz0CUAbkJ16opTUt39ycL3z0ClpAGaYnSOO5GQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc51fc719b42b41-FRA
expires: Wed, 24 Nov 2021 11:17:59 GMT

GET
H2 200 app.min.js Show response
www.notepad.pw/content/js/ 8 KB
3 KB 251ms
250ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notepad.pw/content/js/app.min.js?366
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: gzip
last-modified: Thu, 30 Aug 2018 22:33:49 GMT
server: fbs
etag: "5b8870cd-2089"
x-hw: 1607080679.cds056.sk1.hn,1607080679.cds031.sk1.sc,1607080679.cdn2-wafbe03-arn1.stackpath.systems.-.wx,1607080679.cds031.sk1.p
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes

GET
H2 200 store.min.js Show response
cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/ 3 KB
1 KB 11ms
11ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 168682
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 994
cf-request-id: 06cf12311300002b415e9e2000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:28 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fdc-a35"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=F9oX11VLP29XPrNaMoUR7gX5lZaJ5paJCAtLzskGrkk2C6RR4TWPZ75tnXcpK5jxDaWTgy%2BRrw8HCbZynOYwr%2BtiGdGzWOP0z96asxv5oM2jobgTvFmu6m21NNtCmcv27Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc51fc81be62b41-FRA
expires: Wed, 24 Nov 2021 11:17:59 GMT

GET
H2 200 clipboard.min.js Show response
cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/ 11 KB
4 KB 12ms
11ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 168705
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 3005
cf-request-id: 06cf12311700002b4116af2000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:13 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e29-2aa5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wYK83XNfdOuBnlU2UPyNji3Qs6YhDlC3UBYgnzA6G5ay%2FlzUyA%2FVsMJGiP1Xk2YLfSo4WnnT%2FOd6NBDAtydZYcQCSVPMCrFa6jiK69mDV8lT6sKxA5Gl48oum%2BIj4rhaIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc51fc82bf72b41-FRA
expires: Wed, 24 Nov 2021 11:17:59 GMT

GET
H2 200 cookieconsent.min.css
wpcc.io/lib/1.0.2/ 4 KB
2 KB 360ms
120ms Stylesheet
text/css 68.183.157.211
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://wpcc.io/lib/1.0.2/cookieconsent.min.css

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.183.157.211 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

server1.wpcc.io

Software

nginx /

Resource Hash

119351ced3134718cb42591e513ff063cf04af7c2734b137c666ee62e137e15d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:00 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 05 Apr 2019 15:44:29 GMT
server: nginx
etag: W/"5ca777dd-fbe"
x-frame-options: SAMEORIGIN
content-type: text/css
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, no-cache, public, must-revalidate, proxy-revalidate
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
expires: Sun, 03 Jan 2021 11:18:00 GMT

GET
H2 200 cookieconsent.min.js Show response
wpcc.io/lib/1.0.2/ 9 KB
4 KB 361ms
121ms Script
application/javascript 68.183.157.211
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://wpcc.io/lib/1.0.2/cookieconsent.min.js

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.183.157.211 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

server1.wpcc.io

Software

nginx /

Resource Hash

6a168e2ddae4d655f0e9793c98406ed886956b7f54544b88a1b9d279fe8b242f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:00 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 05 Aug 2020 00:22:01 GMT
server: nginx
etag: W/"5f29fba9-226a"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, no-cache, public, must-revalidate, proxy-revalidate
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
expires: Sun, 03 Jan 2021 11:18:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-153530698-1

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

33c43d39018b07879a080935fd26fdeb82970bff929ee2d1ef3951a21d632f54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38730
x-xss-protection: 0
last-modified: Fri, 04 Dec 2020 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 04 Dec 2020 11:17:59 GMT

GET
H2 200 pubfig.min.js Show response
a.pub.network/notepad-pw/ 155 KB
44 KB 80ms
60ms Script
application/javascript 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/notepad-pw/pubfig.min.js
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91eb4e13cfeb70e591e2212e7a09de429516a0ae7788f60ac72f085b486b688b

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=QXcvbg==, md5=90wuQ+6JG2eMAT/YgDK4qw==
date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UygZW62hT_N2WLFCb8O2RUE_0SfuFf5FQAgpIfm3aQMFES9QOMIsF5Z7YjVPtsl193tjGy-v8AzuQXdrm9N6FQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
cf-request-id: 06cf12312b00002bcaa9b12000000001
last-modified: Tue, 24 Nov 2020 21:19:38 GMT
server: cloudflare
etag: W/"f74c2e43ee891b678c013fd88032b8ab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BXiOMrwbNE01rgVPtcW93NxHPJsGpQ7kVnuflfVU8vudnwTRXZMLkgjMIn1wUGaeiLH%2FuX0eVrxK1ZeTvZOZDsZDf%2B8KtRiN0WQ1Awh5HpVSELAd04k6Br8r"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1606252778098031
cache-control: public, max-age=1800
x-goog-stored-content-length: 159154
cf-ray: 5fc51fc84da22bca-FRA
expires: Thu, 03 Dec 2020 23:49:21 GMT

GET
H2 200 / Show response
www.notepad.pw/sbbi/ Frame 30B1 25 KB
11 KB 39ms
39ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Bg&sbbgs=h4a2a9b2398654138478e7984649af8f6e41&ddl=1
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: cf453b9034a24fc76cca371ee826d9bcbdd6bcdb8623de4b9d4435024cfe47a3

Request headers

:method: GET
:authority: www.notepad.pw
:scheme: https
:path: /sbbi/?sbbpg=sbbShell&gprid=Bg&sbbgs=h4a2a9b2398654138478e7984649af8f6e41&ddl=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.notepad.pw/o0dmsyt1r
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SPSI=23e634b36e2e7ed882ab85293edbf82a; SPSE=V8svp87BohsAld2v+gCD12yUcRXDJqwuK72FfiDInP8kjFyZx7Kik8zq2VW4OtONy3xrPylBoJ0VleogGZUz7g==; spcsrf=bcf608f745ec16ec8a8363d9f852b85c; pad_cookie=40cc17250b398beca0308f5e234a7ae882526f4e; sp_lit=r/1wWKy6g+//0r/ZYxUvTQ==; PRLST=Bg; UTGv2=h4a2a9b2398654138478e7984649af8f6e41
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/o0dmsyt1r

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
access-control-allow-origin: *
x-hw: 1607080679.cds056.sk1.hn,1607080679.cds071.sk1.sc,1607080679.cdn2-wafbe01-arn1.stackpath.systems.-.i,1607080679.cds071.sk1.p

GET
H2 200 /
www.notepad.pw/sbbi/ 43 B
251 B 39ms
39ms Image
image/gif 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.notepad.pw/sbbi/?sbbpg=utMedia&vii=2h34ea623a49bb3263e928e675e4d1838824a7b88e57299834e6d4b9fa8f28afh6teh4u1
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
x-accel-expires: 0
date: Fri, 04 Dec 2020 11:17:59 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
server: fbs
x-hw: 1607080679.cds056.sk1.hn,1607080679.cds026.sk1.sc,1607080679.cdn2-redis01-arn1.stackpath.systems.-.i,1607080679.cds026.sk1.p
content-type: image/gif

GET
H2 200 ionicons.ttf
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ 184 KB
96 KB 31ms
16ms Font
application/octet-stream 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c5b6bb603a4f7556b94532674f3847b430b9495afbb3a4dcfe5ba718baa59ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.notepad.pw
Referer: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 32327
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 97438
cf-request-id: 06cf12312e0000c2b8aaaba000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ea8-2e05c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NkMQnzpuu52IPeNFRVC1BejmwlUGFPTk07joLAue42K03MzmO3ZAIChHPUcLAzytMZfUJSJkOADjQYb32iOdf1Qbm2QzHbktH0QY3ENRU%2FvOqtqsXL3pu9WB8XETewE2vQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc51fc84c31c2b8-FRA
expires: Wed, 24 Nov 2021 11:17:59 GMT

GET
H2 200 o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
fonts.gstatic.com/s/notosans/v11/ 10 KB
10 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v11/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.notepad.pw
Referer: https://fonts.googleapis.com/css?family=Noto+Sans:400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 03 Dec 2020 16:55:14 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Sep 2020 23:50:56 GMT
server: sffe
age: 66165
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10292
x-xss-protection: 0
expires: Fri, 03 Dec 2021 16:55:14 GMT

GET
H/1.1 200
OK init Show response
d.pub.network/ 147 B
584 B 652ms
138ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/init?key=1413undefined
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 8b894003f7c5389d104f9f0bca5c66f2fc7e9b20e06d9ee0ac38ef47c65e0b73

