notepad.pw Open in urlscan Pro
151.139.128.11 Public Scan

URL:
http://notepad.pw/Roshyy
Submission: On May 16 via manual (May 16th 2020, 12:58:48 am UTC) from US

Summary HTTP 92 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 32 IPs in 5 countries across 22 domains to perform 92 HTTP transactions. The main IP is 151.139.128.11, located in Dallas, United States and belongs to HIGHWINDS3, US. The main domain is notepad.pw.

This is the only time notepad.pw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6810:85e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.198.80.134 192.198.80.134	31863 (DACEN-2) (DACEN-2)
1	2a00:1450:400... 2a00:1450:4001:825::2008	15169 (GOOGLE) (GOOGLE)
3	2606:4700:20:... 2606:4700:20::681a:8b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:820::2003	15169 (GOOGLE) (GOOGLE)
3	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE)
4	2606:4700:303... 2606:4700:3031::681b:8043	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:81e::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:81f::2002	15169 (GOOGLE) (GOOGLE)
5	172.217.22.98 172.217.22.98	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE)
2	69.173.144.140 69.173.144.140	26667 (RUBICONPR...) (RUBICONPROJECT)
4	104.16.190.66 104.16.190.66	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	185.33.220.145 185.33.220.145	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	91.228.74.183 91.228.74.183	27281 (QUANTCAST) (QUANTCAST)
1 3	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2.16.186.80 2.16.186.80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.59.41.102 52.59.41.102	16509 (AMAZON-02) (AMAZON-02)
1 2	104.111.214.103 104.111.214.103	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2600:9000:207... 2600:9000:2070:ee00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:81a::2001	15169 (GOOGLE) (GOOGLE)
1 2	91.228.74.232 91.228.74.232	27281 (QUANTCAST) (QUANTCAST)
7	2a00:1450:400... 2a00:1450:4001:81b::2001	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:81e::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:824::2002	15169 (GOOGLE) (GOOGLE)
1	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE)
2	151.101.113.108 151.101.113.108	54113 (FASTLY) (FASTLY)
1	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
92	32

9 151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

notepad.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.198.80.134 (Lenoir, United States)

ASN31863 (DACEN-2, US)

wpcc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::681a:8b (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:820::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.188.71.214 (United States)

ASN15169 (GOOGLE, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3031::681b:8043 (United States)

ASN13335 (CLOUDFLARENET, US)

live.notepad.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.22.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s18-in-f98.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.190.66 (United States)

ASN13335 (CLOUDFLARENET, US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.220.145 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.228.74.183 (United Kingdom) 1 redirects

ASN27281 (QUANTCAST, US)

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.235.93 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.80 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-186-80.deploy.static.akamaitechnologies.com

b.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.41.102 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-41-102.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.214.103 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-214-103.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2070:ee00:6:44e3:f8c0:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

73a0efc4b6d03edd7ec0e37c1129bb76.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:81a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.228.74.232 (United Kingdom) 1 redirects

ASN27281 (QUANTCAST, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:81b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.226.36.58 (United States)

ASN15169 (GOOGLE, US)
PTR: 58.36.226.35.bc.googleusercontent.com

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.230.142 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	googlesyndication.com 73a0efc4b6d03edd7ec0e37c1129bb76.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	148 KB
13	notepad.pw notepad.pw live.notepad.pw	59 KB
9	cloudflare.com cdnjs.cloudflare.com	301 KB
7	ampproject.org cdn.ampproject.org	173 KB
7	pub.network a.pub.network d.pub.network c.pub.network	263 KB
6	adnxs.com ib.adnxs.com acdn.adnxs.com	3 KB
6	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net	115 KB
4	quantserve.com 2 redirects edge.quantserve.com pixel.quantserve.com	10 KB
4	districtm.io dmx.districtm.io cdn.districtm.io	484 B
4	gstatic.com fonts.gstatic.com	50 KB
3	scorecardresearch.com 1 redirects b.scorecardresearch.com sb.scorecardresearch.com	2 KB
3	media.net 1 redirects hbx.media.net	7 KB
3	rubiconproject.com fastlane.rubiconproject.com eus.rubiconproject.com	3 KB
2	quantcount.com 1 redirects rules.quantcount.com	1 KB
2	sharethrough.com btlr.sharethrough.com	218 B
2	google-analytics.com www.google-analytics.com	18 KB
2	google.com 1 redirects adservice.google.com www.google.com	441 B
2	googletagservices.com www.googletagservices.com	42 KB
2	wpcc.io wpcc.io	5 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	google.de adservice.google.de	168 B
1	googletagmanager.com www.googletagmanager.com	32 KB
92	22

	Domain	Requested by
9	cdnjs.cloudflare.com	notepad.pw
9	notepad.pw	notepad.pw
8	tpc.googlesyndication.com	securepubads.g.doubleclick.net notepad.pw cdn.ampproject.org tpc.googlesyndication.com
7	cdn.ampproject.org	securepubads.g.doubleclick.net
5	securepubads.g.doubleclick.net	www.googletagservices.com notepad.pw
4	ib.adnxs.com	notepad.pw
4	live.notepad.pw	notepad.pw
4	fonts.gstatic.com	notepad.pw cdnjs.cloudflare.com
3	pagead2.googlesyndication.com	notepad.pw
3	hbx.media.net	1 redirects notepad.pw hbx.media.net
3	d.pub.network	notepad.pw
3	a.pub.network	notepad.pw a.pub.network
2	cdn.districtm.io	a.pub.network
2	acdn.adnxs.com	a.pub.network
2	pixel.quantserve.com	1 redirects notepad.pw
2	73a0efc4b6d03edd7ec0e37c1129bb76.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	rules.quantcount.com	1 redirects notepad.pw
2	sb.scorecardresearch.com	1 redirects notepad.pw
2	btlr.sharethrough.com	notepad.pw
2	edge.quantserve.com	1 redirects notepad.pw
2	dmx.districtm.io	notepad.pw
2	fastlane.rubiconproject.com	notepad.pw
2	www.google-analytics.com	www.googletagmanager.com notepad.pw
2	www.googletagservices.com	a.pub.network securepubads.g.doubleclick.net
2	wpcc.io	notepad.pw
2	fonts.googleapis.com	notepad.pw securepubads.g.doubleclick.net
1	eus.rubiconproject.com	a.pub.network
1	c.pub.network	notepad.pw
1	googleads.g.doubleclick.net	notepad.pw
1	www.google.com	1 redirects
1	b.scorecardresearch.com	a.pub.network
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	www.googletagmanager.com	notepad.pw
92	34

This site contains links to these domains. Also see Links.

Domain
www.internetcookies.org
notepad-static.s3.amazonaws.com
about.notepad.pw
www.facebook.com
twitter.com
reddit.com

Subject Issuer	Validity	Valid
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh
notepad.pw Sectigo RSA Domain Validation Secure Server CA	`2020-04-25` - `2020-07-24`	3 months	crt.sh
wpcc.io Let's Encrypt Authority X3	`2020-05-12` - `2020-08-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-04-28` - `2020-07-21`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-11` - `2020-10-09`	a year	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2020-03-17` - `2021-05-16`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-04-28` - `2020-07-21`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-04-28` - `2020-07-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-04-28` - `2020-07-21`	3 months	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
districtm.io CloudFlare Inc ECC CA-2	`2020-02-25` - `2020-10-09`	7 months	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
*.sharethrough.com Amazon	`2019-10-07` - `2020-11-07`	a year	crt.sh
*.scorecardresearch.com Sectigo RSA Organization Validation Secure Server CA	`2019-12-16` - `2020-12-25`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-04-28` - `2020-07-21`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-04-28` - `2020-07-21`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2020-04-13` - `2021-04-14`	a year	crt.sh

This page contains 11 frames:

Primary Page: http://notepad.pw/Roshyy
Frame ID: B1DB5317893320FA767542A79B79F036
Requests: 64 HTTP requests in this frame

Frame: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Kd
Frame ID: 23794DE8BC4401D132AFB17DF2AECF02
Requests: 3 HTTP requests in this frame

Frame: https://hbx.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C10000&gdpr=1&gdprconsent=2
Frame ID: 9F9A07ABB549F7B6CFAFE2C0C00B7708
Requests: 1 HTTP requests in this frame

Frame: https://73a0efc4b6d03edd7ec0e37c1129bb76.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 5BFE23163A1EB514F7C7A1708C271012
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js
Frame ID: 4CFD4CE7A82E23CEA57D0D5018C5D7D5
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 0EF4E90D39655609E7016EC0B567906C
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: B76D53C9777BAB77A8BB1CF7450878FC
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 9F4104481E6FFA834A4DBDC88240B6A0
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=0&gdpr_consent=
Frame ID: 706384DD13F846E26993EBB02AD2DF57
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 9C501D9C5775E3AFF80744EB58F3A07B
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: A47C8A4531B85734CFF1360E9E7FECE6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Fireblade (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /fbs/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Ionicons (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+ionicons(?:\.min)?\.css/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

Page Statistics

92
Requests

83 %
HTTPS

50 %
IPv6

22
Domains

34
Subdomains

32
IPs

5
Countries

1233 kB
Transfer

2991 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.internetcookies.org/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://notepad-static.s3.amazonaws.com/Notepad.pw+Terms+of+Use.pdf
Title: Terms

Search URL Search Domain Scan URL

URL: https://about.notepad.pw/
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://notepad.pw/share/7b3a4bzzz

