notepad.pw Open in urlscan Pro
151.139.128.10 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://notepad.pw/
Effective URL:
https://notepad.pw/aq023d9a
Submission: On March 02 via manual (March 2nd 2020, 3:00:53 pm UTC) from ES

Summary HTTP 92 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 35 IPs in 9 countries across 37 domains to perform 92 HTTP transactions. The main IP is 151.139.128.10, located in Dallas, United States and belongs to HIGHWINDS3, US. The main domain is notepad.pw.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on February 24th 2020. Valid for: 3 months.

This is the only time notepad.pw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 9	151.139.128.10 151.139.128.10	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:815::200a	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6811:4004	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.198.80.134 192.198.80.134	31863 (DACEN-2) (DACEN-2)
1	2a00:1450:400... 2a00:1450:4001:81b::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::681a:18b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
4	2606:4700:303... 2606:4700:3036::681f:5d8d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE)
3	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:816::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
4	216.58.210.2 216.58.210.2	15169 (GOOGLE) (GOOGLE)
3	151.101.13.194 151.101.13.194	54113 (FASTLY) (FASTLY)
12	35.226.134.247 35.226.134.247	15169 (GOOGLE) (GOOGLE)
2	34.247.95.233 34.247.95.233	16509 (AMAZON-02) (AMAZON-02)
3 5	185.33.223.202 185.33.223.202	29990 (ASN-APPNEX) (ASN-APPNEX)
2	35.158.189.107 35.158.189.107	16509 (AMAZON-02) (AMAZON-02)
1	69.173.144.143 69.173.144.143	26667 (RUBICONPR...) (RUBICONPROJECT)
2	104.16.68.69 104.16.68.69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE)
2 2	216.52.2.48 216.52.2.48	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
4	2a00:1450:400... 2a00:1450:4001:818::2001	15169 (GOOGLE) (GOOGLE)
2 2	35.241.44.144 35.241.44.144	15169 (GOOGLE) (GOOGLE)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-) (VCLK-EU-)
6	2a00:1450:400... 2a00:1450:4001:820::2001	15169 (GOOGLE) (GOOGLE)
1 1	74.214.194.140 74.214.194.140	59940 (PULSEPOIN...) (PULSEPOINT-EU)
1 1	2a00:1450:400... 2a00:1450:4001:81f::2004	15169 (GOOGLE) (GOOGLE)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2	77.245.57.72 77.245.57.72	36057 (WEBAIR-IN...) (WEBAIR-INTERNET-MTL)
1 1	34.231.146.215 34.231.146.215	14618 (AMAZON-AES) (AMAZON-AES)
1	95.100.196.250 95.100.196.250	16625 (AKAMAI-AS) (AKAMAI-AS)
1	165.227.252.242 165.227.252.242	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2 2	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1 1	54.156.230.45 54.156.230.45	14618 (AMAZON-AES) (AMAZON-AES)
1 1	213.19.147.150 213.19.147.150	26120 (RHYTHMONE) (RHYTHMONE)
1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1	37.157.4.23 37.157.4.23	198622 (ADFORM) (ADFORM)
2 2	95.100.197.53 95.100.197.53	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	5.178.65.245 5.178.65.245	50673 (SERVERIUS-AS) (SERVERIUS-AS)
1	77.245.57.81 77.245.57.81	36057 (WEBAIR-IN...) (WEBAIR-INTERNET-MTL)
1 1	62.149.0.72 62.149.0.72	15497 (COLOCALL ...) (COLOCALL Internet Data Center _ColoCALL_)
1	95.100.196.237 95.100.196.237	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.37.55.184 23.37.55.184	16625 (AKAMAI-AS) (AKAMAI-AS)
92	35

9 151.139.128.10 (Dallas, United States) 1 redirects

ASN20446 (HIGHWINDS3, US)

notepad.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.198.80.134 (Lenoir, United States)

ASN31863 (DACEN-2, US)

wpcc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:18b (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3036::681f:5d8d (United States)

ASN13335 (CLOUDFLARENET, US)

live.notepad.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.188.71.214 (United States)

ASN15169 (GOOGLE, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.210.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s07-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.13.194 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 35.226.134.247 (United States)

ASN15169 (GOOGLE, US)
PTR: 247.134.226.35.bc.googleusercontent.com

prebid.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.247.95.233 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-95-233.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.223.202 (Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 318.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.158.189.107 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-189-107.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.143 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.68.69 (United States)

ASN13335 (CLOUDFLARENET, US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.226.36.58 (United States)

ASN15169 (GOOGLE, US)
PTR: 58.36.226.35.bc.googleusercontent.com

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.48 (United States) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:818::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.241.44.144 (Ascension Island) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 144.44.241.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1370 (Sweden)

ASN41041 (VCLK-EU-, SE)

prebid-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:820::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.214.194.140 (Amsterdam, Netherlands) 1 redirects

ASN59940 (PULSEPOINT-EU, NL)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.57.72 (Netherlands)

ASN36057 (WEBAIR-INTERNET-MTL, US)

sync.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.231.146.215 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-146-215.compute-1.amazonaws.com

nep.advangelists.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.196.250 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-196-250.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 165.227.252.242 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.155.181 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.230.45 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-230-45.compute-1.amazonaws.com

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.150 (United Kingdom) 1 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.4.23 (Denmark)

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.100.197.53 (Ascension Island) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-197-53.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.178.65.245 (Renswoude, Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.245.57.81 (Netherlands)

ASN36057 (WEBAIR-INTERNET-MTL, US)

tag.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.149.0.72 (Ukraine) 1 redirects

ASN15497 (COLOCALL Internet Data Center _ColoCALL_, UA)
PTR: 0-72.adtelligent3-tmp.cc.colocall.com

sync.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.196.237 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-196-237.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.55.184 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-55-184.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	pub.network a.pub.network d.pub.network prebid.pub.network c.pub.network	233 KB
13	notepad.pw 1 redirects notepad.pw live.notepad.pw	55 KB
9	cloudflare.com cdnjs.cloudflare.com	300 KB
6	ampproject.org cdn.ampproject.org	112 KB
6	adnxs.com 3 redirects ib.adnxs.com acdn.adnxs.com	5 KB
5	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	19 KB
5	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net	95 KB
3	adkernel.com sync.adkernel.com tag.adkernel.com	451 B
3	rubiconproject.com fastlane.rubiconproject.com pixel.rubiconproject.com eus.rubiconproject.com	2 KB
3	fastly.net confiant-integrations.global.ssl.fastly.net	82 KB
2	e-planning.net 1 redirects ads.us.e-planning.net	388 B
2	casalemedia.com 2 redirects ssum-sec.casalemedia.com	2 KB
2	emxdgt.com 2 redirects cs.emxdgt.com	480 B
2	openx.net 2 redirects rtb.openx.net	682 B
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	districtm.io dmx.districtm.io cdn.districtm.io	436 B
2	sharethrough.com btlr.sharethrough.com	218 B
2	gumgum.com g2.gumgum.com	1 KB
2	google.com 1 redirects adservice.google.com www.google.com	280 B
2	google-analytics.com www.google-analytics.com	18 KB
2	gstatic.com fonts.gstatic.com	20 KB
2	wpcc.io wpcc.io	5 KB
1	adtelligent.com 1 redirects sync.adtelligent.com	377 B
1	adform.net cm.adform.net	106 B
1	yahoo.com pr-bh.ybp.yahoo.com	768 B
1	1rx.io 1 redirects sync.1rx.io	353 B
1	technoratimedia.com 1 redirects sync.technoratimedia.com	488 B
1	serverbid.com e.serverbid.com	91 B
1	pubmatic.com ads.pubmatic.com
1	advangelists.com 1 redirects nep.advangelists.com	226 B
1	contextweb.com 1 redirects bh.contextweb.com	494 B
1	dotomi.com prebid-match.dotomi.com
1	google.de adservice.google.de	171 B
1	googletagservices.com www.googletagservices.com	14 KB
1	googletagmanager.com www.googletagmanager.com	28 KB
1	googleapis.com fonts.googleapis.com	835 B
0	bfmio.com Failed sync.bfmio.com Failed
92	37

	Domain	Requested by
12	prebid.pub.network	notepad.pw
9	cdnjs.cloudflare.com	notepad.pw
9	notepad.pw	1 redirects notepad.pw
6	cdn.ampproject.org	securepubads.g.doubleclick.net confiant-integrations.global.ssl.fastly.net
5	ib.adnxs.com	3 redirects notepad.pw
4	tpc.googlesyndication.com	securepubads.g.doubleclick.net notepad.pw
4	securepubads.g.doubleclick.net	www.googletagservices.com notepad.pw securepubads.g.doubleclick.net
4	live.notepad.pw	notepad.pw
3	confiant-integrations.global.ssl.fastly.net	a.pub.network confiant-integrations.global.ssl.fastly.net
3	d.pub.network	notepad.pw
2	ads.us.e-planning.net	1 redirects a.pub.network
2	ssum-sec.casalemedia.com	2 redirects
2	cs.emxdgt.com	2 redirects
2	sync.adkernel.com
2	rtb.openx.net	2 redirects
2	ap.lijit.com	2 redirects
2	c.pub.network	notepad.pw
2	btlr.sharethrough.com	notepad.pw
2	g2.gumgum.com	notepad.pw
2	www.google-analytics.com	www.googletagmanager.com notepad.pw
2	fonts.gstatic.com	notepad.pw cdnjs.cloudflare.com
2	a.pub.network	notepad.pw a.pub.network
2	wpcc.io	notepad.pw
1	eus.rubiconproject.com	a.pub.network
1	cdn.districtm.io	a.pub.network
1	acdn.adnxs.com	a.pub.network
1	sync.adtelligent.com	1 redirects
1	tag.adkernel.com
1	cm.adform.net
1	pr-bh.ybp.yahoo.com
1	sync.1rx.io	1 redirects
1	sync.technoratimedia.com	1 redirects
1	pagead2.googlesyndication.com
1	e.serverbid.com
1	ads.pubmatic.com	a.pub.network
1	nep.advangelists.com	1 redirects
1	pixel.rubiconproject.com
1	googleads.g.doubleclick.net	notepad.pw
1	www.google.com	1 redirects
1	bh.contextweb.com	1 redirects
1	prebid-match.dotomi.com
1	dmx.districtm.io	notepad.pw
1	fastlane.rubiconproject.com	notepad.pw
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	www.googletagservices.com	a.pub.network
1	www.googletagmanager.com	notepad.pw
1	fonts.googleapis.com	notepad.pw
0	sync.bfmio.com Failed	a.pub.network
92	49

This site contains links to these domains. Also see Links.