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.notepad.pw
Date: Fri, 04 Dec 2020 11:18:00 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 101 B
768 B 246ms
217ms XHR
application/octet-stream 2606:4700:3031::681b:8143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=NOjUHjz
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:8143 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 180251bc66aa70adaad9d6e0c27f0a3597e6dfa934e774c1c2dc5cb97f1c4022

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:00 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rmJSdfZ8dC4eV%2BJtjN533JoajyraCQqHjujDeebMvuz%2BTNa3wMzD57wLFkTEqTIcfRXw6X9WFHbse7rUomZy3n1vBx2ko8feuGjSYPCntXRDRm%2F0GBSVgrnFQc4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: https://www.notepad.pw
access-control-allow-credentials: true
cf-ray: 5fc51fcc282d2c0d-FRA
content-length: 101
cf-request-id: 06cf12339b00002c0d41154000000001

GET
H3-Q050 200 o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2
fonts.gstatic.com/s/notosans/v11/ 10 KB
10 KB 35ms
21ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v11/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.notepad.pw
Referer: https://fonts.googleapis.com/css?family=Noto+Sans:400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 01 Dec 2020 15:38:34 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Sep 2020 23:58:43 GMT
server: sffe
age: 243566
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10116
x-xss-protection: 0
expires: Wed, 01 Dec 2021 15:38:34 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-153530698-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 1690
date: Fri, 04 Dec 2020 10:49:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Fri, 04 Dec 2020 12:49:50 GMT

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 5 B
293 B 202ms
202ms XHR
application/octet-stream 2606:4700:3031::681b:8143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=NOjUHpj&sid=NWtxMARr_JIrlHApAG_T
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:8143 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:00 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gRXxNvI52JtTAs0Vwd%2FBFwnU360k8jun7I0S1jadYzo83yoHc8fPlgrjp56rWTJ%2Bsl%2Fm6N%2FbNOhMasKrpTYVa8C78XKVHa%2BKZTlqltJH40Rp%2BBO5OLB8HjNzDiY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: https://www.notepad.pw
access-control-allow-credentials: true
cf-ray: 5fc51fce4daa2c0d-FRA
content-length: 5
cf-request-id: 06cf1234ef00002c0d5503a000000001

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
387 B 50ms
13ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=2090115748&t=pageview&_s=1&dl=https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r&ul=en-us&de=UTF-8&dt=notepad.pw%20%2F%20o0dmsyt1r%20%7C%20The%20napkin%20of%20the%20internet.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=451375126&gjid=2070238777&cid=1135241286.1607080681&tid=UA-153530698-1&_gid=1840469544.1607080681&_r=1&gtm=2oub41&z=1394958633

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.notepad.pw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
www.notepad.pw/sbbi/ Frame 30B1 516 B
459 B 42ms
41ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Bg&sbbgs=h4a2a9b2398654138478e7984649af8f6e41&ddl=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b

Request headers

:method: POST
:authority: www.notepad.pw
:scheme: https
:path: /sbbi/?sbbpg=sbbShell&gprid=Bg&sbbgs=h4a2a9b2398654138478e7984649af8f6e41&ddl=1
content-length: 647
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: https://www.notepad.pw
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Bg&sbbgs=h4a2a9b2398654138478e7984649af8f6e41&ddl=1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SPSI=23e634b36e2e7ed882ab85293edbf82a; SPSE=V8svp87BohsAld2v+gCD12yUcRXDJqwuK72FfiDInP8kjFyZx7Kik8zq2VW4OtONy3xrPylBoJ0VleogGZUz7g==; spcsrf=bcf608f745ec16ec8a8363d9f852b85c; pad_cookie=40cc17250b398beca0308f5e234a7ae882526f4e; sp_lit=r/1wWKy6g+//0r/ZYxUvTQ==; PRLST=Bg; UTGv2=h4a2a9b2398654138478e7984649af8f6e41; adOtr=363423e6b2e; fsbotchecked=true; typography=%7B%22sp_class%22%3A%22not-active%22%7D; __cfduid=dc49bfeacf78e689399880d3d879a21931607080680; _ga=GA1.2.1135241286.1607080681; _gid=GA1.2.1840469544.1607080681; _gat_gtag_UA_153530698_1=1
Upgrade-Insecure-Requests: 1
Origin: https://www.notepad.pw
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Bg&sbbgs=h4a2a9b2398654138478e7984649af8f6e41&ddl=1

Response headers

date: Fri, 04 Dec 2020 11:18:00 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
access-control-allow-origin: *
x-hw: 1607080680.cds056.sk1.hn,1607080680.cds046.sk1.sc,1607080680.cdn2-wafbe01-arn1.stackpath.systems.-.i,1607080680.cds046.sk1.p

GET
H2 200 / Show response
www.notepad.pw/sbbi/ Frame 30B1 7 KB
3 KB 41ms
41ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Bg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: d1a54fff4497f865e07edee4652cbfd676e1d490fc2c02041481721399a4e77b

Request headers

:method: GET
:authority: www.notepad.pw
:scheme: https
:path: /sbbi/?sbbpg=sbbShell&gprid=Bg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Bg&sbbgs=h4a2a9b2398654138478e7984649af8f6e41&ddl=1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SPSI=23e634b36e2e7ed882ab85293edbf82a; SPSE=V8svp87BohsAld2v+gCD12yUcRXDJqwuK72FfiDInP8kjFyZx7Kik8zq2VW4OtONy3xrPylBoJ0VleogGZUz7g==; spcsrf=bcf608f745ec16ec8a8363d9f852b85c; pad_cookie=40cc17250b398beca0308f5e234a7ae882526f4e; sp_lit=r/1wWKy6g+//0r/ZYxUvTQ==; PRLST=Bg; UTGv2=h4a2a9b2398654138478e7984649af8f6e41; adOtr=363423e6b2e; fsbotchecked=true; typography=%7B%22sp_class%22%3A%22not-active%22%7D; __cfduid=dc49bfeacf78e689399880d3d879a21931607080680; _ga=GA1.2.1135241286.1607080681; _gid=GA1.2.1840469544.1607080681; _gat_gtag_UA_153530698_1=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Bg&sbbgs=h4a2a9b2398654138478e7984649af8f6e41&ddl=1

Response headers

date: Fri, 04 Dec 2020 11:18:00 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
access-control-allow-origin: *
x-hw: 1607080680.cds056.sk1.hn,1607080680.cds028.sk1.sc,1607080680.cdn2-wafbe02-arn1.stackpath.systems.-.i,1607080680.cds028.sk1.p

POST
H2 200 / Show response
live.notepad.pw/socket.io/ 2 B
324 B 209ms
208ms XHR
text/html 2606:4700:3031::681b:8143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=NOjUHsw&sid=NWtxMARr_JIrlHApAG_T
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:8143 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

date: Fri, 04 Dec 2020 11:18:01 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 5fc51fcf99322c0d-FRA
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gdfYB7i5XBifdWTJfBoAhued0S7h6t9hhlfGcK86kYyVFHwtMGvw%2BLWwim%2FYYrwEylBsZuVwqKHgEfp0IY4MQONlcu%2B7MvEy2IasEGJTLmj%2F6nQRse6zXOD%2FIjo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
access-control-allow-origin: https://www.notepad.pw
access-control-allow-credentials: true
content-encoding: br
cf-request-id: 06cf1235c000002c0d90a48000000001

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 4 B
285 B 238ms
238ms XHR
application/octet-stream 2606:4700:3031::681b:8143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=NOjUHsw.0&sid=NWtxMARr_JIrlHApAG_T
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:8143 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:01 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vF7m7VUz95FIvv0j3dNuh365MnA5gR2tIh6RkAQnfqOpmO8opLz9i8cDgQeHFd4HlcILChzpTeHu%2BvAjOLlx1V4EIv6WgdNZ57bT81KfjN1Azo1gGjJoRZ0EB1U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: https://www.notepad.pw
access-control-allow-credentials: true
cf-ray: 5fc51fcf993a2c0d-FRA
content-length: 4
cf-request-id: 06cf1235bd00002c0d5b8ef000000001

GET
H2 200 pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js Show response
a.pub.network/core/pubfig/ 285 KB
79 KB 29ms
29ms Script
text/javascript 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5af02623e86d6d92d1b4e65626d818e9d128766d95f209e5768befc31eff4e68

