notepad.pw Open in urlscan Pro
151.139.128.11 Public Scan

URL:
http://notepad.pw/dp143
Submission: On December 04 via manual (December 4th 2020, 9:37:44 am UTC) from GB

Summary HTTP 96 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 35 IPs in 5 countries across 25 domains to perform 96 HTTP transactions. The main IP is 151.139.128.11, located in Dallas, United States and belongs to HIGHWINDS3, US. The main domain is notepad.pw.

This is the only time notepad.pw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	68.183.157.211 68.183.157.211	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
6	2606:4700:20:... 2606:4700:20::681a:8b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE)
1	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE)
4	2606:4700:303... 2606:4700:3031::681b:8043	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
4	172.217.18.162 172.217.18.162	15169 (GOOGLE) (GOOGLE)
4	185.33.221.91 185.33.221.91	29990 (ASN-APPNEX) (ASN-APPNEX)
2	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT)
3	18.185.195.81 18.185.195.81	16509 (AMAZON-02) (AMAZON-02)
2	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	104.111.215.135 104.111.215.135	16625 (AKAMAI-AS) (AKAMAI-AS)
4	3.126.224.165 3.126.224.165	16509 (AMAZON-02) (AMAZON-02)
1 3	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
1	2.16.186.80 2.16.186.80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2600:9000:219... 2600:9000:2190:7e00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	95.101.55.60 95.101.55.60	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:816::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:81a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81f::2002	15169 (GOOGLE) (GOOGLE)
2	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2	151.101.13.108 151.101.13.108	54113 (FASTLY) (FASTLY)
2	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
1	184.24.15.122 184.24.15.122	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	3.124.165.65 3.124.165.65	16509 (AMAZON-02) (AMAZON-02)
2 2	18.185.197.81 18.185.197.81	16509 (AMAZON-02) (AMAZON-02)
96	35

9 151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

notepad.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.183.157.211 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: server1.wpcc.io

wpcc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:8b (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.188.71.214 (United States)

ASN15169 (GOOGLE, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3031::681b:8043 (United States)

ASN13335 (CLOUDFLARENET, US)

live.notepad.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.18.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s29-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.221.91 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.185.195.81 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-195-81.eu-central-1.compute.amazonaws.com

grid.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.135 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-135.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.224.165 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:51e4:db4b:4436:b305 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.80 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-186-80.deploy.static.akamaitechnologies.com

b.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2190:7e00:6:44e3:f8c0:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.101.55.60 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-55-60.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

b6d84cb1ad1d06e93817394273cfc909.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:816::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.226.36.58 (United States)

ASN15169 (GOOGLE, US)
PTR: 58.36.226.35.bc.googleusercontent.com

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.180 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.24.15.122 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-15-122.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.124.165.65 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-165-65.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.197.81 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-197-81.eu-central-1.compute.amazonaws.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	googlesyndication.com b6d84cb1ad1d06e93817394273cfc909.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	77 KB
13	notepad.pw notepad.pw live.notepad.pw	59 KB
9	pub.network a.pub.network d.pub.network c.pub.network	306 KB
9	cloudflare.com cdnjs.cloudflare.com	204 KB
6	bidswitch.net 3 redirects grid.bidswitch.net x.bidswitch.net	2 KB
6	adnxs.com ib.adnxs.com acdn.adnxs.com	5 KB
5	ampproject.org cdn.ampproject.org	97 KB
5	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net	125 KB
4	sharethrough.com btlr.sharethrough.com	437 B
4	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	13 KB
3	google.com 1 redirects adservice.google.com www.google.com	442 B
3	scorecardresearch.com 1 redirects b.scorecardresearch.com sb.scorecardresearch.com	2 KB
3	quantserve.com 1 redirects edge.quantserve.com pixel.quantserve.com	10 KB
3	rubiconproject.com fastlane.rubiconproject.com eus.rubiconproject.com	4 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	indexww.com js-sec.indexww.com
2	quantcount.com 1 redirects rules.quantcount.com	1 KB
2	casalemedia.com htlb.casalemedia.com	738 B
2	googletagservices.com www.googletagservices.com	47 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	gstatic.com fonts.gstatic.com	21 KB
2	wpcc.io wpcc.io	5 KB
1	google.de adservice.google.de	243 B
1	googletagmanager.com www.googletagmanager.com	38 KB
1	googleapis.com fonts.googleapis.com	1 KB
96	25

	Domain	Requested by
9	cdnjs.cloudflare.com	notepad.pw cdnjs.cloudflare.com
9	notepad.pw	notepad.pw
8	tpc.googlesyndication.com	notepad.pw securepubads.g.doubleclick.net tpc.googlesyndication.com cdn.ampproject.org
6	a.pub.network	notepad.pw a.pub.network
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	btlr.sharethrough.com	notepad.pw
4	ib.adnxs.com	notepad.pw
4	securepubads.g.doubleclick.net	www.googletagservices.com notepad.pw
4	live.notepad.pw	notepad.pw
3	x.bidswitch.net	3 redirects
3	pagead2.googlesyndication.com	notepad.pw
3	grid.bidswitch.net	notepad.pw
2	rtb.mfadsrvr.com	2 redirects
2	ads.pubmatic.com	a.pub.network
2	acdn.adnxs.com	a.pub.network
2	js-sec.indexww.com	a.pub.network
2	c.pub.network	notepad.pw
2	www.google.com	1 redirects notepad.pw
2	b6d84cb1ad1d06e93817394273cfc909.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	pixel.quantserve.com	1 redirects
2	sb.scorecardresearch.com	1 redirects
2	rules.quantcount.com	1 redirects
2	htlb.casalemedia.com	notepad.pw
2	hbopenbid.pubmatic.com	notepad.pw
2	fastlane.rubiconproject.com	notepad.pw
2	www.googletagservices.com	a.pub.network securepubads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com notepad.pw
2	fonts.gstatic.com	fonts.googleapis.com
2	wpcc.io	notepad.pw
1	eus.rubiconproject.com	a.pub.network
1	googleads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	b.scorecardresearch.com	a.pub.network
1	edge.quantserve.com	a.pub.network
1	d.pub.network	notepad.pw
1	www.googletagmanager.com	notepad.pw
1	fonts.googleapis.com	notepad.pw
96	38

This site contains links to these domains. Also see Links.

Domain
www.internetcookies.org
freestar.com
notepad-static.s3.amazonaws.com
about.notepad.pw
www.facebook.com
twitter.com
reddit.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
notepad.pw Sectigo ECC Domain Validation Secure Server CA	`2020-11-15` - `2021-02-13`	3 months	crt.sh
wpcc.io Sectigo RSA Domain Validation Secure Server CA	`2020-06-22` - `2021-06-22`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2020-03-17` - `2021-05-16`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
grid.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-10-15` - `2021-10-23`	a year	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.sharethrough.com Amazon	`2020-09-09` - `2021-10-11`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-29` - `2021-04-14`	5 months	crt.sh

This page contains 12 frames:

Primary Page: http://notepad.pw/dp143
Frame ID: F436A4D1D8CF26527EB878E59BFACF32
Requests: 70 HTTP requests in this frame

Frame: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=zr
Frame ID: A7233E8D9645D8730B0579876E330CEE
Requests: 3 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs
Frame ID: CF91B83426F8F2A40095AE5256E33FCD
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 23E00A1F5E4A960E8E52E1ED37C0B3A1
Requests: 1 HTTP requests in this frame

Frame: https://b6d84cb1ad1d06e93817394273cfc909.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: DA457D25E1F3D20C22191D23516C3183
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: CDC106C2B93ACE06B23CF7590789D92A
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 5CF7679D118A80171F747B5AFE30F6F4
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: FB09CB7BF114277F7E921176180EEC8B
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 4F000F1E53CFC0FA69E0C12B6877687D
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 5B3A98C67B46976D2703120B985A8CCD
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 7E9EAC605BA98F10C61741CDE658D761
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: F68315050DF7204F70F12912CE0C2B49
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Fireblade (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /fbs/i

Page Statistics

96
Requests

84 %
HTTPS

47 %
IPv6

25
Domains

38
Subdomains

35
IPs

5
Countries

1035 kB
Transfer

2907 kB
Size

10
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.internetcookies.org/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://freestar.com/?utm_medium=display
Title:

Search URL Search Domain Scan URL

URL: https://notepad-static.s3.amazonaws.com/Notepad.pw+Terms+of+Use.pdf
Title: Terms

Search URL Search Domain Scan URL

URL: https://about.notepad.pw/
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://notepad.pw/share/ijxgiqj3d

Search URL Search Domain Scan URL

URL: http://twitter.com/share?text=notepad.pw&url=https://notepad.pw/share/ijxgiqj3d

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://notepad.pw/share/ijxgiqj3d&title=notepad.pw

Search URL Search Domain Scan URL

URL: https://freestar.com/?utm_medium=stickyFooter
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

http://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css

Request Chain 3

http://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Request Chain 5

http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Request Chain 6

http://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js

Request Chain 7

http://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js

Request Chain 8

http://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js

Request Chain 10

http://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js

Request Chain 11

http://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js

Request Chain 12

http://wpcc.io/lib/1.0.2/cookieconsent.min.css HTTP 307
https://wpcc.io/lib/1.0.2/cookieconsent.min.css

Request Chain 13

http://wpcc.io/lib/1.0.2/cookieconsent.min.js HTTP 307
https://wpcc.io/lib/1.0.2/cookieconsent.min.js

Request Chain 47

http://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js HTTP 301
https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js

Request Chain 48

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1607074650246&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20dp143%20%7C%20The%20napkin%20of%20the%20internet.&c7=http%3A%2F%2Fnotepad.pw%2Fdp143&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1607074650246&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20dp143%20%7C%20The%20napkin%20of%20the%20internet.&c7=http%3A%2F%2Fnotepad.pw%2Fdp143&c9=&cs_ak_ss=1

