notepad.pw Open in urlscan Pro
151.139.128.11 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://notepad.pw/
Effective URL:
https://notepad.pw/23cllfl3
Submission: On December 22 via manual (December 22nd 2021, 8:36:53 pm UTC) from CA — Scanned from CA

Summary HTTP 206 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 66 IPs in 6 countries across 69 domains to perform 206 HTTP transactions. The main IP is 151.139.128.11, located in United States and belongs to HIGHWINDS3, US. The main domain is notepad.pw.
TLS certificate: Issued by R3 on November 7th 2021. Valid for: 3 months.

This is the only time notepad.pw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 9	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2607:f8b0:400... 2607:f8b0:4006:822::200a	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 4	68.183.157.211 68.183.157.211	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	159.89.188.8 159.89.188.8	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2607:f8b0:400... 2607:f8b0:4006:81e::2008	15169 (GOOGLE) (GOOGLE)
6	2606:4700:20:... 2606:4700:20::681a:18b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4006:817::2003	15169 (GOOGLE) (GOOGLE)
6	35.201.71.192 35.201.71.192	15169 (GOOGLE) (GOOGLE)
1 4	13.225.223.81 13.225.223.81	16509 (AMAZON-02) (AMAZON-02)
4	2606:4700:7::... 2606:4700:7::a29f:8a55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:81c::2002	15169 (GOOGLE) (GOOGLE)
1 1	2606:4700:303... 2606:4700:3039::6815:c076	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:20:... 2606:4700:20::681a:78b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 9	23.52.162.21 23.52.162.21	16625 (AKAMAI-AS) (AKAMAI-AS)
8	142.250.80.66 142.250.80.66	15169 (GOOGLE) (GOOGLE)
1	142.250.64.102 142.250.64.102	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:346	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.227.238.208 35.227.238.208	15169 (GOOGLE) (GOOGLE)
1	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
5	13.225.222.69 13.225.222.69	16509 (AMAZON-02) (AMAZON-02)
7	13.225.223.101 13.225.223.101	16509 (AMAZON-02) (AMAZON-02)
1 2	2620:100:a001::c 2620:100:a001::c	19750 (AS-CRITEO) (AS-CRITEO)
1 3	2620:116:800b... 2620:116:800b:21:d7a4:3372:2f4a:f3b0	14618 (AMAZON-AES) (AMAZON-AES)
1	13.225.231.211 13.225.231.211	16509 (AMAZON-02) (AMAZON-02)
2	74.119.119.139 74.119.119.139	19750 (AS-CRITEO) (AS-CRITEO)
2	104.16.190.66 104.16.190.66	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	3.214.91.80 3.214.91.80	14618 (AMAZON-AES) (AMAZON-AES)
2	34.107.148.139 34.107.148.139	15169 (GOOGLE) (GOOGLE)
2	35.211.165.199 35.211.165.199	15169 (GOOGLE) (GOOGLE)
2	23.39.175.77 23.39.175.77	16625 (AKAMAI-AS) (AKAMAI-AS)
1 5	68.67.179.89 68.67.179.89	29990 (ASN-APPNEX) (ASN-APPNEX)
2	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
2	3.211.213.135 3.211.213.135	14618 (AMAZON-AES) (AMAZON-AES)
2	3.214.55.34 3.214.55.34	14618 (AMAZON-AES) (AMAZON-AES)
2	3.208.119.163 3.208.119.163	14618 (AMAZON-AES) (AMAZON-AES)
2	104.36.115.98 104.36.115.98	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5	52.1.218.86 52.1.218.86	14618 (AMAZON-AES) (AMAZON-AES)
2	2602:803:c002... 2602:803:c002:200::43	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2600:9000:21e... 2600:9000:21ec:4800:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	18.205.36.111 18.205.36.111	14618 (AMAZON-AES) (AMAZON-AES)
6	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
1	23.73.249.203 23.73.249.203	16625 (AKAMAI-AS) (AKAMAI-AS)
1	46.105.202.126 46.105.202.126	16276 (OVH) (OVH)
1 3	51.89.20.86 51.89.20.86	16276 (OVH) (OVH)
9	34.206.47.24 34.206.47.24	14618 (AMAZON-AES) (AMAZON-AES)
1 12	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
2	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
1	2607:f8b0:400... 2607:f8b0:4006:81e::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:820::2002	15169 (GOOGLE) (GOOGLE)
9	2607:f8b0:400... 2607:f8b0:4006:806::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:820::2001	15169 (GOOGLE) (GOOGLE)
9	2607:f8b0:400... 2607:f8b0:4006:821::2001	15169 (GOOGLE) (GOOGLE)
1 1	52.70.197.1 52.70.197.1	14618 (AMAZON-AES) (AMAZON-AES)
7 8	142.251.40.98 142.251.40.98	15169 (GOOGLE) (GOOGLE)
4 4	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
2 2	184.50.205.90 184.50.205.90	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.231.251.31 34.231.251.31	14618 (AMAZON-AES) (AMAZON-AES)
1 1	64.58.232.176 64.58.232.176	13649 (ASN-VINS) (ASN-VINS)
1	64.58.232.177 64.58.232.177	13649 (ASN-VINS) (ASN-VINS)
2 2	8.28.7.81 8.28.7.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2600:1901:0:8... 2600:1901:0:8eee::	15169 (GOOGLE) (GOOGLE)
1 1	75.126.248.142 75.126.248.142	36351 (SOFTLAYER) (SOFTLAYER)
3 7	54.85.17.129 54.85.17.129	14618 (AMAZON-AES) (AMAZON-AES)
3	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
1 1	199.187.193.182 199.187.193.182	47043 (SMARTADSE...) (SMARTADSERVER)
1 1	20.72.149.136 20.72.149.136	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 3	23.92.190.68 23.92.190.68	10913 (INTERNAP-BLK) (INTERNAP-BLK)
2 2	52.223.22.214 52.223.22.214	16509 (AMAZON-02) (AMAZON-02)
1 2	2607:f8b0:400... 2607:f8b0:4006:80b::2004	15169 (GOOGLE) (GOOGLE)
2 2	2001:438:65:1... 2001:438:65:13::2360	26762 (CNVR-US-EAST) (CNVR-US-EAST)
2 2	192.35.249.120 192.35.249.120	11742 (SPOTX-IAD) (SPOTX-IAD)
2 2	50.31.142.127 50.31.142.127	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2 2	52.45.33.138 52.45.33.138	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:4e9... 2600:1f18:4e9:5a01:d442:ba08:69c2:12fc	14618 (AMAZON-AES) (AMAZON-AES)
2 2	207.198.113.170 207.198.113.170	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	52.0.156.250 52.0.156.250	14618 (AMAZON-AES) (AMAZON-AES)
2 2	107.178.246.49 107.178.246.49	15169 (GOOGLE) (GOOGLE)
1 2	18.204.86.180 18.204.86.180	14618 (AMAZON-AES) (AMAZON-AES)
3 3	35.211.178.172 35.211.178.172	15169 (GOOGLE) (GOOGLE)
2 2	35.211.141.197 35.211.141.197	19527 (GOOGLE-2) (GOOGLE-2)
2 2	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
4	23.92.190.74 23.92.190.74	10913 (INTERNAP-BLK) (INTERNAP-BLK)
1 1	50.19.13.13 50.19.13.13	14618 (AMAZON-AES) (AMAZON-AES)
1 1	69.90.254.78 69.90.254.78	13768 (COGECO-PEER1) (COGECO-PEER1)
5	2607:f8b0:400... 2607:f8b0:4006:81d::2002	15169 (GOOGLE) (GOOGLE)
1	209.204.234.40 209.204.234.40	27381 (CASALE-MEDIA) (CASALE-MEDIA)
206	66