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=zDfHqw==, md5=3BPGrmjEbEvh5TSLJuvU8w==
date: Fri, 04 Dec 2020 11:18:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UwixdoZ4KYtMHFE4KGpUOAk9GqdtfvUrGki8sVpV4Zgz8o7ZKQSynEOYito2RhDWqqL9F1wJ_e3VMuKz_YBY54
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: text/javascript
cf-request-id: 06cf1235ec00002bca9435a000000001
last-modified: Tue, 24 Nov 2020 20:04:13 GMT
server: cloudflare
etag: W/"dc13c6ae68c46c4be1e5348b26ebd4f3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UjaGFhqw%2FfhQGT93oJ9%2FYbLXdgOnTvhUBR3C1Hj4JALg4THEhK3md11fA1xWkgaPR10i1HSJPCgpz24baKntNcZF7a%2ByK8%2Bbds3NueXbnr6l5bXKF9%2BmIs8U"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1606248253640721
cache-control: public, max-age=3600
x-goog-stored-content-length: 292305
cf-ray: 5fc51fcfe87c2bca-FRA
expires: Fri, 04 Dec 2020 00:35:16 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 53 KB
19 KB 35ms
15ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efb3089f1151c90d9d3cf43eac0e3f1d8a80123f37245dbffbd7f7e80783947f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "713 / 546 of 1000 / last-modified: 1607078392"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 18424
x-xss-protection: 0
expires: Fri, 04 Dec 2020 11:18:01 GMT

GET
H2 200 prebid-analytics-4.10.0.js Show response
a.pub.network/core/ 413 KB
123 KB 51ms
50ms Script
text/html 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5dbaab8f472717f5f659cb28deb326df6d4b858bf1025c84f366a808798c1587

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=JH7wqQ==, md5=99s/gqDS63NRL9sZf88ibQ==
date: Fri, 04 Dec 2020 11:18:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UzmGclYvweOx8pX5xXN43XYoTL8hsKWJPs-OtdsAAjXkPGrjWNleYU2OCMDMLZdBIDj9nIym6gldH1IQqIskw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
content-type: text/html
cf-request-id: 06cf12362e00002bca8dac6000000001
last-modified: Mon, 05 Oct 2020 20:56:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3515ejL833wXCLHxpYZ8NOwB0S44ERqxBnuCFVV4vplMTF6MMEQ%2FjwvWLlaJNeXL6boKZ6%2Ft5G8oBpPbbrn%2Fp8lXcqhFOkV6lE9qoqGXEdAhsHuhPH2JNkzt"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1601931411309627
cache-control: private, max-age=86400
x-goog-stored-content-length: 422619
cf-ray: 5fc51fd049702bca-FRA
expires: Fri, 03 Dec 2021 23:35:16 GMT

GET
H2 200 pubads_impl_2020111901.js Show response
securepubads.g.doubleclick.net/gpt/ 277 KB
98 KB 153ms
54ms Script
text/javascript 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

sffe /

Resource Hash

2fa866f281364240678617640d2944c8927bb03588410dfec54a4a97641129e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 19 Nov 2020 09:45:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99950
x-xss-protection: 0
expires: Fri, 04 Dec 2020 11:18:01 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H/1.1 200
OK hbjson Show response
grid.bidswitch.net/ 2 B
373 B 149ms
43ms XHR
application/json 18.159.79.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/hbjson
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.79.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-79-175.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 04 Dec 2020 11:18:01 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.notepad.pw
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Content-Length: 2

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 24 B
370 B 132ms
67ms XHR
application/json 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=538329&v=7.2&r=%7B%22id%22%3A%224b3d644c7f4225%22%2C%22imp%22%3A%5B%7B%22id%22%3A%225326c09a053266%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%221x1%22%7D%2C%22banner%22%3A%7B%22w%22%3A1%2C%22h%22%3A1%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%226095da311cf5d4%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22734e1b41fa0066%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a93da7f0a8dd7b18a6425f0b550258b6a1b9c88bfa2b271120cd93980b692138

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:01 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DK], RC:[], CN:[EU], CIP:[82.102.20.235], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.notepad.pw
x-cs-client-geo: 10
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 44
x-ak-client-geo: 10
expires: Fri, 04 Dec 2020 11:18:01 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 118ms
51ms XHR
text/plain 3.126.224.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=9a8b084dace6f1&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.10.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.224.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.notepad.pw
date: Fri, 04 Dec 2020 11:18:01 GMT
access-control-allow-credentials: true
vary: Origin

GET v1
btlr.sharethrough.com/WYu2BXv1/ 0
0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 176ms
106ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

8fb5814721017a72eee505a95b6938a620e254b96736d9ed9881ce176957e97e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 11:18:01 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.74:80
AN-X-Request-Uuid: dcc54749-65cc-4956-9c74-8768b0b85992
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 143 B
1 KB 128ms
58ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

3077f89e81c8c6c43e95e7dcfce7c084aafca408c53396824459a41cd3b6deff

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 11:18:01 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.155:80
AN-X-Request-Uuid: cc476225-6ecc-433b-9b86-16c1840baadc
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
116 B 171ms
106ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.notepad.pw
date: Fri, 04 Dec 2020 11:18:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
3 KB 261ms
158ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1498292&size_id=2&alt_size_ids=55%2C221&rp_schain=1.0,1!freestar.io,1413,1,,,&rf=https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r&tk_flint=pbjs_lite_v4.10.0&x_source.tid=abd248c7-f0d1-4c87-9f03-f04443ce69cb&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5595084541900157
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: c0e9f862ba8e25101cd7d7405584ddd6d09fc863af666986462a9df2f29710f1

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 11:18:01 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.notepad.pw
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 1442
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 23 KB
9 KB 23ms
6ms Script
application/javascript 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 87d73170be9a2e277c57d324c4e05ec0ac60ed3c0191fa29e7a31133b4c4c119

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:01 GMT
content-encoding: gzip
etag: "O/+l6c17R2TQ0JQMJXOiXA=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Fri, 11 Dec 2020 11:18:01 GMT

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 102ms
38ms Script
application/x-javascript 95.101.55.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.55.60 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-55-60.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 04 Dec 2020 11:18:01 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Sat, 05 Dec 2020 11:18:01 GMT

GET
H2 200 fslogo-green.svg
a.pub.network/core/imgs/ 1 KB
1 KB 56ms
55ms Image
image/svg+xml 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.pub.network/core/imgs/fslogo-green.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=Jh+rSg==, md5=Mm1svZd2V+EgW9YW0fL6yg==
date: Fri, 04 Dec 2020 11:18:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UzIkIa1znU3GpziP0tcab5Df11mcWdOoC5PPdZxQE-caVfFGLTZkxl6yEhNIMx19yplvk2O1Detp0VtFUpzzlMApI-CfA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: image/svg+xml
cf-request-id: 06cf12378e00002bca9d36c000000001
last-modified: Tue, 08 Sep 2020 17:04:37 GMT
server: cloudflare
etag: W/"326d6cbd977657e1205bd616d1f2faca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rTswhLMo8ZFeiLVHvIggYT8BtDVq4WSBExfbTTkXUKIHyi44oFYAtGLc9zyR4HgtzKhwk6h7stWqf2U9g3OAz%2B3lvBdbyu5GYIrrHXeJFGEMgPXyIyn8fxQp"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1599584677716817
cache-control: public, max-age=3600
x-goog-stored-content-length: 1193
cf-ray: 5fc51fd27f002bca-FRA
expires: Fri, 04 Dec 2020 11:35:55 GMT

GET
H2 200 rules-p-UeXruRVtZz7w6.js Show response
rules.quantcount.com/ 2 KB
1 KB 39ms
11ms Script
application/x-javascript 2600:9000:2190:2600:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:2600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 10:41:59 GMT
content-encoding: gzip
last-modified: Thu, 07 Dec 2017 17:06:25 GMT
server: AmazonS3
age: 2162
etag: W/"cbc97d16c77ea1fcbbf42d246001e982"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: AC9WrHSuMEgyGdwrcdJtqUv2uFZe0vyA7R9vTDzBvQJtVF1v8B8HVQ==

GET
H2 200 pixel;r=494501325;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.clou...
pixel.quantserve.com/ 35 B
370 B 11ms
10ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=494501325;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.cloud%20notepad%2Ckeywords.write%2Ckeywords.note%2Ckeywords.writing%2Ckeywords.publish%2Ckeywords.webpage%2Ckeywords.markdown%2Ctitle.notepad.pw;rf=0;uht=2;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r;fpan=1;fpa=P0-776168681-1607080681425;ns=0;ce=1;qjs=1;qv=3364aec3-20201006003021;cm=;gdpr=0;ref=;d=notepad.pw;je=0;sr=1600x1200x24;dst=1;et=1607080681425;tzo=-60;ogl=type.website%2Ctitle.notepad%252Epw%2Cdescription.Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!%2Curl.https%3A%2F%2Fnotepad%252Epw%2Cimage.https%3A%2F%2Fnotepad%252Epw%2Fog-icon%252Epng