Search URL Search Domain Scan URL

URL: http://twitter.com/share?text=notepad.pw&url=https://notepad.pw/share/7b3a4bzzz

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://notepad.pw/share/7b3a4bzzz&title=notepad.pw

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

http://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css

Request Chain 3

http://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Request Chain 5

http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Request Chain 6

http://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js

Request Chain 7

http://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js

Request Chain 8

http://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js

Request Chain 10

http://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js

Request Chain 11

http://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js

Request Chain 12

http://wpcc.io/lib/1.0.2/cookieconsent.min.css HTTP 307
https://wpcc.io/lib/1.0.2/cookieconsent.min.css

Request Chain 13

http://wpcc.io/lib/1.0.2/cookieconsent.min.js HTTP 307
https://wpcc.io/lib/1.0.2/cookieconsent.min.js

Request Chain 39

http://edge.quantserve.com/quant.js HTTP 301
https://edge.quantserve.com/quant.js

Request Chain 40

http://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=notepad.pw&version= HTTP 302
https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=notepad.pw&version=

Request Chain 48

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1589590695817&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20Roshyy%20%7C%20The%20napkin%20of%20the%20internet.&c7=http%3A%2F%2Fnotepad.pw%2FRoshyy&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1589590695817&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20Roshyy%20%7C%20The%20napkin%20of%20the%20internet.&c7=http%3A%2F%2Fnotepad.pw%2FRoshyy&c9=

Request Chain 52

http://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js HTTP 301
https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js

Request Chain 57

http://pixel.quantserve.com/pixel;r=988654059;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.cloud%20notepad%2Ckeywords.write%2Ckeywords.note%2Ckeywords.writing%2Ckeywords.publish%2Ckeywords.webpage%2Ckeywords.markdown%2Ctitle.notepad.pw;rf=0;a=p-UeXruRVtZz7w6;url=http%3A%2F%2Fnotepad.pw%2FRoshyy;fpan=1;fpa=P0-571374959-1589590695999;ns=0;ce=1;qjs=1;qv=f473609d-20200430082408;cm=;gdpr=0;ref=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1589590695999;tzo=-120;ogl=type.website%2Ctitle.notepad%252Epw%2Cdescription.Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!%2Curl.https%3A%2F%2Fnotepad%252Epw%2Cimage.https%3A%2F%2Fnotepad%252Epw%2Fog-icon%252Epng HTTP 301
https://pixel.quantserve.com/pixel;r=988654059;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.cloud%20notepad%2Ckeywords.write%2Ckeywords.note%2Ckeywords.writing%2Ckeywords.publish%2Ckeywords.webpage%2Ckeywords.markdown%2Ctitle.notepad.pw;rf=0;a=p-UeXruRVtZz7w6;url=http%3A%2F%2Fnotepad.pw%2FRoshyy;fpan=1;fpa=P0-571374959-1589590695999;ns=0;ce=1;qjs=1;qv=f473609d-20200430082408;cm=;gdpr=0;ref=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1589590695999;tzo=-120;ogl=type.website%2Ctitle.notepad%252Epw%2Cdescription.Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!%2Curl.https%3A%2F%2Fnotepad%252Epw%2Cimage.https%3A%2F%2Fnotepad%252Epw%2Fog-icon%252Epng

Request Chain 76

http://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

92 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set Roshyy Show response
notepad.pw/ 30 KB
13 KB 257ms
232ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 18d57230c265ec68baa45250651a8ef5fe0a7faad940dda538c2f5644a45dbbe

Request headers

Host: notepad.pw
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 16 May 2020 00:58:13 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Set-Cookie: SPSI=5097bdbe6f19c510f0750163c2c1af8b; path=/; spcsrf=960ef59515daad2d2e36fb27671396c0; path=/; SameSite=Strict; HttpOnly; expires=Sat, 16-May-20 02:58:13 GMT adOtr=obsvl; path=/; expires=Thu, 2 Aug 2001 20:47:11 UTC UTGv2=D-h4aa7f32e23a9e90fcad0d73d524caa4bf18; path=/; expires=Sun, 16-May-21 00:58:13 GMT pad_cookie=6bc3738dc74977e76570d02d800e0f8627bd8f10; expires=Sat, 16-May-2020 02:58:34 GMT; Max-Age=7200; path=/; HttpOnly sp_lit=JmMgAh7kEvvioMaFOGQ62A==; path=/; SameSite=Strict; HttpOnly; expires=Sat, 16-May-20 01:03:13 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: fbs
Access-Control-Allow-Origin: *
X-HW: 1589590693.cds240.am5.h2,1589590693.cds118.am5.sc,1589590693.cdn2-wafbe01-ams1.stackpath.systems.-.wx,1589590693.cds118.am5.p
Connection: keep-alive

GET
H/1.1 200
OK css
fonts.googleapis.com/ 5 KB
1 KB 15ms
14ms Stylesheet
text/css 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Noto+Sans:400,700

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

HTTP/1.1

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

df114392f4cbb80879196eb87028a6bcb003922a4f542cd70f2c59a83983d9f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 16 May 2020 00:58:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 16 May 2020 00:58:13 GMT
Server: ESF
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Transfer-Encoding: chunked
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
X-XSS-Protection: 0
Expires: Sat, 16 May 2020 00:58:13 GMT

GET
H/1.1 200
OK global.css
notepad.pw/content/css/ 6 KB
2 KB 214ms
207ms Stylesheet
text/css 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/content/css/global.css?229
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 2b60310189012686567c541c72a40acf74adb416bdc524008822d6c7c73ccd97

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 16 May 2020 00:58:13 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2017 03:48:05 GMT
Server: fbs
ETag: "59d1b6f5-1821"
Transfer-Encoding: chunked
X-HW: 1589590693.cds240.am5.h2,1589590693.cds078.am5.sc,1589590693.cdn2-redis02-ams1.stackpath.systems.-.wx,1589590693.cds078.am5.p
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes

GET
H2

200

normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css
https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css

2 KB
1 KB

27ms
12ms

Stylesheet
text/css

2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:13 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 21536885
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 02bc962e0b000027a2c8349200000001
served-in-seconds: 0.001
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:24:31 GMT
server: cloudflare
etag: W/"5afd4a4f-8a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 59412629aea127a2-FRA
expires: Thu, 06 May 2021 00:58:13 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css
Non-Authoritative-Reason: HSTS

GET
H2

200

ionicons.min.css
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

50 KB
7 KB

30ms
16ms

Stylesheet
text/css

2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:13 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 17084919
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 02bc962e0b000027a2c834a200000001
served-in-seconds: 0.002
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:20:52 GMT
server: cloudflare
etag: W/"5afd4974-c854"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 59412629aea227a2-FRA
expires: Thu, 06 May 2021 00:58:13 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
Non-Authoritative-Reason: HSTS

GET
H2 200 logo-dark.png
notepad.pw/content/images/ 22 KB
22 KB 351ms
318ms Image
image/png 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notepad.pw/content/images/logo-dark.png
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:13 GMT
last-modified: Thu, 30 Aug 2018 21:59:20 GMT
server: fbs
etag: "5b8868b8-57f4"
status: 200
x-hw: 1589590693.cds214.am5.hn,1589590693.cds131.am5.sc,1589590693.cdn2-redis01-ams1.stackpath.systems.-.wx,1589590693.cds131.am5.p
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 22516

GET
H2

200

jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

82 KB
28 KB

25ms
25ms

Script
application/javascript

2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:13 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 17084918
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 02bc962e20000027a2c834b200000001
served-in-seconds: 0.003
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:21:00 GMT
server: cloudflare
etag: W/"5afd497c-1499c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 59412629cea727a2-FRA
expires: Thu, 06 May 2021 00:58:13 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Non-Authoritative-Reason: HSTS

GET
H2

200

angular.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js

156 KB
53 KB

28ms
27ms

Script
application/javascript

2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:13 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 17084919
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 02bc962e40000027a2c834d200000001
served-in-seconds: 0.004
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:15:33 GMT
server: cloudflare
etag: W/"5afd4835-27130"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5941262a0eaf27a2-FRA
expires: Thu, 06 May 2021 00:58:13 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js
Non-Authoritative-Reason: HSTS

GET
H2

200

angular-cookies.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js

1 KB
839 B

13ms
12ms

Script
application/javascript

2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:14 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 3552604
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 02bc9630bc000027a2c8357200000001
served-in-seconds: 0.001
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:15:33 GMT
server: cloudflare
etag: W/"5afd4835-5a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5941262dff4427a2-FRA
expires: Thu, 06 May 2021 00:58:14 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js
Non-Authoritative-Reason: HSTS

GET
H2

200

socket.io.min.js Show response
cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js
https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js

68 KB
21 KB

15ms
14ms

Script
application/javascript

2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:14 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 23117706
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 02bc9630bd000027a2c8358200000001
served-in-seconds: 0.003
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:26:47 GMT
server: cloudflare
etag: W/"5afd4ad7-10ec3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5941262dff4527a2-FRA
expires: Thu, 06 May 2021 00:58:14 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK app.min.js Show response
notepad.pw/content/js/ 8 KB
3 KB 201ms
199ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/content/js/app.min.js?366
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 16 May 2020 00:58:13 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Aug 2018 22:33:49 GMT
Server: fbs
ETag: "5b8870cd-2089"
Transfer-Encoding: chunked
X-HW: 1589590693.cds240.am5.h2,1589590693.cds113.am5.sc,1589590693.cdn2-wafbe01-ams1.stackpath.systems.-.wx,1589590693.cds113.am5.p
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes

GET
H2

200

store.min.js Show response
cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js
https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js

3 KB
1 KB

12ms
11ms

Script
application/javascript

2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:14 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 8527006
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 02bc9630bd000027a2c8359200000001
served-in-seconds: 0.001
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:26:51 GMT
server: cloudflare
etag: W/"5afd4adb-a35"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5941262dff4627a2-FRA
expires: Thu, 06 May 2021 00:58:14 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js
Non-Authoritative-Reason: HSTS

GET
H2

200

clipboard.min.js Show response
cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js
https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js

11 KB
3 KB

17ms
16ms

Script
application/javascript

2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:14 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 17084918
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 02bc9630bd000027a2c835a200000001
served-in-seconds: 0.001
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:18:33 GMT
server: cloudflare
etag: W/"5afd48e9-2aa5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5941262dff4727a2-FRA
expires: Thu, 06 May 2021 00:58:14 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js
Non-Authoritative-Reason: HSTS

GET
H2

200

cookieconsent.min.css
wpcc.io/lib/1.0.2/
Redirect Chain

http://wpcc.io/lib/1.0.2/cookieconsent.min.css
https://wpcc.io/lib/1.0.2/cookieconsent.min.css

4 KB
1 KB

385ms
119ms

Stylesheet
text/css

192.198.80.134
DACEN-2

General

Check archive.org

Show headers Download Go to

Full URL

https://wpcc.io/lib/1.0.2/cookieconsent.min.css

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.198.80.134 Lenoir, United States, ASN31863 (DACEN-2, US),

Reverse DNS

Software

Apache/2 /

Resource Hash

119351ced3134718cb42591e513ff063cf04af7c2734b137c666ee62e137e15d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding,User-Agent
content-length: 1119
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 05 Apr 2019 15:44:29 GMT
server: Apache/2
x-frame-options: SAMEORIGIN
etag: "fbe-585ca5cb7f140-gzip"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
expires: Mon, 15 Jun 2020 00:58:14 GMT

Redirect headers

Location: https://wpcc.io/lib/1.0.2/cookieconsent.min.css
Non-Authoritative-Reason: HSTS

GET
H2

200

cookieconsent.min.js Show response
wpcc.io/lib/1.0.2/
Redirect Chain

http://wpcc.io/lib/1.0.2/cookieconsent.min.js
https://wpcc.io/lib/1.0.2/cookieconsent.min.js

9 KB
3 KB

367ms
120ms

Script
application/javascript

192.198.80.134
DACEN-2

General

Check archive.org

Show headers Download Go to

Full URL

https://wpcc.io/lib/1.0.2/cookieconsent.min.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.198.80.134 Lenoir, United States, ASN31863 (DACEN-2, US),

Reverse DNS

Software

Apache/2 /

Resource Hash

7870dceaf72f9d91b2790eadc462ec110e11be8f265d9394e6f7430d11d05cfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding,User-Agent
content-length: 3237
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 May 2019 13:31:59 GMT
server: Apache/2
x-frame-options: SAMEORIGIN
etag: "228a-587d38abc51c0-gzip"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Mon, 15 Jun 2020 00:58:14 GMT

Redirect headers

Location: https://wpcc.io/lib/1.0.2/cookieconsent.min.js
Non-Authoritative-Reason: HSTS

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 82 KB
32 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:825::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-153530698-1

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d64fe6c14f0689f644ef7479be8363b951e6876a0166a5b8c0eb88f241f403e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:13 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33118
x-xss-protection: 0
last-modified: Sat, 16 May 2020 00:02:39 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 16 May 2020 00:58:13 GMT

GET
H2 200 pubfig.min.js Show response
a.pub.network/notepad-pw/ 268 KB
74 KB 77ms
51ms Script
application/javascript 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/notepad-pw/pubfig.min.js
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f1e20a032a468fd8f3a38082172f4b7dd43edf9c95d17c23f68836857ca14a0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:13 GMT
content-encoding: br
cf-cache-status: HIT
x-guploader-uploadid: AAANsUlkwzlAIgRL1o-E37OOxO6Z1s7cCasm7hCiMe1gbIWfj7ue_PdictQ8yVJdTOkx2d_OBglP-hwBag39S8Hjkw
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
cf-request-id: 02bc962ef10000dfd7d58a8200000001
last-modified: Fri, 15 May 2020 17:25:43 GMT
server: cloudflare
etag: W/"cd1f9fe4064f6443cfa5c4a83ea06c37"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=LJohJA==, md5=zR+f5AZPZEPPpcSoPqBsNw==
x-goog-generation: 1589563543505671
cache-control: public, max-age=1800
x-goog-stored-content-length: 274140
cf-ray: 5941262b1f4edfd7-FRA
expires: Fri, 15 May 2020 17:30:05 GMT

GET
H/1.1 200
OK / Show response
notepad.pw/sbbi/ Frame 2379 25 KB
11 KB 29ms
28ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Kd&sbbgs=h4aa7f32e23a9e90fcad0d73d524caa4bf18&ddl=1
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 0bf33969c018b842f2794e85f5f3714ad2ced42b3b614be4aa1ad781efd24406

Request headers

Host: notepad.pw
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://notepad.pw/Roshyy
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: SPSI=5097bdbe6f19c510f0750163c2c1af8b; spcsrf=960ef59515daad2d2e36fb27671396c0; pad_cookie=6bc3738dc74977e76570d02d800e0f8627bd8f10; sp_lit=JmMgAh7kEvvioMaFOGQ62A==; PRLST=Kd; UTGv2=h4aa7f32e23a9e90fcad0d73d524caa4bf18
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://notepad.pw/Roshyy

Response headers

Date: Sat, 16 May 2020 00:58:14 GMT
Cache-Control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Server: fbs
X-Accel-Expires: 0
Access-Control-Allow-Origin: *
X-HW: 1589590694.cds240.am5.h2,1589590694.cds147.am5.sc,1589590694.cdn2-wafbe04-ams1.stackpath.systems.-.i,1589590694.cds147.am5.p
Connection: keep-alive

GET
H/1.1 200
OK /
notepad.pw/sbbi/ 43 B
497 B 29ms
28ms Image
image/gif 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://notepad.pw/sbbi/?sbbpg=utMedia&vii=5h049a7ab7dfb3e26ef2139ac95e1900ff0c7a5d001d6733cd25c214acfa8ab4ibifo1h8
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Accel-Expires: 0
Date: Sat, 16 May 2020 00:58:14 GMT
Server: fbs
Transfer-Encoding: chunked
X-HW: 1589590694.cds220.am5.h2,1589590694.cds240.am5.sc,1589590694.cdn2-wafbe04-ams1.stackpath.systems.-.i,1589590694.cds240.am5.p
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
Connection: keep-alive

GET
H2 200 ionicons.ttf
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ 184 KB
185 KB 25ms
12ms Font
application/octet-stream 2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.0

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
Origin: http://notepad.pw

Response headers

date: Sat, 16 May 2020 00:58:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 3552625
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 188508
cf-request-id: 02bc9630970000c29fe6bb4200000001
served-in-seconds: 0.000
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:20:05 GMT
server: cloudflare
etag: "5afd4945-2e05c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5941262dbd70c29f-FRA
expires: Thu, 06 May 2021 00:58:14 GMT

GET
H/1.1 200
OK o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
fonts.gstatic.com/s/notosans/v9/ 10 KB
10 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/notosans/v9/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

HTTP/1.1

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://fonts.googleapis.com/css?family=Noto+Sans:400,700
Origin: http://notepad.pw

Response headers

Date: Thu, 14 May 2020 20:59:41 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 22 Jul 2019 19:20:41 GMT
Server: sffe
Age: 100713
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 10292
X-XSS-Protection: 0
Expires: Fri, 14 May 2021 20:59:41 GMT

GET
H/1.1 200
OK cookie Show response
d.pub.network/ 36 B
457 B 485ms
119ms XHR
text/plain 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/cookie
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 11f9f05a7eb0b33277de8ed7643453cd59f1781ee6bb0ffd4352505cbaf96b3f

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: http://notepad.pw
Date: Sat, 16 May 2020 00:58:14 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ 47 KB
15 KB 23ms
15ms Script
text/javascript 2a00:1450:4001:81b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

287e4aafcddfbfc8b2d0ce0f1a541abf423f973cf33a6008d713ccbbabfcabbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 16 May 2020 00:58:14 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "517 / 312 of 1000 / last-modified: 1589574121"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Timing-Allow-Origin: *
Content-Length: 14772
X-XSS-Protection: 0
Expires: Sat, 16 May 2020 00:58:14 GMT

GET
H/1.1 200
OK prebid-analytics-3.11.0.js Show response
a.pub.network/core/ 364 KB
114 KB 19ms
13ms Script
text/html 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://a.pub.network/core/prebid-analytics-3.11.0.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js
Protocol: HTTP/1.1
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23aca4890fe8b2728dcab78ee9f3b9614cd6cdb0dab2b785d2f8d2d666247cac