9 151.139.128.11 (United States) 1 redirects

ASN20446 (HIGHWINDS3, US)

notepad.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:822::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.183.157.211 (Clifton, United States) 4 redirects

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: websitepolicies.net-wpcc.io

wpcc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.wpcc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.89.188.8 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: websitepolicies.io

www.websitepolicies.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:18b (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:817::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.201.71.192 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 192.71.201.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.225.223.81 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-81.jfk51.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:7::a29f:8a55 (United States)

ASN13335 (CLOUDFLARENET, US)

live.notepad.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:81c::2002 (United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3039::6815:c076 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

freestar-io.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:78b (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.52.162.21 (New York, United States) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-21.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.80.66 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.64.102 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s31-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:346 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.238.208 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 208.238.227.35.bc.googleusercontent.com

api.floors.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.225.222.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-222-69.jfk51.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.225.223.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-101.jfk51.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:100:a001::c (United States) 1 redirects

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800b:21:d7a4:3372:2f4a:f3b0 (United States) 1 redirects

ASN14618 (AMAZON-AES, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.231.211 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-231-211.jfk51.r.cloudfront.net

dggaenaawxe8z.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.190.66 (None, )

ASN13335 (CLOUDFLARENET, US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.214.91.80 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-91-80.compute-1.amazonaws.com

mantodea.mantisadnetwork.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.211.165.199 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 199.165.211.35.bc.googleusercontent.com

grid.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.39.175.77 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-39-175-77.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 68.67.179.89 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 565.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.211.213.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-211-213-135.compute-1.amazonaws.com

hb.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.214.55.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-55-34.compute-1.amazonaws.com

c.deployads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.208.119.163 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-119-163.compute-1.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.36.115.98 (United States)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.1.218.86 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-218-86.compute-1.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2602:803:c002:200::43 (United States)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21ec:4800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.205.36.111 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-36-111.compute-1.amazonaws.com

uat5-a.investingchannel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.66.133 (United States)

ASN54113 (FASTLY, US)

cdn.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.73.249.203 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-73-249-203.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.202.126 (France)

ASN16276 (OVH, FR)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.20.86 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: p18.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.206.47.24 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-47-24.compute-1.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 209.54.180.144 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

consumer.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:820::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:806::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:820::2001 (United States)

ASN15169 (GOOGLE, US)

ff0dc00be14b6d40e0014b9341cab3e7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:821::2001 (United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.70.197.1 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-70-197-1.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.251.40.98 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.223.40.198 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.50.205.90 (Edison, United States) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-50-205-90.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.231.251.31 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-251-31.compute-1.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.58.232.176 (United States) 1 redirects

ASN13649 (ASN-VINS, US)

global.ib-ibi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.58.232.177 (United States)

ASN13649 (ASN-VINS, US)
PTR: be31-199.crrt01.las04.flexential.net

ib.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.28.7.81 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:8eee:: (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 75.126.248.142 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: 8e.f8.7e4b.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 54.85.17.129 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-85-17-129.compute-1.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.148.27.139 (New York, United States)

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.187.193.182 (Canada) 1 redirects

ASN47043 (SMARTADSERVER, CA)

ssbsync-us.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.72.149.136 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.92.190.68 (United States) 2 redirects

ASN10913 (INTERNAP-BLK, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.22.214 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80b::2004 (United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:438:65:13::2360 (United States) 2 redirects

ASN26762 (CNVR-US-EAST, US)

pulsepoint-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.35.249.120 (Ashburn, United States) 2 redirects

ASN11742 (SPOTX-IAD, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.31.142.127 (United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.45.33.138 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-33-138.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:4e9:5a01:d442:ba08:69c2:12fc (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 207.198.113.170 (Herndon, United States) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.0.156.250 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-156-250.compute-1.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.246.49 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.204.86.180 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-204-86-180.compute-1.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.211.178.172 (North Charleston, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.211.141.197 (North Charleston, United States) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 197.141.211.35.bc.googleusercontent.com

m.fg8dgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.65 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.92.190.74 (United States)

ASN10913 (INTERNAP-BLK, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.19.13.13 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-19-13-13.compute-1.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.90.254.78 (Herndon, United States) 1 redirects

ASN13768 (COGECO-PEER1, CA)

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:81d::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.204.234.40 (Canada)

ASN27381 (CASALE-MEDIA, CA)