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:01 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 262 B
2 KB 231ms
136ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1498292&size_id=2&alt_size_ids=1%2C55&rp_schain=1.0,1!freestar.io,1413,1,,,&rf=https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r&tk_flint=pbjs_lite_v4.10.0&x_source.tid=fdf5c440-66b6-408f-8964-39652d642211&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.0828940150973485
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: a05dcae495e90d0d8a3e3ea2a632181d4b9a82d4e7bd02e11ce4f3ad94d3e3ef

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 11:18:01 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.notepad.pw
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 262
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 93ms
75ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

16177523c5f99f13cf1633a3e53ed9938bb5c88a21c6e86c1b415c409e0df0fa

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 11:18:01 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.90:80
AN-X-Request-Uuid: 8d008979-040d-4e2d-a5cc-47ddc1e1a7b2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
60 B 100ms
100ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.notepad.pw
date: Fri, 04 Dec 2020 11:18:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK hbjson Show response
grid.bidswitch.net/ 2 B
373 B 73ms
40ms XHR
application/json 18.159.79.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/hbjson
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.79.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-79-175.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 04 Dec 2020 11:18:01 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.notepad.pw
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Content-Length: 2

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 52ms
51ms XHR
text/plain 3.126.224.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=32a68dd593b639e&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.10.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.224.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.notepad.pw
date: Fri, 04 Dec 2020 11:18:01 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 38ms
37ms XHR
text/plain 3.126.224.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=33553a93deef6b&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.10.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.224.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.notepad.pw
date: Fri, 04 Dec 2020 11:18:01 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
371 B 57ms
57ms XHR
application/json 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=538329&v=7.2&r=%7B%22id%22%3A%2234c465e46fa5b7d%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22358c2e263ae2322%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22468x60%22%7D%2C%22banner%22%3A%7B%22w%22%3A468%2C%22h%22%3A60%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2236095f348229a5a%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2237689efddbdf5bb%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 073d67279c6c80d3b94ca458e45c889915f240d258b6c405ff0a92e35738166a

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:01 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DK], RC:[], CN:[EU], CIP:[82.102.20.235], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.notepad.pw
x-cs-client-geo: 10
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 45
x-ak-client-geo: 10
expires: Fri, 04 Dec 2020 11:18:01 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 120ms
59ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

7315546b2d78773ca18c53649e14062bc9e2a4ee72f1527ab8d8cc7bcceffe03

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 11:18:01 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.247:80
AN-X-Request-Uuid: 0ddfda4c-ee73-42eb-9a62-1fcf0310cee6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1607080681466&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20o0dmsyt1r%20%7C%20The%20napkin%20of%20the%20internet.&c7=https%3A%2F%2Fwww....
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1607080681466&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20o0dmsyt1r%20%7C%20The%20napkin%20of%20the%20internet.&c7=https%3A%2F%2Fwww...

0
528 B

32ms
31ms

Image
text/plain

95.101.55.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1607080681466&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20o0dmsyt1r%20%7C%20The%20napkin%20of%20the%20internet.&c7=https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r&c9=&cs_ak_ss=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.55.60 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-55-60.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 11:18:01 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1607080681466&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20o0dmsyt1r%20%7C%20The%20napkin%20of%20the%20internet.&c7=https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r&c9=&cs_ak_ss=1
Pragma: no-cache
Date: Fri, 04 Dec 2020 11:18:01 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
803 B 36ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.notepad.pw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Dec 2020 11:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
803 B 36ms
16ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.notepad.pw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Dec 2020 11:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 7 KB
5 KB 392ms
340ms XHR
text/plain 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3920572856358324&correlator=1549866124387456&output=ldjh&impl=fifs&vrg=2020111901&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201204&iu_parts=15184186%2Cnotepad_970x90_728x90_320x50_Sticky&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1%7C728x90%7C970x90&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26fspbg%3Dfreestar%26freestar_path%3D%252Fo0dmsyt1r%26freestar_domain%3Dnotepad.pw%26custom_bidder_size%3Drubicon_728x90%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.18%26hb_adid%3D4085989e4e0c2%26hb_bidder%3Drubicon&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1607080681&dt=1607080681633&dlt=1607080679451&idt=1826&frm=20&biw=1600&bih=1200&oid=3&adxs=800&adys=1199&adks=2140769806&ucis=1&ifi=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x-1&msz=1600x-1&ga_vid=1135241286.1607080681&ga_sid=1607080682&ga_hid=2090115748&fws=512&ohw=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

5a343a9df716da9e1a1fbe19ce584935faf487479f4b44f930519db65067ddcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:02 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4059
x-xss-protection: 0
google-lineitem-id: 5334135261
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138307166295
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.notepad.pw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
2626658dbae8fcbf8d3c529d714c3c22.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 70ms
14ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://2626658dbae8fcbf8d3c529d714c3c22.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 78 KB
25 KB 756ms
756ms XHR
text/plain 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3920572856358324&correlator=1549866124387456&output=ldjh&impl=fifs&vrg=2020111901&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201204&iu_parts=15184186%2Cnotepad_970x90_728x90_320x50_320x100_ATF&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60%7C728x90%7C970x90&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26fsbid%3D0&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1607080681&dt=1607080681696&dlt=1607080679451&idt=1826&frm=20&biw=1600&bih=1200&oid=3&adxs=566&adys=5&adks=338981424&ucis=2&ifi=2&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x1028&msz=1600x70&ga_vid=1135241286.1607080681&ga_sid=1607080682&ga_hid=2090115748&fws=0&ohw=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

b21e13914244ed7856d7b7f96692b64960af663fda9b5bb7326bbbb3cf626aa9

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/260712304242870607/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/260712304242870607/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKvrtImatO0CFRGIOAodA9EDSA&gqi=&layout=/sadbundle/%24csp%253Der3%24/260712304242870607/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/260712304242870607/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/260712304242870607/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKvrtImatO0CFRGIOAodA9EDSA&gqi=&layout=/sadbundle/%24csp%253Der3%24/260712304242870607/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25038
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Fri, 04 Dec 2020 11:18:02 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.notepad.pw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubfig.messaging.2.1.3.ab081b6049bb76c4f685d0c654c6a14aa5aad31b.js Show response
a.pub.network/core/pubfig/ 213 KB
57 KB 31ms
31ms Script
text/javascript 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.1.3.ab081b6049bb76c4f685d0c654c6a14aa5aad31b.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86f10b8a6df37fef05944c8e01395dcbc3fc5acf10037a61a6a9b112a436a5d0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=z9XADw==, md5=KvnUENyj6ZH37qScaBnxhw==
date: Fri, 04 Dec 2020 11:18:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UyckwEFR9PyPKyjSEte4FQgYCsfGAFymrUhuBT48ceJp9PyOmltHnAmwcUEUzRAcuMNplJvSF8FeFPWFcxyddI
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: text/javascript
cf-request-id: 06cf123a1300002bca93a24000000001
last-modified: Wed, 18 Nov 2020 19:53:23 GMT
server: cloudflare
etag: W/"2af9d410dca3e991f7eea49c6819f187"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2pEVTqv%2F4lSpk9AgQQICswCKXxoyEt69tJymZKqF%2FyTms%2BLhizDkl%2BZn6kZCnXcBfF%2B7bxaWgUa8Df%2BWeNPG9uwGEN6ZxDEst%2FSg0NM3ZrymHbDLGNJqyBlx"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1605729203227682
cache-control: public, max-age=3600
x-goog-stored-content-length: 217902
cf-ray: 5fc51fd68a4a2bca-FRA
expires: Fri, 04 Dec 2020 00:35:16 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 69FA 0
0 56ms
55ms Fetch
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssBFj59Xd8YvWWFTj_aikw2aW3aOWYPgkDyZ4UGRRI-NJn10RrQiP6O4hQLDqhV5S1ckvO2pqlvTZg73Y64NpmYFg8IMV1kavau8Ns4Rv9hnvBuetjHW5lWc3os_hPfaXjisd797DRG1foTt8uZJuASc0LHhcBxvlNpYUzZhvmE7aOg_Fh3nBcVB3A0_H6rmKoYEfxupGvb2LGLUcHHR4Osqs2K_ELXsv2P6PNc1iwv_oSxRikRYQ_ix0_fzx4zA0yXiNmx99yJM0z1ZNfuS2UAyu-5uCGvou7cdE3KGj0&sai=AMfl-YTFWu7W2xoN7CRMQ9e6TJoMFxQTP4y4eVjlH62CAOAj8pMzkPwa2aKyJgpa4SrHbp6kHRWe0WbVymfM73JKKklIM6gghUmRXYOwmQwxm84UJEGlNqfTc7STzcaDQbg&sig=Cg0ArKJSzJaVFqrZDK6UEAE&urlfix=1&adurl=