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 16 May 2020 00:58:14 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 26948
X-GUploader-UploadID: AAANsUnbl0Y02tvFHtmGUAdJKVlzRzIbNUTKv3WM94Wiq2xM3KNrFz9sIQ8sDvL-_O5Ru7JDmwlndXO17azzgp-RQg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
Connection: keep-alive
Content-Type: text/html
cf-request-id: 02bc963227000005d03a2cf200000001
Last-Modified: Thu, 12 Mar 2020 16:03:13 GMT
Server: cloudflare
ETag: W/"3785cc9e3486f36808de85f9e8e779bc"
Vary: Accept-Encoding
x-goog-hash: crc32c=jXxawA==, md5=N4XMnjSG82gI3oX56Od5vA==
Content-Language: en
x-goog-generation: 1584028993632199
Cache-Control: private, max-age=86400
Transfer-Encoding: chunked
x-goog-stored-content-length: 372446
CF-RAY: 594126303e8d05d0-FRA
Expires: Sat, 15 May 2021 17:29:06 GMT

GET
H/1.1 200
OK location Show response
d.pub.network/ 50 B
482 B 476ms
116ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/location
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: db9503febe37403ac701d3482cc35bbb66a23dd6ebaed5d15cb69254f8a81817

Request headers

Accept: application/json, text/plain, */*
Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: http://notepad.pw
Date: Sat, 16 May 2020 00:58:14 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1 200
OK Roshyy Show response
notepad.pw/fetch/ 4 KB
2 KB 244ms
243ms XHR
text/plain 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/fetch/Roshyy?_=1589590694065
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 5db6ba861be116f944148baa666a7e261bbca64a1aa6b0a8e6f2597a158e2da4

Request headers

X-MOD-SBB-CTYPE: xhr
Accept: */*
Referer: http://notepad.pw/Roshyy
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 16 May 2020 00:58:15 GMT
Content-Encoding: gzip
Server: fbs
Transfer-Encoding: chunked
X-HW: 1589590695.cds240.am5.h2,1589590695.cds154.am5.sc,1589590695.cdn2-wafbe03-ams1.stackpath.systems.-.wx,1589590695.cds154.am5.p
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 101 B
517 B 397ms
365ms XHR
application/octet-stream 2606:4700:3031::681b:8043
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=N8Q_Hnl
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:8043 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ade0aee02c88e0cafe77a4dfdf63c5de238b291ff78620f90f5c7d64eb876ad1

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:15 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/octet-stream
access-control-allow-origin: http://notepad.pw
access-control-allow-credentials: true
cf-ray: 5941263419eac295-FRA
content-length: 101
cf-request-id: 02bc9634930000c29524927200000001

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
168 B 15ms
14ms Script
application/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=notepad.pw

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 May 2020 00:58:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
168 B 16ms
15ms Script
application/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=notepad.pw

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 May 2020 00:58:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2020050602.js Show response
securepubads.g.doubleclick.net/gpt/ 243 KB
88 KB 99ms
58ms Script
text/javascript 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s18-in-f98.1e100.net

Software

sffe /

Resource Hash

c4b5c1f949f059e3abb05ddcb7cc9944f8c16811e0eb1db9003bc5f8a4eb0634

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 06 May 2020 17:23:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89224
x-xss-protection: 0
expires: Sat, 16 May 2020 00:58:15 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-153530698-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 116
date: Sat, 16 May 2020 00:56:19 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18433
expires: Sat, 16 May 2020 02:56:19 GMT

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 5 B
88 B 315ms
315ms XHR
application/octet-stream 2606:4700:3031::681b:8043
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=N8Q_Hvq&sid=OnKrl8Jdj-j7ryPrANPQ
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:8043 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:15 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/octet-stream
access-control-allow-origin: http://notepad.pw
access-control-allow-credentials: true
cf-ray: 594126372eaec295-FRA
content-length: 5
cf-request-id: 02bc9636760000c2952493a200000001

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
98 B 13ms
13ms Image
image/gif 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=620836251&t=pageview&_s=1&dl=http%3A%2F%2Fnotepad.pw%2FRoshyy&ul=en-us&de=UTF-8&dt=notepad.pw%20%2F%20Roshyy%20%7C%20The%20napkin%20of%20the%20internet.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1239795259&gjid=1840224770&cid=494014838.1589590696&tid=UA-153530698-1&_gid=1977641263.1589590696&_r=1&gtm=2ou561&z=1765138965

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 May 2020 00:58:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK / Show response
notepad.pw/sbbi/ Frame 2379 516 B
828 B 22ms
22ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Kd&sbbgs=h4aa7f32e23a9e90fcad0d73d524caa4bf18&ddl=1
Requested by: Host: notepad.pw
URL: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Kd&sbbgs=h4aa7f32e23a9e90fcad0d73d524caa4bf18&ddl=1
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b

Request headers

Host: notepad.pw
Connection: keep-alive
Content-Length: 650
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Origin: http://notepad.pw
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Kd&sbbgs=h4aa7f32e23a9e90fcad0d73d524caa4bf18&ddl=1
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: SPSI=5097bdbe6f19c510f0750163c2c1af8b; spcsrf=960ef59515daad2d2e36fb27671396c0; pad_cookie=6bc3738dc74977e76570d02d800e0f8627bd8f10; sp_lit=JmMgAh7kEvvioMaFOGQ62A==; PRLST=Kd; UTGv2=h4aa7f32e23a9e90fcad0d73d524caa4bf18; adOtr=b70d5e96b1f; fsbotchecked=true; _fssid=f07600c3-ecbc-47da-9fed-994e4dfcbcee; fssts=false; typography=%7B%22sp_class%22%3A%22not-active%22%7D; _fsuid=47d86dd0-30c5-4492-8c22-6357d790afaf; _fsloc=?i=NL&c=Utrecht; __cfduid=dbf355ed2699a8dcfa27907aad8b9f6d31589590695; _ga=GA1.2.494014838.1589590696; _gid=GA1.2.1977641263.1589590696; _gat_gtag_UA_153530698_1=1
Upgrade-Insecure-Requests: 1
Origin: http://notepad.pw
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Kd&sbbgs=h4aa7f32e23a9e90fcad0d73d524caa4bf18&ddl=1

Response headers

Date: Sat, 16 May 2020 00:58:15 GMT
Cache-Control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Server: fbs
X-Accel-Expires: 0
Access-Control-Allow-Origin: *
X-HW: 1589590695.cds240.am5.h2,1589590695.cds228.am5.sc,1589590695.cdn2-wafbe01-ams1.stackpath.systems.-.i,1589590695.cds228.am5.p
Connection: keep-alive

GET
H/1.1 200
OK v2 Show response
d.pub.network/floors/ 1 KB
2 KB 121ms
120ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/floors/v2?key=1413desktop
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: fdf62e709e875546a2bc38f62cbf52f19892de6ecfefd769e881ca1270326951

Request headers

Accept: application/json, text/plain, */*
Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: http://notepad.pw
Date: Sat, 16 May 2020 00:58:15 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1 200
OK / Show response
notepad.pw/sbbi/ Frame 2379 7 KB
3 KB 32ms
31ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Kd
Requested by: Host: notepad.pw
URL: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Kd&sbbgs=h4aa7f32e23a9e90fcad0d73d524caa4bf18&ddl=1
Protocol: HTTP/1.1
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: e81197721c35073d5b2f00ad285eda5e74d7ddcdc591890271821d35b9347769

Request headers

Host: notepad.pw
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Kd&sbbgs=h4aa7f32e23a9e90fcad0d73d524caa4bf18&ddl=1
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: SPSI=5097bdbe6f19c510f0750163c2c1af8b; spcsrf=960ef59515daad2d2e36fb27671396c0; pad_cookie=6bc3738dc74977e76570d02d800e0f8627bd8f10; sp_lit=JmMgAh7kEvvioMaFOGQ62A==; PRLST=Kd; UTGv2=h4aa7f32e23a9e90fcad0d73d524caa4bf18; adOtr=b70d5e96b1f; fsbotchecked=true; _fssid=f07600c3-ecbc-47da-9fed-994e4dfcbcee; fssts=false; typography=%7B%22sp_class%22%3A%22not-active%22%7D; _fsuid=47d86dd0-30c5-4492-8c22-6357d790afaf; _fsloc=?i=NL&c=Utrecht; __cfduid=dbf355ed2699a8dcfa27907aad8b9f6d31589590695; _ga=GA1.2.494014838.1589590696; _gid=GA1.2.1977641263.1589590696; _gat_gtag_UA_153530698_1=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Kd&sbbgs=h4aa7f32e23a9e90fcad0d73d524caa4bf18&ddl=1

Response headers

Date: Sat, 16 May 2020 00:58:15 GMT
Cache-Control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Server: fbs
X-Accel-Expires: 0
Access-Control-Allow-Origin: *
X-HW: 1589590695.cds240.am5.h2,1589590695.cds137.am5.sc,1589590695.cdn2-wafbe02-ams1.stackpath.systems.-.i,1589590695.cds137.am5.p
Connection: keep-alive

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 260 B
2 KB 177ms
91ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1498292&size_id=2&alt_size_ids=55%2C221&gdpr=0&rp_schain=1.0,1!freestar.io,1413,1,,,&rf=http%3A%2F%2Fnotepad.pw%2FRoshyy&tk_flint=pbjs_lite_v3.11.0&x_source.tid=fd655d1c-7db0-4332-83af-6cbd6d5ad43a&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.46329901470891866
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 5020288a85b55fbaea00a9746f281ca8cb8c7a924c43480d006cc60b4c14f0e8

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 16 May 2020 00:58:15 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=463
Content-Length: 260
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
422 B 52ms
18ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 16 May 2020 00:58:15 GMT
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: http://notepad.pw
access-control-allow-credentials: true
cf-ray: 59412638dbf40b33-AMS
access-control-allow-headers: Content-Type, Origin
cf-request-id: 02bc96378200000b3373844200000001