a3678.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	doubleclick.net 7 redirects securepubads.g.doubleclick.net ad.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net	184 KB
19	googlesyndication.com pagead2.googlesyndication.com ff0dc00be14b6d40e0014b9341cab3e7.safeframe.googlesyndication.com tpc.googlesyndication.com	135 KB
18	krxd.net 1 redirects cdn.krxd.net beacon.krxd.net consumer.krxd.net usermatch.krxd.net	179 KB
17	amazon-adsystem.com 1 redirects c.amazon-adsystem.com s.amazon-adsystem.com	51 KB
13	notepad.pw 1 redirects notepad.pw live.notepad.pw	57 KB
12	sharethrough.com 3 redirects btlr.sharethrough.com match.sharethrough.com	3 KB
12	pub.network a.pub.network d.pub.network c.pub.network	364 KB
11	casalemedia.com 2 redirects htlb.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com dsum.casalemedia.com a3678.casalemedia.com	16 KB
9	cloudflare.com cdnjs.cloudflare.com	206 KB
7	lijit.com 2 redirects ap.lijit.com ce.lijit.com	6 KB
7	adlightning.com tagan.adlightning.com	170 KB
5	adnxs.com 1 redirects ib.adnxs.com	10 KB
5	bidswitch.net 3 redirects grid.bidswitch.net x.bidswitch.net	2 KB
5	googletagservices.com www.googletagservices.com	164 KB
4	adsrvr.org 4 redirects match.adsrvr.org	2 KB
4	id5-sync.com 1 redirects cdn.id5-sync.com id5-sync.com	14 KB
4	pubmatic.com 2 redirects hbopenbid.pubmatic.com image6.pubmatic.com	717 B
4	criteo.com 1 redirects gum.criteo.com mug.criteo.com	1 KB
4	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
4	gstatic.com fonts.gstatic.com	63 KB
4	wpcc.io 4 redirects wpcc.io www.wpcc.io	1 KB
3	yahoo.com 2 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	2 KB
3	contextweb.com bh.contextweb.com	3 KB
3	google.com 1 redirects adservice.google.com www.google.com	2 KB
3	quantserve.com 1 redirects secure.quantserve.com pixel.quantserve.com	11 KB
2	creativecdn.com 2 redirects creativecdn.com	734 B
2	fg8dgt.com 2 redirects m.fg8dgt.com	737 B
2	crwdcntrl.net 1 redirects bcp.crwdcntrl.net	1 KB
2	tapad.com 2 redirects pixel.tapad.com	998 B
2	exelator.com 2 redirects loadm.exelator.com	2 KB
2	sitescout.com 2 redirects pixel-sync.sitescout.com	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com	1 KB
2	spotxchange.com 2 redirects sync.search.spotxchange.com	1 KB
2	dotomi.com 2 redirects pulsepoint-match.dotomi.com	618 B
2	3lift.com 2 redirects eb2.3lift.com	735 B
2	bluekai.com 2 redirects stags.bluekai.com	2 KB
2	rlcdn.com idsync.rlcdn.com	626 B
2	investingchannel.com uat5-a.investingchannel.com	445 B
2	rubiconproject.com fastlane.rubiconproject.com	3 KB
2	yieldmo.com ads.yieldmo.com	441 B
2	deployads.com c.deployads.com	1 KB
2	emxdgt.com hb.emxdgt.com	309 B
2	33across.com ssc.33across.com	545 B
2	media.net prebid.media.net	1 KB
2	mantisadnetwork.com mantodea.mantisadnetwork.com	898 B
2	districtm.io dmx.districtm.io	368 B
2	floors.dev api.floors.dev	867 B
2	btloader.com btloader.com api.btloader.com	28 KB
2	websitepolicies.io www.websitepolicies.io	5 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	acuityplatform.com 1 redirects ums.acuityplatform.com	609 B
1	postrelease.com 1 redirects jadserve.postrelease.com	545 B
1	inmobi.com 1 redirects sync.inmobi.com	892 B
1	smartadserver.com 1 redirects ssbsync-us.smartadserver.com	329 B
1	simpli.fi 1 redirects um.simpli.fi	618 B
1	pro-market.net 1 redirects fei.pro-market.net	308 B
1	mookie1.com ib.mookie1.com	992 B
1	ib-ibi.com 1 redirects global.ib-ibi.com	488 B
1	eyeota.net ps.eyeota.net	344 B
1	google.ca adservice.google.ca	792 B
1	fastclick.net secure.cdn.fastclick.net	17 KB
1	quantcount.com rules.quantcount.com	1 KB
1	cloudfront.net dggaenaawxe8z.cloudfront.net	3 KB
1	ad-delivery.net ad-delivery.net	934 B
1	indexww.com js-sec.indexww.com	454 B
1	videoplayerhub.com 1 redirects freestar-io.videoplayerhub.com	539 B
1	pghub.io pghub.io	4 KB
1	googletagmanager.com www.googletagmanager.com	29 KB
0	everesttech.net Failed sync-tm.everesttech.net Failed
206	69

	Domain	Requested by
12	s.amazon-adsystem.com	1 redirects tagan.adlightning.com s.amazon-adsystem.com bh.contextweb.com match.sharethrough.com ssum-sec.casalemedia.com ap.lijit.com
9	tpc.googlesyndication.com	tagan.adlightning.com googleads.g.doubleclick.net
9	pagead2.googlesyndication.com	notepad.pw tpc.googlesyndication.com tagan.adlightning.com googleads.g.doubleclick.net www.googletagservices.com
9	beacon.krxd.net	cdn.krxd.net
9	cdnjs.cloudflare.com	notepad.pw cdnjs.cloudflare.com
9	notepad.pw	1 redirects notepad.pw
8	cm.g.doubleclick.net	7 redirects ap.lijit.com
8	securepubads.g.doubleclick.net	www.googletagservices.com notepad.pw
7	match.sharethrough.com	3 redirects s.amazon-adsystem.com match.sharethrough.com
7	tagan.adlightning.com	a.pub.network tagan.adlightning.com
6	cdn.krxd.net	notepad.pw cdn.krxd.net tagan.adlightning.com
6	a.pub.network	notepad.pw a.pub.network tagan.adlightning.com
5	googleads.g.doubleclick.net	tagan.adlightning.com googleads.g.doubleclick.net
5	c.pub.network	notepad.pw
5	btlr.sharethrough.com	notepad.pw
5	ib.adnxs.com	1 redirects notepad.pw
5	c.amazon-adsystem.com	a.pub.network notepad.pw
5	www.googletagservices.com	a.pub.network tagan.adlightning.com googleads.g.doubleclick.net
4	ce.lijit.com	ap.lijit.com
4	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
4	match.adsrvr.org	4 redirects
4	live.notepad.pw	notepad.pw
4	sb.scorecardresearch.com	1 redirects a.pub.network notepad.pw
4	fonts.gstatic.com	fonts.googleapis.com
3	x.bidswitch.net	3 redirects
3	ap.lijit.com	2 redirects s.amazon-adsystem.com
3	bh.contextweb.com	s.amazon-adsystem.com bh.contextweb.com
3	ssum-sec.casalemedia.com	1 redirects s.amazon-adsystem.com ssum-sec.casalemedia.com
3	id5-sync.com	1 redirects notepad.pw
2	creativecdn.com	2 redirects
2	m.fg8dgt.com	2 redirects
2	bcp.crwdcntrl.net	1 redirects ssum-sec.casalemedia.com
2	pixel.tapad.com	2 redirects
2	loadm.exelator.com	2 redirects
2	pixel-sync.sitescout.com	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	b1sync.zemanta.com	2 redirects
2	sync.search.spotxchange.com	2 redirects
2	pulsepoint-match.dotomi.com	2 redirects
2	www.google.com	1 redirects tagan.adlightning.com
2	eb2.3lift.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	stags.bluekai.com	2 redirects
2	idsync.rlcdn.com
2	consumer.krxd.net	cdn.krxd.net
2	pixel.quantserve.com	1 redirects
2	uat5-a.investingchannel.com	notepad.pw
2	fastlane.rubiconproject.com	notepad.pw
2	hbopenbid.pubmatic.com	notepad.pw
2	ads.yieldmo.com	notepad.pw
2	c.deployads.com	notepad.pw
2	hb.emxdgt.com	notepad.pw
2	ssc.33across.com	notepad.pw
2	htlb.casalemedia.com	notepad.pw
2	grid.bidswitch.net	notepad.pw
2	prebid.media.net	notepad.pw
2	mantodea.mantisadnetwork.com	notepad.pw
2	dmx.districtm.io	notepad.pw
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	api.floors.dev	notepad.pw
2	www.websitepolicies.io	notepad.pw
2	www.wpcc.io	2 redirects
2	wpcc.io	2 redirects
2	fonts.googleapis.com	notepad.pw googleads.g.doubleclick.net
1	a3678.casalemedia.com	tagan.adlightning.com
1	ums.acuityplatform.com	1 redirects
1	jadserve.postrelease.com	1 redirects
1	dsum.casalemedia.com	ssum-sec.casalemedia.com
1	pr-bh.ybp.yahoo.com	ssum-sec.casalemedia.com
1	sync.inmobi.com	1 redirects
1	ssbsync-us.smartadserver.com	1 redirects
1	um.simpli.fi	1 redirects
1	fei.pro-market.net	1 redirects
1	ib.mookie1.com
1	global.ib-ibi.com	1 redirects
1	ps.eyeota.net
1	usermatch.krxd.net	1 redirects
1	ff0dc00be14b6d40e0014b9341cab3e7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	tagan.adlightning.com
1	adservice.google.ca	tagan.adlightning.com
1	cdn.id5-sync.com	tagan.adlightning.com
1	secure.cdn.fastclick.net	tagan.adlightning.com
1	rules.quantcount.com	secure.quantserve.com
1	dggaenaawxe8z.cloudfront.net	a.pub.network
1	secure.quantserve.com	a.pub.network
1	api.btloader.com	notepad.pw
1	ad-delivery.net	notepad.pw
1	ad.doubleclick.net	notepad.pw
1	js-sec.indexww.com	a.pub.network
1	btloader.com	notepad.pw
1	freestar-io.videoplayerhub.com	1 redirects
1	pghub.io	a.pub.network
1	d.pub.network	notepad.pw
1	www.googletagmanager.com	notepad.pw
0	sync-tm.everesttech.net Failed	match.sharethrough.com
206	96