Domain
www.internetcookies.org
notepad-static.s3.amazonaws.com
about.notepad.pw
www.facebook.com
twitter.com
reddit.com

Subject Issuer	Validity	Valid
notepad.pw Sectigo RSA Domain Validation Secure Server CA	`2020-02-24` - `2020-05-24`	3 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh
wpcc.io Let's Encrypt Authority X3	`2020-01-12` - `2020-04-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-11` - `2020-10-09`	a year	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-12-05` - `2020-06-12`	6 months	crt.sh
*.google.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2019-02-09` - `2020-05-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
*.freetls.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-12-18` - `2020-12-18`	a year	crt.sh
*.gumgum.com Amazon	`2019-07-31` - `2020-08-31`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.sharethrough.com Amazon	`2019-10-07` - `2020-11-07`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
districtm.io CloudFlare Inc ECC CA-2	`2020-02-25` - `2020-10-09`	7 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
*.adkernel.com COMODO RSA Domain Validation Secure Server CA	`2017-11-17` - `2021-01-05`	3 years	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2020-02-26` - `2021-05-27`	a year	crt.sh
e.serverbid.com Let's Encrypt Authority X3	`2019-12-25` - `2020-03-24`	3 months	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-01-04` - `2020-07-02`	6 months	crt.sh
*.adform.net DigiCert SHA2 Secure Server CA	`2019-03-25` - `2020-04-29`	a year	crt.sh
ads.us.e-planning.net Let's Encrypt Authority X3	`2020-02-21` - `2020-05-21`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://notepad.pw/aq023d9a
Frame ID: C42901CAB906377F8B78214EAD1D0C32
Requests: 72 HTTP requests in this frame

Frame: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=JJ
Frame ID: 8B2ACAB7D34ECE87784EB857E915813C
Requests: 3 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012002141856310/amp4ads-v0.js
Frame ID: 9B87479E5C715608B608D3EAE807B512
Requests: 12 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D
Frame ID: 9B937903CC779F24F66BB1D6EB4FCC36
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fads.us.e-planning.net%2Fgetuid%2F1%2F5a1ad71d2d53a0f5%3Fhttps%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
Frame ID: 4048DB05F0D8E1D64B8C7E821DE1C60E
Requests: 1 HTTP requests in this frame

Frame: https://sync.bfmio.com/sync_s2s?gdpr=0&url=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dbeachfront%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%5Bio_cid%5D
Frame ID: AF3E5DA94ECB1D5A56009E66E2EBCD1D
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 9F07D0A0533B6C35589371506F811397
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 1C63EAD8CAC83C9EF16F6ED6886B72D3
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=0&gdpr_consent=
Frame ID: AB414E95C1A516E82D70939D0308819A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://notepad.pw/ HTTP 307
https://notepad.pw/aq023d9a Page URL

Detected technologies

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Fireblade (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /fbs/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Ionicons (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+ionicons(?:\.min)?\.css/i

Page Statistics

92
Requests

99 %
HTTPS

32 %
IPv6

37
Domains

49
Subdomains

35
IPs

9
Countries

990 kB
Transfer

2599 kB
Size

15
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.internetcookies.org/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://notepad-static.s3.amazonaws.com/Notepad.pw+Terms+of+Use.pdf
Title: Terms

Search URL Search Domain Scan URL

URL: https://about.notepad.pw/
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://notepad.pw/share/2s36jy9e5

Search URL Search Domain Scan URL

URL: http://twitter.com/share?text=notepad.pw&url=https://notepad.pw/share/2s36jy9e5

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://notepad.pw/share/2s36jy9e5&title=notepad.pw

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://notepad.pw/ HTTP 307
https://notepad.pw/aq023d9a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 51

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://prebid.pub.network/setuid?bidder=sovrn&gdpr=0&gdpr_consent=&us_privacy=&uid=753f326c0e81036ad7fb5959

Request Chain 55

https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D HTTP 302
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D&ox_sc=1 HTTP 302
https://prebid.pub.network/setuid?bidder=openx&gdpr=0&gdpr_consent=&us_privacy=&uid=317cdf61-0742-46cb-8b78-2755f82fc291

Request Chain 68

https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dpulsepoint%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%25%25VGUID%25%25 HTTP 302
https://prebid.pub.network/setuid?bidder=pulsepoint&gdpr=0&gdpr_consent=&us_privacy=&uid=6o7nQzMIHpi2&ev=1&pid=561205

Request Chain 69

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 72

https://nep.advangelists.com/xp/user-sync?acctid={aid}&&redirect=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dadvangelists%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 302
https://prebid.pub.network/setuid?bidder=advangelists&gdpr=0&gdpr_consent=&us_privacy=&uid=$UID

Request Chain 78

https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 302
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fprebid.pub.network%252Fsetuid%253Fbidder%253Dadnxs%2526gdpr%253D0%2526gdpr_consent%253D%2526us_privacy%253D%2526uid%253D%2524UID HTTP 302
https://prebid.pub.network/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&us_privacy=&uid=6441584700105946316

Request Chain 79

https://cs.emxdgt.com/um?ssp=pbs&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Demx_digital%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 302
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Demx_digital%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24EMXUID HTTP 302
https://cs.emxdgt.com/umcheck?apnxid=6441584700105946316&redirect=https://prebid.pub.network/setuid?bidder=emx_digital&gdpr=0&gdpr_consent=&us_privacy=&uid=$EMXUID HTTP 302
https://prebid.pub.network/setuid?bidder=emx_digital&uid=6441584700105946316brt44261583161232571212f1

Request Chain 80

https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dsynacormedia%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%5BUSER_ID%5D HTTP 307
https://prebid.pub.network/setuid?bidder=synacormedia&gdpr=0&gdpr_consent=&us_privacy=&uid=GDPR

Request Chain 81

https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Drhythmone%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%5BRX_UUID%5D HTTP 302
https://prebid.pub.network/setuid?bidder=rhythmone&gdpr=0&gdpr_consent=&us_privacy=&uid=OPTOUT

Request Chain 84

https://ssum-sec.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&C=1 HTTP 302
https://prebid.pub.network/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=&uid=Xl0fkblQJZQAABUVBMIAAADT%26715

Request Chain 85

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fads.us.e-planning.net%2Fgetuid%2F1%2F5a1ad71d2d53a0f5%3Fhttps%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fads.us.e-planning.net%2Fgetuid%2F1%2F5a1ad71d2d53a0f5%3Fhttps%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID

Request Chain 87

https://sync.adtelligent.com/csync?t=p&ep=0&redir=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dadtelligent%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%7Buid%7D HTTP 302
https://prebid.pub.network/setuid?bidder=adtelligent&gdpr=0&gdpr_consent=&us_privacy=&uid=34b3f8103f88d08d

92 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request aq023d9a Show response
notepad.pw/
Redirect Chain

http://notepad.pw/
https://notepad.pw/aq023d9a

30 KB
13 KB

500ms
416ms

Document
text/html

151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: b4c129b38552489649d122ad023da5a289ba66979726de929900f4aad1ef6ed9

Request headers

:method: GET
:authority: notepad.pw
:scheme: https
:path: /aq023d9a
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SPSI=1410f728f2569dd48e62c913a72e3c6e; spcsrf=f5aa78acff18c79296a3b9bee5461421; UTGv2=D-h4d2a889a9a4a81eb80c5ebf8b1d07e8ef35; pad_cookie=07f73c3aef3d7de69548ec4e5d28231099124efd; sp_lit=8thMylYmFMkN1chjgk+vRQ==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Mon, 02 Mar 2020 15:00:28 GMT
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
set-cookie: spcsrf=ec9ac33a2a3f618a26ec933795984f42; path=/; SameSite=Strict; HttpOnly; expires=Mon, 02-Mar-20 17:00:28 GMT UTGv2=D-h47b622b4ab2917822abc80363b80f554c83; path=/; expires=Tue, 02-Mar-21 15:00:28 GMT sp_lit=n6on+IZGFTpdIDrT1IwtQw==; path=/; SameSite=Strict; HttpOnly; expires=Mon, 02-Mar-20 15:05:28 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: fbs
access-control-allow-origin: *
x-hw: 1583161227.cds002.wa1.hn,1583161227.cds006.wa1.sc,1583161228.cdn2-redis01-arn1.stackpath.systems.-.wx,1583161228.cds006.wa1.p

Redirect headers

Date: Mon, 02 Mar 2020 15:00:27 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Set-Cookie: SPSI=1410f728f2569dd48e62c913a72e3c6e; path=/; spcsrf=f5aa78acff18c79296a3b9bee5461421; path=/; SameSite=Strict; HttpOnly; expires=Mon, 02-Mar-20 17:00:27 GMT adOtr=obsvl; path=/; expires=Thu, 2 Aug 2001 20:47:11 UTC UTGv2=D-h4d2a889a9a4a81eb80c5ebf8b1d07e8ef35; path=/; expires=Tue, 02-Mar-21 15:00:27 GMT pad_cookie=07f73c3aef3d7de69548ec4e5d28231099124efd; expires=Mon, 02-Mar-2020 17:10:49 GMT; Max-Age=7200; path=/; HttpOnly sp_lit=8thMylYmFMkN1chjgk+vRQ==; path=/; SameSite=Strict; HttpOnly; expires=Mon, 02-Mar-20 15:05:27 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Location: https://notepad.pw/aq023d9a
Server: fbs
Access-Control-Allow-Origin: *
X-HW: 1583161227.cds002.wa1.h2,1583161227.cds004.wa1.sc,1583161227.cdn2-redis01-arn1.stackpath.systems.-.wx,1583161227.cds004.wa1.p
Connection: keep-alive