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
706 B 45ms
15ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 16 May 2020 00:58:17 GMT
X-Proxy-Origin: 185.217.171.12; 185.217.171.12; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.40:80
AN-X-Request-Uuid: 819e5d78-ee7b-4640-9db9-b33a0306d614
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
707 B 45ms
15ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 16 May 2020 00:58:17 GMT
X-Proxy-Origin: 185.217.171.12; 185.217.171.12; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.102:80
AN-X-Request-Uuid: 8454744b-fa27-4780-834f-f26b286b7331
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

quant.js Show response
edge.quantserve.com/
Redirect Chain

http://edge.quantserve.com/quant.js
https://edge.quantserve.com/quant.js

21 KB
8 KB

89ms
22ms

Script
application/x-javascript

91.228.74.183
QUANTCAST

General

Check archive.org

Show headers Download Go to

Full URL

https://edge.quantserve.com/quant.js

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.183 , United Kingdom, ASN27281 (QUANTCAST, US),

Reverse DNS

Software

QS /

Resource Hash

b68b4d1e6d63eabb8a4f663f7755454028aa22d9a0edc88d5b77c58e932d7fa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 16 May 2020 00:58:15 GMT
Content-Encoding: gzip
Last-Modified: Sat, 16-May-2020 00:58:15 GMT
Server: QS
Etag: M0-004a9efe
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Strict-Transport-Security: max-age=86400
Content-Length: 8025
Expires: Sat, 23 May 2020 00:58:15 GMT

Redirect headers

Location: https://edge.quantserve.com/quant.js
Date: Sat, 16 May 2020 00:58:15 GMT
Cache-Control: private, no-transform, max-age=86400
Server: QS
Connection: keep-alive
Content-Length: 0
Expires: Sun, 17 May 2020 00:58:15 GMT

GET
H2

200

bxl.js Show response
hbx.media.net/
Redirect Chain

http://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=notepad.pw&version=
https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=notepad.pw&version=

16 KB
7 KB

69ms
27ms

Script
text/javascript

2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=notepad.pw&version=

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ac3ece04df404ed05fe8c0a4357adce0a40a5b0d8bb931056d614a1696bdb342

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Sat, 16 May 2020 00:58:15 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=86400
content-length: 6649
x-mnet-hl2: E
expires: Sun, 17 May 2020 00:58:15 GMT

Redirect headers

Location: https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=notepad.pw&version=
Date: Sat, 16 May 2020 00:58:15 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=604800

GET
H/1.1 200
OK beacon.js Show response
b.scorecardresearch.com/ 1 KB
1 KB 41ms
27ms Script
application/x-javascript 2.16.186.80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://b.scorecardresearch.com/beacon.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js
Protocol: HTTP/1.1
Server: 2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-16-186-80.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 16 May 2020 00:58:15 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Sun, 17 May 2020 00:58:15 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
707 B 43ms
15ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 16 May 2020 00:58:17 GMT
X-Proxy-Origin: 185.217.171.12; 185.217.171.12; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.151:80
AN-X-Request-Uuid: 4b21cc9b-d4d1-43c5-96f0-ab0d1b2f9bac
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
109 B 80ms
25ms XHR
text/plain 52.59.41.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=20b0b7b5dd754dc&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.11.0&strVersion=3.2.1&secure=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.41.102 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-59-41-102.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Sat, 16 May 2020 00:58:15 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://notepad.pw
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
109 B 81ms
26ms XHR
text/plain 52.59.41.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=2180b7c5cd55fa5&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.11.0&strVersion=3.2.1&secure=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%221413%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.41.102 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-59-41-102.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Sat, 16 May 2020 00:58:15 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://notepad.pw
vary: Origin

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
62 B 42ms
21ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 16 May 2020 00:58:15 GMT
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: http://notepad.pw
access-control-allow-credentials: true
cf-ray: 59412638dbf50b33-AMS
access-control-allow-headers: Content-Type, Origin
cf-request-id: 02bc96378200000b3373845200000001

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
707 B 49ms
21ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 16 May 2020 00:58:17 GMT
X-Proxy-Origin: 185.217.171.12; 185.217.171.12; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.235:80
AN-X-Request-Uuid: 140572cb-4d3a-4acd-8dbf-11b91faad1cc
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 262 B
2 KB 168ms
94ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1498292&size_id=2&alt_size_ids=1%2C55&gdpr=0&rp_schain=1.0,1!freestar.io,1413,1,,,&rf=http%3A%2F%2Fnotepad.pw%2FRoshyy&tk_flint=pbjs_lite_v3.11.0&x_source.tid=254d00d7-6380-49f2-8c26-519729433a81&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.0925798765654946
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 6b0113ff761e037d38002b2fcffe26106af432cf2267b6e43314bc8f691623fd

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 16 May 2020 00:58:15 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: http://notepad.pw
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=466
Content-Length: 262
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1589590695817&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20Roshyy%20%7C%20The%20napkin%20of%20the%20internet.&c7=http%3A%2F%2Fnotepad....
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1589590695817&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20Roshyy%20%7C%20The%20napkin%20of%20the%20internet.&c7=http%3A%2F%2Fnotepad...

0
248 B

38ms
38ms

Image
text/plain

104.111.214.103
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1589590695817&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20Roshyy%20%7C%20The%20napkin%20of%20the%20internet.&c7=http%3A%2F%2Fnotepad.pw%2FRoshyy&c9=
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.214.103 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-214-103.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 16 May 2020 00:58:15 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1589590695817&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%20Roshyy%20%7C%20The%20napkin%20of%20the%20internet.&c7=http%3A%2F%2Fnotepad.pw%2FRoshyy&c9=
Pragma: no-cache
Date: Sat, 16 May 2020 00:58:15 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
live.notepad.pw/socket.io/ 2 B
121 B 330ms
329ms XHR
text/html 2606:4700:3031::681b:8043
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=N8Q_H-n&sid=OnKrl8Jdj-j7ryPrANPQ
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:8043 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

cf-ray: 594126391992c295-FRA
date: Sat, 16 May 2020 00:58:16 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: text/html
access-control-allow-origin: http://notepad.pw
access-control-allow-credentials: true
content-encoding: br
cf-request-id: 02bc9637b30000c29524954200000001

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 4 B
87 B 386ms
386ms XHR
application/octet-stream 2606:4700:3031::681b:8043
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=N8Q_H-o&sid=OnKrl8Jdj-j7ryPrANPQ
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:8043 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:16 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/octet-stream
access-control-allow-origin: http://notepad.pw
access-control-allow-credentials: true
cf-ray: 594126391993c295-FRA
content-length: 4
cf-request-id: 02bc9637b30000c29524955200000001

GET
H2 200 checksync.php
hbx.media.net/ Frame 9F9A 0
0 33ms
32ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C10000&gdpr=1&gdprconsent=2

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=notepad.pw&version=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: hbx.media.net
:scheme: https
:path: /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C10000&gdpr=1&gdprconsent=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://notepad.pw/Roshyy
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://notepad.pw/Roshyy

Response headers

status: 200
server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Tue, 17 Nov 2020 00:58:15 GMT; domain=.media.net; Path=/; sameSite=none; secure=true visitor-id=2325922955006056000V10; Expires=Sun, 16 May 2021 00:58:15 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=23447
expires: Sat, 16 May 2020 07:29:02 GMT
date: Sat, 16 May 2020 00:58:15 GMT
content-length: 6796

GET
H2

200

rules-p-UeXruRVtZz7w6.js Show response
rules.quantcount.com/
Redirect Chain

http://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js

2 KB
1 KB

44ms
14ms

Script
application/x-javascript

2600:9000:2070:ee00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2070:ee00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:21:04 GMT
content-encoding: gzip
last-modified: Thu, 07 Dec 2017 17:06:25 GMT
server: AmazonS3
age: 2674
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: HAM50-C3
x-amz-cf-id: jIWPhg5jxpc1bl6zjS6DaEg79cN_v_yAXeT6ODranXmqqsrux7R7wA==
via: 1.1 cf515c02569c487b713286bcf353f909.cloudfront.net (CloudFront)

Redirect headers

Date: Sat, 16 May 2020 00:58:15 GMT
Via: 1.1 2b782f5f082f9e98adf8c50f24b6bb6d.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: HAM50-C3
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Connection: keep-alive
Content-Length: 183
X-Amz-Cf-Id: ONYOAMMLiWrZjoSx5FNWcczL5sWXtCSLWGQDROg9N8tqVdot2ridXw==

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 55 KB
15 KB 313ms
313ms XHR
text/plain 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=861976028164423&correlator=1424528966849735&output=ldjh&impl=fifs&adsid=NT&eid=21066185&vrg=2020050602&guci=1.2.0.0.2.2.0.0&sc=0&sfv=1-0-37&ecs=20200516&iu_parts=15184186%2Cnotepad_970x90_728x90_320x50_Sticky&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1%7C728x90%7C970x90&prev_scp=fsbid%3D0&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=23&abxe=1&lmt=1589590695&dt=1589590695962&dlt=1589590693368&idt=2327&frm=20&biw=1600&bih=1200&oid=3&adxs=800&adys=1199&adks=2140769806&ucis=1&ifi=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fnotepad.pw%2FRoshyy&dssz=30&icsg=145228544&std=0&vis=1&scr_x=0&scr_y=0&psz=1600x-1&msz=1600x-1&ga_vid=494014838.1589590696&ga_sid=1589590696&ga_hid=620836251&fws=512&ohw=0