This site contains links to these domains. Also see Links.

Domain
www.internetcookies.com
notepad-static.s3.amazonaws.com
about.notepad.pw
www.facebook.com
twitter.com
reddit.com
freestar.com
www.adlightning.com

Subject Issuer	Validity	Valid
notepad.pw R3	`2021-11-07` - `2022-02-05`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2021-03-17` - `2022-04-18`	a year	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2021-02-09` - `2022-02-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
api.floors.dev GTS CA 1D4	`2021-12-18` - `2022-03-18`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2021-10-26` - `2022-01-24`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.adlightning.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
districtm.io Cloudflare Inc ECC CA-3	`2021-06-02` - `2022-06-01`	a year	crt.sh
*.mantisadnetwork.com Amazon	`2021-10-14` - `2022-11-11`	a year	crt.sh
*.media.net Sectigo RSA Domain Validation Secure Server CA	`2021-04-12` - `2022-05-05`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2021-11-26` - `2022-02-24`	3 months	crt.sh
*.emxdgt.com Amazon	`2021-07-03` - `2022-08-01`	a year	crt.sh
*.deployads.com Amazon	`2021-06-03` - `2022-07-02`	a year	crt.sh
*.yieldmo.com Amazon	`2021-10-12` - `2022-11-10`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.investingchannel.com Go Daddy Secure Certificate Authority - G2	`2020-05-26` - `2022-06-01`	2 years	crt.sh
cdn.krxd.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2021-02-08` - `2022-02-07`	a year	crt.sh
secure.cdn.fastclick.net DigiCert SHA2 Secure Server CA	`2021-03-11` - `2022-03-15`	a year	crt.sh
cdn.id5-sync.com R3	`2021-11-24` - `2022-02-22`	3 months	crt.sh
*.id5-sync.com R3	`2021-12-20` - `2022-03-20`	3 months	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
consumer.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-13` - `2022-07-12`	a year	crt.sh
*.google.ca GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.eyeota.net R3	`2021-10-26` - `2022-01-24`	3 months	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
casalemedia.com Go Daddy Secure Certificate Authority - G2	`2021-01-13` - `2022-02-14`	a year	crt.sh

This page contains 20 frames:

Primary Page: https://notepad.pw/23cllfl3
Frame ID: 809642CAC2E72B3E23A4CE6FE6EA1339
Requests: 112 HTTP requests in this frame

Frame: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=KS
Frame ID: 084796363EE1830A2F26DB1E22D85EA7
Requests: 3 HTTP requests in this frame

Frame: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Frame ID: 654F5D4B8685938BF8D3595A6E5F3DFE
Requests: 15 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&dcc=t
Frame ID: 04F26BAE48A07450F4D5250DDA3C503A
Requests: 1 HTTP requests in this frame

Frame: https://ff0dc00be14b6d40e0014b9341cab3e7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E29C2BEA3121CE84A2C3CF14276669E0
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Frame ID: 0DA9A7967CC2A64949A643A62BE76843
Requests: 2 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Frame ID: 1CB4DBAE5FC29BA0CD1540165D271800
Requests: 10 HTTP requests in this frame

Frame: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Frame ID: 5856A21F55EBCEA833500B80956BDC25
Requests: 6 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint
Frame ID: 43A74D3F3518963A76B9B7FE028503F2
Requests: 4 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=1677254204745086207&gdpr=0&gdpr_consent=
Frame ID: 92658A12AECE927B81A3CD0BF3B8A7EC
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=inmobi.com&id=ID5-ZHMOICMZAbr98f1z0hyTAVYT9BjrzWvI_Bo5UoFWFA
Frame ID: 5B460B0778E1DA13C47DEEDC55FC8936
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Frame ID: DB5D015584024ADC6D9C54A4E57B9E49
Requests: 7 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=14998720294337893219
Frame ID: 83878207EDD6F0F8EA2B66897C4ACE21
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DF96FF3BBB53A2D391F61ACA79D120F4
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BC0E0BBE17E782DAF22CA50C7BE5BACA
Requests: 2 HTTP requests in this frame