GET
H2 200 css
fonts.googleapis.com/ 5 KB
835 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:815::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Sans:400,700

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f6e206730b9cfa13f568754d8c0985b03f8a7b55265eb88b3c0f8c80cd445e19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 02 Mar 2020 15:00:28 GMT
server: ESF
date: Mon, 02 Mar 2020 15:00:28 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 02 Mar 2020 15:00:28 GMT

GET
H2 200 global.css
notepad.pw/content/css/ 6 KB
2 KB 402ms
401ms Stylesheet
text/css 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://notepad.pw/content/css/global.css?229
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 2b60310189012686567c541c72a40acf74adb416bdc524008822d6c7c73ccd97

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
content-encoding: gzip
last-modified: Mon, 02 Oct 2017 03:48:05 GMT
server: fbs
etag: "59d1b6f5-1821"
status: 200
x-hw: 1583161228.cds002.wa1.hn,1583161228.cds008.wa1.sc,1583161228.cdn2-wafbe01-arn1.stackpath.systems.-.wx,1583161228.cds008.wa1.p
content-type: text/css
access-control-allow-origin: *
accept-ranges: bytes

GET
H2 200 normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/ 2 KB
1 KB 14ms
13ms Stylesheet
text/css 2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
content-encoding: br
cf-cache-status: HIT
age: 15107420
cf-ray: 56dbfccd6fa51e47-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:24:31 GMT
server: cloudflare
etag: W/"5afd4a4f-8a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
expires: Sat, 20 Feb 2021 15:00:28 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.001

GET
H2 200 ionicons.min.css
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ 50 KB
7 KB 18ms
17ms Stylesheet
text/css 2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
content-encoding: br
cf-cache-status: HIT
age: 10655454
cf-ray: 56dbfccd6fa61e47-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:20:52 GMT
server: cloudflare
etag: W/"5afd4974-c854"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
expires: Sat, 20 Feb 2021 15:00:28 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.002

GET
H2 200 logo-dark.png
notepad.pw/content/images/ 22 KB
22 KB 548ms
547ms Image
image/png 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notepad.pw/content/images/logo-dark.png
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
last-modified: Thu, 30 Aug 2018 21:59:20 GMT
server: fbs
etag: "5b8868b8-57f4"
status: 200
x-hw: 1583161228.cds002.wa1.hn,1583161228.cds009.wa1.sc,1583161228.cdn2-wafbe01-arn1.stackpath.systems.-.wx,1583161228.cds009.wa1.p
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 22516

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/ 82 KB
28 KB 16ms
15ms Script
application/javascript 2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
content-encoding: br
cf-cache-status: HIT
age: 10655453
cf-ray: 56dbfccd6fa91e47-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:21:00 GMT
server: cloudflare
etag: W/"5afd497c-1499c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 20 Feb 2021 15:00:28 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.003

GET
H2 200 angular.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/ 156 KB
53 KB 21ms
21ms Script
application/javascript 2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
content-encoding: br
cf-cache-status: HIT
age: 10655454
cf-ray: 56dbfccd881c1e47-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:15:33 GMT
server: cloudflare
etag: W/"5afd4835-27130"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 20 Feb 2021 15:00:28 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.004

GET
H2 200 angular-cookies.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/ 1 KB
845 B 13ms
13ms Script
application/javascript 2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
content-encoding: br
cf-cache-status: HIT
age: 27795151
cf-ray: 56dbfccdb89c1e47-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:15:35 GMT
server: cloudflare
etag: W/"5afd4837-5a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 20 Feb 2021 15:00:28 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.006

GET
H2 200 socket.io.min.js Show response
cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/ 68 KB
21 KB 17ms
17ms Script
application/javascript 2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
content-encoding: br
cf-cache-status: HIT
age: 16688240
cf-ray: 56dbfccdc8e81e47-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:26:47 GMT
server: cloudflare
etag: W/"5afd4ad7-10ec3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 20 Feb 2021 15:00:28 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.003

GET
H2 200 app.min.js Show response
notepad.pw/content/js/ 8 KB
3 KB 411ms
410ms Script
application/javascript 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://notepad.pw/content/js/app.min.js?366
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
content-encoding: gzip
last-modified: Thu, 30 Aug 2018 22:33:49 GMT
server: fbs
etag: "5b8870cd-2089"
status: 200
x-hw: 1583161228.cds002.wa1.hn,1583161228.cds002.wa1.sc,1583161228.cdn2-wafbe03-arn1.stackpath.systems.-.wx,1583161228.cds002.wa1.p
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes

GET
H2 200 store.min.js Show response
cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/ 3 KB
1 KB 14ms
12ms Script
application/javascript 2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
content-encoding: br
cf-cache-status: HIT
age: 2097540
cf-ray: 56dbfccfef2d1e47-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:26:51 GMT
server: cloudflare
etag: W/"5afd4adb-a35"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 20 Feb 2021 15:00:28 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.001

GET
H2 200 clipboard.min.js Show response
cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/ 11 KB
3 KB 13ms
12ms Script
application/javascript 2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
content-encoding: br
cf-cache-status: HIT
age: 10655452
cf-ray: 56dbfccfef321e47-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:18:33 GMT
server: cloudflare
etag: W/"5afd48e9-2aa5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 20 Feb 2021 15:00:28 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.001

GET
H2 200 cookieconsent.min.css
wpcc.io/lib/1.0.2/ 4 KB
1 KB 379ms
115ms Stylesheet
text/css 192.198.80.134
DACEN-2

General

Check archive.org

Show headers Download Go to

Full URL

https://wpcc.io/lib/1.0.2/cookieconsent.min.css

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.198.80.134 Lenoir, United States, ASN31863 (DACEN-2, US),

Reverse DNS

Software

Apache/2 /

Resource Hash

119351ced3134718cb42591e513ff063cf04af7c2734b137c666ee62e137e15d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Mon, 02 Mar 2020 15:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1119
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 05 Apr 2019 15:44:29 GMT
server: Apache/2
x-frame-options: SAMEORIGIN
etag: "fbe-585ca5cb7f140-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
expires: Wed, 01 Apr 2020 15:00:29 GMT

GET
H2 200 cookieconsent.min.js Show response
wpcc.io/lib/1.0.2/ 9 KB
3 KB 380ms
116ms Script
application/javascript 192.198.80.134
DACEN-2

General

Check archive.org

Show headers Download Go to

Full URL

https://wpcc.io/lib/1.0.2/cookieconsent.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.198.80.134 Lenoir, United States, ASN31863 (DACEN-2, US),

Reverse DNS

Software

Apache/2 /

Resource Hash

7870dceaf72f9d91b2790eadc462ec110e11be8f265d9394e6f7430d11d05cfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3237
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 May 2019 13:31:59 GMT
server: Apache/2
x-frame-options: SAMEORIGIN
etag: "228a-587d38abc51c0-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Wed, 01 Apr 2020 15:00:29 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 75 KB
28 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:81b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-153530698-1

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0676a04208e2b2b5a03f5c8f5b70e2217e4c25b05e60f4f6a0ce83ad198104fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
content-encoding: br
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Cache-Control
content-length: 28625
x-xss-protection: 0
expires: Mon, 02 Mar 2020 15:00:28 GMT

GET
H2 200 pubfig.min.js Show response
a.pub.network/notepad-pw/ 411 KB
116 KB 440ms
421ms Script
application/javascript 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/notepad-pw/pubfig.min.js
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0689462225545e95bbc450363e2265295ae60059b60d3d316fea468141649a11

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:29 GMT
content-encoding: br
cf-cache-status: REVALIDATED
status: 200
x-guploader-uploadid: AEnB2Uph5tcea6I-0X-sh08PEnKK2GNxRtNu-cWY99DV2A-Ko0RLRCmtzOEOdrmJmrnn1Wju6a7sCdUpePIhwbWlUoEvbZ5iew
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Thu, 27 Feb 2020 18:11:28 GMT
server: cloudflare
etag: W/"909f65f4138445719cd7fd028d382f4f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=4xnEfQ==, md5=kJ9l9BOERXGc1/0CjTgvTw==
content-type: application/javascript
x-goog-generation: 1582827088204492
cache-control: public, max-age=1800
x-goog-stored-content-length: 420612
cf-ray: 56dbfcd0090ae00b-FRA
expires: Mon, 02 Mar 2020 15:01:29 GMT

GET
H2 200 / Show response
notepad.pw/sbbi/ Frame 8B2A 25 KB
11 KB 204ms
203ms Document
text/html 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=JJ&sbbgs=h47b622b4ab2917822abc80363b80f554c83&ddl=1
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: a3ea72428851c6e61f68b5545971a46834c9512f4f0236ada5de64b4e32e0a7f

Request headers

:method: GET
:authority: notepad.pw
:scheme: https
:path: /sbbi/?sbbpg=sbbShell&gprid=JJ&sbbgs=h47b622b4ab2917822abc80363b80f554c83&ddl=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
referer: https://notepad.pw/aq023d9a
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SPSI=1410f728f2569dd48e62c913a72e3c6e; pad_cookie=07f73c3aef3d7de69548ec4e5d28231099124efd; spcsrf=ec9ac33a2a3f618a26ec933795984f42; sp_lit=n6on+IZGFTpdIDrT1IwtQw==; PRLST=JJ; UTGv2=h47b622b4ab2917822abc80363b80f554c83
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://notepad.pw/aq023d9a