Request Chain 57

http://pixel.quantserve.com/pixel;r=992772152;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.cloud%20notepad%2Ckeywords.write%2Ckeywords.note%2Ckeywords.writing%2Ckeywords.publish%2Ckeywords.webpage%2Ckeywords.markdown%2Ctitle.notepad.pw;rf=0;uht=2;a=p-UeXruRVtZz7w6;url=http%3A%2F%2Fnotepad.pw%2Fdp143;fpan=1;fpa=P0-1946452833-1607074650323;ns=0;ce=1;qjs=1;qv=3364aec3-20201006003021;cm=;gdpr=0;ref=;d=notepad.pw;je=0;sr=1600x1200x24;dst=1;et=1607074650323;tzo=-60;ogl=type.website%2Ctitle.notepad%252Epw%2Cdescription.Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!%2Curl.https%3A%2F%2Fnotepad%252Epw%2Cimage.https%3A%2F%2Fnotepad%252Epw%2Fog-icon%252Epng HTTP 301
https://pixel.quantserve.com/pixel;r=992772152;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.cloud%20notepad%2Ckeywords.write%2Ckeywords.note%2Ckeywords.writing%2Ckeywords.publish%2Ckeywords.webpage%2Ckeywords.markdown%2Ctitle.notepad.pw;rf=0;uht=2;a=p-UeXruRVtZz7w6;url=http%3A%2F%2Fnotepad.pw%2Fdp143;fpan=1;fpa=P0-1946452833-1607074650323;ns=0;ce=1;qjs=1;qv=3364aec3-20201006003021;cm=;gdpr=0;ref=;d=notepad.pw;je=0;sr=1600x1200x24;dst=1;et=1607074650323;tzo=-60;ogl=type.website%2Ctitle.notepad%252Epw%2Cdescription.Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!%2Curl.https%3A%2F%2Fnotepad%252Epw%2Cimage.https%3A%2F%2Fnotepad%252Epw%2Fog-icon%252Epng

Request Chain 77

http://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 96

https://x.bidswitch.net/sync?ssp=themediagrid HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid HTTP 302
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=themediagrid&bsw_user_id=e7ed248e-be34-4bb1-be4b-4eed8f24bf15 HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=themediagrid&bsw_user_id=e7ed248e-be34-4bb1-be4b-4eed8f24bf15 HTTP 302
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=49558d0b-c31c-4066-9c62-83db7352fd3a&ssp=themediagrid HTTP 302
https://grid.bidswitch.net/getuids?bsw_uid=e7ed248e-be34-4bb1-be4b-4eed8f24bf15&ssp_custom_data=

96 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set dp143 Show response
notepad.pw/ 30 KB
14 KB 253ms
241ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 9cd8afa5843047824bb087338b268a657f5d01548ea3f672167b9e884300a886

Request headers

Host: notepad.pw
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 04 Dec 2020 09:37:28 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Set-Cookie: SPSI=8f166f7f82e143ebf64a8bd14c75cf01; path=/; HttpOnly; SPSE=vKRFwO9jwBbNkNElXR/O9B2p2+LUZe/TySkRsyQWKDQQnZzdT7kswAvUkFERW1Fg+GK7UZHXCkYzaRTIBD/yZQ==; path=/; HttpOnly; spcsrf=177de59a36002b8ee5e66c779d9ad6d1; path=/; SameSite=Strict; HttpOnly; expires=Fri, 04-Dec-20 11:37:27 GMT adOtr=obsvl; path=/; expires=Thu, 2 Aug 2001 20:47:11 UTC UTGv2=D-h45f9e02bb8db11773fef4b66a9f408abe54; path=/; expires=Sat, 04-Dec-21 09:37:27 GMT pad_cookie=3569a069a42760fed033f4868965daa13ce59d0b; expires=Fri, 04-Dec-2020 11:38:48 GMT; Max-Age=7200; path=/; HttpOnly sp_lit=16+2a3mk8w//xod0yR8oXA==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 04-Dec-20 09:42:28 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: fbs
Access-Control-Allow-Origin: *
X-HW: 1607074647.cds034.pa1.h2,1607074647.cds226.pa1.sc,1607074648.cdn2-wafbe02-cdg1.stackpath.systems.-.wx,1607074648.cds226.pa1.p
Connection: keep-alive

GET
H/1.1 200
OK css
fonts.googleapis.com/ 5 KB
1 KB 21ms
14ms Stylesheet
text/css 2a00:1450:4001:820::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Noto+Sans:400,700

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

HTTP/1.1

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7d623f3bc0dd44a1845c2240b3ac3b15184cd43f7e2c780eb4d49c53fe4d89af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 04 Dec 2020 09:37:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 04 Dec 2020 09:20:11 GMT
Server: ESF
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Transfer-Encoding: chunked
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
X-XSS-Protection: 0
Expires: Fri, 04 Dec 2020 09:37:28 GMT

GET
H/1.1 200
OK global.css
notepad.pw/content/css/ 6 KB
2 KB 203ms
202ms Stylesheet
text/css 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/content/css/global.css?229
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 2b60310189012686567c541c72a40acf74adb416bdc524008822d6c7c73ccd97

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 04 Dec 2020 09:37:28 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2017 03:48:05 GMT
Server: fbs
ETag: "59d1b6f5-1821"
Transfer-Encoding: chunked
X-HW: 1607074648.cds034.pa1.h2,1607074648.cds038.pa1.sc,1607074648.cdn2-wafbe02-cdg1.stackpath.systems.-.wx,1607074648.cds038.pa1.p
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes

GET
H2

200

normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css
https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css

2 KB
1 KB

19ms
18ms

Stylesheet
text/css

2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 162654
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 742
cf-request-id: 06ceb627ee000097901f09d000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:31 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f2b-8a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=V99iZXEwTAg%2BxZj0PHLgAhmBbIG3N1%2FOQzgIhEjoDGncXBdk0rsbsAQHwKWunIFJaaXAeGUW8F326OcuLDfWcH87SpGyq9aI677vqz%2F2slpTjkGPn8u5qQl3SeYyAEKnaw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc48c864fd89790-FRA
expires: Wed, 24 Nov 2021 09:37:28 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css
Non-Authoritative-Reason: HSTS

GET
H2

200

ionicons.min.css
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

50 KB
7 KB

26ms
25ms

Stylesheet
text/css

2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 18990
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 6642
cf-request-id: 06ceb627ee000097902126e000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ea8-c854"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JgLZ7QeHTGNG1TUVi%2B5OGvBQokAafAxzlaTMny1TPbKu9IoFpoJsGFiY7giyGEUgbS2j9yjVvIWHpTEFexBj8SXt0Ll2phZL7ausHU8bZWeN6uuDAfE4WRCBrWR82SUB1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc48c864fda9790-FRA
expires: Wed, 24 Nov 2021 09:37:28 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
Non-Authoritative-Reason: HSTS

GET
H2 200 logo-dark.png
notepad.pw/content/images/ 22 KB
22 KB 361ms
317ms Image
image/png 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notepad.pw/content/images/logo-dark.png
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
last-modified: Thu, 30 Aug 2018 21:59:20 GMT
server: fbs
etag: "5b8868b8-57f4"
x-hw: 1607074648.cds038.pa1.hn,1607074648.cds230.pa1.sc,1607074648.cdn2-wafbe01-cdg1.stackpath.systems.-.wx,1607074648.cds230.pa1.p
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 22516

GET
H2

200

jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

82 KB
27 KB

19ms
19ms

Script
application/javascript

2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 19430
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 26646
cf-request-id: 06ceb6280b000097903992c000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-1499c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FF2PkP6vdsEayzyvOKv6j28nLMhJdSUJKnHdyWT1bLy%2BTQzHlGFN5V146CyrbeaGIZdyiuk7eKsOVgDWWnEP%2BIgwUFcTz68rM2smYeFY%2FQ7BOLatx9yEgK455L%2BA%2F7cQvw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc48c867fec9790-FRA
expires: Wed, 24 Nov 2021 09:37:28 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Non-Authoritative-Reason: HSTS

GET
H2

200

angular.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js

156 KB
49 KB

21ms
20ms

Script
application/javascript

2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 26817
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 49420
cf-request-id: 06ceb6282800009790283e0000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:55 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d27-27130"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=u5vwPg6jA2oyg807%2FINf4pPqQsB%2B%2FloE5e0541elezQkMNBJJbHmOevWGv9EuTuPPhydOaEEa3V6o4axYS83lXiSwrksE9kkuQNwrAyutr4Qblk%2BXfZL7a22TKbboIND6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc48c86a8099790-FRA
expires: Wed, 24 Nov 2021 09:37:28 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js
Non-Authoritative-Reason: HSTS

GET
H2

200

angular-cookies.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js

1 KB
1003 B

16ms
16ms

Script
application/javascript

2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 162664
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 677
cf-request-id: 06ceb62843000097901a846000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:55 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d27-5a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dc%2BA%2FOQZdPKG6oG1gy7u8igKNPwtC1%2FRCUGmNIpkrFEu6mQ0Qa%2BulsbsKrYKknvoXv4TfWlDQet4YH2c40q08lgKbSWk3ScFFr%2Fuu%2FTIyPAjAEqLm7Gl7bVW1BaN3B5NSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc48c86d8299790-FRA
expires: Wed, 24 Nov 2021 09:37:28 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js
Non-Authoritative-Reason: HSTS

GET
H2

200

socket.io.min.js Show response
cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js
https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js

68 KB
19 KB

23ms
23ms

Script
application/javascript

2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 162676
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 19101
cf-request-id: 06ceb62859000097901a002000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd5-10ec3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WPaJXQjtN6H2NzPUG9cBa%2F35DVyrjDCO8Dewdm6vVjMcX%2FI4zZrE1T3yDPgyaIGUevOBjn9D80BI%2BlnZ3XB%2FL2ghZSllkzXeC0tyUauXJMqdpt%2FtOcKchI1EqXTW9bwx%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc48c86e8359790-FRA
expires: Wed, 24 Nov 2021 09:37:28 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK app.min.js Show response
notepad.pw/content/js/ 8 KB
3 KB 227ms
221ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/content/js/app.min.js?366
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 04 Dec 2020 09:37:28 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Aug 2018 22:33:49 GMT
Server: fbs
ETag: "5b8870cd-2089"
Transfer-Encoding: chunked
X-HW: 1607074648.cds009.pa1.h2,1607074648.cds207.pa1.sc,1607074648.cdn2-redis01-cdg1.stackpath.systems.-.wx,1607074648.cds207.pa1.p
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes

GET
H2

200

store.min.js Show response
cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js
https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js

3 KB
1 KB

23ms
23ms

Script
application/javascript

2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 162651
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 994
cf-request-id: 06ceb628bb00009790231e3000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:28 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fdc-a35"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FgXQrBT6FGsmNCsyRkGYPCSm6j81NFe15d9KUlAUx8WbWTqWgzzxE%2FLRi8YfFukbq6sg0R5sehkUuPrikJdgF4K3uP9Ss4IeJHJOllfJ7dcTxzrGiuBtypJAm1lTSZ8SlA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc48c8798a09790-FRA
expires: Wed, 24 Nov 2021 09:37:28 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js
Non-Authoritative-Reason: HSTS