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Dec 2020 11:18:02 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 04 Dec 2020 11:18:02 GMT

GET
H2 200 prebid-universal-creative.js Show response
a.pub.network/core/ Frame 69FA 26 KB
9 KB 48ms
47ms Script
text/javascript 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-universal-creative.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ab080656fab6802aab402d3e385c6c3aa1715d4d962edd506907862dfdad8dc

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=uEu8xg==, md5=O15fToc0bBVTfMXMVCfeag==
date: Fri, 04 Dec 2020 11:18:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UwVbZ8HSmV9bnubb5belT2E6P9FgIs4Y4pEfxr2Xn7dnMQTkNcPdJB1wtwjNONDxiArGylQTGjqP2AuJY1wo7I
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: text/javascript
cf-request-id: 06cf123afd00002bca578bf000000001
last-modified: Wed, 01 Apr 2020 21:06:56 GMT
server: cloudflare
etag: W/"3b5e5f4e87346c15537cc5cc5427de6a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PKhwj73LI%2BKbLRt05Om9oeWKo0bVyLP51iwyTW46XWFDhtj7vipwCK5IZF%2BH2%2FdCWmaVsM7Ecoqws9zO2zUvNJ0vCoNXhNd3WawZ%2BLLLPETpqc7eQHdQwRbw"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1585775216018312
cache-control: public, max-age=86400
x-goog-stored-content-length: 26243
cf-ray: 5fc51fd7fdd72bca-FRA
expires: Fri, 04 Dec 2020 00:35:20 GMT

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 69FA 76 KB
29 KB 39ms
24ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7f03d75d46816d94b6c288b49a823790aa4a5a6b003e75399ce7be537cc89a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1606937775260285"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 29365
x-xss-protection: 0
expires: Fri, 04 Dec 2020 11:18:02 GMT

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 34ms
22ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69a5b5635e3f65d07c7acd4786ec59d4140d58540aa981b58e0b4319621bd9e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1606937775260285"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28382
x-xss-protection: 0
expires: Fri, 04 Dec 2020 11:18:02 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 39ms
19ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020111901&st=env

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d86491c93a3a7433f74fd281d2b52e856e4e491052c5a51dbd78f390aceba6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Dec 2020 11:18:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6529
x-xss-protection: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
462 B 529ms
126ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 34255be4928ef856eb6cdf3088bb8bb4a3472413b61cfc549841e473579c17ca

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.notepad.pw
Date: Fri, 04 Dec 2020 11:18:02 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 32ms
14ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Fri, 04 Dec 2020 11:18:02 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 69FA 1 KB
1 KB 60ms
19ms Script
text/javascript 37.157.4.29
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=36813940;rtbwp=CFE116E6717677D0;rtbdata=GqjG3V9vPvCK1B58j_0MtfJosMJ3D7yZzzm9sIgaZGI6syM440Z8cvyQ9rgXpq3uKRC2_QygnoJXbIS3WGXj3qNK_i5YJ_gohZj2JTk5sJpmYZZyZUtv9sQny9HZbSJlikSyMY6XAlzMo6vrfq-0iJGoozB7YJx5gkBnF9joK2xwJ907StecxUH9SUjZx1m1RRo2nL3RiXpnAEaCy5iXD9UgNBU5v2fjNR18YoBYRXIiBQYIt_NvzfNUVu7Ki4C6WNxJ3JFWgHaiY3X5zpS9Sg2;OOBClickTrack=http://beacon-nf.rubiconproject.com/beacon/v2/t/0/d41f734d-1a38-49d9-af9f-f6302bf7c65c/

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

7f1470cd1cbf32582d5d88c884f2547bf9dcd2eb3fd8f2da070f44b31a015c1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:02 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 937
expires: -1

GET
H/1.1 200
OK d41f734d-1a38-49d9-af9f-f6302bf7c65c
beacon-eu2.rubiconproject.com/beacon/d/ Frame 69FA 43 B
268 B 150ms
45ms Image
image/avif 69.173.144.152
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-eu2.rubiconproject.com/beacon/d/d41f734d-1a38-49d9-af9f-f6302bf7c65c?oo=0&accountId=16924&siteId=151312&zoneId=1498292&sizeId=2&e=6A1E40E384DA563B00A2BE35ED3E09434ADE7504865A3685FF8CA6EED6D4A4EFA8764A8872857F6ECC36739D66CA50B0172DB22D3B21A9B58368ADD02EBBD2485E87E2F6082B2E1849E9BBA2284AD593F423DF88D9D7E49FD756B2104B89A69B6093E8BE5C5F91D4308F3FB34B28578382ACA8FF7F4502E26AEC0E341B0236EB23B93E107AA69A4462E26AA9D9805A3B6135086E7DDD7C3D2A238344D1E2E7AB4D2039E3102574C1A07F1E153DBC1353DD4CF6837EE45D9F83E1C5B7AC9DB977E82A954C1004678A
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.152 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 11:18:02 GMT
Cache-Control: private, max-age=0, no-cache
Server: Rubicon Project
Content-Type: image/avif
Content-Length: 43
Expires: 01 Jan 1970 10:00:00 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 2D05 0
0 36ms
20ms Document
text/html 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.notepad.pw/o0dmsyt1r
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/o0dmsyt1r

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Fri, 04 Dec 2020 10:26:26 GMT
expires: Sat, 04 Dec 2021 10:26:26 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3096
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/620/s1.adform.net/ Frame 69FA 35 KB
17 KB 58ms
18ms Script
text/javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=36813940;rtbwp=CFE116E6717677D0;rtbdata=GqjG3V9vPvCK1B58j_0MtfJosMJ3D7yZzzm9sIgaZGI6syM440Z8cvyQ9rgXpq3uKRC2_QygnoJXbIS3WGXj3qNK_i5YJ_gohZj2JTk5sJpmYZZyZUtv9sQny9HZbSJlikSyMY6XAlzMo6vrfq-0iJGoozB7YJx5gkBnF9joK2xwJ907StecxUH9SUjZx1m1RRo2nL3RiXpnAEaCy5iXD9UgNBU5v2fjNR18YoBYRXIiBQYIt_NvzfNUVu7Ki4C6WNxJ3JFWgHaiY3X5zpS9Sg2;OOBClickTrack=http://beacon-nf.rubiconproject.com/beacon/v2/t/0/d41f734d-1a38-49d9-af9f-f6302bf7c65c/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 19adb8acd6602b627ec408b181b2ea68ec6d932d91d6c00118ecafccd770f072

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:02 GMT
content-encoding: gzip
last-modified: Tue, 24 Nov 2020 13:54:52 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 05 Dec 2020 14:21:04 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 69FA 5 KB
3 KB 20ms
20ms Script
text/javascript 37.157.4.29
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=36813940;rtbwp=CFE116E6717677D0;rtbdata=GqjG3V9vPvCK1B58j_0MtfJosMJ3D7yZzzm9sIgaZGI6syM440Z8cvyQ9rgXpq3uKRC2_QygnoJXbIS3WGXj3qNK_i5YJ_gohZj2JTk5sJpmYZZyZUtv9sQny9HZbSJlikSyMY6XAlzMo6vrfq-0iJGoozB7YJx5gkBnF9joK2xwJ907StecxUH9SUjZx1m1RRo2nL3RiXpnAEaCy5iXD9UgNBU5v2fjNR18YoBYRXIiBQYIt_NvzfNUVu7Ki4C6WNxJ3JFWgHaiY3X5zpS9Sg2;oobclicktrack=http%3a%2f%2fbeacon-nf.rubiconproject.com%2fbeacon%2fv2%2ft%2f0%2fd41f734d-1a38-49d9-af9f-f6302bf7c65c%2f;js=1;adfxid=1x;6039;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|0|1;fd=0|2&CREFURL=https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

31a6c93646f70eff2a5dd9dde645d24615f4a2b29e716bcb9d3d8c57784736b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:02 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2483
expires: -1

GET
H3-Q050 200 container.html
2626658dbae8fcbf8d3c529d714c3c22.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame DA6F 0
0 34ms
20ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2626658dbae8fcbf8d3c529d714c3c22.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 2626658dbae8fcbf8d3c529d714c3c22.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.notepad.pw/o0dmsyt1r
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/o0dmsyt1r