Response headers

status: 200
date: Mon, 02 Mar 2020 15:00:28 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
access-control-allow-origin: *
x-hw: 1583161228.cds002.wa1.hn,1583161228.cds005.wa1.sc,1583161228.cdn2-wafbe04-arn1.stackpath.systems.-.i,1583161228.cds005.wa1.p

GET
H2 200 /
notepad.pw/sbbi/ 43 B
250 B 86ms
85ms Image
image/gif 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notepad.pw/sbbi/?sbbpg=utMedia&vii=1h44170bf672228bf42a5b6299d1d74882e26a2bcc981033a6732be830cf65e5s4tcp8r3
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-accel-expires: 0
date: Mon, 02 Mar 2020 15:00:28 GMT
server: fbs
status: 200
x-hw: 1583161228.cds002.wa1.hn,1583161228.cds008.wa1.sc,1583161228.cdn2-wafbe01-arn1.stackpath.systems.-.i,1583161228.cds008.wa1.p
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0

GET
H2 200 ionicons.ttf
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ 184 KB
184 KB 20ms
19ms Font
application/octet-stream 2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.0

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
Origin: https://notepad.pw
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Mar 2020 15:00:28 GMT
cf-cache-status: HIT
age: 27795162
cf-ray: 56dbfcd00ec496bc-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 188508
last-modified: Thu, 17 May 2018 09:20:52 GMT
server: cloudflare
etag: "5afd4974-2e05c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
expires: Sat, 20 Feb 2021 15:00:28 GMT
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
served-in-seconds: 0.018

GET
H2 200 o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
fonts.gstatic.com/s/notosans/v9/ 10 KB
10 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v9/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Noto+Sans:400,700
Origin: https://notepad.pw
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 25 Feb 2020 02:44:35 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:20:41 GMT
server: sffe
age: 562553
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 10292
x-xss-protection: 0
expires: Wed, 24 Feb 2021 02:44:35 GMT

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 101 B
478 B 360ms
332ms XHR
application/octet-stream 2606:4700:3036::681f:5d8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=N2Rmp-O
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::681f:5d8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf6bc772f4b16474e15709d4b5ea5c507b382f3b24135b30e201f32cb1d05b41

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Mar 2020 15:00:29 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/octet-stream
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
cf-ray: 56dbfcd2b8dec2e5-FRA
content-length: 101

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-153530698-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 4098
date: Mon, 02 Mar 2020 13:52:11 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18174
expires: Mon, 02 Mar 2020 15:52:11 GMT

POST
H2 200 / Show response
notepad.pw/sbbi/ Frame 8B2A 516 B
482 B 174ms
173ms Document
text/html 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=JJ&sbbgs=h47b622b4ab2917822abc80363b80f554c83&ddl=1
Requested by: Host: notepad.pw
URL: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=JJ&sbbgs=h47b622b4ab2917822abc80363b80f554c83&ddl=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b

Request headers

:method: POST
:authority: notepad.pw
:scheme: https
:path: /sbbi/?sbbpg=sbbShell&gprid=JJ&sbbgs=h47b622b4ab2917822abc80363b80f554c83&ddl=1
content-length: 655
pragma: no-cache
cache-control: no-cache
origin: https://notepad.pw
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
referer: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=JJ&sbbgs=h47b622b4ab2917822abc80363b80f554c83&ddl=1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SPSI=1410f728f2569dd48e62c913a72e3c6e; pad_cookie=07f73c3aef3d7de69548ec4e5d28231099124efd; spcsrf=ec9ac33a2a3f618a26ec933795984f42; sp_lit=n6on+IZGFTpdIDrT1IwtQw==; PRLST=JJ; UTGv2=h47b622b4ab2917822abc80363b80f554c83; adOtr=f047181f252; typography=%7B%22sp_class%22%3A%22not-active%22%7D
Origin: https://notepad.pw
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=JJ&sbbgs=h47b622b4ab2917822abc80363b80f554c83&ddl=1

Response headers

status: 200
date: Mon, 02 Mar 2020 15:00:29 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
access-control-allow-origin: *
x-hw: 1583161229.cds002.wa1.hn,1583161229.cds005.wa1.sc,1583161229.cdn2-wafbe04-arn1.stackpath.systems.-.i,1583161229.cds005.wa1.p

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
89 B 14ms
14ms XHR
text/plain 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j81&a=1699599835&t=pageview&_s=1&dl=https%3A%2F%2Fnotepad.pw%2Faq023d9a&ul=en-us&de=UTF-8&dt=notepad.pw%20%2F%20aq023d9a%20%7C%20The%20napkin%20of%20the%20internet.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAcABAAAAAC~&jid=990629545&gjid=774993633&cid=262300852.1583161229&tid=UA-153530698-1&_gid=83141208.1583161229&_r=1&gtm=2ou2j0&z=61811147

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 02 Mar 2020 15:00:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://notepad.pw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK cookie Show response
d.pub.network/ 36 B
458 B 980ms
117ms XHR
text/plain 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/cookie
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: f4c25b5cb4bd68df85d9f90cc27b3adea0dbfb65a4d253123560570a1e347f30

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://notepad.pw
Date: Mon, 02 Mar 2020 15:00:30 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 43 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1040b4870a9503a2b7e81f781ed65e43f668bab13ee4ac0199a040d75d3728c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "444 / 112 of 1000 / last-modified: 1582920970"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14499
x-xss-protection: 0
expires: Mon, 02 Mar 2020 15:00:29 GMT

GET
H2 200 prebid-analytics-3.6.2.js Show response
a.pub.network/core/ 350 KB
107 KB 149ms
149ms Script
text/html 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bfc61f56cf987bfbf5e1c86e6746d24c7dcd6ad98806dfca9d63c6110810582

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:29 GMT
content-encoding: br
cf-cache-status: BYPASS
status: 200
x-guploader-uploadid: AEnB2UrJPXXJZ3bwOOChKJTNVbEzOBxeg-KWGlDHC3MyT41aJeNhsPkysUz_jacGauXclGVxzfL61esCuutJaDn1Z76SIvwmEw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
last-modified: Fri, 28 Feb 2020 20:11:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=zs10DQ==, md5=a/aOr3cetk5W0I0PmuPrIQ==
content-type: text/html
x-goog-generation: 1582920668771105
cache-control: private
x-goog-stored-content-length: 358240
cf-ray: 56dbfcd33af9e00b-FRA
expires: Tue, 02 Mar 2021 15:00:29 GMT

GET
H/1.1 200
OK location Show response
d.pub.network/ 51 B
484 B 695ms
124ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/location
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 6358c6ea8da1fcf2fc88c991a803c1a5f63b13247d7c546f1e3365ce17ec484d

Request headers

Accept: application/json, text/plain, */*
Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://notepad.pw
Date: Mon, 02 Mar 2020 15:00:29 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 15ms
14ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=notepad.pw

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 23ms
22ms Script
application/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=notepad.pw

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2020022401.js Show response
securepubads.g.doubleclick.net/gpt/ 167 KB
61 KB 95ms
31ms Script
text/javascript 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020022401.js?21065618

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

sffe /

Resource Hash

6d941ee14efe29bc4859114b4d6c93bd58d9843249a4e9d7603d6f80edb4eadf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Feb 2020 14:08:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 62028
x-xss-protection: 0
expires: Mon, 02 Mar 2020 15:00:29 GMT

GET
H2 200 / Show response
notepad.pw/sbbi/ Frame 8B2A 7 KB
3 KB 80ms
80ms Document
text/html 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=JJ
Requested by: Host: notepad.pw
URL: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=JJ&sbbgs=h47b622b4ab2917822abc80363b80f554c83&ddl=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 6bbf91366f4c7b4f90e73dc77727a2d00ababfb89333146ead30089640e00ae6

Request headers

:method: GET
:authority: notepad.pw
:scheme: https
:path: /sbbi/?sbbpg=sbbShell&gprid=JJ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
referer: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=JJ&sbbgs=h47b622b4ab2917822abc80363b80f554c83&ddl=1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SPSI=1410f728f2569dd48e62c913a72e3c6e; pad_cookie=07f73c3aef3d7de69548ec4e5d28231099124efd; spcsrf=ec9ac33a2a3f618a26ec933795984f42; sp_lit=n6on+IZGFTpdIDrT1IwtQw==; PRLST=JJ; UTGv2=h47b622b4ab2917822abc80363b80f554c83; adOtr=f047181f252; typography=%7B%22sp_class%22%3A%22not-active%22%7D; _ga=GA1.2.262300852.1583161229; _gid=GA1.2.83141208.1583161229; _gat_gtag_UA_153530698_1=1; fsbotchecked=true; _fssid=70792e31-746f-4ae7-b7a6-b8cc17433b3a; fssts=false
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=JJ&sbbgs=h47b622b4ab2917822abc80363b80f554c83&ddl=1

Response headers

status: 200
date: Mon, 02 Mar 2020 15:00:29 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
access-control-allow-origin: *
x-hw: 1583161229.cds002.wa1.hn,1583161229.cds002.wa1.sc,1583161229.cdn2-wafbe03-arn1.stackpath.systems.-.i,1583161229.cds002.wa1.p

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/ 184 KB
38 KB 70ms
22ms Script
text/javascript 151.101.13.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/config.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a33627f05b693f21a5cb015aab2ace39b1e483a9513851135906869ab953b70c