GET
H2

200

clipboard.min.js Show response
cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js
https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js

11 KB
4 KB

11ms
11ms

Script
application/javascript

2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 162674
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 3005
cf-request-id: 06ceb628d70000979034b9a000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:13 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e29-2aa5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ay%2Bd7nA5uWe3VqhqvzrBFnNnHCgVvglx1dzdEz91gSlSQO1Mrr3NOsvXRfFw33rPu082XjQRwydco%2BJC7RODP6RdyzG33J0ivUYH5BsZah%2Bo72Sp0Z%2BmUlH5k6s7nKlgug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc48c87b8ba9790-FRA
expires: Wed, 24 Nov 2021 09:37:28 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js
Non-Authoritative-Reason: HSTS

GET
H2

200

cookieconsent.min.css
wpcc.io/lib/1.0.2/
Redirect Chain

http://wpcc.io/lib/1.0.2/cookieconsent.min.css
https://wpcc.io/lib/1.0.2/cookieconsent.min.css

4 KB
2 KB

277ms
90ms

Stylesheet
text/css

68.183.157.211
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://wpcc.io/lib/1.0.2/cookieconsent.min.css

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.183.157.211 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

server1.wpcc.io

Software

nginx /

Resource Hash

119351ced3134718cb42591e513ff063cf04af7c2734b137c666ee62e137e15d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 05 Apr 2019 15:44:29 GMT
server: nginx
etag: W/"5ca777dd-fbe"
x-frame-options: SAMEORIGIN
content-type: text/css
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, no-cache, public, must-revalidate, proxy-revalidate
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
expires: Sun, 03 Jan 2021 09:37:28 GMT

Redirect headers

Location: https://wpcc.io/lib/1.0.2/cookieconsent.min.css
Non-Authoritative-Reason: HSTS

GET
H2

200

cookieconsent.min.js Show response
wpcc.io/lib/1.0.2/
Redirect Chain

http://wpcc.io/lib/1.0.2/cookieconsent.min.js
https://wpcc.io/lib/1.0.2/cookieconsent.min.js

9 KB
4 KB

278ms
92ms

Script
application/javascript

68.183.157.211
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://wpcc.io/lib/1.0.2/cookieconsent.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.183.157.211 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

server1.wpcc.io

Software

nginx /

Resource Hash

6a168e2ddae4d655f0e9793c98406ed886956b7f54544b88a1b9d279fe8b242f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 05 Aug 2020 00:22:01 GMT
server: nginx
etag: W/"5f29fba9-226a"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, no-cache, public, must-revalidate, proxy-revalidate
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
expires: Sun, 03 Jan 2021 09:37:28 GMT

Redirect headers

Location: https://wpcc.io/lib/1.0.2/cookieconsent.min.js
Non-Authoritative-Reason: HSTS

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 20ms
19ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-153530698-1

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

33c43d39018b07879a080935fd26fdeb82970bff929ee2d1ef3951a21d632f54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38730
x-xss-protection: 0
last-modified: Fri, 04 Dec 2020 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 04 Dec 2020 09:37:28 GMT

GET
H2 200 pubfig.min.js Show response
a.pub.network/notepad-pw/ 155 KB
44 KB 151ms
126ms Script
application/javascript 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/notepad-pw/pubfig.min.js
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91eb4e13cfeb70e591e2212e7a09de429516a0ae7788f60ac72f085b486b688b

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=QXcvbg==, md5=90wuQ+6JG2eMAT/YgDK4qw==
date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UygZW62hT_N2WLFCb8O2RUE_0SfuFf5FQAgpIfm3aQMFES9QOMIsF5Z7YjVPtsl193tjGy-v8AzuQXdrm9N6FQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
cf-request-id: 06ceb628d70000c2eae2984000000001
last-modified: Tue, 24 Nov 2020 21:19:38 GMT
server: cloudflare
etag: W/"f74c2e43ee891b678c013fd88032b8ab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Eun9IW1zX60yHeu1eYEgBf8eU%2BbD54zptmXmlFJTTVLR282svqnAWOuLhb3OIC%2BURJlP8Th87GbOnr4%2BSN%2BpwT03aRtuQ21luRKfbRQADdPDVpMIFMXVI1zW"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1606252778098031
cache-control: public, max-age=1800
x-goog-stored-content-length: 159154
cf-ray: 5fc48c87b9a3c2ea-FRA
expires: Thu, 03 Dec 2020 23:49:21 GMT

GET
H/1.1 200
OK / Show response
notepad.pw/sbbi/ Frame A723 25 KB
11 KB 51ms
46ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=zr&sbbgs=h45f9e02bb8db11773fef4b66a9f408abe54&ddl=1
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: fdc583e69d9c834982da703599325566db609a78140b993f028827596838fd01

Request headers

Host: notepad.pw
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://notepad.pw/dp143
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: SPSI=8f166f7f82e143ebf64a8bd14c75cf01; SPSE=vKRFwO9jwBbNkNElXR/O9B2p2+LUZe/TySkRsyQWKDQQnZzdT7kswAvUkFERW1Fg+GK7UZHXCkYzaRTIBD/yZQ==; spcsrf=177de59a36002b8ee5e66c779d9ad6d1; pad_cookie=3569a069a42760fed033f4868965daa13ce59d0b; sp_lit=16+2a3mk8w//xod0yR8oXA==; PRLST=zr; UTGv2=h45f9e02bb8db11773fef4b66a9f408abe54
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://notepad.pw/dp143

Response headers

Date: Fri, 04 Dec 2020 09:37:28 GMT
Cache-Control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Server: fbs
X-Accel-Expires: 0
Access-Control-Allow-Origin: *
X-HW: 1607074648.cds007.pa1.h2,1607074648.cds046.pa1.sc,1607074648.cdn2-redis01-cdg1.stackpath.systems.-.i,1607074648.cds046.pa1.p
Connection: keep-alive

GET
H/1.1 200
OK /
notepad.pw/sbbi/ 43 B
497 B 29ms
29ms Image
image/gif 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://notepad.pw/sbbi/?sbbpg=utMedia&vii=8hf4156f69fe70f28b2be81d4b31e1b7f7634fae8fb4db1646ca795fc4f0081aubjer5r4
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Accel-Expires: 0
Date: Fri, 04 Dec 2020 09:37:28 GMT
Server: fbs
Transfer-Encoding: chunked
X-HW: 1607074648.cds034.pa1.h2,1607074648.cds211.pa1.sc,1607074648.cdn2-wafbe02-cdg1.stackpath.systems.-.i,1607074648.cds211.pa1.p
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
Connection: keep-alive

GET
H2 200 ionicons.ttf
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ 184 KB
96 KB 25ms
25ms Font
application/octet-stream 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c5b6bb603a4f7556b94532674f3847b430b9495afbb3a4dcfe5ba718baa59ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Origin: http://notepad.pw
Referer: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 26296
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 97438
cf-request-id: 06ceb628cd0000650fe013c000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ea8-2e05c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uzKjQXhRAGfdQgJnrXax4wpwpxXqCh48KyMG%2FuEYai1nPZjtZIZ97IBOUosJfPqMnWzHKTkwBd%2BmCowsr7c6M7ZQMreAOqigoN%2F3a7UaO3mhkDyLwyTVyqPgjrePeNTUBw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5fc48c87ae6c650f-FRA
expires: Wed, 24 Nov 2021 09:37:28 GMT

GET
H/1.1 200
OK o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
fonts.gstatic.com/s/notosans/v11/ 10 KB
10 KB 12ms
6ms Font
font/woff2 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/notosans/v11/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Noto+Sans:400,700

Protocol

HTTP/1.1

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://notepad.pw
Referer: http://fonts.googleapis.com/css?family=Noto+Sans:400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 03 Dec 2020 09:13:02 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 24 Sep 2020 23:50:56 GMT
Server: sffe
Age: 87866
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 10292
X-XSS-Protection: 0
Expires: Fri, 03 Dec 2021 09:13:02 GMT

GET
H/1.1 200
OK init Show response
d.pub.network/ 143 B
575 B 1063ms
122ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/init?key=1413undefined
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 961d3114d628bc7d034623daf66199fd5969118177b5e60c7b0af536ffbdcf81

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: http://notepad.pw
Date: Fri, 04 Dec 2020 09:37:29 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1 200
OK dp143 Show response
notepad.pw/fetch/ 180 B
786 B 229ms
229ms XHR
text/plain 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/fetch/dp143?_=1607074648284
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: a98c40f8dcd4dee33cc1321b86446a4c20640971115f77f9622f18f476416ca2

Request headers

X-MOD-SBB-CTYPE: xhr
Accept: */*
Referer: http://notepad.pw/dp143
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 09:37:29 GMT
Content-Encoding: gzip
Server: fbs
Transfer-Encoding: chunked
X-HW: 1607074648.cds009.pa1.h2,1607074648.cds046.pa1.sc,1607074649.cdn2-redis01-cdg1.stackpath.systems.-.wx,1607074649.cds046.pa1.p
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 101 B
765 B 238ms
211ms XHR
application/octet-stream 2606:4700:3031::681b:8043
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=NOj7HBc
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:8043 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e04203e6e8cf4aeb6e54cd8f687281c4f896160bb9375782319f6a5972a2bdc2

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:29 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9BVklLO%2B0P2%2By3sFxB83AvPziYbwNPNz7BWVaDpZHRSDEmpThEo0XAOdNVMwFJaRT1YlWGGpZvZ9uOVwo5DVsWKXKjOaB8NAMLvQLzwta7urKll3b%2FKtEaoXxKY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: http://notepad.pw
access-control-allow-credentials: true
cf-ray: 5fc48c8b3826dfcb-FRA
content-length: 101
cf-request-id: 06ceb62b050000dfcb0abdf000000001

GET
H/1.1 200
OK o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2
fonts.gstatic.com/s/notosans/v11/ 10 KB
10 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/notosans/v11/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Noto+Sans:400,700

Protocol

HTTP/1.1

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://notepad.pw
Referer: http://fonts.googleapis.com/css?family=Noto+Sans:400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Dec 2020 13:30:11 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 24 Sep 2020 23:58:43 GMT
Server: sffe
Age: 158837
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 10116
X-XSS-Protection: 0
Expires: Thu, 02 Dec 2021 13:30:11 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-153530698-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 2859
date: Fri, 04 Dec 2020 08:49:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Fri, 04 Dec 2020 10:49:50 GMT