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 04 Dec 2020 11:18:02 GMT
expires: Sat, 04 Dec 2021 11:18:02 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 fslogo-green.svg
a.pub.network/core/imgs/ 1 KB
1 KB 27ms
26ms Image
image/svg+xml 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.pub.network/core/imgs/fslogo-green.svg
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=Jh+rSg==, md5=Mm1svZd2V+EgW9YW0fL6yg==
date: Fri, 04 Dec 2020 11:18:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UzIkIa1znU3GpziP0tcab5Df11mcWdOoC5PPdZxQE-caVfFGLTZkxl6yEhNIMx19yplvk2O1Detp0VtFUpzzlMApI-CfA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: image/svg+xml
cf-request-id: 06cf123bea00002bca409bb000000001
last-modified: Tue, 08 Sep 2020 17:04:37 GMT
server: cloudflare
etag: W/"326d6cbd977657e1205bd616d1f2faca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=o0ANjMSzQPqQUZQHIhuc37qbf%2Fg%2FIOypiNCBYocSKWOqCV9DdkviDEe7cq8od0cZbH9GBMdl14Y0Gj3tSdwkNNBht5VUuMUWanZO4ZsUfofX9GG6Lbf7Gr1C"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1599584677716817
cache-control: public, max-age=3600
x-goog-stored-content-length: 1193
cf-ray: 5fc51fd979812bca-FRA
expires: Fri, 04 Dec 2020 11:35:55 GMT

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame A7B2 0
0 121ms
55ms Document
text/html 184.24.15.122
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=dk
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.15.122 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-15-122.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.notepad.pw/o0dmsyt1r
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rsid=1|G9C2NkZC7frDQSirzNt8MRPvuJlRI6aSli1gEtfhZ1co9sDCaATiL5HZCu/Q5+nIKR+svD2oDAurFUDJXkn3Rlmqng06zAJbpC9zOvGMF3Jx/AX1DKVYI/iiF8/WWQzTX+vLxkA/aUD0yuAwYcc5xoUuBof1EQXOfYdkw80=; vis2=151312^1; khaos=KIA6CE41-23-7AT9; ses2=; audit=1|hLZGFuTafB35SdDqhHzY3xSNte0ann5G64Nfxtpch2EFY+4QC/2iSg/N5KP7oDyufttjzCeuFmqAtRE0mAgjCwwzmB75iHze
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/o0dmsyt1r

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 28 Sep 2020 17:02:39 GMT
ETag: "40295-123-5b062a240e9c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 238
Content-Type: text/html; charset=UTF-8
Date: Fri, 04 Dec 2020 11:18:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 69FA 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ca91a5cfd78cd210645508d2098a230f7606a88f9426cc6091439a433eee7d6

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
201 B 16ms
15ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gpt_2020111901&jk=3920572856358324&bg=!TE-lT2_NAAXKjztByljoGT9GWYm2xQIAAABPUgAAAA9oAQcKAccAb2G1FWu3Ok8ot4Uh2d-SPTDmNyE1Er1WakXh5fpYS7mFwOaXB8bScPmKpv5B-xiHQNl-_iyLmqsAoOWSL4lnxBaQnQqXremADT9YxcPIHnhUf1sYsYURtPQE4Mq6qLGFaY_ofNbmnJgfS8FIeIMm8iEY4w1YVpjoSmrZY4qw7bt_sGe5T6nsFGypI7_YLh-FLpt8SnmvqGJ-6VGK8CqNEXsXKaAzjyzUlmbS48HCSSBTP2bjJmpzCda8XXi7Blv61hnJLvveBRVo25JfR7OcfSKqgmI7OncM5GLbTx8opPEuDDPh4npEj3yR_GRN80_Y5m-suUcOe2Gtvkt0adx2JXlGm6JVe4C7Xqqmz3a5VIOF5YkRqLIXRCwnoHs7s1x5yhMHTfV4mRaNk4RbTfTEv4ZjH42eHnQpprTssV19ieDCKdX3iCKbYQgQHJ4znpH1vEUhDXCV_TDHyVy7mu7C6vdPMEL9hX86snYoiJe-0WnMUd6-4ACEqqCtOGJdygL-Ve5EWVMunOakJDHMpqasDz47lxacJkDyCxPjKmolyo8LbWgG9FlBQGMTo3vm_VyweLakbjsnHVrUBwh9snI0zbxOY3XM2pkBt3vWvmxaQG-oh1ubLd5okFN1lsGgzfa-Coko5CImn9XDYbqLttGq2DyUXh-XJHc-otKBSaSIn2y5vJRnlLlhRsLgxOQnt0UiNM-G1S3Cc6vnMmjunAoyYK_6DDodW04RdCX2DZF5Z7oU46Xn3Snlg0wUPx6BNC5Da6vgkALJgDA-pBMidHO0RxWkoiJAywQk7PLuuOUmMJh6y_xs8UcC2Yy8EvrK4SZFW4cljyLmuuHsaHumRydVo3GJMao-psKbvlxrxAJROylbf6TH1E6uxkJgyNgZhpyF03WEbKcsqpp1fgACI63MHWQ2D2HWnDUFdNnITUKaItzHMx9zGg3gVwE1LZI6tnGEAf4JD3OJvLBeOGZNt-kWU7wtj3dzBd9cA0WhvATJE41FveZWLZ4CuCUJvjVe6t56oXEHEAHhOCW9DUZtwi4mwl1pcZunoBvVlwX0KNsKRqe_46RsREnSHjVQG0wArXAqCGMTSK93tDBzd643D5I6Zu3Ns2s_76DLaLJHwjcF5Imi-JigXvDHDjGwo5gyfqKlSBI6jKxbOHkj5TlX1Ls8sek2CQgE9vFCjbkhmIVvvig

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/620/s1.adform.net/load/v/0.0.196/e/.wSBgiDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame 69FA 86 KB
37 KB 27ms
27ms Script
text/javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/620/s1.adform.net/load/v/0.0.196/e/.wSBgiDA/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 8696cee86999f6d03320e995abc00d260687ca83684f05c6c212a47456fe629d

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:02 GMT
content-encoding: gzip
last-modified: Tue, 24 Nov 2020 13:54:52 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 05 Dec 2020 14:37:11 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 69FA 35 B
469 B 19ms
18ms Other
image/gif 37.157.4.29
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=36813940&csi=UKTSiDY9-h8B5qd066Yot5EM8FA01We_IAgJQPgaGWnrygPkIxxfk62BT6QWo14OJBuVy41pob4wiWa9e4bLWics4ODdxxAu0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:02 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.notepad.pw
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 40309826.jpg
s1.adform.net/Banners/40309826/ Frame 69FA 60 KB
60 KB 24ms
23ms Image
image/jpeg 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/40309826/40309826.jpg?bv=2

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

cd4726dc00558b2927ecbfa8ae79af23ea7bb15a806b8d5c19732cd2c2727d8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 11:18:02 GMT
last-modified: Wed, 02 Sep 2020 13:50:35 GMT
server: nginx
etag: "5f4fa32b-ee6e"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 61038

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 69FA 0
22 B 55ms
54ms Image
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstQKI-mAKNMWGlN5I8TOT8th_0L1LeF_iBcyBThZaOh7jxBC505iF-d0Hb-Flva1wPS6K5yk3ITZn2IokeMU2Yxt_hVPDFfcVanmcHSRvsuwh6iZTnFWE9jQiwClPh8qH5cYB5O0a78aZy7cXBrR9WQ6sowElYNUb0UZY5sn58b4i5NJsri4BuzgZWvSixWn6pUcs6jX3YcFTMe6MUpkcs_dIlnhnCBFcJeWLk_swLsJJmEZtPfB0EVXwSB0mrM0KjDRZkEKXWc8TG41TT67xA7wbASF3fiQCqNBLb5RT7YbA&sai=AMfl-YQ4iTfV2UQkGX5UqFXs0Nswr1Pd8jPqKcQmxo_Cxb0uUGSwNnhm0RUh6KKk8sMYQ-sGaTvlDwqsLr-VwUFuRHr1kHNMK4sYlk6t8gMbw5fTUqHM5Hxi-ZgZj8CqJXk&sig=Cg0ArKJSzM68LTsLMyATEAE&urlfix=1&adurl=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Dec 2020 11:18:02 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 69FA 53 KB
21 KB 44ms
44ms Script
text/javascript 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

435e924da98a1e7860c54be3a06a25265be2a721d08d56972f6b80d6a2b0d324

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 10:48:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1755
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20875
x-xss-protection: 0
server: cafe
etag: 6584356153132086148
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Fri, 04 Dec 2020 11:48:47 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 69FA 0
331 B 179ms
80ms Other
image/gif 2a00:1450:4017:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kia6cezj&chm=1&ctx=2&qqid=CJD-pImatO0CFY-43godle8IFQ&met.4=fb.2~lb.73~ol.c2~idt.y3~dt.-gn&met.3=197.71~123.6z_4~118.76_1~118.7h~118.a9~117.bx~298.bz~116.bx_5~118.c4~118.d2~113.dk_3~112.dj_4&met.1=1.kia6cem0~14.0~15.0~16.0~17.0~18.0~19.0~20.bx~21.c3~22.76~23.76&met.7=CCIQBBgBIAMoAzADaANwO3iYArABAbgBAw~CBsQCiADODA~CCoQChgBIAMoAzAvOCw~CBsQCiBHODw~CBsQBiBHOJcB~CBsQCiCFAThP~CBsQCiDcATgV~CBsQBSD5ATh7~CBsQCiC9Ajgk~CBsQASDuAjgT~CBsQBiDuAjgk~CCgQChgBILQDKLQDMOUDODFotQNw4QN4uaQBgAGLowGIAfWmA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4017:801::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:02 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
462 B 184ms
162ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: c8459e8f47038ab888b1dc16785895caabf4c189756ef3aaca139ad896d8cd78