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Mon, 02 Mar 2020 15:00:29 GMT
Content-Encoding: gzip
Age: 2192
X-Cache: HIT
Connection: keep-alive
Content-Length: 38253
x-amz-id-2: rU857ZzBlRA6GPGIOO08UfWQ5p7fy9p8l0oGPwima/yMlMN3+2fMCzJvP7BWk33CIWt3sC9Oqxo=
X-Served-By: cache-fra19165-FRA
Last-Modified: Mon, 02 Mar 2020 13:43:55 GMT
Server: AmazonS3
X-Timer: S1583161230.525344,VS0,VE0
ETag: "e34dcde5b1bf3d4f507c7bb48822e759"
x-amz-request-id: D585D20C227457EC
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 120

GET
H/1.1 200
OK v2 Show response
d.pub.network/floors/ 858 B
1 KB 931ms
118ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/floors/v2?key=1413desktop
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: fac89a31cbde66bf63968f7fc0d051e6e1d38add0af7f8c2b5d42c09a264e540

Request headers

Accept: application/json, text/plain, */*
Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://notepad.pw
Date: Mon, 02 Mar 2020 15:00:30 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gpt/202002281148/ 92 KB
32 KB 23ms
22ms Script
application/javascript 151.101.13.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002281148/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f0d7c4c6f54c21b798318174d51477fd6d1847869b2c86a7ca31f038d1d4b291

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Mon, 02 Mar 2020 15:00:29 GMT
Content-Encoding: gzip
Age: 92
X-Cache: HIT
Connection: keep-alive
Content-Length: 31844
x-amz-id-2: Yi1Tb+oC55wUiOFJ1ITg1POo+OXrLELf262tAp4whThN74pUttsf+RI5qmFM6w32X34k45+cMIc=
X-Served-By: cache-fra19165-FRA
Last-Modified: Fri, 28 Feb 2020 16:49:03 GMT
Server: AmazonS3
X-Timer: S1583161230.576068,VS0,VE0
ETag: "6cdcc71baa2662f8bb2465846cc76981"
x-amz-request-id: 92E139BEA6294CDE
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 52

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/prebid/202002281148/ 31 KB
12 KB 50ms
22ms Script
application/javascript 151.101.13.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/prebid/202002281148/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 17b981c757227d07469857a6da03f5cb2cb27db6c63d531985aa0d6587aeabde

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Mon, 02 Mar 2020 15:00:29 GMT
Content-Encoding: gzip
Age: 249
X-Cache: HIT
Connection: keep-alive
Content-Length: 11693
x-amz-id-2: ybNleehZYR/nNyaiNg9yjTYsnez+fL6HkXtIjgFpy+K7ygc01naPFkYydVkMR5rMM5s/8KcbQWE=
X-Served-By: cache-fra19165-FRA
Last-Modified: Fri, 28 Feb 2020 16:49:05 GMT
Server: AmazonS3
X-Timer: S1583161230.604386,VS0,VE0
ETag: "3dfc75f11aae2038f778e3885380a128"
x-amz-request-id: C080F769B302AA67
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 504

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 5 B
63 B 327ms
327ms XHR
application/octet-stream 2606:4700:3036::681f:5d8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=N2Rmq43&sid=-e5c7gcUAJPDkf5SAbYe
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::681f:5d8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Mar 2020 15:00:29 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/octet-stream
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
cf-ray: 56dbfcd4de7cc2e5-FRA
content-length: 5

GET
H2 200 o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2
fonts.gstatic.com/s/notosans/v9/ 10 KB
10 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v9/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Noto+Sans:400,700
Origin: https://notepad.pw
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 25 Feb 2020 02:18:19 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:20:44 GMT
server: sffe
age: 564130
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 10116
x-xss-protection: 0
expires: Wed, 24 Feb 2021 02:18:19 GMT

POST
H/1.1 200
OK cookie_sync Show response
prebid.pub.network/ 6 KB
1 KB 533ms
155ms XHR
application/json 35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.pub.network/cookie_sync
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 2fb001ae127e9a962c95e49ed2b89df03a0e41664a900019f454affd342296a5

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
content-encoding: gzip
Content-Type: application/json
access-control-allow-origin: https://notepad.pw
Cache-Control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1054
Expires: 0

POST
H/1.1 200
OK auction Show response
prebid.pub.network/openrtb2/ 143 B
415 B 666ms
227ms XHR
application/json 35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.pub.network/openrtb2/auction
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 706bd2882be2113a27ad0d19e95aec1f077fe5f91f7426296736fe146e4644f1

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
content-encoding: gzip
Content-Type: application/json
access-control-allow-origin: https://notepad.pw
Cache-Control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 148
Expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 122 B
648 B 126ms
49ms XHR
application/json 34.247.95.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=0&schain=1.0%2C1!freestar.io%2C1413%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fnotepad.pw%2Faq023d9a&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fnotepad.pw&ns=10240&
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.95.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-95-233.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 538d1637b548ace550f3efcc95c664d3ef85c96c03dc4d589998f5f541c9506d

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 02 Mar 2020 15:00:29 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://notepad.pw
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 122 B
648 B 123ms
47ms XHR
application/json 34.247.95.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=0&schain=1.0%2C1!freestar.io%2C1413%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fnotepad.pw%2Faq023d9a&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fnotepad.pw&ns=10240&
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.95.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-95-233.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: db48a5953ec26fd07c7ee3e2bf3d6c5727e004a5c539d7b6a1697058a3d9be98

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 02 Mar 2020 15:00:29 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://notepad.pw
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 72ms
39ms XHR
application/json 185.33.223.202
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.202 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

318.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

9ace35233a5b8aae3deeca18a415b80fd103e6d0b9b43deeea54409df579d0a4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 02 Mar 2020 15:00:31 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 318.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.17:80
AN-X-Request-Uuid: 7dcb6c92-3eb2-4ac1-86eb-2a6d4c3b3967
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
109 B 70ms
25ms XHR
text/plain 35.158.189.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=12410ab605b0fe1&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.189.107 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-189-107.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 02 Mar 2020 15:00:29 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://notepad.pw
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
109 B 70ms
24ms XHR
text/plain 35.158.189.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=131c44b12bfd82d&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.189.107 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-189-107.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 02 Mar 2020 15:00:29 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://notepad.pw
vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 262 B
2 KB 185ms
101ms XHR
application/json 69.173.144.143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1498292&size_id=2&alt_size_ids=1%2C55&gdpr=0&rp_schain=1.0,1!freestar.io,1413,1,,,&rf=https%3A%2F%2Fnotepad.pw%2Faq023d9a&tk_flint=pbjs_lite_v3.6.0&x_source.tid=1b76ef11-423c-4dfd-a573-ceb24d176d66&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.6268029635363501
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: c8f4d44cc3daf6df48787a3fb5a797a70724d5a1002b18024b1d751f02a43762

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 02 Mar 2020 15:00:29 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://notepad.pw
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=198
Content-Length: 262
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 69ms
35ms XHR
application/json 185.33.223.202
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.202 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

318.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

8518c3f3cc267355eba775b3f046918ab3c125a9c4ebaea048aa52c5599d354f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 02 Mar 2020 15:00:31 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 318.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.5:80
AN-X-Request-Uuid: 02837bed-4a27-4d22-b91c-efe5030026ed
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
436 B 87ms
44ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 02 Mar 2020 15:00:29 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 56dbfcd6ec4d7293-AMS
access-control-allow-headers: origin, content-type

POST
H2 200 / Show response
live.notepad.pw/socket.io/ 2 B
96 B 340ms
339ms XHR
text/html 2606:4700:3036::681f:5d8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=N2Rmq9D&sid=-e5c7gcUAJPDkf5SAbYe
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::681f:5d8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

cf-ray: 56dbfcd6ebffc2e5-FRA
date: Mon, 02 Mar 2020 15:00:30 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: text/html
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
content-encoding: br

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 4 B
62 B 393ms
393ms XHR
application/octet-stream 2606:4700:3036::681f:5d8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=N2Rmq9E&sid=-e5c7gcUAJPDkf5SAbYe
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::681f:5d8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Mar 2020 15:00:30 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/octet-stream
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
cf-ray: 56dbfcd6ec02c2e5-FRA
content-length: 4

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
330 B 477ms
117ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: f4c25b5cb4bd68df85d9f90cc27b3adea0dbfb65a4d253123560570a1e347f30

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://notepad.pw
Date: Mon, 02 Mar 2020 15:00:30 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H/1.1

200
OK

setuid
prebid.pub.network/
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID&sovrn_retry=true
https://prebid.pub.network/setuid?bidder=sovrn&gdpr=0&gdpr_consent=&us_privacy=&uid=753f326c0e81036ad7fb5959

0
410 B

123ms
123ms

Image
text/plain

35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.pub.network/setuid?bidder=sovrn&gdpr=0&gdpr_consent=&us_privacy=&uid=753f326c0e81036ad7fb5959
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
content-length: 0
Expires: 0

Redirect headers

Date: Mon, 02 Mar 2020 15:00:30 GMT
Server: nginx
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://prebid.pub.network/setuid?bidder=sovrn&gdpr=0&gdpr_consent=&us_privacy=&uid=753f326c0e81036ad7fb5959
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 39 KB
10 KB 350ms
349ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=186422116862917&correlator=2698788233578676&output=ldjh&impl=fifs&adsid=NT&eid=21065399%2C21065618%2C21064365%2C21065517%2C21065589%2C21065304&vrg=2020022401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200302&iu_parts=15184186%2Cnotepad_970x90_728x90_320x50_320x100_ATF&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60%7C728x90%7C970x90&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1583161230&dt=1583161230521&dlt=1583161228378&idt=1082&frm=20&biw=1600&bih=1200&oid=3&adxs=566&adys=5&adks=338981424&ucis=1&ifi=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fnotepad.pw%2Faq023d9a&dssz=29&icsg=547881728&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x986&msz=1600x70&ga_vid=704597607.1583161231&ga_sid=1583161231&ga_hid=1699599835&fws=0&ohw=0