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 5 B
293 B 204ms
204ms XHR
application/octet-stream 2606:4700:3031::681b:8043
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=NOj7HGj&sid=JP20HanIhuwJUyWLACcH
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:8043 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:29 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=286KPb3mrb67GcsvqwfmTNIE4C3AT9XBm2O3eSVTGmZmtEH%2FRp48l%2FN%2FUez9ZjRS8sPEglozUrwQFvp1OtZ6IUFBdfMEVP1HRVKmzvi5HKSjM%2BlY6TezF%2BBdalM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: http://notepad.pw
access-control-allow-credentials: true
cf-ray: 5fc48c8d1b7bdfcb-FRA
content-length: 5
cf-request-id: 06ceb62c2f0000dfcb68a10000000001

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
383 B 47ms
13ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=933970821&t=pageview&_s=1&dl=http%3A%2F%2Fnotepad.pw%2Fdp143&ul=en-us&de=UTF-8&dt=notepad.pw%20%2F%20dp143%20%7C%20The%20napkin%20of%20the%20internet.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=2022471343&gjid=384065459&cid=1726703413.1607074649&tid=UA-153530698-1&_gid=329228709.1607074649&_r=1&gtm=2oub41&z=471147297

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 09:37:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://notepad.pw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK / Show response
notepad.pw/sbbi/ Frame A723 516 B
828 B 31ms
31ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=zr&sbbgs=h45f9e02bb8db11773fef4b66a9f408abe54&ddl=1
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b

Request headers

Host: notepad.pw
Connection: keep-alive
Content-Length: 640
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Origin: http://notepad.pw
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=zr&sbbgs=h45f9e02bb8db11773fef4b66a9f408abe54&ddl=1
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: SPSI=8f166f7f82e143ebf64a8bd14c75cf01; SPSE=vKRFwO9jwBbNkNElXR/O9B2p2+LUZe/TySkRsyQWKDQQnZzdT7kswAvUkFERW1Fg+GK7UZHXCkYzaRTIBD/yZQ==; spcsrf=177de59a36002b8ee5e66c779d9ad6d1; pad_cookie=3569a069a42760fed033f4868965daa13ce59d0b; sp_lit=16+2a3mk8w//xod0yR8oXA==; PRLST=zr; UTGv2=h45f9e02bb8db11773fef4b66a9f408abe54; adOtr=66ff8f187e2; fsbotchecked=true; typography=%7B%22sp_class%22%3A%22not-active%22%7D; __cfduid=df6dece6e63099bd577a4d8d951d139401607074648; _ga=GA1.2.1726703413.1607074649; _gid=GA1.2.329228709.1607074649; _gat_gtag_UA_153530698_1=1
Upgrade-Insecure-Requests: 1
Origin: http://notepad.pw
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=zr&sbbgs=h45f9e02bb8db11773fef4b66a9f408abe54&ddl=1

Response headers

Date: Fri, 04 Dec 2020 09:37:29 GMT
Cache-Control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Server: fbs
X-Accel-Expires: 0
Access-Control-Allow-Origin: *
X-HW: 1607074649.cds009.pa1.h2,1607074649.cds027.pa1.sc,1607074649.cdn2-wafbe01-cdg1.stackpath.systems.-.i,1607074649.cds027.pa1.p
Connection: keep-alive

GET
H/1.1 200
OK / Show response
notepad.pw/sbbi/ Frame A723 7 KB
3 KB 28ms
28ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=zr
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 9e06b12def18b8c9decb80c1389ea0dd9c04fc61ef8413f57eb179e6fde63100

Request headers

Host: notepad.pw
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=zr&sbbgs=h45f9e02bb8db11773fef4b66a9f408abe54&ddl=1
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: SPSI=8f166f7f82e143ebf64a8bd14c75cf01; SPSE=vKRFwO9jwBbNkNElXR/O9B2p2+LUZe/TySkRsyQWKDQQnZzdT7kswAvUkFERW1Fg+GK7UZHXCkYzaRTIBD/yZQ==; spcsrf=177de59a36002b8ee5e66c779d9ad6d1; pad_cookie=3569a069a42760fed033f4868965daa13ce59d0b; sp_lit=16+2a3mk8w//xod0yR8oXA==; PRLST=zr; UTGv2=h45f9e02bb8db11773fef4b66a9f408abe54; adOtr=66ff8f187e2; fsbotchecked=true; typography=%7B%22sp_class%22%3A%22not-active%22%7D; __cfduid=df6dece6e63099bd577a4d8d951d139401607074648; _ga=GA1.2.1726703413.1607074649; _gid=GA1.2.329228709.1607074649; _gat_gtag_UA_153530698_1=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=zr&sbbgs=h45f9e02bb8db11773fef4b66a9f408abe54&ddl=1

Response headers

Date: Fri, 04 Dec 2020 09:37:29 GMT
Cache-Control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Server: fbs
X-Accel-Expires: 0
Access-Control-Allow-Origin: *
X-HW: 1607074649.cds009.pa1.h2,1607074649.cds027.pa1.sc,1607074649.cdn2-wafbe01-cdg1.stackpath.systems.-.i,1607074649.cds027.pa1.p
Connection: keep-alive

POST
H2 200 / Show response
live.notepad.pw/socket.io/ 2 B
296 B 209ms
209ms XHR
text/html 2606:4700:3031::681b:8043
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=NOj7HJy&sid=JP20HanIhuwJUyWLACcH
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:8043 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

date: Fri, 04 Dec 2020 09:37:29 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 5fc48c8e6e3bdfcb-FRA
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oRdVBKSQUNmbNAY7JNS%2FFahcEF4jfMsoZIoo05CmDTw4dAjosee5xbqAvZ6d1Tm6C8Wto1EbZAF7ft3o4sPwox5inokM7DPgIuEtFbiHvDwK6TDhkVC%2BObcfhks%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
access-control-allow-origin: http://notepad.pw
access-control-allow-credentials: true
content-encoding: br
cf-request-id: 06ceb62d030000dfcb0b3e9000000001

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 4 B
287 B 301ms
300ms XHR
application/octet-stream 2606:4700:3031::681b:8043
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=NOj7HJy.0&sid=JP20HanIhuwJUyWLACcH
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:8043 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:29 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PzDxhqB7LA%2Fxh1yC92znq2dOWHOn%2BRmaQXFwMULe2Ygwb9Ebe3zfNQk2G0vTqi0lcDn3Z76U%2FC1UCf45uSFnomJ1kAWi2Wn20iyFCxMz6prE39jJ8i8oKcAJDJw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: http://notepad.pw
access-control-allow-credentials: true
cf-ray: 5fc48c8e6e3edfcb-FRA
content-length: 4
cf-request-id: 06ceb62d000000dfcb4c181000000001

GET
H2 200 pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js Show response
a.pub.network/core/pubfig/ 285 KB
79 KB 54ms
54ms Script
text/javascript 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5af02623e86d6d92d1b4e65626d818e9d128766d95f209e5768befc31eff4e68

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=zDfHqw==, md5=3BPGrmjEbEvh5TSLJuvU8w==
date: Fri, 04 Dec 2020 09:37:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UwixdoZ4KYtMHFE4KGpUOAk9GqdtfvUrGki8sVpV4Zgz8o7ZKQSynEOYito2RhDWqqL9F1wJ_e3VMuKz_YBY54
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: text/javascript
cf-request-id: 06ceb62ef40000c2ea33ba3000000001
last-modified: Tue, 24 Nov 2020 20:04:13 GMT
server: cloudflare
etag: W/"dc13c6ae68c46c4be1e5348b26ebd4f3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mqNl1nvk4hmeetOZa2Q2SyL5zgSgddlww%2BQ%2FG1pnrSalD9ytSsnoqFuz314fGo1zDXo6BZLghudhEtKujC779vfGba8KGWSKGN3O1%2FoU30zU2jfFyfOYdvj7"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1606248253640721
cache-control: public, max-age=3600
x-goog-stored-content-length: 292305
cf-ray: 5fc48c918ab2c2ea-FRA
expires: Fri, 04 Dec 2020 00:35:16 GMT

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ 53 KB
18 KB 22ms
13ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

914fe54e220d31af537ab3481adf22efb8473c235e6c2551fc0afa7725abed8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 04 Dec 2020 09:37:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "713 / 134 of 1000 / last-modified: 1607037289"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Timing-Allow-Origin: *
Content-Length: 18406
X-XSS-Protection: 0
Expires: Fri, 04 Dec 2020 09:37:29 GMT

GET
H2 200 prebid-analytics-4.10.0.js Show response
a.pub.network/core/ 413 KB
123 KB 35ms
35ms Script
text/html 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5dbaab8f472717f5f659cb28deb326df6d4b858bf1025c84f366a808798c1587

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=JH7wqQ==, md5=99s/gqDS63NRL9sZf88ibQ==
date: Fri, 04 Dec 2020 09:37:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UzmGclYvweOx8pX5xXN43XYoTL8hsKWJPs-OtdsAAjXkPGrjWNleYU2OCMDMLZdBIDj9nIym6gldH1IQqIskw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
content-type: text/html
cf-request-id: 06ceb62f630000c2eabba12000000001
last-modified: Mon, 05 Oct 2020 20:56:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sv9qNw4gdOUSS0UDItcA%2B2yaZToCcpDpSzRHEBQjFbY3uClVZHtn9EkCcsYAccZX5ecZNx%2FK%2B9KrPa9PcaHzX5RQBnDgDfCw49gs%2BJuGcjlGKi5mMwutHIdY"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1601931411309627
cache-control: private, max-age=86400
x-goog-stored-content-length: 422619
cf-ray: 5fc48c923bcbc2ea-FRA
expires: Fri, 03 Dec 2021 23:35:16 GMT

GET
H2 200 pubads_impl_2020111901.js Show response
securepubads.g.doubleclick.net/gpt/ 277 KB
98 KB 65ms
42ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js?21068855

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

sffe /

Resource Hash

2fa866f281364240678617640d2944c8927bb03588410dfec54a4a97641129e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 19 Nov 2020 09:45:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99950
x-xss-protection: 0
expires: Fri, 04 Dec 2020 09:37:30 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 143 B
1 KB 78ms
49ms XHR
application/json 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31abb4dc7543fb48e537276d5681949e1cbca933d81d6bb11289e475010ea260