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.notepad.pw
Date: Fri, 04 Dec 2020 11:18:02 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
334 B 127ms
126ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: www.notepad.pw
URL: https://www.notepad.pw/o0dmsyt1r
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: c8459e8f47038ab888b1dc16785895caabf4c189756ef3aaca139ad896d8cd78

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.notepad.pw
Date: Fri, 04 Dec 2020 11:18:03 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 69FA 42 B
94 B 16ms
15ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssNydwe2njGPI3DcirBb-UR3rARNIz60xOu0uourW_8srm_T2nR0YTw3i_KOdwE2xJe3RujB5oBheQWmMuH2dAdMbQlbesFsq5PvZTqhhA&sig=Cg0ArKJSzN4qNbu0n8b3EAE&adk=2140769806&tt=-1&bs=1600%2C1200&mtos=0,1007,1007,1007,1007&tos=0,1007,0,0,0&p=1110,436,1204,1164&mcvt=1007&rs=3&ht=0&tfs=285&tls=1292&mc=0.95&lte=-1&bas=0&bac=0&met=mue&avms=nio&niot_obs=181&niot_cbk=186&md=2&btr=0&cpmav=0&lm=2&rst=1607080682237&dlt&rpt=61&isd=0&msd=0&xdi=0&postrxl=1&ps=1600%2C1074&scs=1600%2C1200&pt=-1&bin=4&deb=1-0-0-12-5-11-11-0-0-0&tvt=1288&is=728%2C90&iframe_loc=https%3A%2F%2Fwww.notepad.pw%2Fo0dmsyt1r&r=v&id=osdim&vs=4&uc=12&upc=1&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20201202

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame 69FA 35 B
469 B 19ms
18ms Other
image/gif 37.157.4.29
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6009457685790138994@@36813940,8226001501420930751,100|1200|0|0|0|0|0|0|0||41|0|31|5d6336a377cc0364515eeb14876388bbb74803b9_1|||1|0|0|2OESoMoxJnFcPlakbYq96cCJD46uRm40rjG9U0vzfujmxm2SzHqpHMyz8d6D7jvo0|||11|1

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:03 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.notepad.pw
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 /
track.adform.net/Serving/Event/ Frame 69FA 35 B
303 B 19ms
19ms Image
image/gif 37.157.4.29
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.adform.net/Serving/Event/?bn=36813940&event=178&time=1&baid=40309826&name=Viewable%20impressions&imprid=8226001501420930751&icid=6009457685790138994&eData=UKTSiDY9-h-KddBoxwNvhFIlj0leblS74fn4X_ACi5iat9V8idCEkfaRCd0pZr__wbuON9JBJpVI_v4ebamRCg2&rtbdata=GqjG3V9vPvCK1B58j_0MtfJosMJ3D7yZzzm9sIgaZGI6syM440Z8cvyQ9rgXpq3uKRC2_QygnoJXbIS3WGXj3qNK_i5YJ_gohZj2JTk5sJpmYZZyZUtv9sQny9HZbSJlikSyMY6XAlzMo6vrfq-0iJGoozB7YJx5gkBnF9joK2xwJ907StecxUH9SUjZx1m1RRo2nL3RiXpnAEaCy5iXD9UgNBU5v2fjNR18YoBYRXIiBQYIt_NvzfNUVu7Ki4C6WNxJ3JFWgHaiY3X5zpS9Sg2&rtbwp=CFE116E6717677D0&rnd=856081562

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:03 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
expires: -1

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 63C0 0
0 102ms
36ms Document
text/html 2.21.37.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.33 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-21-37-33.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.notepad.pw/o0dmsyt1r
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/o0dmsyt1r

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=130258
Expires: Sat, 05 Dec 2020 23:29:05 GMT
Date: Fri, 04 Dec 2020 11:18:07 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 0E88 0
0 113ms
48ms Document
text/html 2.21.37.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.33 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-21-37-33.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.notepad.pw/o0dmsyt1r
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/o0dmsyt1r

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=130258
Expires: Sat, 05 Dec 2020 23:29:05 GMT
Date: Fri, 04 Dec 2020 11:18:07 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 65EC 0
0 93ms
30ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.notepad.pw/o0dmsyt1r
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/o0dmsyt1r

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Thu, 03 Dec 2020 21:09:36 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 04 Dec 2020 11:18:07 GMT
Age: 50911
X-Served-By: cache-lga21935-LGA, cache-fra19161-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 2, 234725
X-Timer: S1607080688.713639,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 ixmatch.html
js-sec.indexww.com/um/ Frame A71C 0
0 40ms
38ms Document
text/html 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

:method: GET
:authority: js-sec.indexww.com
:scheme: https
:path: /um/ixmatch.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.notepad.pw/o0dmsyt1r
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/o0dmsyt1r

Response headers

server: Apache
last-modified: Tue, 06 Oct 2020 14:04:48 GMT
etag: "e20015-8f4-5b10114f2003a"
accept-ranges: bytes
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
content-length: 1136
date: Fri, 04 Dec 2020 11:18:07 GMT

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame FBAB 0
0 90ms
30ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.notepad.pw/o0dmsyt1r
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/o0dmsyt1r

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Thu, 03 Dec 2020 21:09:36 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 04 Dec 2020 11:18:07 GMT
Age: 50911
X-Served-By: cache-lga21935-LGA, cache-fra19148-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 2, 235041
X-Timer: S1607080688.714767,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 921D 0
0 31ms
31ms Document
text/html 184.24.15.122
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.15.122 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-15-122.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.notepad.pw/o0dmsyt1r
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/o0dmsyt1r

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 28 Sep 2020 17:02:39 GMT
ETag: "40295-123-5b062a240e9c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 238
Content-Type: text/html; charset=UTF-8
Date: Fri, 04 Dec 2020 11:18:07 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 ixmatch.html
js-sec.indexww.com/um/ Frame CD13 0
0 35ms
35ms Document
text/html 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

:method: GET
:authority: js-sec.indexww.com
:scheme: https
:path: /um/ixmatch.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.notepad.pw/o0dmsyt1r
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.notepad.pw/o0dmsyt1r

Response headers

server: Apache
last-modified: Tue, 06 Oct 2020 14:04:48 GMT
etag: "e20015-8f4-5b10114f2003a"
accept-ranges: bytes
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
content-length: 1136
date: Fri, 04 Dec 2020 11:18:07 GMT

GET
H/1.1

204
No Content

getuids
grid.bidswitch.net/
Redirect Chain

https://x.bidswitch.net/sync?ssp=themediagrid
https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=themediagrid&bsw_custom_parameter=d310377e-c080-47a7-bca9-39a7ff396ff3
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=themediagrid&bsw_custom_parameter=d310377e-c080-47a7-bca9-39a7ff396ff3
https://x.bidswitch.net/sync?dsp_id=4&user_id=635ed48a-a0cd-4b2c-a15c-9b37730cc8d2&ssp=themediagrid&expires=30&user_group=5&bsw_param=d310377e-c080-47a7-bca9-39a7ff396ff3
https://grid.bidswitch.net/getuids?bsw_uid=d310377e-c080-47a7-bca9-39a7ff396ff3&ssp_custom_data=

0
260 B

33ms
32ms

Image
text/html

18.159.79.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://grid.bidswitch.net/getuids?bsw_uid=d310377e-c080-47a7-bca9-39a7ff396ff3&ssp_custom_data=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.79.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-79-175.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 04 Dec 2020 11:18:07 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Type: text/html; charset=UTF-8

Redirect headers

location: //grid.bidswitch.net/getuids?bsw_uid=d310377e-c080-47a7-bca9-39a7ff396ff3&ssp_custom_data=
date: Fri, 04 Dec 2020 11:18:07 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 200 /
track.adform.net/serving/unload/ Frame 69FA 35 B
469 B 19ms
18ms Other
image/gif 37.157.4.29
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6009457685790138994@@36813940,8226001501420930751,100|4899|0|0|0|0|0|0|0||167|0|31|5d6336a377cc0364515eeb14876388bbb74803b9_1|||1|0|0|2OESoMoxJnFcPlakbYq96cCJD46uRm40rjG9U0vzfujmxm2SzHqpHMyz8d6D7jvo0|||01|1