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

efed1475694b2070102cdd80f0fa7d32563970b19a0863129b15d703a847115e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Mar 2020 15:00:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9968
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://notepad.pw
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2020022401.js Show response
securepubads.g.doubleclick.net/gpt/ 66 KB
24 KB 31ms
31ms Script
text/javascript 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020022401.js?21065618

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020022401.js?21065618

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

sffe /

Resource Hash

816709e9295a4116a9f1648dcdca148a141e0ee263887b39f474a923380e4310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 15:00:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Feb 2020 14:08:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 24743
x-xss-protection: 0
expires: Mon, 02 Mar 2020 15:00:30 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 6ms
6ms Other
text/html 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020022401.js?21065618
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

GET
H/1.1

200
OK

setuid
prebid.pub.network/
Redirect Chain

https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D&ox_sc=1
https://prebid.pub.network/setuid?bidder=openx&gdpr=0&gdpr_consent=&us_privacy=&uid=317cdf61-0742-46cb-8b78-2755f82fc291

0
534 B

126ms
126ms

Image
text/plain

35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.pub.network/setuid?bidder=openx&gdpr=0&gdpr_consent=&us_privacy=&uid=317cdf61-0742-46cb-8b78-2755f82fc291
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
content-length: 0
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 02 Mar 2020 15:00:30 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
location: https://prebid.pub.network/setuid?bidder=openx&gdpr=0&gdpr_consent=&us_privacy=&uid=317cdf61-0742-46cb-8b78-2755f82fc291
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
status: 302
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: i9gtevdgj5ddm2bon40h3sgrlo2mlrr2

GET
H2 404 current
prebid-match.dotomi.com/prebid/match/bounce/ 0
0 96ms
64ms Image
text/html 2a02:fa8:8806:13::1370
VCLK-EU-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-match.dotomi.com/prebid/match/bounce/current?rurl=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dconversant%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26networkId%3D72582%26version%3D1%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012002141856310/ 20 KB
8 KB 34ms
6ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002141856310/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020022401.js?21065618

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b449cc316af17efa8352b185ba13ea36eca7b1c23037ecd05f14587c264e55b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3553
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7146
x-xss-protection: 0
server: sffe
date: Mon, 02 Mar 2020 14:01:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b84407683e78f245"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Mar 2021 14:01:17 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012002141856310/ Frame 9B87 202 KB
55 KB 34ms
7ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002141856310/amp4ads-v0.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002281148/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7cfeb2796d608a88410160f76bdd0456b3fcf362859589f7eb300b3a069635c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 11398
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 56116
x-xss-protection: 0
server: sffe
date: Mon, 02 Mar 2020 11:50:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c310832256213cf1"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Mar 2021 11:50:32 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012002141856310/v0/ Frame 9B87 16 KB
6 KB 45ms
19ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002141856310/v0/amp-ad-exit-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002281148/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd606c728926a263166056197042ce45cc41b5440fa22ca24974b8da1e69b7d7

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 27375
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5731
x-xss-protection: 0
server: sffe
date: Mon, 02 Mar 2020 07:24:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3c28451551a1eabd"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Mar 2021 07:24:15 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012002141856310/v0/ Frame 9B87 92 KB
28 KB 44ms
18ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002141856310/v0/amp-analytics-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002281148/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb898cdafe2cf6e08984c5375be09414655e63de26bfd2718d817710530722b2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 11381
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 28124
x-xss-protection: 0
server: sffe
date: Mon, 02 Mar 2020 11:50:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "750e538d33767fef"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Mar 2021 11:50:49 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012002141856310/v0/ Frame 9B87 3 KB
1 KB 44ms
17ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002141856310/v0/amp-fit-text-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002281148/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8dae82c0959e2310509fc13b3bbaf6dd840239a2ef42a08375972c878034d92e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 27388
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1402
x-xss-protection: 0
server: sffe
date: Mon, 02 Mar 2020 07:24:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aa9f121905c9d577"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Mar 2021 07:24:02 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012002141856310/v0/ Frame 9B87 46 KB
15 KB 43ms
17ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002141856310/v0/amp-form-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002281148/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf2925f057f8266b2d5d84d2dd756c81940f3eef3224d507e4ef677e7181449f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 27410
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14831
x-xss-protection: 0
server: sffe
date: Mon, 02 Mar 2020 07:23:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "dc5fe1b94f9b2335"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Mar 2021 07:23:40 GMT

GET
DATA 200
OK truncated
/ Frame 9B87 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4b1b4a16d7d9829f5b5ae8c106d6f9186ea322c869b02c1544975f52aa83ed18

Request headers

Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 16037968198751348379
tpc.googlesyndication.com/daca_images/simgad/ Frame 9B87 16 KB
16 KB 8ms
7ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/16037968198751348379

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ed65055d1f326e243da3e5a45df29b66155f0447596d963f4dfd608c796fd95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 28 Feb 2020 16:02:16 GMT
x-content-type-options: nosniff
age: 255494
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 16148
x-xss-protection: 0
last-modified: Fri, 28 Feb 2020 01:22:28 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Feb 2021 16:02:16 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9B87 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 02 Mar 2020 11:08:58 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 13892
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Tue, 03 Mar 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9B87 295 B
521 B 7ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: notepad.pw
URL: https://notepad.pw/aq023d9a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 02 Mar 2020 12:55:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 7509
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 03 Mar 2020 12:55:21 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9B87 0
0 44ms
43ms Image
text/html 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cg8q0jh9dXu-ZI4ubgAf3iobwDr7u19Bb6vr1gbsLsJAfEAEg2tfFOWC56L6A1AGgAfeio_wCyAEC4AIAqAMByAMIqgTHAU_QQYt2QCGlD5pkrE7lAYWHGC9Qn9MiGbFL4kZqvrKAQDxTtiRAkbKjSNuB3ebJ_bi9yRTeyT8mQw1tiwdQMyYnlrrA9Etw1cBzLK3aa2r8N-s6wf9JFiOysstSfyUfQVkn2eI-B8dyxnD6UTAtGsPcrkHyhzN2UaZJFTOHZwfv-TnVbC_jr741684FtY1IaJime_TVNZ4tux8WrWDVmoQIKb9-w6gjkHtbm-5yslVZe9ykZg02sBdQ9_xSzYwyUmAwRM_LpMnABJn5l-2WAuAEAZIFBAgEGAGSBQQIBRgEoAYCgAfx3NyDAagHjs4bqAfVyRuoB5PYG6gHugaoB_LZG6gHpr4bqAfs1RvYBwHyBwQQ_c0G0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0zMTQ1OTg0NjgxNTA3Mzk5gAoDyAsB2BMC&sigh=2edm4Wi7Yrs&tpd=AGWhJmuM0Z5O6AbHwtbSvINtvqRwGlVT--lSo_zSIGqxwXXj-Q
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s07-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H/1.1

200
OK

setuid
prebid.pub.network/
Redirect Chain

https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dpulsepoint%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%25%25VGUID%25%25
https://prebid.pub.network/setuid?bidder=pulsepoint&gdpr=0&gdpr_consent=&us_privacy=&uid=6o7nQzMIHpi2&ev=1&pid=561205

0
630 B

139ms
139ms

Image
text/plain

35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.pub.network/setuid?bidder=pulsepoint&gdpr=0&gdpr_consent=&us_privacy=&uid=6o7nQzMIHpi2&ev=1&pid=561205
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
content-length: 0
Expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
location: https://prebid.pub.network/setuid?bidder=pulsepoint&gdpr=0&gdpr_consent=&us_privacy=&uid=6o7nQzMIHpi2&ev=1&pid=561205
content-language: en-US
status: 302
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-6c55bfb4dd-q6kd2
expires: -1

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 9B87
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
38ms

Image
text/html

2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Mon, 02 Mar 2020 15:00:30 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ 0
239 B 112ms
30ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=prebid&gdpr=0&gdpr_consent=&us_privacy=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: image/gif
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET
H/1.1 200
OK user-sync
sync.adkernel.com/ 0
109 B 75ms
24ms Image
text/plain 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adkernel.com/user-sync?zone=77327&t=image&r=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fuid%3D%24%7BUID%7D%26bidder%3Doftmedia%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , Netherlands, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Mon, 02 Mar 2020 15:00:31 GMT
Server: nginx
Connection: close
Content-Length: 0

GET
H/1.1

200
OK

setuid
prebid.pub.network/
Redirect Chain

https://nep.advangelists.com/xp/user-sync?acctid={aid}&&redirect=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dadvangelists%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
https://prebid.pub.network/setuid?bidder=advangelists&gdpr=0&gdpr_consent=&us_privacy=&uid=$UID

0
718 B

126ms
125ms

Image
text/plain

35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.pub.network/setuid?bidder=advangelists&gdpr=0&gdpr_consent=&us_privacy=&uid=$UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
content-length: 0
Expires: 0

Redirect headers

status: 302
date: Mon, 02 Mar 2020 15:00:31 GMT
server: Apache-Coyote/1.1
content-length: 0
location: https://prebid.pub.network/setuid?bidder=advangelists&gdpr=0&gdpr_consent=&us_privacy=&uid=$UID

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
330 B 118ms
117ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: notepad.pw
URL: https://notepad.pw/aq023d9a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 424e820b5432f9a3229ef1ca2a61fa214bdb825861c9946cbf0b08bcc2d304fe

Request headers

Referer: https://notepad.pw/aq023d9a
Origin: https://notepad.pw
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://notepad.pw
Date: Mon, 02 Mar 2020 15:00:31 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H/1.1 200
OK user-sync
sync.adkernel.com/ 0
109 B 97ms
22ms Image
text/plain 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adkernel.com/user-sync?zone=77327&t=image&r=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fuid%3D%24%7BUID%7D%26bidder%3Doftmedia%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , Netherlands, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Mon, 02 Mar 2020 15:00:31 GMT
Server: nginx
Connection: close
Content-Length: 0