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 09:37:30 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 721.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.39:80
AN-X-Request-Uuid: 0620edfd-74ce-479c-8fe2-d4cfe6e6e150
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 51ms
22ms XHR
application/json 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

f384c2a04c5c5badaa026a6d8d29ed6faaf4316140a030528a23a564e3776a50

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 09:37:30 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 721.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.52:80
AN-X-Request-Uuid: 10c347fa-17cd-4171-8f35-76f479d3a212
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 260 B
2 KB 95ms
94ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1498292&size_id=2&alt_size_ids=55%2C221&rp_schain=1.0,1!freestar.io,1413,1,,,&rf=http%3A%2F%2Fnotepad.pw%2Fdp143&tk_flint=pbjs_lite_v4.10.0&x_source.tid=8efd50de-8854-4cf3-ac36-363e1511d457&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.614536919894195
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e43bac4d99dca703217687386c12b79bd5c676b25e01a2de2561924a3460fca6

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 09:37:30 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 260
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK hbjson Show response
grid.bidswitch.net/ 2 B
368 B 102ms
51ms XHR
application/json 18.185.195.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/hbjson
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.195.81 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-195-81.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 04 Dec 2020 09:37:30 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Content-Length: 2

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 11 KB
7 KB 102ms
73ms XHR
application/json 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 0353566e38fa07dfd4c36ad9a1b3f39ddfced2c42c1b4991c3b8f6a1e2909d36

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://notepad.pw
date: Fri, 04 Dec 2020 09:37:29 GMT
content-encoding: gzip
x-openrtb-version: 2.3
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
369 B 173ms
133ms XHR
application/json 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=538329&v=7.2&r=%7B%22id%22%3A%22137b00f74c6bc19%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2214d19aea3a57a3f%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%221x1%22%7D%2C%22banner%22%3A%7B%22w%22%3A1%2C%22h%22%3A1%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221578bde7a44f5f5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2216006cdf52970c8%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22http%3A%2F%2Fnotepad.pw%2Fdp143%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: bcd032770d1b3da638de25ee57e0bcbcfe212b65946b9ab5777facb1b8d3d7fb

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 09:37:30 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[89.249.64.171], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: http://notepad.pw
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 45
x-ak-client-geo: 12
expires: Fri, 04 Dec 2020 09:37:30 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
110 B 58ms
26ms XHR
text/plain 3.126.224.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=184bf0a168fea19&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.10.0&strVersion=3.2.1&secure=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.224.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://notepad.pw
date: Fri, 04 Dec 2020 09:37:30 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
109 B 67ms
36ms XHR
text/plain 3.126.224.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=1984322460431c3&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.10.0&strVersion=3.2.1&secure=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.224.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://notepad.pw
date: Fri, 04 Dec 2020 09:37:30 GMT
access-control-allow-credentials: true
vary: Origin

GET
H/1.1 200
OK quant.js Show response
edge.quantserve.com/ 23 KB
9 KB 28ms
15ms Script
application/javascript 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://edge.quantserve.com/quant.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js
Protocol: HTTP/1.1
Server: 2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 87d73170be9a2e277c57d324c4e05ec0ac60ed3c0191fa29e7a31133b4c4c119

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 04 Dec 2020 09:37:30 GMT
Content-Encoding: gzip
Etag: "O/+l6c17R2TQ0JQMJXOiXA=="
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: private, max-age=604800
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Expires: Fri, 11 Dec 2020 09:37:30 GMT

GET
H/1.1 200
OK beacon.js Show response
b.scorecardresearch.com/ 1 KB
1 KB 38ms
30ms Script
application/x-javascript 2.16.186.80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://b.scorecardresearch.com/beacon.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js
Protocol: HTTP/1.1
Server: 2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-16-186-80.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 04 Dec 2020 09:37:30 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Sat, 05 Dec 2020 09:37:30 GMT

GET
H2 200 fslogo-green.svg
a.pub.network/core/imgs/ 1 KB
1 KB 38ms
38ms Image
image/svg+xml 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.pub.network/core/imgs/fslogo-green.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=Jh+rSg==, md5=Mm1svZd2V+EgW9YW0fL6yg==
date: Fri, 04 Dec 2020 09:37:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UzIkIa1znU3GpziP0tcab5Df11mcWdOoC5PPdZxQE-caVfFGLTZkxl6yEhNIMx19yplvk2O1Detp0VtFUpzzlMApI-CfA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: image/svg+xml
cf-request-id: 06ceb630620000c2eaee00e000000001
last-modified: Tue, 08 Sep 2020 17:04:37 GMT
server: cloudflare
etag: W/"326d6cbd977657e1205bd616d1f2faca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=l%2B52MnDhEIrqzQgXlNDfpjiGez2oO7ok6k0eqM28Cw38FMlHyVQPOCoOpw3ad1jPcQjJC3xLRo7UCf%2BgdHkgv%2B44CSsdVFn542zbnKIsKozwpW21D8LBhISW"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1599584677716817
cache-control: public, max-age=3600
x-goog-stored-content-length: 1193
cf-ray: 5fc48c93ce2ec2ea-FRA
expires: Fri, 04 Dec 2020 10:35:54 GMT

GET
H2

200

rules-p-UeXruRVtZz7w6.js Show response
rules.quantcount.com/
Redirect Chain

http://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js

2 KB
1 KB

39ms
12ms

Script
application/x-javascript

2600:9000:2190:7e00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:7e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 08:41:58 GMT
content-encoding: gzip
last-modified: Thu, 07 Dec 2017 17:06:25 GMT
server: AmazonS3
age: 3332
etag: W/"cbc97d16c77ea1fcbbf42d246001e982"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 eb7b239aed47669f8a7b6ac95bc8aff1.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: PW-NjeMiBm57Kzra5jHrgzRjX1Fi8D1HrE5QglarygjfY5WOA3ICbA==

Redirect headers

Date: Fri, 04 Dec 2020 09:37:30 GMT
Via: 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: ZRH50-C1
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Connection: keep-alive
Content-Length: 183
X-Amz-Cf-Id: 3pE6qaIni8-ozhBittxhXephSqRUKWQ8D8eB0p6W7uIqGCKSx_gvhQ==

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1607074650246&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20dp143%20%7C%20The%20napkin%20of%20the%20internet.&c7=http%3A%2F%2Fnotepad.p...
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1607074650246&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20dp143%20%7C%20The%20napkin%20of%20the%20internet.&c7=http%3A%2F%2Fnotepad....

0
528 B

8ms
7ms

Image
text/plain

95.101.55.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1607074650246&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20dp143%20%7C%20The%20napkin%20of%20the%20internet.&c7=http%3A%2F%2Fnotepad.pw%2Fdp143&c9=&cs_ak_ss=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.55.60 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-55-60.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 09:37:30 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1607074650246&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20dp143%20%7C%20The%20napkin%20of%20the%20internet.&c7=http%3A%2F%2Fnotepad.pw%2Fdp143&c9=&cs_ak_ss=1
Pragma: no-cache
Date: Fri, 04 Dec 2020 09:37:30 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
2 KB 101ms
101ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1498292&size_id=2&alt_size_ids=1%2C55&rp_schain=1.0,1!freestar.io,1413,1,,,&rf=http%3A%2F%2Fnotepad.pw%2Fdp143&tk_flint=pbjs_lite_v4.10.0&x_source.tid=cdc1ac71-7dac-419b-84d4-ebf9aae2868c&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.6927433708171107
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 208c4540aaa80ab25343232ab54c440742c612d26256a09b86658a5b9e742221

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 09:37:30 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 1410
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 78ms
78ms XHR
application/json 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

9955de3b1def802518f4bb33129161099425c85fbc576547ab184b2528028fa6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 09:37:30 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 721.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.150:80
AN-X-Request-Uuid: 7141cb17-da98-4548-81cd-2a57746d4b73
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 20ms
20ms XHR
application/json 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

60e37031ed6cd8cae3184950fa748da2db1ff29d707a44d6bdf9a107a65da23b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 04 Dec 2020 09:37:30 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 721.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.111:80
AN-X-Request-Uuid: 8ea835ee-e447-4215-8e9b-832383ab56bc
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
109 B 30ms
30ms XHR
text/plain 3.126.224.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=27d002069c8adf2&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.10.0&strVersion=3.2.1&secure=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.224.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://notepad.pw
date: Fri, 04 Dec 2020 09:37:30 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
109 B 51ms
51ms XHR
text/plain 3.126.224.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=2832da8743499fd&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=4.10.0&strVersion=3.2.1&secure=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.224.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://notepad.pw
date: Fri, 04 Dec 2020 09:37:30 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 11 KB
7 KB 84ms
83ms XHR
application/json 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 93a0f64548acaf2e79fad6b37d00affd7a4ffaa61e2973013f7eebd1461ace85

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://notepad.pw
date: Fri, 04 Dec 2020 09:37:28 GMT
content-encoding: gzip
x-openrtb-version: 2.3
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
369 B 66ms
65ms XHR
application/json 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=538329&v=7.2&r=%7B%22id%22%3A%2233423b575e66434%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2234173cd8f2019a5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22468x60%22%7D%2C%22banner%22%3A%7B%22w%22%3A468%2C%22h%22%3A60%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%223545709820ee7a1%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%223680f933a56ab48%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22http%3A%2F%2Fnotepad.pw%2Fdp143%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a9d43186efc1c935ce7cf6b20892273af7906f177516198e3e127c94f63ffefe

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 09:37:30 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[89.249.64.171], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: http://notepad.pw
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 45
x-ak-client-geo: 12
expires: Fri, 04 Dec 2020 09:37:30 GMT

POST
H/1.1 200
OK hbjson Show response
grid.bidswitch.net/ 2 B
368 B 28ms
28ms XHR
application/json 18.185.195.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/hbjson
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.195.81 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-195-81.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 04 Dec 2020 09:37:30 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Content-Length: 2

GET
H2

200

pixel;r=992772152;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.clou...
pixel.quantserve.com/
Redirect Chain

http://pixel.quantserve.com/pixel;r=992772152;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.onli...
https://pixel.quantserve.com/pixel;r=992772152;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.onl...