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s18-in-f98.1e100.net

Software

cafe /

Resource Hash

976c2f01198f478b5ae3690a7288aa4ba2cf27f65051fbd90865dd82f764fdd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15115
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://notepad.pw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
73a0efc4b6d03edd7ec0e37c1129bb76.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 74ms
39ms Other
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://73a0efc4b6d03edd7ec0e37c1129bb76.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 6ms
6ms Other
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 56 KB
12 KB 508ms
508ms XHR
text/plain 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=861976028164423&correlator=1424528966849735&output=ldjh&impl=fifs&adsid=NT&eid=21066185&vrg=2020050602&guci=1.2.0.0.2.2.0.0&sc=0&sfv=1-0-37&ecs=20200516&iu_parts=15184186%2Cnotepad_970x90_728x90_320x50_320x100_ATF&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60%7C728x90%7C970x90&prev_scp=fsbid%3D0&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=23&abxe=1&lmt=1589590695&dt=1589590695990&dlt=1589590693368&idt=2327&frm=20&biw=1600&bih=1200&oid=3&adxs=566&adys=5&adks=338981424&ucis=2&ifi=2&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fnotepad.pw%2FRoshyy&dssz=30&icsg=145228544&std=0&vis=1&scr_x=0&scr_y=0&psz=1600x42&msz=1600x70&ga_vid=494014838.1589590696&ga_sid=1589590696&ga_hid=620836251&fws=0&ohw=0

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s18-in-f98.1e100.net

Software

cafe /

Resource Hash

c9bc5040e3a79b985ed63586f673e16187baac7dac4b8ba69f44a6240b0a4134

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12203
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://notepad.pw
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

pixel;r=988654059;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.clou...
pixel.quantserve.com/
Redirect Chain

http://pixel.quantserve.com/pixel;r=988654059;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.onli...
https://pixel.quantserve.com/pixel;r=988654059;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.onl...

35 B
658 B

86ms
22ms

Image
image/gif

91.228.74.232
QUANTCAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=988654059;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.cloud%20notepad%2Ckeywords.write%2Ckeywords.note%2Ckeywords.writing%2Ckeywords.publish%2Ckeywords.webpage%2Ckeywords.markdown%2Ctitle.notepad.pw;rf=0;a=p-UeXruRVtZz7w6;url=http%3A%2F%2Fnotepad.pw%2FRoshyy;fpan=1;fpa=P0-571374959-1589590695999;ns=0;ce=1;qjs=1;qv=f473609d-20200430082408;cm=;gdpr=0;ref=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1589590695999;tzo=-120;ogl=type.website%2Ctitle.notepad%252Epw%2Cdescription.Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!%2Curl.https%3A%2F%2Fnotepad%252Epw%2Cimage.https%3A%2F%2Fnotepad%252Epw%2Fog-icon%252Epng

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.232 , United Kingdom, ASN27281 (QUANTCAST, US),

Reverse DNS

Software

QS /

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 16 May 2020 00:58:16 GMT
Server: QS
Strict-Transport-Security: max-age=86400
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

Location: https://pixel.quantserve.com/pixel;r=988654059;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.cloud%20notepad%2Ckeywords.write%2Ckeywords.note%2Ckeywords.writing%2Ckeywords.publish%2Ckeywords.webpage%2Ckeywords.markdown%2Ctitle.notepad.pw;rf=0;a=p-UeXruRVtZz7w6;url=http%3A%2F%2Fnotepad.pw%2FRoshyy;fpan=1;fpa=P0-571374959-1589590695999;ns=0;ce=1;qjs=1;qv=f473609d-20200430082408;cm=;gdpr=0;ref=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1589590695999;tzo=-120;ogl=type.website%2Ctitle.notepad%252Epw%2Cdescription.Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!%2Curl.https%3A%2F%2Fnotepad%252Epw%2Cimage.https%3A%2F%2Fnotepad%252Epw%2Fog-icon%252Epng
Date: Sat, 16 May 2020 00:58:16 GMT
Cache-Control: private, no-transform, max-age=86400
Server: QS
Connection: keep-alive
Content-Length: 0
Expires: Sun, 17 May 2020 00:58:16 GMT

GET
H2 200 container.html
73a0efc4b6d03edd7ec0e37c1129bb76.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 5BFE 0
0 7ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://73a0efc4b6d03edd7ec0e37c1129bb76.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 73a0efc4b6d03edd7ec0e37c1129bb76.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://notepad.pw/Roshyy
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://notepad.pw/Roshyy

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 2973
date: Sat, 16 May 2020 00:58:16 GMT
expires: Sun, 16 May 2021 00:58:16 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7defd63fadb32e56f1c2ac0d85b6fe527a5d6e739cb085eed1d3df2cc19710

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 16 May 2020 00:58:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1589543025455122"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27726
x-xss-protection: 0
expires: Sat, 16 May 2020 00:58:16 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012005012256000/ Frame 4CFD 204 KB
57 KB 43ms
6ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2b891e379840927eaf16ac1147b0e270c409d7a9e2655dd866a175b996dea9c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://notepad.pw/
Origin: http://notepad.pw

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 35048
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57019
x-xss-protection: 0
server: sffe
date: Fri, 15 May 2020 15:14:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bf14143de8659308"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 May 2021 15:14:08 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012005012256000/ Frame 4CFD 204 KB
57 KB 42ms
6ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2b891e379840927eaf16ac1147b0e270c409d7a9e2655dd866a175b996dea9c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 35048
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57019
x-xss-protection: 0
server: sffe
date: Fri, 15 May 2020 15:14:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bf14143de8659308"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 May 2021 15:14:08 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012005012256000/v0/ Frame 4CFD 16 KB
6 KB 55ms
18ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6911cdf8bbf72eff1b6ae5fa039c42f4ca431e578f4f657dd29c55a65f85fd22

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 5672
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5877
x-xss-protection: 0
server: sffe
date: Fri, 15 May 2020 23:23:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cf1fef681ae7494f"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 May 2021 23:23:44 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012005012256000/v0/ Frame 4CFD 98 KB
30 KB 51ms
15ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd0c4ff5bc4e85bcd1ff717afc9d15b8274efe8e644542489bc31fae0346541b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 35098
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30100
x-xss-protection: 0
server: sffe
date: Fri, 15 May 2020 15:13:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "023298bf906f9a2c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 May 2021 15:13:18 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012005012256000/v0/ Frame 4CFD 4 KB
2 KB 51ms
14ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f9ff4042daa13aa0766bc4854140f7a2942e4deae37d352a617b95000fa54ba

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 66712
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1637
x-xss-protection: 0
server: sffe
date: Fri, 15 May 2020 06:26:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "eed6b15e1dd2165d"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 May 2021 06:26:24 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012005012256000/v0/ Frame 4CFD 48 KB
15 KB 55ms
19ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2c5d4e6a74355f147e25b3ced1d4a66288eab711d0bd3d449ef056fa777c184

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 66720
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15361
x-xss-protection: 0
server: sffe
date: Fri, 15 May 2020 06:26:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d0b45204c403cb94"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 May 2021 06:26:16 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 4CFD 4 KB
675 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

02fec5849f8ab7bceb4450d167f382e9079bd3a5d0f33a00942869641811ab3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 16 May 2020 00:58:16 GMT
server: ESF
date: Sat, 16 May 2020 00:58:16 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 16 May 2020 00:58:16 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15739429173631086576/ Frame 4CFD 130 KB
131 KB 7ms
7ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15739429173631086576/downsize_200k_v1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96be2020ca459b10f996c7d6498ac4dfd5b711a22ef337f9630cdc8dcaf8bace

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 07 May 2020 10:58:13 GMT
x-content-type-options: nosniff
age: 741603
x-dns-prefetch-control: off
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133584
x-xss-protection: 0
last-modified: Wed, 06 May 2020 18:11:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 07 May 2021 10:58:13 GMT

GET
DATA 200
OK truncated
/ Frame 4CFD 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 94d927c22e9203c631a7ac19d176ef6adc469bac2f8d3ba953daf6850c71ec33

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012005012256000/ 21 KB
7 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0517f76184f899b738515a124efe8f335f585847387b8889dfa7c0fb132f75a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 19713
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7437
x-xss-protection: 0
server: sffe
date: Fri, 15 May 2020 19:29:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1b9b229ae83eaa45"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 May 2021 19:29:43 GMT

GET
H2 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4CFD 2 KB
3 KB 19ms
17ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 May 2020 02:30:12 GMT
x-content-type-options: nosniff
server: cafe
age: 80884
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2471
x-xss-protection: 0
expires: Sat, 16 May 2020 02:30:12 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4CFD 295 B
397 B 20ms
19ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 May 2020 22:24:17 GMT
x-content-type-options: nosniff
server: cafe
age: 9239
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 16 May 2020 22:24:17 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4CFD 0
0 32ms
31ms Image
text/html 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CHWwPqDq_Xu6uD8ev7gO-m4DIBPfg25Rd3cnSyJ4L46b8zZAOEAEg2tfFOWCRjKCFjBigAZOq2dQDyAEBqQLmMhcWuCWyPuACAKgDAaoE0AFP0DniJeWASzst77eQJqJEmvBsWuGX2sD5lUG7kAKOf-fk7mGLGHgxxKenDPCveXRIWIp1ODECYZpNOoxILN-LpRKZ9FOk8hiTnvnHwyDKfk4EgJtueK3PyIZpg1gKx2BR2ET6Mgh4DKj_2ec9ewSVM25pR7Jux5lL6xB0MhDBdJzktaWMVv2eyIgCpFCjkXmu1EiFspfQgfrRnF4sDggQ8HhGAMZ75NjfVwB4tAPKEXFAbQz_ewU7GuoutJ1XpQfK1fgbfWgf63AGJfPxFYYZwATWxqXGggPgBAGAB9XVpiuoB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQ5f0C0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0zMTQ1OTg0NjgxNTA3Mzk5gAoDyAsB2BMDiBQI&sigh=8FAzUP_ltVQ&template_id=5001&tpd=AGWhJmu6vuXj7K-EiQ0tWQtwq3q0p30xqGRLd93afFOD4XsDGg
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.22.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s18-in-f98.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame 4CFD 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Origin: http://notepad.pw