GET
H/1.1 200
OK user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 9B93 0
0 62ms
21ms Document
text/html 95.100.196.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.250 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-196-250.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://notepad.pw/aq023d9a
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://notepad.pw/aq023d9a

Response headers

Last-Modified: Tue, 04 Feb 2020 05:13:12 GMT
ETag: "1300708-299f-59db918ad9c93"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 3884
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=70347
Expires: Tue, 03 Mar 2020 10:32:58 GMT
Date: Mon, 02 Mar 2020 15:00:31 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 match
e.serverbid.com/udb/9969/ 0
91 B 338ms
139ms Image
text/plain 165.227.252.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/match?gdpr=0&euconsent=&us_privacy=&redir=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dconsumable%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 165.227.252.242 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
date: Mon, 02 Mar 2020 15:00:32 GMT
access-control-allow-credentials: true
content-length: 0
vary: Origin

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 9B87 42 B
112 B 16ms
15ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstLfPaczAPvzyKzcOqTEu-8w8_W2-DD0c5OtXiEpJKHPleox17wEVuJ_JSsXkLjX1AgW2dL3W_wkxUbdScJYaqJlc85BLdz3Kem-Zi_8rat7-Ar-omhgvjZgP66YQ&sai=AMfl-YSmi1WImG6NtTq4LLTCJt8wFdNhy7ZSPctsWmseg9xcrojsrS6IdqF-cNJnlr_GaR-NVHkkNNfF0urFL-hhINNh1dgXdqOPRIrdc-tA&sig=Cg0ArKJSzHYOUUh4GAqQEAE&id=ampim&o=315,5&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=109&tls=1109&g=100&h=100&tt=1109&r=v&adk=338981424&avms=ampa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Mon, 02 Mar 2020 15:00:32 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
prebid.pub.network/
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fprebid.pub.network%252Fsetuid%253Fbidder%253Dadnxs%2526gdpr%253D0%2526gdpr_consent%253D%2526us_privacy%253D%2526uid%253D%2524UID
https://prebid.pub.network/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&us_privacy=&uid=6441584700105946316

0
406 B

123ms
122ms

Image
text/plain

35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.pub.network/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&us_privacy=&uid=6441584700105946316
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
content-length: 0
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 02 Mar 2020 15:00:34 GMT
AN-X-Request-Uuid: cf53de09-a0ae-4526-ab57-8d492b898be9
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
Location: https://prebid.pub.network/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&us_privacy=&uid=6441584700105946316
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 318.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.52:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

setuid
prebid.pub.network/
Redirect Chain

https://cs.emxdgt.com/um?ssp=pbs&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Demx_digital%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Demx_digital%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D...
https://cs.emxdgt.com/umcheck?apnxid=6441584700105946316&redirect=https://prebid.pub.network/setuid?bidder=emx_digital&gdpr=0&gdpr_consent=&us_privacy=&uid=$EMXUID
https://prebid.pub.network/setuid?bidder=emx_digital&uid=6441584700105946316brt44261583161232571212f1

56 B
56 B

122ms
122ms

Image
text/plain

35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.pub.network/setuid?bidder=emx_digital&uid=6441584700105946316brt44261583161232571212f1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
content-encoding: gzip
Cache-Control: no-cache, no-store, must-revalidate
content-length: 79
Expires: 0

Redirect headers

status: 302
date: Mon, 02 Mar 2020 15:00:32 GMT
content-length: 0
location: https://prebid.pub.network/setuid?bidder=emx_digital&uid=6441584700105946316brt44261583161232571212f1
content-type: text/html

GET
H/1.1

200
OK

setuid
prebid.pub.network/
Redirect Chain

https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dsynacormedia%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%5BUSER_ID%5D
https://prebid.pub.network/setuid?bidder=synacormedia&gdpr=0&gdpr_consent=&us_privacy=&uid=GDPR

0
494 B

148ms
147ms

Image
text/plain

35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.pub.network/setuid?bidder=synacormedia&gdpr=0&gdpr_consent=&us_privacy=&uid=GDPR
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
content-length: 0
Expires: 0

Redirect headers

Access-Control-Allow-Origin: https://notepad.pw/aq023d9a
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Location: https://prebid.pub.network/setuid?bidder=synacormedia&gdpr=0&gdpr_consent=&us_privacy=&uid=GDPR
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: text/plain

GET
H/1.1

200
OK

setuid
prebid.pub.network/
Redirect Chain

https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Drhythmone%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%5BRX_...
https://prebid.pub.network/setuid?bidder=rhythmone&gdpr=0&gdpr_consent=&us_privacy=&uid=OPTOUT

0
582 B

123ms
123ms

Image
text/plain

35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.pub.network/setuid?bidder=rhythmone&gdpr=0&gdpr_consent=&us_privacy=&uid=OPTOUT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
content-length: 0
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 02 Mar 2020 15:00:33 GMT
Server: nginx
ETag: OPTOUT
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://prebid.pub.network/setuid?bidder=rhythmone&gdpr=0&gdpr_consent=&us_privacy=&uid=OPTOUT
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2 200 appnexuspbs
pr-bh.ybp.yahoo.com/sync/ 43 B
768 B 131ms
43ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/appnexuspbs?gdpr=0&euconsent=&us_privacy=&url=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dbrightroll%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 02 Mar 2020 15:00:33 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
x-content-type-options: nosniff
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cookie
cm.adform.net/ 43 B
106 B 95ms
31ms Image
image/gif 37.157.4.23
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
date: Mon, 02 Mar 2020 15:00:33 GMT
server: nginx
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

setuid
prebid.pub.network/
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D
https://ssum-sec.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&C=1
https://prebid.pub.network/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=&uid=Xl0fkblQJZQAABUVBMIAAADT%26715

0
690 B

122ms
122ms

Image
text/plain

35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.pub.network/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=&uid=Xl0fkblQJZQAABUVBMIAAADT%26715
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
content-length: 0
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 02 Mar 2020 15:00:33 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://prebid.pub.network/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=&uid=Xl0fkblQJZQAABUVBMIAAADT%26715
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 311
Expires: Mon, 02 Mar 2020 15:00:33 GMT

GET
H2

200

/
ads.us.e-planning.net/uspd/1/ Frame 4048
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fads.us.e-planning.net%2Fgetuid%2F1%2F5a1ad71d2d53a0f5%3Fhttps%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D0%26gdpr_conse...
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fads.us.e-planning.net%2Fgetuid%2F1%2F5a1ad71d2d53a0f5%3Fhttps%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D0%26gdpr_...

0
0

22ms
21ms

Document
text/html

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fads.us.e-planning.net%2Fgetuid%2F1%2F5a1ad71d2d53a0f5%3Fhttps%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 5.178.65.245 Renswoude, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash

Request headers

:method: GET
:authority: ads.us.e-planning.net
:scheme: https
:path: /uspd/1/?ct=1&du=https%3A%2F%2Fads.us.e-planning.net%2Fgetuid%2F1%2F5a1ad71d2d53a0f5%3Fhttps%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://notepad.pw/aq023d9a
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: CT=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://notepad.pw/aq023d9a

Response headers

status: 200
server: openresty
date: Mon, 02 Mar 2020 15:00:34 GMT
content-type: text/html
content-length: 849
cache-control: max-age=0, no-cache
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
set-cookie: E=M154b821c0cf05e31; path=/; domain=e-planning.net; expires=Mon, 01-Mar-2027 15:00:34 GMT; SameSite=None; Secure
expires: Mon, 02 Mar 2020 15:00:34 GMT
x-sid: AMS-607

Redirect headers

status: 302
server: openresty
date: Mon, 02 Mar 2020 15:00:34 GMT
content-type: text/html; charset=iso-8859-1
set-cookie: CT=1; path=/; SameSite=None; Secure
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /uspd/1/?ct=1&du=https%3A%2F%2Fads.us.e-planning.net%2Fgetuid%2F1%2F5a1ad71d2d53a0f5%3Fhttps%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
x-sid: AMS-607

GET
H/1.1 200
OK syncr
tag.adkernel.com/ 42 B
233 B 101ms
23ms Image
image/gif 77.245.57.81
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tag.adkernel.com/syncr?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3DadkernelAdn%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.81 , Netherlands, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Mon, 02 Mar 2020 15:00:35 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H/1.1

200
OK

setuid
prebid.pub.network/
Redirect Chain

https://sync.adtelligent.com/csync?t=p&ep=0&redir=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dadtelligent%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%7Buid%7D
https://prebid.pub.network/setuid?bidder=adtelligent&gdpr=0&gdpr_consent=&us_privacy=&uid=34b3f8103f88d08d

0
894 B

124ms
123ms

Image
text/plain

35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.pub.network/setuid?bidder=adtelligent&gdpr=0&gdpr_consent=&us_privacy=&uid=34b3f8103f88d08d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/aq023d9a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
content-length: 0
Expires: 0

Redirect headers

Location: https://prebid.pub.network/setuid?bidder=adtelligent&gdpr=0&gdpr_consent=&us_privacy=&uid=34b3f8103f88d08d
Date: Mon, 02 Mar 2020 15:00:34 GMT
Server: VertaMedia 1.0
Content-Length: 43
Content-Type: image/gif

GET sync_s2s
sync.bfmio.com/ Frame AF3E 0
0

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 9F07 0
0 61ms
19ms Document
text/html 95.100.196.237
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.237 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-196-237.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://notepad.pw/aq023d9a
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://notepad.pw/aq023d9a

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: "573e714d-3e3"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Tue, 02 Mar 2021 15:00:36 GMT
Date: Mon, 02 Mar 2020 15:00:36 GMT
Connection: keep-alive

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 1C63 0
0 122ms
121ms Document
text/html 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://notepad.pw/aq023d9a
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://notepad.pw/aq023d9a