35 B
372 B

24ms
9ms

Image
image/gif

2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=992772152;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.cloud%20notepad%2Ckeywords.write%2Ckeywords.note%2Ckeywords.writing%2Ckeywords.publish%2Ckeywords.webpage%2Ckeywords.markdown%2Ctitle.notepad.pw;rf=0;uht=2;a=p-UeXruRVtZz7w6;url=http%3A%2F%2Fnotepad.pw%2Fdp143;fpan=1;fpa=P0-1946452833-1607074650323;ns=0;ce=1;qjs=1;qv=3364aec3-20201006003021;cm=;gdpr=0;ref=;d=notepad.pw;je=0;sr=1600x1200x24;dst=1;et=1607074650323;tzo=-60;ogl=type.website%2Ctitle.notepad%252Epw%2Cdescription.Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!%2Curl.https%3A%2F%2Fnotepad%252Epw%2Cimage.https%3A%2F%2Fnotepad%252Epw%2Fog-icon%252Epng

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 09:37:30 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

Location: https://pixel.quantserve.com/pixel;r=992772152;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.cloud%20notepad%2Ckeywords.write%2Ckeywords.note%2Ckeywords.writing%2Ckeywords.publish%2Ckeywords.webpage%2Ckeywords.markdown%2Ctitle.notepad.pw;rf=0;uht=2;a=p-UeXruRVtZz7w6;url=http%3A%2F%2Fnotepad.pw%2Fdp143;fpan=1;fpa=P0-1946452833-1607074650323;ns=0;ce=1;qjs=1;qv=3364aec3-20201006003021;cm=;gdpr=0;ref=;d=notepad.pw;je=0;sr=1600x1200x24;dst=1;et=1607074650323;tzo=-60;ogl=type.website%2Ctitle.notepad%252Epw%2Cdescription.Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!%2Curl.https%3A%2F%2Fnotepad%252Epw%2Cimage.https%3A%2F%2Fnotepad%252Epw%2Fog-icon%252Epng
Date: Fri, 04 Dec 2020 09:37:30 GMT
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 0
Expires: Sat, 05 Dec 2020 09:37:30 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
243 B 16ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=notepad.pw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js?21068855

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Dec 2020 09:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
169 B 16ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=notepad.pw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js?21068855

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Dec 2020 09:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
11 KB 511ms
496ms XHR
text/plain 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=261043694444400&correlator=1576528046065234&output=ldjh&impl=fifs&eid=21068855%2C21066705&vrg=2020111901&guci=1.2.0.0.2.2.0.0&sc=0&sfv=1-0-37&ecs=20201204&iu_parts=15184186%2Cnotepad_970x90_728x90_320x50_Sticky&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1%7C728x90%7C970x90&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26fspbg%3Dfreestar%26freestar_path%3D%252Fdp143%26freestar_domain%3Dnotepad.pw%26custom_bidder_size%3Dpubmatic_728x90%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D40ff912b60593ce%26hb_bidder%3Dpubmatic&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=23&abxe=1&lmt=1607074650&dt=1607074650396&dlt=1607074648040&idt=2085&frm=20&biw=1600&bih=1200&oid=3&adxs=800&adys=1199&adks=2140769806&ucis=1&ifi=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fnotepad.pw%2Fdp143&vis=1&scr_x=0&scr_y=0&psz=1600x-1&msz=1600x-1&ga_vid=1726703413.1607074649&ga_sid=1607074650&ga_hid=933970821&fws=512&ohw=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

011879c93662efaebfaf3c852ffd47882f510d56f001ac2e33d8900bce050f19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10598
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://notepad.pw
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
b6d84cb1ad1d06e93817394273cfc909.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 82ms
14ms Other
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://b6d84cb1ad1d06e93817394273cfc909.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js?21068855
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 89 KB
16 KB 865ms
865ms XHR
text/plain 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=261043694444400&correlator=1576528046065234&output=ldjh&impl=fifs&adsid=NT&eid=21068855%2C21066705&vrg=2020111901&guci=1.2.0.0.2.2.0.0&sc=0&sfv=1-0-37&ecs=20201204&iu_parts=15184186%2Cnotepad_970x90_728x90_320x50_320x100_ATF&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60%7C728x90%7C970x90&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26fsbid%3D0%26fspbg%3Dfreestar%26freestar_path%3D%252Fdp143%26freestar_domain%3Dnotepad.pw%26custom_bidder_size%3Drubicon_728x90%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D429072265f0c9f%26hb_bidder%3Drubicon&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=23&abxe=1&lmt=1607074650&dt=1607074650419&dlt=1607074648040&idt=2085&frm=20&biw=1600&bih=1200&oid=3&adxs=566&adys=5&adks=338981424&ucis=2&ifi=2&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fnotepad.pw%2Fdp143&vis=1&scr_x=0&scr_y=0&psz=1600x1044&msz=1600x70&ga_vid=1726703413.1607074649&ga_sid=1607074650&ga_hid=933970821&fws=0&ohw=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

7ab526a57343f3a27ad067658458afe46d8e9747344cf5cf306b813db3f27351

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16418
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://notepad.pw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012010270040000/ Frame CF91 180 KB
50 KB 44ms
16ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js?21068855

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88576
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51478
x-xss-protection: 0
server: sffe
date: Thu, 03 Dec 2020 09:01:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0305d7d21a7fe4a1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Dec 2021 09:01:14 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame CF91 13 KB
5 KB 43ms
15ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js?21068855

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88585
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4850
x-xss-protection: 0
server: sffe
date: Thu, 03 Dec 2020 09:01:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "77bd676d834aaa8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Dec 2021 09:01:05 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame CF91 90 KB
27 KB 37ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js?21068855

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88924
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27668
x-xss-protection: 0
server: sffe
date: Thu, 03 Dec 2020 08:55:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1304c1c0caf7ca3c"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Dec 2021 08:55:26 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame CF91 3 KB
1 KB 37ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js?21068855

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88577
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1350
x-xss-protection: 0
server: sffe
date: Thu, 03 Dec 2020 09:01:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "12c034eb739190af"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Dec 2021 09:01:13 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame CF91 41 KB
14 KB 35ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js?21068855

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 89276
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13075
x-xss-protection: 0
server: sffe
date: Thu, 03 Dec 2020 08:49:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e8a1dae72af56cd"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Dec 2021 08:49:34 GMT

GET
DATA 200
OK truncated
/ Frame CF91 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a7e408be0d736219246909182a438e733ff0718e17e6fac6790334b072d52ed0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 2163780047426076090
tpc.googlesyndication.com/simgad/ Frame CF91 28 KB
28 KB 33ms
7ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2163780047426076090?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlYfxaaWfge-QMjTXRZTUgGWo4meg

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17a94233d51e84d4fd764be4eb2c26a700c045f8a1962b1b1dd9e4a315e173ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Dec 2020 14:04:02 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Nov 2020 13:17:40 GMT
server: sffe
age: 156808
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28990
x-xss-protection: 0
expires: Thu, 02 Dec 2021 14:04:02 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CF91 2 KB
3 KB 32ms
7ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Dec 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 80912
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 04 Dec 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CF91 295 B
761 B 31ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Dec 2020 22:32:00 GMT
x-content-type-options: nosniff
server: cafe
age: 39930
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 04 Dec 2020 22:32:00 GMT

GET
H/1.1 204
No Content l
www.google.com/ads/measurement/ Frame CF91 0
0 20ms
14ms Image
text/html 2a00:1450:4001:81a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.google.com/ads/measurement/l?ebcid=ALh7CaQW0gLFLIxJQlZM6Nhz5gQK5OH3IMMMkyw0sHtRVJw-ePIN3RZGOZtbGTxVUiHW3VNi1yqk
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Server: 2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CF91 0
0 22ms
21ms Image
text/html 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CzCfjWgPKX8SuHMCQ7_UPn72QqATo06e1YMqcluH_DNfWor3AARABINrXxTlglfrwgYwHoAHBxKC2AsgBAqkCELBNG6xitD7gAgCoAwHIAwiqBMgBT9AGnS5LgLEomklp1rPiixzRMVFDtO551VJnXTjwlNWoIXVfVLVJyWgmkfYBW_lDMvYcFL_fMpX2S3mw8aJ4TBI-5qI6-2WyMLWxQbTWuKOVrNUww9dcPQTETspHSTUMd-E38igBfSMSHVky1cbM72UHCxmGRO4lOXDsdhYK0M6MyuTZGw2b3pUdUiXJ9_-H1giPy0YSLMJRiN6qQgusmLNx4WLy0EPGVevdYzFEauuzcdMlegjDis59eJcQ49KYJctHvb3abODABInZ6p-wA-AEAZIFBAgEGAGSBQQIBRgEoAYCgAenu9_JAagH1ckbqAfw2RuoB_LZG6gHlJixAqgHpd8bqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEN7hA9IICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tMzE0NTk4NDY4MTUwNzM5OYAKA8gLAdgTDbIXGgoYCAESFHB1Yi0zNjA1MjU3MzYwODUzMTg1&sigh=spiRWaTBJd0&tpd=AGWhJmtAJ6il6-LrNwHx1KNWlQT6zJeaatqDqkGNgKahOuaKRQ
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.18.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s29-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 40ms
17ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020111901&st=env

Requested by

Host: notepad.pw
URL: http://notepad.pw/dp143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2fcf0acb4e1e87c2c9ee93722d23a4501b0788052b51bb676921ee66a5a7306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Dec 2020 09:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6534
x-xss-protection: 0

GET
H2 200 pubfig.messaging.2.1.3.ab081b6049bb76c4f685d0c654c6a14aa5aad31b.js Show response
a.pub.network/core/pubfig/ 213 KB
56 KB 46ms
41ms Script
text/javascript 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.1.3.ab081b6049bb76c4f685d0c654c6a14aa5aad31b.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86f10b8a6df37fef05944c8e01395dcbc3fc5acf10037a61a6a9b112a436a5d0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=z9XADw==, md5=KvnUENyj6ZH37qScaBnxhw==
date: Fri, 04 Dec 2020 09:37:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UyckwEFR9PyPKyjSEte4FQgYCsfGAFymrUhuBT48ceJp9PyOmltHnAmwcUEUzRAcuMNplJvSF8FeFPWFcxyddI
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: text/javascript
cf-request-id: 06ceb633500000c2eae89b0000000001
last-modified: Wed, 18 Nov 2020 19:53:23 GMT
server: cloudflare
etag: W/"2af9d410dca3e991f7eea49c6819f187"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hOv%2BpTDhlYPsLLWJkMv22Hm18%2FdM3IldyAAiG1i6wOE4nLYU85xOFqVW5er9XQz3fIl0Rzf7f9gUgU7tEqDr2xRwDSUQNvSheyKU47nSh1krZtEXvOWhll1Q"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1605729203227682
cache-control: public, max-age=3600
x-goog-stored-content-length: 217902
cf-ray: 5fc48c987e47c2ea-FRA
expires: Fri, 04 Dec 2020 00:35:16 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 45ms
30ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js?21068855