Response headers

date: Fri, 10 Apr 2020 05:57:59 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:26 GMT
server: sffe
age: 3092417
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14608
x-xss-protection: 0
expires: Sat, 10 Apr 2021 05:57:59 GMT

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame 4CFD 14 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Origin: http://notepad.pw

Response headers

date: Fri, 10 Apr 2020 00:24:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:18 GMT
server: sffe
age: 3112454
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14816
x-xss-protection: 0
expires: Sat, 10 Apr 2021 00:24:02 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 4CFD
Redirect Chain

http://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
14ms

Image
text/html

2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

Date: Sat, 16 May 2020 00:58:16 GMT
X-Content-Type-Options: nosniff
Server: safe
Content-Type: text/html; charset=UTF-8
Location: https://googleads.g.doubleclick.net/pagead/drt/si
Cache-Control: private
Content-Length: 246
X-XSS-Protection: 0

GET
H2 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4CFD 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 May 2020 02:30:12 GMT
x-content-type-options: nosniff
server: cafe
age: 80884
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2471
x-xss-protection: 0
expires: Sat, 16 May 2020 02:30:12 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4CFD 295 B
352 B 6ms
6ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 May 2020 22:24:17 GMT
x-content-type-options: nosniff
server: cafe
age: 9239
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 16 May 2020 22:24:17 GMT

GET
H/1.1 200
OK o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2
fonts.gstatic.com/s/notosans/v9/ 10 KB
10 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/notosans/v9/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://fonts.googleapis.com/css?family=Noto+Sans:400,700
Origin: http://notepad.pw

Response headers

Date: Wed, 13 May 2020 11:06:35 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 22 Jul 2019 19:20:44 GMT
Server: sffe
Age: 222701
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 10116
X-XSS-Protection: 0
Expires: Thu, 13 May 2021 11:06:35 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 7 KB
6 KB 18ms
17ms XHR
application/json 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020050602&st=env

Requested by

Host: notepad.pw
URL: http://notepad.pw/Roshyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe7a9111c75aa298557a404b7fb75d858277a59d8a4a35f13b0213953f605d0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 May 2020 00:58:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 5607
x-xss-protection: 0

GET
H/1.1 200
OK sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066185

Protocol

HTTP/1.1

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 16 May 2020 00:58:16 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "1582746470043195"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, max-age=3000
Accept-Ranges: bytes
Content-Length: 5456
X-XSS-Protection: 0
Expires: Sat, 16 May 2020 00:58:16 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 0EF4 0
0 6ms
6ms Document
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: http://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/209/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://notepad.pw/Roshyy
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://notepad.pw/Roshyy

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 5727
date: Sat, 16 May 2020 00:33:50 GMT
expires: Sun, 16 May 2021 00:33:50 GMT
last-modified: Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1466
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK pubfig.messaging.js Show response
a.pub.network/core/ 234 KB
71 KB 16ms
15ms Script
text/javascript 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://a.pub.network/core/pubfig.messaging.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js
Protocol: HTTP/1.1
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00ac914c938ff80835dcfba6da0667f8e5449ff17e7e9195a309804568572b87

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 16 May 2020 00:58:16 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 26948
X-GUploader-UploadID: AAANsUnwG7RbKQ_35hTx4_dkBl-UMoqG9NbkZuUWdjyk5qIEjQgUvoRhosnq-sZyxVKdvUrFJID0UNXs-Lci7jc1Lw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
Connection: keep-alive
Content-Type: text/javascript
cf-request-id: 02bc963b8b000005d03a378200000001
Last-Modified: Thu, 14 May 2020 18:42:48 GMT
Server: cloudflare
ETag: W/"4f3098b51d6b7e2841f584e0f0a881d1"
Vary: Accept-Encoding
x-goog-hash: crc32c=eLkxhQ==, md5=TzCYtR1rfihB9YTg8KiB0Q==
x-goog-generation: 1589481768958453
Cache-Control: public, max-age=3600
Transfer-Encoding: chunked
x-goog-stored-content-length: 239703
CF-RAY: 5941263f48c305d0-FRA
Expires: Fri, 15 May 2020 18:29:08 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
457 B 480ms
124ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: notepad.pw
URL: http://notepad.pw/Roshyy
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 64efb4e7e21acf60c9150994d7f1d202ac9eaa639b8e3a35ac283d7f62d7c4f9

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: http://notepad.pw
Date: Sat, 16 May 2020 00:58:17 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
55 B 15ms
15ms Image
image/gif 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020050602&jk=861976028164423&bg=!paalpr5YrhtHYICbIVMCAAAAYlIAAAAZmQFxYuNXF8b5fWufGGdc-tCRI92BKuGf-l4xr6dAEBxiHJKbKfhzvBEqjHrBACn3bkARGVjznr4ncMdivGiDbciTcKO9aNJZbZDGBaBPzibNkPVvkttSUxjpop8JuxybafVzWEXvU6Qy5Wv-NlA4vnC9OUJARmxkTwCB1caX-GnnheRbjrlcAys5T9wICkI4CNxLMTqCNgeNo7UdARfhd9W3xh457ZmVwu5Dtlt_cJv_6PQi8rz6x5pJEtxCXGK4zNa1YLhAeWHTDInLz8iGAcwI5qAreK4a8NwACjzfaBqOWpM2eQJVa75XVTmQeHCXHvJ-ajxJSCEgRS5A6DS_szInYOzBRWeJ-eluegIVzoGc0pjMX5fKX6ja4A-kjbZlu4f_VamWzF7zDIiPiyrCSa6GP_a7PcK7k5b224Cn8gdk9fRfuXfttX-ugqg2cqgppq2Xn6CsB-G2pnT9MASi_Zh9z9qq3-t-5cZNIxBmpNoqgOWK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/Roshyy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 May 2020 00:58:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4CFD 0
0 30ms
30ms Image
text/html 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CHWwPqDq_Xu6uD8ev7gO-m4DIBPfg25Rd3cnSyJ4L46b8zZAOEAEg2tfFOWCRjKCFjBigAZOq2dQDyAEBqQLmMhcWuCWyPuACAKgDAaoE0AFP0DniJeWASzst77eQJqJEmvBsWuGX2sD5lUG7kAKOf-fk7mGLGHgxxKenDPCveXRIWIp1ODECYZpNOoxILN-LpRKZ9FOk8hiTnvnHwyDKfk4EgJtueK3PyIZpg1gKx2BR2ET6Mgh4DKj_2ec9ewSVM25pR7Jux5lL6xB0MhDBdJzktaWMVv2eyIgCpFCjkXmu1EiFspfQgfrRnF4sDggQ8HhGAMZ75NjfVwB4tAPKEXFAbQz_ewU7GuoutJ1XpQfK1fgbfWgf63AGJfPxFYYZwATWxqXGggPgBAGAB9XVpiuoB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQ5f0C0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0zMTQ1OTg0NjgxNTA3Mzk5gAoDyAsB2BMDiBQI&sigh=8FAzUP_ltVQ&vt=1&template_id=5001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.22.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s18-in-f98.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 4CFD 42 B
107 B 16ms
16ms Image
image/gif 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstnJFGPJgbnLflkUK18rdL-qjeATrWrCL-kmpquwIlCdAo2RUU3jXs-SY1t9lG0TLzAheX9MF4scsPLM0Vf1Aj0_bbq1rMVdVKbeiNxnzqn7iZxnNP61RiUrCFM0w&sai=AMfl-YTU8MZ2x1gg7mcXqj61O3XaFCI0KArwSbATC6ZYspD7qS4_CPcqOY-BJHiP00-QZh6zkqKaPm6xBezx1L2jyUY71NM8QP5RCMUyyNKl-w&sig=Cg0ArKJSzP6j4k3asIltEAE&id=ampim&o=566,5&d=468,60&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=123&tls=1123&g=100&h=100&tt=1124&r=v&avms=ampa&adk=338981424

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://notepad.pw/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 May 2020 00:58:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame B76D 0
0 60ms
19ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: http://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://notepad.pw/Roshyy
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://notepad.pw/Roshyy

Response headers

Connection: keep-alive
Content-Length: 506
Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 16 May 2020 00:58:22 GMT
Age: 24506185
X-Served-By: cache-jfk8123-JFK, cache-hhn4054-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 5812346
X-Timer: S1589590702.035321,VS0,VE0
Vary: Accept-Encoding

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame 9F41 0
0 18ms
17ms Document
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: http://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://notepad.pw/Roshyy
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://notepad.pw/Roshyy

Response headers

status: 204
date: Sat, 16 May 2020 00:58:21 GMT
set-cookie: __cfduid=da14e8550549943497c8523549f351aa81589590701; expires=Mon, 15-Jun-20 00:58:21 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin
access-control-allow-methods: GET, HEAD, POST, OPTIONS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 5941265f7a2c0b33-AMS
cf-request-id: 02bc964faa00000b33739e8200000001