Response headers

status: 200
date: Mon, 02 Mar 2020 15:00:36 GMT
content-type: text/html
set-cookie: __cfduid=d49f4db2831f5ce5332eaefb8776cbc2a1583161236; expires=Wed, 01-Apr-20 15:00:36 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
cf-ray: 56dbfd006c287293-AMS
cache-control: s-maxage=1209600, max-age=14400
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame AB41 0
0 76ms
24ms Document
text/html 23.37.55.184
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=0&gdpr_consent=
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-55-184.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://notepad.pw/aq023d9a
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://notepad.pw/aq023d9a

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 12 Feb 2020 18:47:41 GMT
Content-Encoding: gzip
Content-Length: 7693
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=42987
Expires: Tue, 03 Mar 2020 02:57:03 GMT
Date: Mon, 02 Mar 2020 15:00:36 GMT
Connection: keep-alive
Vary: Accept-Encoding

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.bfmio.com
URL: https://sync.bfmio.com/sync_s2s?gdpr=0&url=https%3A%2F%2Fprebid.pub.network%2Fsetuid%3Fbidder%3Dbeachfront%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%5Bio_cid%5D

Verdicts & Comments Add Verdict or Comment

101 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
notepad.pw/	1969-12-31 23:59:59	Name: fsbotchecked Value: true
.notepad.pw/	1970-01-19 07:46:01	Name: _gat_gtag_UA_153530698_1 Value: 1
notepad.pw/	1970-01-19 07:46:03	Name: fssts Value: false
.notepad.pw/	1970-01-19 07:47:27	Name: _gid Value: GA1.2.83141208.1583161229
.notepad.pw/	1970-01-20 01:17:13	Name: _ga Value: GA1.2.262300852.1583161229
notepad.pw/	1970-01-19 08:00:25	Name: typography Value: %7B%22sp_class%22%3A%22not-active%22%7D
.notepad.pw/	1970-01-19 08:29:13	Name: __cfduid Value: d28200e8e2ac2aac50ef6c8629017ce241583161229
notepad.pw/	1969-12-31 23:59:59	Name: adOtr Value: f047181f252
notepad.pw/	1970-01-23 06:41:45	Name: UTGv2 Value: h47b622b4ab2917822abc80363b80f554c83
notepad.pw/	1969-12-31 23:59:59	Name: PRLST Value: JJ
notepad.pw/	1969-12-31 23:59:59	Name: SPSI Value: 1410f728f2569dd48e62c913a72e3c6e
notepad.pw/	1970-01-19 07:46:08	Name: pad_cookie Value: 07f73c3aef3d7de69548ec4e5d28231099124efd
notepad.pw/	1970-01-19 07:46:03	Name: _fssid Value: 70792e31-746f-4ae7-b7a6-b8cc17433b3a
notepad.pw/	1970-01-19 07:46:01	Name: sp_lit Value: n6on+IZGFTpdIDrT1IwtQw==
notepad.pw/	1970-01-19 07:46:08	Name: spcsrf Value: ec9ac33a2a3f618a26ec933795984f42

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012002141856310/amp4ads-v0.js(Line 412) Message: Powered by AMP ⚡ HTML – Version 2002141856310 https://notepad.pw/aq023d9a

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
acdn.adnxs.com
ads.pubmatic.com
ads.us.e-planning.net
adservice.google.com
adservice.google.de
ap.lijit.com
bh.contextweb.com
btlr.sharethrough.com
c.pub.network
cdn.ampproject.org
cdn.districtm.io
cdnjs.cloudflare.com
cm.adform.net
confiant-integrations.global.ssl.fastly.net
cs.emxdgt.com
d.pub.network
dmx.districtm.io
e.serverbid.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
googleads.g.doubleclick.net
ib.adnxs.com
live.notepad.pw
nep.advangelists.com
notepad.pw
pagead2.googlesyndication.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid-match.dotomi.com
prebid.pub.network
rtb.openx.net
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
sync.1rx.io
sync.adkernel.com
sync.adtelligent.com
sync.bfmio.com
sync.technoratimedia.com
tag.adkernel.com
tpc.googlesyndication.com
wpcc.io
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
sync.bfmio.com
104.16.68.69
151.101.13.194
151.139.128.10
165.227.252.242
18.195.155.181
185.33.223.202
192.198.80.134
213.19.147.150
216.52.2.48
216.58.210.2
23.37.55.184
2606:4700:20::681a:18b
2606:4700:3036::681f:5d8d
2606:4700::6811:4004
2a00:1288:110:c305::8000
2a00:1450:4001:809::2002
2a00:1450:4001:815::200a
2a00:1450:4001:816::2002
2a00:1450:4001:818::2001
2a00:1450:4001:81b::2008
2a00:1450:4001:81c::2003
2a00:1450:4001:81f::2004
2a00:1450:4001:820::2001
2a00:1450:4001:821::200e
2a02:fa8:8806:13::1370
34.231.146.215
34.247.95.233
35.158.189.107
35.188.71.214
35.226.134.247
35.226.36.58
35.241.44.144
37.157.4.23
5.178.65.245
54.156.230.45
62.149.0.72
69.173.144.143
69.173.144.165
74.214.194.140
77.245.57.72
77.245.57.81
95.100.196.237
95.100.196.250
95.100.197.53
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0676a04208e2b2b5a03f5c8f5b70e2217e4c25b05e60f4f6a0ce83ad198104fe
0689462225545e95bbc450363e2265295ae60059b60d3d316fea468141649a11
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
0ed65055d1f326e243da3e5a45df29b66155f0447596d963f4dfd608c796fd95
119351ced3134718cb42591e513ff063cf04af7c2734b137c666ee62e137e15d
17b981c757227d07469857a6da03f5cb2cb27db6c63d531985aa0d6587aeabde
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b60310189012686567c541c72a40acf74adb416bdc524008822d6c7c73ccd97
2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9
2fb001ae127e9a962c95e49ed2b89df03a0e41664a900019f454affd342296a5
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
424e820b5432f9a3229ef1ca2a61fa214bdb825861c9946cbf0b08bcc2d304fe
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b1b4a16d7d9829f5b5ae8c106d6f9186ea322c869b02c1544975f52aa83ed18
4b449cc316af17efa8352b185ba13ea36eca7b1c23037ecd05f14587c264e55b
538d1637b548ace550f3efcc95c664d3ef85c96c03dc4d589998f5f541c9506d
55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af
560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda
6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34
6358c6ea8da1fcf2fc88c991a803c1a5f63b13247d7c546f1e3365ce17ec484d
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bbf91366f4c7b4f90e73dc77727a2d00ababfb89333146ead30089640e00ae6
6d941ee14efe29bc4859114b4d6c93bd58d9843249a4e9d7603d6f80edb4eadf
706bd2882be2113a27ad0d19e95aec1f077fe5f91f7426296736fe146e4644f1
7870dceaf72f9d91b2790eadc462ec110e11be8f265d9394e6f7430d11d05cfb
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
816709e9295a4116a9f1648dcdca148a141e0ee263887b39f474a923380e4310
8518c3f3cc267355eba775b3f046918ab3c125a9c4ebaea048aa52c5599d354f
888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17
8bfc61f56cf987bfbf5e1c86e6746d24c7dcd6ad98806dfca9d63c6110810582
8dae82c0959e2310509fc13b3bbaf6dd840239a2ef42a08375972c878034d92e
9ace35233a5b8aae3deeca18a415b80fd103e6d0b9b43deeea54409df579d0a4
a33627f05b693f21a5cb015aab2ace39b1e483a9513851135906869ab953b70c
a3ea72428851c6e61f68b5545971a46834c9512f4f0236ada5de64b4e32e0a7f
a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474
b1040b4870a9503a2b7e81f781ed65e43f668bab13ee4ac0199a040d75d3728c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4c129b38552489649d122ad023da5a289ba66979726de929900f4aad1ef6ed9
bf6bc772f4b16474e15709d4b5ea5c507b382f3b24135b30e201f32cb1d05b41
c8f4d44cc3daf6df48787a3fb5a797a70724d5a1002b18024b1d751f02a43762
c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e
cd606c728926a263166056197042ce45cc41b5440fa22ca24974b8da1e69b7d7
cf2925f057f8266b2d5d84d2dd756c81940f3eef3224d507e4ef677e7181449f
d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b
d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1
db48a5953ec26fd07c7ee3e2bf3d6c5727e004a5c539d7b6a1697058a3d9be98
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478
e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
eb898cdafe2cf6e08984c5375be09414655e63de26bfd2718d817710530722b2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efed1475694b2070102cdd80f0fa7d32563970b19a0863129b15d703a847115e
f0d7c4c6f54c21b798318174d51477fd6d1847869b2c86a7ca31f038d1d4b291
f4c25b5cb4bd68df85d9f90cc27b3adea0dbfb65a4d253123560570a1e347f30
f6e206730b9cfa13f568754d8c0985b03f8a7b55265eb88b3c0f8c80cd445e19
f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375
f7cfeb2796d608a88410160f76bdd0456b3fcf362859589f7eb300b3a069635c
fac89a31cbde66bf63968f7fc0d051e6e1d38add0af7f8c2b5d42c09a264e540

notepad.pw Open in urlscan Pro 151.139.128.10 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

92 Requests

99 %HTTPS

32 %IPv6

37 Domains

49 Subdomains

35 IPs

9 Countries

990 kBTransfer

2599 kBSize

15 Cookies

6 Outgoing links

Page URL History

Redirected requests

92 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

notepad.pw Open in urlscan Pro
151.139.128.10 Public Scan

Screenshot
Live screenshot

Full Image

92
Requests

99 %
HTTPS

32 %
IPv6

37
Domains

49
Subdomains

35
IPs

9
Countries

990 kB
Transfer

2599 kB
Size

15
Cookies

92 HTTP transactions
1 data transactions