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.notepad.pw/o0dmsyt1r
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 11:18:07 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.notepad.pw
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=1074beac5a70c3e&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.10.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D

Verdicts & Comments Add Verdict or Comment

127 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.notepad.pw/	1970-01-19 14:39:04	Name: typography Value: %7B%22sp_class%22%3A%22not-active%22%7D
www.notepad.pw/	1969-12-31 23:59:59	Name: adOtr Value: 363423e6b2e
www.notepad.pw/	1970-01-19 14:24:40	Name: sp_lit Value: r/1wWKy6g+//0r/ZYxUvTQ==
www.notepad.pw/	1970-01-19 14:24:47	Name: spcsrf Value: bcf608f745ec16ec8a8363d9f852b85c
www.notepad.pw/	1969-12-31 23:59:59	Name: fsbotchecked Value: true
www.notepad.pw/	1970-01-19 14:24:47	Name: pad_cookie Value: 40cc17250b398beca0308f5e234a7ae882526f4e
www.notepad.pw/	1969-12-31 23:59:59	Name: PRLST Value: Bg
www.notepad.pw/	1969-12-31 23:59:59	Name: SPSE Value: V8svp87BohsAld2v+gCD12yUcRXDJqwuK72FfiDInP8kjFyZx7Kik8zq2VW4OtONy3xrPylBoJ0VleogGZUz7g==
www.notepad.pw/	1970-01-23 06:41:45	Name: UTGv2 Value: h4a2a9b2398654138478e7984649af8f6e41
www.notepad.pw/	1969-12-31 23:59:59	Name: SPSI Value: 23e634b36e2e7ed882ab85293edbf82a

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js(Line 1) Message: %cPubfig background: #00C389; color: #fff; border-radius: 3px; padding: 3px pubfig.messaging.js - Init ========== LOADING MESSAGING ==========

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2626658dbae8fcbf8d3c529d714c3c22.safeframe.googlesyndication.com
a.pub.network
acdn.adnxs.com
ads.creative-serving.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
beacon-eu2.rubiconproject.com
btlr.sharethrough.com
c.pub.network
cdnjs.cloudflare.com
csi.gstatic.com
d.pub.network
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
grid.bidswitch.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
js-sec.indexww.com
live.notepad.pw
notepad.pw
pagead2.googlesyndication.com
pixel.quantserve.com
rules.quantcount.com
s1.adform.net
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
track.adform.net
wpcc.io
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
www.notepad.pw
x.bidswitch.net
btlr.sharethrough.com
104.111.215.135
151.101.13.108
151.139.128.11
18.159.79.175
18.196.214.144
184.24.15.122
185.33.221.87
185.64.189.112
2.21.37.33
216.58.206.2
2600:9000:2190:2600:6:44e3:f8c0:93a1
2606:4700:20::681a:18b
2606:4700:3031::681b:8143
2606:4700::6810:125e
2606:4700::6810:135e
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:803::2002
2a00:1450:4001:806::2008
2a00:1450:4001:808::2001
2a00:1450:4001:808::200a
2a00:1450:4001:814::2003
2a00:1450:4001:816::2001
2a00:1450:4001:824::200e
2a00:1450:4017:801::2003
3.121.79.35
3.126.224.165
35.188.71.214
35.226.36.58
37.157.2.249
37.157.4.29
68.183.157.211
69.173.144.141
69.173.144.152
95.101.55.60
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
073d67279c6c80d3b94ca458e45c889915f240d258b6c405ff0a92e35738166a
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
10914f26817b083573a9554fb72b7edeaf72a163c2528dfed7e638b1ce684475
119351ced3134718cb42591e513ff063cf04af7c2734b137c666ee62e137e15d
16177523c5f99f13cf1633a3e53ed9938bb5c88a21c6e86c1b415c409e0df0fa
180251bc66aa70adaad9d6e0c27f0a3597e6dfa934e774c1c2dc5cb97f1c4022
19adb8acd6602b627ec408b181b2ea68ec6d932d91d6c00118ecafccd770f072
1ab080656fab6802aab402d3e385c6c3aa1715d4d962edd506907862dfdad8dc
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b60310189012686567c541c72a40acf74adb416bdc524008822d6c7c73ccd97
2fa866f281364240678617640d2944c8927bb03588410dfec54a4a97641129e6
3077f89e81c8c6c43e95e7dcfce7c084aafca408c53396824459a41cd3b6deff
31a6c93646f70eff2a5dd9dde645d24615f4a2b29e716bcb9d3d8c57784736b7
33c43d39018b07879a080935fd26fdeb82970bff929ee2d1ef3951a21d632f54
34255be4928ef856eb6cdf3088bb8bb4a3472413b61cfc549841e473579c17ca
3c5b6bb603a4f7556b94532674f3847b430b9495afbb3a4dcfe5ba718baa59ad
435e924da98a1e7860c54be3a06a25265be2a721d08d56972f6b80d6a2b0d324
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
51839cd54fbd59d491d731aa9f28bf46a0c44fd332a461e267e2e61c247adf1c
55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af
560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda
5a343a9df716da9e1a1fbe19ce584935faf487479f4b44f930519db65067ddcc
5af02623e86d6d92d1b4e65626d818e9d128766d95f209e5768befc31eff4e68
5dbaab8f472717f5f659cb28deb326df6d4b858bf1025c84f366a808798c1587
6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
69a5b5635e3f65d07c7acd4786ec59d4140d58540aa981b58e0b4319621bd9e8
6a168e2ddae4d655f0e9793c98406ed886956b7f54544b88a1b9d279fe8b242f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7315546b2d78773ca18c53649e14062bc9e2a4ee72f1527ab8d8cc7bcceffe03
7d86491c93a3a7433f74fd281d2b52e856e4e491052c5a51dbd78f390aceba6a
7f1470cd1cbf32582d5d88c884f2547bf9dcd2eb3fd8f2da070f44b31a015c1a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8696cee86999f6d03320e995abc00d260687ca83684f05c6c212a47456fe629d
86f10b8a6df37fef05944c8e01395dcbc3fc5acf10037a61a6a9b112a436a5d0
87d73170be9a2e277c57d324c4e05ec0ac60ed3c0191fa29e7a31133b4c4c119
888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17
8b894003f7c5389d104f9f0bca5c66f2fc7e9b20e06d9ee0ac38ef47c65e0b73
8fb5814721017a72eee505a95b6938a620e254b96736d9ed9881ce176957e97e
91eb4e13cfeb70e591e2212e7a09de429516a0ae7788f60ac72f085b486b688b
9ca91a5cfd78cd210645508d2098a230f7606a88f9426cc6091439a433eee7d6
a05dcae495e90d0d8a3e3ea2a632181d4b9a82d4e7bd02e11ce4f3ad94d3e3ef
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
a93da7f0a8dd7b18a6425f0b550258b6a1b9c88bfa2b271120cd93980b692138
a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b21e13914244ed7856d7b7f96692b64960af663fda9b5bb7326bbbb3cf626aa9
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
c0e9f862ba8e25101cd7d7405584ddd6d09fc863af666986462a9df2f29710f1
c8459e8f47038ab888b1dc16785895caabf4c189756ef3aaca139ad896d8cd78
c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e
cd4726dc00558b2927ecbfa8ae79af23ea7bb15a806b8d5c19732cd2c2727d8c
cf453b9034a24fc76cca371ee826d9bcbdd6bcdb8623de4b9d4435024cfe47a3
d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b
d1a54fff4497f865e07edee4652cbfd676e1d490fc2c02041481721399a4e77b
d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1
d7f03d75d46816d94b6c288b49a823790aa4a5a6b003e75399ce7be537cc89a9
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478
e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870
ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb3089f1151c90d9d3cf43eac0e3f1d8a80123f37245dbffbd7f7e80783947f
f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375

www.notepad.pw Open in urlscan Pro 151.139.128.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

99 Requests

99 %HTTPS

41 %IPv6

25 Domains

39 Subdomains

33 IPs

8 Countries

1041 kBTransfer

2790 kBSize

10 Cookies

10 Outgoing links

Redirected requests

99 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.notepad.pw Open in urlscan Pro
151.139.128.11 Public Scan

Screenshot
Live screenshot

Full Image

99
Requests

99 %
HTTPS

41 %
IPv6

25
Domains

39
Subdomains

33
IPs

8
Countries

1041 kB
Transfer

2790 kB
Size

10
Cookies

99 HTTP transactions
2 data transactions