Frame: https://tagan.adlightning.com/freestar/bl-0af0356-e4ea5370.js
Frame ID: CE1E619FF9828F7EB22FCDDAE4431B16
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adfetch?adk=1050538303&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=37.120.205.173&output=html&unviewed_position_start=1&url=https://notepad.pw/23cllfl3&sub_client=bidder-538329&hl=en&aceid=MEJePgA61OYA-VU0AeRXNAGxbjQB5W40ARdvNAHCbzQBHnA0AV5wNAGwcDQBtnA0Ad1wNAHucDQB-XA0AQ5xNAFUcTQBVXE0AWZxNAF4cTQBh3E0AZhxNAGgcTQBtXE0AdFxNAHScTQB1nE0AUtzQQFTc0EBAXlBAWAcXAJMHVwCth1cAkD3iAKy94gCc_mIAi76iAInQqoCKEKqAn1HqgL6T6oCbFuqAtBhqgJ-YqoC_XiqAm15qgKOiqoC3JGqAoCbqgKBm6oCgpuqAtueqgKmp6oCoqiqAmOqqgIrrKoC3a2qAhyuqgIdrqoCA6-qApavqgI0sKoCd7CqAnqwqgKAsKoCg7CqAoqwqgLHtaoCLruqAte-qgKoxKoC1MWqAhLHqgImzKoC1cyqAoLNqgKczaoCvc2qArvOqgJw0qoCStaqArvWqgLH1qoCk9eqAhHYqgKE2KoCj9iqAnTaqgLw2qoCHtuqAnTbqgK23KoCS92qAmfdqgIo3qoCVd6qAm7eqgK_3qoCzN6qAjvhqgJH4qoCY-OqAm_kqgKA5KoC4OSqAo3lqgKg5aoCy-WqAs_oqgLt6KoCuOmqAgfqqgIV6qoCN-qqAvnqqgJK66oCueuqAsrrqgJt7KoCk-yqAu7sqgIF7aoCZO6qAuylUANpnFED-HQkBPBC3AmtzmUOj6E1Ec6hNRHNgfsSIcX7Es7R-xK73PsS7Ob7Enrp-xIV6vsSf-r7Eu_r-xIg7PsSBe37Embt-xJ57fsS6e37EvXt-xKy7vsSlmZkE-lb0BPhXNAT91ZrGuq1vWk6HNJ5&awbid_c=AKAmf-BkMS2hilgAIUxqF31MUG7exKUUHz0TH6Psby9ZU_qsXtgJceLlrntpETt4TRhwe_dTbVOlJKoBXVGcCUX5a_lLBWHDSPR5Lb7Mfi1YZJscFIBlVrDneUMX70yBvVUioQupMJNUYJwC34a0acvlyhLGAaA-eCGwd6ZrD1Qry-weNL0f0ieLe66DHQ5rS1nI57lvKWg-p38oqqXXVB2gGXyLza-7-TamlkSx9A0d_z3tQQu9JuDdWl9whSonKYoPtPFjDBV7LVHfzknDk8kaLhT1mUujrXTpq3ciOZORNvKSHwCVlSzu0JmA4xL4Af-NyUaHTlW0Lgz1xUXTbVx3eioStWJgkESQWnANLh08YTYDsX3VaPFaRx3Vnc-QiB2fENRq5OPBF1B0mh7Nw62zGwMSdAtJbYhdsuM6qbc2Fm-Gs-gYyFCHOVCPPzYsBPtDpfdEpgsHwmZWUyRS_mHCADQA-xGSPrlf4F6xPgAHmudSZccKjUZ4oqa94PUlY8LU7C1SSqm_&awbid_d=AKAmf-AUQVJuSGIiz8Pzp9iuTcoXMxc5itgYQtdPteL6iCHFOtFqyhGhy-b8Kz4bIiDQmtjHcG4mQ49JfEr4IKl0FqnzHwvgMG-374UWvvI4bkyh-MWZLq4baLFiE5eMkrRMNKoW-D7GMJ5sKLW-tksPg7b1e4aA8mJ8FTgIRaDDZayhxeBvsmSc1QKIsy_XpuSMH79HRG9osWVOVAPwkoumVAaCOhYo45JbNMBGK7RPo9U5Fi7LHQOHa7_w83pd-1eBEqahBCNDVmdC7y8iXpiuR2_5wgj-kG7vHMVp14OsyOBfOvTv9SC3fEO219uEvYwOQGallTAK67KE-Jw8F3kOrZxzq-L1Dgi47W-rSLBv80L9oR3X_c-HheBE5pSAkfM_NKLOIVWo7iQboBqxLQTI3UuhDIXSLudrKbx-3Ze9NFNhndfSDRZ63E2BMqPJudfMn0hXkbflr7oAH0WbSofsY36UzF390_86xwlDUDQ-H-x6WDcr5fUBN7GLzWeiEywiptddM_6oU8z9gArFUdHwfJFbsPOOpL6mhN2yFcW0akHUKaQaMautrSh_7WUXI6F-FqmLIpLhDg4ImV9gvpBZykI1mQMwZF8nYMuEMb-nHFUOTXUwIIOmPc_IJfT7wlcZfHDBdrQJib2ak7Eblr4dlkMrKvH9x1nj551txqFXfV8MZBY2I0kWAb4z4xwbRPFqwjqe4AL1RHOTVC3Zzt3u_D6l4h-eIjBZYP0rEr7kQWMLsYCH4X73EPm-FWH16FZ7B7gi1ePbVPYVk9iqD8huPrY_1QkwBWOI7Ba7xIWyX7atii4365b9gcTHdzi0JChJ9D-7OjXEiHESucpwSTfbNo_0XtN4Kaf0BFx-dtFWmsMd2CVm-rJ6iejHSkwhRlIwhS-oXrVvJO_kFn_3V3WtUlcgyRU7KICFJ9tLpPGzI-UuwtIXVRzJ2Bl2b56nV8R2IQDUCte2Shnn1bKgPcLcq6nCxo3DYqZ_OZveH1__m3cOmfXLgqxCbd-y5Zlr54tRBGvyX6Iz&cid=CAASBORoE8A&exk=1323703361&rfl=https%3A%2F%2Fnotepad.pw%2F23cllfl3&a_pr=13:YcOMXwAAAAAY9LvoWsbP4SWAXYk5G6Z-ldi9bg
Frame ID: 0E9B03C31C7D5F9376ABD0A58554619D
Requests: 12 HTTP requests in this frame

Frame: https://tagan.adlightning.com/freestar/bl-0af0356-e4ea5370.js
Frame ID: 77FCA0A4CF138CFAFC19E2BB3DFC6D89
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 61C89565EF7D083E4BA65B6DA88CEB77
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Frame ID: EC5AC9BA2F204E9FACEF9AA3AA756377
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

notepad.pw / 23cllfl3 | The napkin of the internet.