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Fri, 04 Dec 2020 09:37:31 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame CF91
Redirect Chain

http://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

44ms
44ms

Image
text/html

2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

Date: Fri, 04 Dec 2020 09:37:31 GMT
X-Content-Type-Options: nosniff
Server: safe
Content-Type: text/html; charset=UTF-8
Location: https://googleads.g.doubleclick.net/pagead/drt/si
Cache-Control: private
Content-Length: 246
X-XSS-Protection: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
457 B 471ms
120ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 30d5533f9dfe57c8374c95cc8dc3e6757c9eb9e1cd08cabdef95186ac86e3ad5

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: http://notepad.pw
Date: Fri, 04 Dec 2020 09:37:31 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 23E0 0
0 6ms
5ms Document
text/html 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://notepad.pw/dp143
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://notepad.pw/dp143

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Fri, 04 Dec 2020 07:49:21 GMT
expires: Sat, 04 Dec 2021 07:49:21 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 6490
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 2163780047426076090
tpc.googlesyndication.com/simgad/ Frame CF91 28 KB
28 KB 11ms
9ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2163780047426076090?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlYfxaaWfge-QMjTXRZTUgGWo4meg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17a94233d51e84d4fd764be4eb2c26a700c045f8a1962b1b1dd9e4a315e173ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Dec 2020 14:04:02 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Nov 2020 13:17:40 GMT
server: sffe
age: 156809
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28990
x-xss-protection: 0
expires: Thu, 02 Dec 2021 14:04:02 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CF91 2 KB
3 KB 8ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Dec 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 80913
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 04 Dec 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CF91 295 B
389 B 8ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Dec 2020 22:32:00 GMT
x-content-type-options: nosniff
server: cafe
age: 39931
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 04 Dec 2020 22:32:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
224 B 16ms
15ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gpt_2020111901&jk=261043694444400&bg=!zM-lz-_NAAXKjztBylgf_tLeMIBwlwIAAAA-UgAAAApoAQcKAdwclLHrCTldycRHPYHo9Al8-3u8sTipNr6vfpIPajldYas0uFzz-tfAV5M3Jfhm_qwdsXAxZfIjKNpv2FQE8T5gZjNH1ouSxVTDDr0rvsgHl35lUvMqHmZAxxam4CmcfyLXUr1zX7rRGAf2RwWOp1XZFDnQvTcaJJH4CwakrZlOKhWwn_oMeplsRNWLpcE8BK5eith29L4BGxIKQ4vepilQmnPWFrObxCgBTjHkaySdeU5cDVa_j2jo6fgo8Z32YImgV8pKW_UvCb3maq4HCSKU7Od86kha5ZQWEnrRYokd9EBn8edjrX9mrYkPuI7SR5A-KSbc3-u21Jlyv80eWtE4cAOYPXS0JH0H0nXLiK9-wPMRytfxlCXPG3h4F2_6hTQv2LRM11-u0b5Km_64oP52H62cGJEspY-DGdUQZHSn9qo27arCLrzfOJ6dNo_oSsGgIEhFZzCDMaNGeEPaUXDRPqpAlUFJzOcSKencRbWmX2tH2aqWn9rBbdR_FdME9Lt24080cq3CjwzyUBd7pdAsmOIEhPuFgsizQCcxD-vGmXIj8cYhOFMRCIQvj3uJfdZnxQjG1HdXDtDihBMce5jomi5JR-rFu1xLsoWBWpBbLuc7XXph55sDfmyhLJkBst-wDSD04lJWw9yuvN9nxL4J-e7n-qRNvGITijh0w3siw0bMNRE8bL2ynAMj4E_3Mbqf4FEg4x-Zp32nDq9Gscz4P1_EDhrUmbh0zwDJyGxZo0WJzXKZBfz5upPL1a95Yn7ioJnBaf5ix84k7mjM365Hs-pxa6wgj7A_guvYiOKYUDCQZukKyWDKIaS609lrVywhdRN7eCw6cDUWh_L7WHOKsQrEP33kP3E2GWm4BeTEk-pc7n-weh_XQn9J7Zkl-2IF-2PD9PRItCQzi_jPjQARnh5ojpEd_rx75vl33__u6dcpoK2kFFfuytohq4R0kumfRAbskEcyqLc_xACKmpLO9CNKPY6Cu5KfJQb5FgU8d_oT63tgXYMs4WXmNEcRDdWAzxt3tQOW7Jr4GB_TmFQzMCCg83E874ePsF5jwxMQoykkuj102Cax6SPfTj0E_3CorZAVl-IwIwc_qvS1D7I455TZXDAAdQBsEyMnHylQGf5rqxjSrnXsyWhPHE3n_22EisDmb10tRREFsSC6EGtWejdG9xYmQT9DQnl8g2wkJU-311Jw16KFE--mG_09ibk0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 09:37:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 container.html
b6d84cb1ad1d06e93817394273cfc909.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame DA45 0
0 28ms
14ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b6d84cb1ad1d06e93817394273cfc909.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js?21068855

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: b6d84cb1ad1d06e93817394273cfc909.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://notepad.pw/dp143
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://notepad.pw/dp143

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Fri, 04 Dec 2020 09:37:30 GMT
expires: Sat, 04 Dec 2021 09:37:30 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 fslogo-green.svg
a.pub.network/core/imgs/ 1 KB
1 KB 72ms
72ms Image
image/svg+xml 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.pub.network/core/imgs/fslogo-green.svg
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=Jh+rSg==, md5=Mm1svZd2V+EgW9YW0fL6yg==
date: Fri, 04 Dec 2020 09:37:31 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ABg5-UzIkIa1znU3GpziP0tcab5Df11mcWdOoC5PPdZxQE-caVfFGLTZkxl6yEhNIMx19yplvk2O1Detp0VtFUpzzlMApI-CfA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: image/svg+xml
cf-request-id: 06ceb634a60000c2eab0833000000001
last-modified: Tue, 08 Sep 2020 17:04:37 GMT
server: cloudflare
etag: W/"326d6cbd977657e1205bd616d1f2faca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YVnV081cXOClDQH14u5VJ19nzppY3mwJ9%2B%2FakgUjVPqNhdPAavrmyOxX4u1am4NazvcowGWsvKHqAdgtjCWWRhgMVnGq9XtecFH7BmFvQYuAxQbVDR3Zzgrp"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1599584677716817
cache-control: public, max-age=3600
x-goog-stored-content-length: 1193
cf-ray: 5fc48c9aa9adc2ea-FRA
expires: Fri, 04 Dec 2020 10:35:54 GMT

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 33ms
14ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111901.js?21068855

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69a5b5635e3f65d07c7acd4786ec59d4140d58540aa981b58e0b4319621bd9e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Dec 2020 09:37:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1606937775260285"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28382
x-xss-protection: 0
expires: Fri, 04 Dec 2020 09:37:31 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
329 B 117ms
116ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: notepad.pw
URL: http://notepad.pw/dp143
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 30d5533f9dfe57c8374c95cc8dc3e6757c9eb9e1cd08cabdef95186ac86e3ad5

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: http://notepad.pw
Date: Fri, 04 Dec 2020 09:37:31 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame CF91 42 B
94 B 22ms
21ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssVpU-a05rnzJa7oVMVvub-9KyqojmRHSx2QcNLLbYr4p0jOKabfSSbAAySWZSNqorsBRf--xWgr4nNtPPJLqCKmix7Ju3JPilrb-8SP1Ftq-Hkm3RuP14L8ZA6TFDO4lBZAciNIzCTnbWBR91RmB1Q&sai=AMfl-YTIawG3SqLSQ3fG4tkPHjLaLTDDrL3moXNxGFmMLDUlwQRxpgkexlH6XNNUSknd55lhatQuN4ZLL3RNg-AE-bYZR6YmDjl5FJ1WfyAwYaGxgHCkbEFyIi69laCUTIAA&sig=Cg0ArKJSzCj-iLA-GwXKEAE&cid=CAASPeRodQUUgvHoNZwtt24kz-cNbfb2-7WR2qj91MSy_T3IOf4TPKRlyZdQnTviWaAz-AcygT9TgTAAnh9gC5Q&id=ampim&o=315,1110&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=127&tls=1127&g=100&h=100&tt=1127&r=v&avms=ampa&adk=2140769806

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Dec 2020 09:37:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ixmatch.html
js-sec.indexww.com/um/ Frame CDC1 0
0 57ms
17ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://notepad.pw/dp143
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://notepad.pw/dp143

Response headers

Server: Apache
Last-Modified: Tue, 06 Oct 2020 14:04:48 GMT
ETag: "e20015-8f4-5b10114f2003a"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1136
Date: Fri, 04 Dec 2020 09:37:36 GMT
Connection: keep-alive

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 5CF7 0
0 51ms
15ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://notepad.pw/dp143
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=3609969929492844310; icu=ChgIodc0EAoYAiACKAIw2oao_gU4AkACSAIQ2oao_gUYAQ..
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://notepad.pw/dp143

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Thu, 03 Dec 2020 21:09:36 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 04 Dec 2020 09:37:36 GMT
Age: 44880
X-Served-By: cache-lga21935-LGA, cache-fra19171-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 2, 187614
X-Timer: S1607074656.437107,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame FB09 0
0 65ms
25ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://notepad.pw/dp143
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://notepad.pw/dp143

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=82050
Expires: Sat, 05 Dec 2020 08:25:06 GMT
Date: Fri, 04 Dec 2020 09:37:36 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html
js-sec.indexww.com/um/ Frame 4F00 0
0 52ms
17ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://notepad.pw/dp143
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://notepad.pw/dp143

Response headers

Server: Apache
Last-Modified: Tue, 06 Oct 2020 14:04:48 GMT
ETag: "e20015-8f4-5b10114f2003a"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1136
Date: Fri, 04 Dec 2020 09:37:36 GMT
Connection: keep-alive

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 5B3A 0
0 59ms
23ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://notepad.pw/dp143
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://notepad.pw/dp143

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=82050
Expires: Sat, 05 Dec 2020 08:25:06 GMT
Date: Fri, 04 Dec 2020 09:37:36 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 7E9E 0
0 43ms
14ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://notepad.pw/dp143
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=3609969929492844310; icu=ChgIodc0EAoYAiACKAIw2oao_gU4AkACSAIQ2oao_gUYAQ..
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://notepad.pw/dp143