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 7063 0
0 60ms
20ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=0&gdpr_consent=
Requested by: Host: a.pub.network
URL: http://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://notepad.pw/Roshyy
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://notepad.pw/Roshyy

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 13 May 2020 23:08:00 GMT
Content-Encoding: gzip
Content-Length: 9162
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=29615
Expires: Sat, 16 May 2020 09:11:57 GMT
Date: Sat, 16 May 2020 00:58:22 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame 9C50 0
0 17ms
17ms Document
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: http://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://notepad.pw/Roshyy
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://notepad.pw/Roshyy

Response headers

status: 204
date: Sat, 16 May 2020 00:58:22 GMT
set-cookie: __cfduid=da14e8550549943497c8523549f351aa81589590701; expires=Mon, 15-Jun-20 00:58:21 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin
access-control-allow-methods: GET, HEAD, POST, OPTIONS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 5941265f7a320b33-AMS
cf-request-id: 02bc964fad00000b33739e9200000001

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame A47C 0
0 59ms
20ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: http://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://notepad.pw/Roshyy
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://notepad.pw/Roshyy

Response headers

Connection: keep-alive
Content-Length: 506
Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 16 May 2020 00:58:22 GMT
Age: 24506185
X-Served-By: cache-jfk8123-JFK, cache-hhn4044-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 2842618
X-Timer: S1589590702.040353,VS0,VE0
Vary: Accept-Encoding

Verdicts & Comments Add Verdict or Comment

119 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.notepad.pw/	1970-01-20 03:04:22	Name: __gads Value: ID=90c854efb723ac68:T=1589590696:S=ALNI_MY5J-ONH9tRjHLKViyZ1Yl-UIXnmQ

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js(Line 418) Message: Powered by AMP ⚡ HTML – Version 2005012256000 http://notepad.pw/Roshyy
console-api	log	URL: http://a.pub.network/core/pubfig.messaging.js(Line 1) Message: ========== LOADING MESSAGING ==========
console-api	warning	URL: https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js(Line 22) Message: [amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pagead/adview?ai=CHWwPqDq_Xu6uD8ev7gO-m4DIBPfg25Rd3cnSyJ4L46b8zZAOEAEg2tfFOWCRjKCFjBigAZOq2dQDyAEBqQLmMhcWuCWyPuACAKgDAaoE0AFP0DniJeWASzst77eQJqJEmvBsWuGX2sD5lUG7kAKOf-fk7mGLGHgxxKenDPCveXRIWIp1ODECYZpNOoxILN-LpRKZ9FOk8hiTnvnHwyDKfk4EgJtueK3PyIZpg1gKx2BR2ET6Mgh4DKj_2ec9ewSVM25pR7Jux5lL6xB0MhDBdJzktaWMVv2eyIgCpFCjkXmu1EiFspfQgfrRnF4sDggQ8HhGAMZ75NjfVwB4tAPKEXFAbQz_ewU7GuoutJ1XpQfK1fgbfWgf63AGJfPxFYYZwATWxqXGggPgBAGAB9XVpiuoB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQ5f0C0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0zMTQ1OTg0NjgxNTA3Mzk5gAoDyAsB2BMDiBQI&sigh=8FAzUP_ltVQ&vt=1&template_id=5001

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

73a0efc4b6d03edd7ec0e37c1129bb76.safeframe.googlesyndication.com
a.pub.network
acdn.adnxs.com
adservice.google.com
adservice.google.de
b.scorecardresearch.com
btlr.sharethrough.com
c.pub.network
cdn.ampproject.org
cdn.districtm.io
cdnjs.cloudflare.com
d.pub.network
dmx.districtm.io
edge.quantserve.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hbx.media.net
ib.adnxs.com
live.notepad.pw
notepad.pw
pagead2.googlesyndication.com
pixel.quantserve.com
rules.quantcount.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
wpcc.io
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
104.111.214.103
104.111.230.142
104.16.190.66
151.101.113.108
151.139.128.11
172.217.22.98
185.33.220.145
192.198.80.134
2.16.186.80
2.18.235.93
2600:9000:2070:ee00:6:44e3:f8c0:93a1
2606:4700:20::681a:8b
2606:4700:3031::681b:8043
2606:4700::6810:85e5
2a00:1450:4001:81a::2001
2a00:1450:4001:81b::2001
2a00:1450:4001:81b::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:81d::200e
2a00:1450:4001:81e::2002
2a00:1450:4001:81e::2004
2a00:1450:4001:81f::2002
2a00:1450:4001:820::2003
2a00:1450:4001:821::200a
2a00:1450:4001:824::2002
2a00:1450:4001:825::2008
35.188.71.214
35.226.36.58
52.59.41.102
69.173.144.140
91.228.74.183
91.228.74.232
00ac914c938ff80835dcfba6da0667f8e5449ff17e7e9195a309804568572b87
02fec5849f8ab7bceb4450d167f382e9079bd3a5d0f33a00942869641811ab3a
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0bf33969c018b842f2794e85f5f3714ad2ced42b3b614be4aa1ad781efd24406
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
0f9ff4042daa13aa0766bc4854140f7a2942e4deae37d352a617b95000fa54ba
119351ced3134718cb42591e513ff063cf04af7c2734b137c666ee62e137e15d
11f9f05a7eb0b33277de8ed7643453cd59f1781ee6bb0ffd4352505cbaf96b3f
18d57230c265ec68baa45250651a8ef5fe0a7faad940dda538c2f5644a45dbbe
1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2
1f1e20a032a468fd8f3a38082172f4b7dd43edf9c95d17c23f68836857ca14a0
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
23aca4890fe8b2728dcab78ee9f3b9614cd6cdb0dab2b785d2f8d2d666247cac
25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
287e4aafcddfbfc8b2d0ce0f1a541abf423f973cf33a6008d713ccbbabfcabbd
2b60310189012686567c541c72a40acf74adb416bdc524008822d6c7c73ccd97
2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
5020288a85b55fbaea00a9746f281ca8cb8c7a924c43480d006cc60b4c14f0e8
55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af
560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda
5db6ba861be116f944148baa666a7e261bbca64a1aa6b0a8e6f2597a158e2da4
6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34
64efb4e7e21acf60c9150994d7f1d202ac9eaa639b8e3a35ac283d7f62d7c4f9
6911cdf8bbf72eff1b6ae5fa039c42f4ca431e578f4f657dd29c55a65f85fd22
6b0113ff761e037d38002b2fcffe26106af432cf2267b6e43314bc8f691623fd
7870dceaf72f9d91b2790eadc462ec110e11be8f265d9394e6f7430d11d05cfb
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17
94d927c22e9203c631a7ac19d176ef6adc469bac2f8d3ba953daf6850c71ec33
96be2020ca459b10f996c7d6498ac4dfd5b711a22ef337f9630cdc8dcaf8bace
976c2f01198f478b5ae3690a7288aa4ba2cf27f65051fbd90865dd82f764fdd1
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a2c5d4e6a74355f147e25b3ced1d4a66288eab711d0bd3d449ef056fa777c184
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474
ac3ece04df404ed05fe8c0a4357adce0a40a5b0d8bb931056d614a1696bdb342
ade0aee02c88e0cafe77a4dfdf63c5de238b291ff78620f90f5c7d64eb876ad1
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b68b4d1e6d63eabb8a4f663f7755454028aa22d9a0edc88d5b77c58e932d7fa0
c4b5c1f949f059e3abb05ddcb7cc9944f8c16811e0eb1db9003bc5f8a4eb0634
c9bc5040e3a79b985ed63586f673e16187baac7dac4b8ba69f44a6240b0a4134
c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e
d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b
d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1
d2b891e379840927eaf16ac1147b0e270c409d7a9e2655dd866a175b996dea9c
d64fe6c14f0689f644ef7479be8363b951e6876a0166a5b8c0eb88f241f403e2
db9503febe37403ac701d3482cc35bbb66a23dd6ebaed5d15cb69254f8a81817
dd0c4ff5bc4e85bcd1ff717afc9d15b8274efe8e644542489bc31fae0346541b
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
de7defd63fadb32e56f1c2ac0d85b6fe527a5d6e739cb085eed1d3df2cc19710
df114392f4cbb80879196eb87028a6bcb003922a4f542cd70f2c59a83983d9f9
e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478
e81197721c35073d5b2f00ad285eda5e74d7ddcdc591890271821d35b9347769
e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0517f76184f899b738515a124efe8f335f585847387b8889dfa7c0fb132f75a
f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707
f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375
fdf62e709e875546a2bc38f62cbf52f19892de6ecfefd769e881ca1270326951
fe7a9111c75aa298557a404b7fb75d858277a59d8a4a35f13b0213953f605d0a

notepad.pw Open in urlscan Pro 151.139.128.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

92 Requests

83 %HTTPS

50 %IPv6

22 Domains

34 Subdomains

32 IPs

5 Countries

1233 kBTransfer

2991 kBSize

1 Cookies

6 Outgoing links

Redirected requests

92 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

notepad.pw Open in urlscan Pro
151.139.128.11 Public Scan

Screenshot
Live screenshot

Full Image

92
Requests

83 %
HTTPS

50 %
IPv6

22
Domains

34
Subdomains

32
IPs

5
Countries

1233 kB
Transfer

2991 kB
Size

1
Cookies

92 HTTP transactions
2 data transactions