Page URL History Show full URLs

http://notepad.pw/ HTTP 307
https://notepad.pw/23cllfl3 Page URL

Detected technologies

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+(?:-?rc[.\d]*)*)/angular(?:\.min)?\.js
\bangular.{0,32}\.js

Socket.io (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

socket\.io.*\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Ionicons (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+ionicons(?:\.min)?\.css

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

206
Requests

83 %
HTTPS

27 %
IPv6

69
Domains

96
Subdomains

66
IPs

6
Countries

1737 kB
Transfer

4680 kB
Size

101
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.internetcookies.com/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://notepad-static.s3.amazonaws.com/Notepad.pw+Terms+of+Use.pdf
Title: Terms

Search URL Search Domain Scan URL

URL: https://about.notepad.pw/
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://notepad.pw/share/s1scvp5a

Search URL Search Domain Scan URL

URL: http://twitter.com/share?text=notepad.pw&url=https://notepad.pw/share/s1scvp5a

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://notepad.pw/share/s1scvp5a&title=notepad.pw

Search URL Search Domain Scan URL

URL: https://freestar.com/?utm_campaign=branding&utm_medium=stickyFooter&utm_source=notepad.pw&utm_content=notepad_970x90_728x90_320x50_Sticky

Search URL Search Domain Scan URL

URL: https://www.adlightning.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://notepad.pw/ HTTP 307
https://notepad.pw/23cllfl3 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://wpcc.io/lib/1.0.2/cookieconsent.min.css HTTP 301
https://www.wpcc.io/lib/1.0.2/cookieconsent.min.css HTTP 301
https://www.websitepolicies.io/lib/1.0.2/cookieconsent.min.css

Request Chain 13

https://wpcc.io/lib/1.0.2/cookieconsent.min.js HTTP 301
https://www.wpcc.io/lib/1.0.2/cookieconsent.min.js HTTP 301
https://www.websitepolicies.io/lib/1.0.2/cookieconsent.min.js

Request Chain 27

https://freestar-io.videoplayerhub.com/gallery.js HTTP 301
https://btloader.com/tag?h=freestar-io&upapi=true

Request Chain 30

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1640205406914&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%2023cllfl3%20%7C%20The%20napkin%20of%20the%20internet.&c7=https%3A%2F%2Fnotepad.pw%2F23cllfl3&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1640205406914&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%2023cllfl3%20%7C%20The%20napkin%20of%20the%20internet.&c7=https%3A%2F%2Fnotepad.pw%2F23cllfl3&c9=

Request Chain 49

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fnotepad.pw%2F&domain=notepad.pw&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=mZ2foXwvTDhKaWxTRG54V05nK0JxdTZpZ0ZDakNXYm1jSnUzNFIrb3Q3MTlwczdFOVMwT2ovWkxFelV3NGJPNFBKMDNXRC9zTVdsMmZ5RXFHNndzanlMNFlFSUFZdjFCU3E0aHNEWjRkZ05NR2RyYTdDdGF6L2YyWTV5SCtvM2pPR1dGL2RRTTR3RllLekRrV0tjVk9kemx5YU56M0RHT1FROFVEUGZVVEVvSnNhQ2YxZ3l4OHlYY05aZDdlMlZUcFJpSWtoR1FTbzRtLytMMFgzeVNiZjVITjBjSUNCVGlobGFhSTRBNnpTSTUwYzlnPXw&cppv=2

Request Chain 103

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&dcc=t

Request Chain 116

https://usermatch.krxd.net/um/v2?partner=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_cm&google_nid=krux_digital&google_hm=T2pueGwtU2c HTTP 302
https://cm.g.doubleclick.net/pixel?google_cm=&google_nid=krux_digital&google_hm=T2pueGwtU2c&google_tc= HTTP 302
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEBafFHftDSUGkshD22HsiG4&google_cver=1

Request Chain 117

https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm&google_hm=T2pueGwtU2c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm=&google_hm=T2pueGwtU2c&google_tc= HTTP 302
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEB-UaQA5Py3GgeouchcPGYo&google_cver=1

Request Chain 118

https://match.adsrvr.org/track/cmf/generic?ttd_pid=krux&ttd_tpi=1&ttd_puid=Ojnxl-Sg&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=krux&ttd_tpi=1&ttd_puid=Ojnxl-Sg&gdpr=0 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=ttd&partner_uid=c1617644-d9b8-4c1e-9931-3ece56efb0ba

Request Chain 120

https://stags.bluekai.com/site/26357?id=Ojnxl-Sg&redir=https://beacon.krxd.net/usermatch.gif?_kuid%3DOjnxl-Sg%26partner%3Dbluekai%26bk_uuid%3D%24_BK_UUID HTTP 302
https://beacon.krxd.net/usermatch.gif?_kuid=Ojnxl-Sg&partner=bluekai&bk_uuid=$_BK_UUID

Request Chain 123

https://ib.adnxs.com/getuid?https://beacon.krxd.net/usermatch.gif?adnxs_uid=$UID HTTP 302
https://beacon.krxd.net/usermatch.gif?adnxs_uid=3971102671105818542

Request Chain 124

https://global.ib-ibi.com/image.sbxx?go=247532&pid=314&xid=Ojnxl-Sg HTTP 302
https://ib.mookie1.com/image.sbxx?go=247532&pid=314&xid=Ojnxl-Sg

Request Chain 125

https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dpubmatic%26partner_uid%3D%23PM_USER_ID HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dpubmatic%26partner_uid%3D%23PM_USER_ID&rdf=1 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=pubmatic&partner_uid=4436ED5F-9339-45AE-94F2-83A750055DCB

Request Chain 126

https://fei.pro-market.net/engine?mimetype=img&du=88&csync=Ojnxl-Sg HTTP 302
https://idsync.rlcdn.com/398696.gif?partner_uid=4640143000343888477

Request Chain 128

https://um.simpli.fi/amazon/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsimpli.fi%26id%3D HTTP 302
https://s.amazon-adsystem.com/ecm3?id=33DE0C0FDB4E49E7BECFA760132BC91E&ex=simpli.fi&status=ok

Request Chain 129

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Request Chain 132

https://ssbsync-us.smartadserver.com/api/sync?callerId=2 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=1677254204745086207&gdpr=0&gdpr_consent=

Request Chain 133

https://sync.inmobi.com/TAM?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=inmobi.com&id=ID5-ZHMOICMZAbr98f1z0hyTAVYT9BjrzWvI_Bo5UoFWFA

Request Chain 134

https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com HTTP 302
https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1

Request Chain 135

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=14998720294337893219

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=ZjhZWXFUVkNPaGVraHFRZS0tTnh4dw&gdpr=0&gdpr_consent= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEMQsz-EVlT9g1uZ7rCfYVm8&google_cver=1

Request Chain 140

https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid= HTTP 302
https://pulsepoint-match.dotomi.com/match/bounce/current?DotomiTest=4c841bb25cf51235&is_secure=true&networkId=14200&version=1&nuid= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AAAGd_E4wbmtlANNUs3sAAAAAAA&expiration=1640291808&nuid=&is_secure=true

Request Chain 143

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8499&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3Dk1jJghvBi79yX1NZ2sM5fXrm%26source_user_id%3D%24SPOTX_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8499&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3Dk1jJghvBi79yX1NZ2sM5fXrm%26source_user_id%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=e2f50e52-6366-11ec-aeff-1fc5ecda0103 HTTP 302
https://match.sharethrough.com/sync/v1?source_id=k1jJghvBi79yX1NZ2sM5fXrm&source_user_id=e2f50e0a-6366-11ec-aeff-1fc5ecda0103