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Thu, 03 Dec 2020 21:09:36 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 04 Dec 2020 09:37:36 GMT
Age: 44880
X-Served-By: cache-lga21935-LGA, cache-fra19179-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 2, 188383
X-Timer: S1607074656.437299,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame F683 0
0 13ms
12ms Document
text/html 184.24.15.122
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.10.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.15.122 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-15-122.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://notepad.pw/dp143
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: khaos=KIA2R49R-1Z-2LPL; rsid=1|AIfsdBUO++vuGxiryvY4NyLgsLINffPD0nJRTZPyMmB0r4WWOQTuL9+dZLvlgeCkRB/C4WPGUmesEFiaAnqRSjT4sl0Fg1EK+hUVPp2REB9Ko2i2DakxOMWpH+S3NzCR; audit=1|hLZGFuTafB2JMoQLGJO51kXCma7a0HRKIWkTfIU6OQBmqROVoPtx5EwVgBMfZpi94HEYI5ehIrWMOGVKCaaiLdzpQ7vzkXQ/; ses2=151312^1; vis2=151312^2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://notepad.pw/dp143

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 28 Sep 2020 17:02:39 GMT
ETag: "40295-123-5b062a240e9c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 238
Content-Type: text/html; charset=UTF-8
Date: Fri, 04 Dec 2020 09:37:36 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

204
No Content

getuids
grid.bidswitch.net/
Redirect Chain

https://x.bidswitch.net/sync?ssp=themediagrid
https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=themediagrid&bsw_user_id=e7ed248e-be34-4bb1-be4b-4eed8f24bf15
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=themediagrid&bsw_user_id=e7ed248e-be34-4bb1-be4b-4eed8f24bf15
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=49558d0b-c31c-4066-9c62-83db7352fd3a&ssp=themediagrid
https://grid.bidswitch.net/getuids?bsw_uid=e7ed248e-be34-4bb1-be4b-4eed8f24bf15&ssp_custom_data=

0
260 B

15ms
14ms

Image
text/html

18.185.195.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://grid.bidswitch.net/getuids?bsw_uid=e7ed248e-be34-4bb1-be4b-4eed8f24bf15&ssp_custom_data=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.195.81 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-195-81.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/dp143
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 04 Dec 2020 09:37:36 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Type: text/html; charset=UTF-8

Redirect headers

location: //grid.bidswitch.net/getuids?bsw_uid=e7ed248e-be34-4bb1-be4b-4eed8f24bf15&ssp_custom_data=
date: Fri, 04 Dec 2020 09:37:36 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Verdicts & Comments Add Verdict or Comment

121 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
notepad.pw/	1970-01-19 14:38:58	Name: typography Value: %7B%22sp_class%22%3A%22not-active%22%7D
notepad.pw/	1969-12-31 23:59:59	Name: fsbotchecked Value: true
notepad.pw/	1969-12-31 23:59:59	Name: adOtr Value: 66ff8f187e2
notepad.pw/	1970-01-23 06:41:45	Name: UTGv2 Value: h45f9e02bb8db11773fef4b66a9f408abe54
notepad.pw/	1970-01-19 14:24:41	Name: pad_cookie Value: 3569a069a42760fed033f4868965daa13ce59d0b
notepad.pw/	1969-12-31 23:59:59	Name: SPSI Value: 8f166f7f82e143ebf64a8bd14c75cf01
notepad.pw/	1970-01-19 14:24:34	Name: sp_lit Value: 16+2a3mk8w//xod0yR8oXA==
notepad.pw/	1970-01-19 14:24:41	Name: spcsrf Value: 177de59a36002b8ee5e66c779d9ad6d1
notepad.pw/	1969-12-31 23:59:59	Name: PRLST Value: zr
notepad.pw/	1969-12-31 23:59:59	Name: SPSE Value: vKRFwO9jwBbNkNElXR/O9B2p2+LUZe/TySkRsyQWKDQQnZzdT7kswAvUkFERW1Fg+GK7UZHXCkYzaRTIBD/yZQ==

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2010270040000 http://notepad.pw/dp143
console-api	info	URL: https://a.pub.network/core/pubfig/pubfig.engine.4.2.4.56bf9eb9ee24bc1e4d456ffa86a6ce3df3a80d41.js(Line 1) Message: %cPubfig background: #00C389; color: #fff; border-radius: 3px; padding: 3px pubfig.messaging.js - Init ========== LOADING MESSAGING ==========

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
acdn.adnxs.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
b.scorecardresearch.com
b6d84cb1ad1d06e93817394273cfc909.safeframe.googlesyndication.com
btlr.sharethrough.com
c.pub.network
cdn.ampproject.org
cdnjs.cloudflare.com
d.pub.network
edge.quantserve.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
grid.bidswitch.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
js-sec.indexww.com
live.notepad.pw
notepad.pw
pagead2.googlesyndication.com
pixel.quantserve.com
rtb.mfadsrvr.com
rules.quantcount.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
wpcc.io
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
104.111.215.135
151.101.13.108
151.139.128.11
172.217.18.162
18.185.195.81
18.185.197.81
184.24.15.122
185.33.221.91
185.64.189.112
2.16.186.80
2.18.233.180
2.18.234.21
2600:9000:2190:7e00:6:44e3:f8c0:93a1
2606:4700:20::681a:8b
2606:4700:3031::681b:8043
2606:4700::6810:135e
2620:116:800d:21:51e4:db4b:4436:b305
2a00:1450:4001:800::2002
2a00:1450:4001:803::2001
2a00:1450:4001:803::2002
2a00:1450:4001:806::2008
2a00:1450:4001:809::2002
2a00:1450:4001:80b::2001
2a00:1450:4001:816::2001
2a00:1450:4001:819::2003
2a00:1450:4001:81a::2004
2a00:1450:4001:81f::2002
2a00:1450:4001:820::200a
2a00:1450:4001:824::200e
3.124.165.65
3.126.224.165
35.188.71.214
35.226.36.58
68.183.157.211
69.173.144.141
95.101.55.60
011879c93662efaebfaf3c852ffd47882f510d56f001ac2e33d8900bce050f19
0353566e38fa07dfd4c36ad9a1b3f39ddfced2c42c1b4991c3b8f6a1e2909d36
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
119351ced3134718cb42591e513ff063cf04af7c2734b137c666ee62e137e15d
17a94233d51e84d4fd764be4eb2c26a700c045f8a1962b1b1dd9e4a315e173ac
208c4540aaa80ab25343232ab54c440742c612d26256a09b86658a5b9e742221
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b60310189012686567c541c72a40acf74adb416bdc524008822d6c7c73ccd97
2fa866f281364240678617640d2944c8927bb03588410dfec54a4a97641129e6
30d5533f9dfe57c8374c95cc8dc3e6757c9eb9e1cd08cabdef95186ac86e3ad5
31abb4dc7543fb48e537276d5681949e1cbca933d81d6bb11289e475010ea260
33c43d39018b07879a080935fd26fdeb82970bff929ee2d1ef3951a21d632f54
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3c5b6bb603a4f7556b94532674f3847b430b9495afbb3a4dcfe5ba718baa59ad
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb
55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af
560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda
5af02623e86d6d92d1b4e65626d818e9d128766d95f209e5768befc31eff4e68
5dbaab8f472717f5f659cb28deb326df6d4b858bf1025c84f366a808798c1587
60e37031ed6cd8cae3184950fa748da2db1ff29d707a44d6bdf9a107a65da23b
6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
69a5b5635e3f65d07c7acd4786ec59d4140d58540aa981b58e0b4319621bd9e8
6a168e2ddae4d655f0e9793c98406ed886956b7f54544b88a1b9d279fe8b242f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7ab526a57343f3a27ad067658458afe46d8e9747344cf5cf306b813db3f27351
7d623f3bc0dd44a1845c2240b3ac3b15184cd43f7e2c780eb4d49c53fe4d89af
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
86f10b8a6df37fef05944c8e01395dcbc3fc5acf10037a61a6a9b112a436a5d0
87d73170be9a2e277c57d324c4e05ec0ac60ed3c0191fa29e7a31133b4c4c119
888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17
914fe54e220d31af537ab3481adf22efb8473c235e6c2551fc0afa7725abed8a
91eb4e13cfeb70e591e2212e7a09de429516a0ae7788f60ac72f085b486b688b
93a0f64548acaf2e79fad6b37d00affd7a4ffaa61e2973013f7eebd1461ace85
961d3114d628bc7d034623daf66199fd5969118177b5e60c7b0af536ffbdcf81
9955de3b1def802518f4bb33129161099425c85fbc576547ab184b2528028fa6
9cd8afa5843047824bb087338b268a657f5d01548ea3f672167b9e884300a886
9e06b12def18b8c9decb80c1389ea0dd9c04fc61ef8413f57eb179e6fde63100
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a2fcf0acb4e1e87c2c9ee93722d23a4501b0788052b51bb676921ee66a5a7306
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
a7e408be0d736219246909182a438e733ff0718e17e6fac6790334b072d52ed0
a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1
a98c40f8dcd4dee33cc1321b86446a4c20640971115f77f9622f18f476416ca2
a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474
a9d43186efc1c935ce7cf6b20892273af7906f177516198e3e127c94f63ffefe
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42
bcd032770d1b3da638de25ee57e0bcbcfe212b65946b9ab5777facb1b8d3d7fb
c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e
d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b
d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
e04203e6e8cf4aeb6e54cd8f687281c4f896160bb9375782319f6a5972a2bdc2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e43bac4d99dca703217687386c12b79bd5c676b25e01a2de2561924a3460fca6
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478
e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870
ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d
ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f384c2a04c5c5badaa026a6d8d29ed6faaf4316140a030528a23a564e3776a50
f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375
fdc583e69d9c834982da703599325566db609a78140b993f028827596838fd01

notepad.pw Open in urlscan Pro 151.139.128.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

96 Requests

84 %HTTPS

47 %IPv6

25 Domains

38 Subdomains

35 IPs

5 Countries

1035 kBTransfer

2907 kBSize

10 Cookies

8 Outgoing links

Redirected requests

96 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

notepad.pw Open in urlscan Pro
151.139.128.11 Public Scan

Screenshot
Live screenshot

Full Image

96
Requests

84 %
HTTPS

47 %
IPv6

25
Domains

38
Subdomains

35
IPs

5
Countries

1035 kB
Transfer

2907 kB
Size

10
Cookies

96 HTTP transactions
2 data transactions