Request Chain 144

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2 HTTP 302
https://b1sync.zemanta.com/usersync/sharethrough/ HTTP 302
https://stags.bluekai.com/site/23178?id=t0XQgXMFWDA6XqrQP68F&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS63LBORRWQLTTNBQXEZLUNBZG65LHNAXGG33NF5ZXS3TDF53DCP3FPBRWQYLOM5ST243IMFZGK5DIOJXXKZ3IEZZW65LSMNSV62LEHVQTOOJTGUZTANJYGE2GMODDGVSTEYJTGRRGCNJUEZZW65LSMNSV65LTMVZF62LEHV2DAWCRM5ME2RSXIRATMWDROJIVANRYIY HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS63LBORRWQLTTNBQXEZLUNBZG65LHNAXGG33NF5ZXS3TDF53DCP3FPBRWQYLOM5ST243IMFZGK5DIOJXXKZ3IEZZW65LSMNSV62LEHVQTOOJTGUZTANJYGE2GMODDGVSTEYJTGRRGCNJUEZZW65LSMNSV65LTMVZF62LEHV2DAWCRM5ME2RSXIRATMWDROJIVANRYIY HTTP 302
https://match.sharethrough.com/sync/v1?source_id=a7935305814f8c5e2a34ba54&source_user_id=t0XQgXMFWDA6XqrQP68F

Request Chain 145

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1 HTTP 302
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=c1617644-d9b8-4c1e-9931-3ece56efb0ba&gdpr=0&gdpr_consent=

Request Chain 146

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4 HTTP 302
https://sync-tm.everesttech.net/upi/pid/byN59NcB?redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DSvWuQHUbMWnhsCDYjeaq81U2%26source_user_id%3D%24%7BTM_USER_ID%7D%0A

Request Chain 147

https://match.adsrvr.org/track/cmf/casale HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c1617644-d9b8-4c1e-9931-3ece56efb0ba&expiration=1642797408&gdpr=0&gdpr_consent=

Request Chain 149

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESENbSg0vyXrxGhOXnNRcsA74&google_cver=1

Request Chain 150

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YcOMYOGrgeANNsgObvQYOgAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHNIziwEYGq6hWx2ffqBGHY&google_cver=1

Request Chain 151

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB&gdpr_consent=&us_privacy=&gdpr=&verify=true HTTP 302
https://pr-bh.ybp.yahoo.com/sync/casale/YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB

Request Chain 152

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48 HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=48 HTTP 302
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341%26partner_url%3Dhttps%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D64%2526external_user_id%253D42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341%2526expiration%253D1642797408 HTTP 302
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341%26partner_url%3Dhttps%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D64%2526external_user_id%253D42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341%2526expiration%253D1642797408&xl8blockcheck=1 HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341&partner_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D64%26external_user_id%3D42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341%26expiration%3D1642797408 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341&partner_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D64%26external_user_id%3D42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341%26expiration%3D1642797408 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341&expiration=1642797408

Request Chain 153

https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YcOMYOGrgeANNsgObvQYOgAA%26983?gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YcOMYOGrgeANNsgObvQYOgAA%26983?gdpr_consent=&us_privacy=&gdpr=

Request Chain 154

https://x.bidswitch.net/sync?ssp=index HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=index HTTP 302
https://m.fg8dgt.com/sync?ssp=bidswitch&bidswitch_ssp_id=index&ssp_uuid=c99b2155-85c0-446f-b085-dfcd5ce90145 HTTP 302
https://m.fg8dgt.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=index&ssp_uuid=c99b2155-85c0-446f-b085-dfcd5ce90145 HTTP 302
https://x.bidswitch.net/sync?dsp_id=108&expires=14&ssp=index&user_id=3dd2b990-6459-4f8e-b32c-7b93e5b8d2fc HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c99b2155-85c0-446f-b085-dfcd5ce90145

Request Chain 159

https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent= HTTP 302
https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1 HTTP 302
https://ce.lijit.com/merge?pid=86&3pid=jj4hv0Nfp3z6Tt07oXpt&pi=sovrn&gdpr_consent=&gdpr=0&tc=1

Request Chain 160

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=YTdiZGM2Y2E1YTdjYmU1MWQxZThlYWJk&gdpr=0

Request Chain 161

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=lQ7w9JtcpqGOW_XywFy-95oHqvKOB6D2xwxkUfYc

Request Chain 162

https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=90&3pid=785e9674-5938-442f-b077-984b74b20a8a&gdpr=0&gdpr_consent=

Request Chain 163

https://ums.acuityplatform.com/tum?umid=27&uid=a7bdc6ca5a7cbe51d1e8eabd&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=66&3pid=633592634447

Request Chain 200

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

206 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request 23cllfl3 Show response
notepad.pw/
Redirect Chain

http://notepad.pw/
https://notepad.pw/23cllfl3

31 KB
13 KB

136ms
81ms

Document
text/html

151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: b2dd7c12d8971ddba8fee7f0c887c2ff1f4abff5343c16788f35939113ec1e3b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: fbs
access-control-allow-origin: *
x-hw: 1640205405.cds217.tr2.hn,1640205405.cds010.tr2.sc,1640205406.cdn2-redis01-yyz1.stackpath.systems.-.wx,1640205406.cds010.tr2.p

Redirect headers

Date: Wed, 22 Dec 2021 20:36:45 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Location: https://notepad.pw/23cllfl3
Server: fbs
Access-Control-Allow-Origin: *
X-HW: 1640205405.cds211.tr2.h2,1640205405.cds222.tr2.sc,1640205405.cdn2-wafbe04-yyz1.stackpath.systems.-.wx,1640205405.cds222.tr2.p
Connection: keep-alive

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 109ms
42ms Stylesheet
text/css 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Sans:400,700

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a34e68796feb650977daf139feb1e1a43101bac68661c830ec12853b483ad4e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 19:59:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 22 Dec 2021 20:36:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 22 Dec 2021 20:36:46 GMT

GET
H2 200 global.css
notepad.pw/content/css/ 6 KB
2 KB 76ms
75ms Stylesheet
text/css 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://notepad.pw/content/css/global.css?229
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 2b60310189012686567c541c72a40acf74adb416bdc524008822d6c7c73ccd97

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/23cllfl3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: gzip
last-modified: Mon, 02 Oct 2017 03:48:05 GMT
server: fbs
etag: "59d1b6f5-1821"
x-hw: 1640205406.cds217.tr2.hn,1640205406.cds223.tr2.sc,1640205406.cdn2-wafbe02-yyz1.stackpath.systems.-.wx,1640205406.cds223.tr2.p
content-type: text/css
access-control-allow-origin: *
accept-ranges: bytes

GET
H2 200 normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/ 2 KB
1 KB 72ms
28ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5886859
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 742
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:31 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f2b-8a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U536NM4bdcTnvN4ktkmIs%2BNJ8kBFs5bhFslfp5KpdYIWGxMYEEUUlf68eY4tTlQuluFYurmjecxad14tWzYNcvvTDz3Hh4rpOtvzh41K9k%2B5rv87iueBPH1LBO6rHaisWxTpJhggqbF0EtMdW1AM2vpT"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c1c24ec6d54713f-YUL
expires: Mon, 12 Dec 2022 20:36:46 GMT

GET
H2 200 ionicons.min.css
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ 50 KB
7 KB 73ms
29ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4232756
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6642
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ea8-c854"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=08k8PkB956XFKetyWk%2BR%2BUdC8mG5oG3ZePWti1gyGvG6MbC3TWnjBjQcP9aYoN4Ii%2Fb9iKW2Zr9AN52J0Go3Ms2IxqYy7ouBZ4mUCm2lmrsj1nCJsEstZAhG3F1bjFHa9%2BeSCVoEloaSucxC%2B%2FfdVtHB"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c1c24ec6d56713f-YUL
expires: Mon, 12 Dec 2022 20:36:46 GMT

GET
H2 200 logo-dark.png
notepad.pw/content/images/ 22 KB
22 KB 102ms
100ms Image
image/png 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notepad.pw/content/images/logo-dark.png
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/23cllfl3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
last-modified: Thu, 30 Aug 2018 21:59:20 GMT
server: fbs
etag: "5b8868b8-57f4"
x-hw: 1640205406.cds217.tr2.hn,1640205406.cds213.tr2.sc,1640205406.cdn2-wafbe03-yyz1.stackpath.systems.-.wx,1640205406.cds213.tr2.p
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 22516

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/ 82 KB
26 KB 23ms
23ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 18741398
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 26646
cf-request-id: 0a28625ceb0000ca4b82844000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-1499c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4o%2BUFsQ8xwHASzRyoQr0s65Cy065OK19lI3TKmfRZlmGKUC90Nk9Q5IKaX4LklGSTFiHuuzYEp7HON3gVf2NkdRH3NgJ%2BfO%2Bw0YVG%2FIzdeYE3%2FTiUstzyFXU7mE6TEkTrx1VPQ48CwMxSgqhsq7Iln4S"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c1c24ec9d91713f-YUL
expires: Mon, 12 Dec 2022 20:36:46 GMT

GET
H3 200 angular.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/ 156 KB
49 KB 26ms
25ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5893443
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 49420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:55 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d27-27130"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bTVDe8DPH%2FOnpXJvW%2FlyPNCnhaQgQO30bicLH%2FEVqFsSQdTJBjECQpx8sm5A3J7dlN%2BL9vJMmdbQoPRMAeKehkpRYYYAAMh88BwAx2DVZTAm7a2Xaa4CeKLMPMWAEsZUydHsa2ps9cNaYRdwB1Kp08hy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c1c24eccc8fecf2-YUL
expires: Mon, 12 Dec 2022 20:36:46 GMT

GET
H3 200 angular-cookies.min.js Show response
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/ 1 KB
1 KB 59ms
59ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 21029254
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 677
cf-request-id: 09a00475920000ca53943ed000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:55 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d27-5a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=51adnZ2vi%2F3vhzRNTjJLZHDjgFLVq4AJlZBiL4KgDFI5pM24Nv1xr91Sx4%2B5xliLRyYfL0cXE2Eqbi6y5FWt2EUMGD%2B%2FuJnW9iVJkvPHvDnXkCUKqRctg0%2BHpXi9W9BntJ4guGlv82KYz5gjZLmEODl8"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c1c24eccc91ecf2-YUL
expires: Mon, 12 Dec 2022 20:36:46 GMT

GET
H3 200 socket.io.min.js Show response
cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/ 68 KB
19 KB 59ms
58ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 19965070
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 19101
cf-request-id: 09df729c6a0000ca6fad35b000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd5-10ec3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WHyZIpyI8ykV%2FWz8fNqqq9%2FqADmkDaaAg5H45dZCXuTgh4FbtV3kc%2BKzNkk8XPGO8W06pOs6bEuHdW1bkbdCAmlvOkKM0WdvHSA3cKIhQnTQpJSgPX5lu4BotsXYXkGqTUWGJhQjdKtkjnKZDh7%2Btjg0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c1c24eccc92ecf2-YUL
expires: Mon, 12 Dec 2022 20:36:46 GMT

GET
H2 200 app.min.js Show response
notepad.pw/content/js/ 8 KB
3 KB 76ms
73ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://notepad.pw/content/js/app.min.js?366
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/23cllfl3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: gzip
last-modified: Thu, 30 Aug 2018 22:33:49 GMT
server: fbs
etag: "5b8870cd-2089"
x-hw: 1640205406.cds217.tr2.hn,1640205406.cds213.tr2.sc,1640205406.cdn2-wafbe02-yyz1.stackpath.systems.-.wx,1640205406.cds213.tr2.p
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes

GET
H3 200 store.min.js Show response
cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/ 3 KB
2 KB 73ms
72ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4074170
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 994
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:28 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fdc-a35"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fgaGFaQO%2BZbhzjwtBKC6tQECGdYAXPEzFVyvQJ1vZ0X6D%2FZDExbC2RvfALq6IgTqBrgMqNx8%2BhlYzG8uzcXbvXjufYRWmAby8BOmsTUnkTMbKEYFK9jTkNnP%2FMdpsrC8qtkDjM0xire8XNHRzx6nzZvP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c1c24eccc93ecf2-YUL
expires: Mon, 12 Dec 2022 20:36:46 GMT

GET
H3 200 clipboard.min.js Show response
cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/ 11 KB
4 KB 73ms
72ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3801789
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3005
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:13 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e29-2aa5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Jjyhk6wcvkbi4sKtNDY4MH4KugPVaTq8T7yjkNpOhaiyt5pu2K%2BRMSkuucbeA6p0tQlQu1mvzt5NKyGRH2Rr9jU9mlXzvGAJBT%2FXrLPLbVsF6V5oM1WQpyuhzMZzR1IE68zppmCVyL1n58zrY%2BPZNmQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c1c24eccc94ecf2-YUL
expires: Mon, 12 Dec 2022 20:36:46 GMT

GET
H2

200

cookieconsent.min.css
www.websitepolicies.io/lib/1.0.2/
Redirect Chain

https://wpcc.io/lib/1.0.2/cookieconsent.min.css
https://www.wpcc.io/lib/1.0.2/cookieconsent.min.css
https://www.websitepolicies.io/lib/1.0.2/cookieconsent.min.css

4 KB
2 KB

92ms
20ms

Stylesheet
text/css

159.89.188.8
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.websitepolicies.io/lib/1.0.2/cookieconsent.min.css

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Server

159.89.188.8 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

websitepolicies.io

Software

nginx /

Resource Hash

119351ced3134718cb42591e513ff063cf04af7c2734b137c666ee62e137e15d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 05 Apr 2019 15:44:28 GMT
server: nginx
etag: W/"5ca777dc-fbe"
x-frame-options: SAMEORIGIN
content-type: text/css
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, no-cache, public, must-revalidate, proxy-revalidate
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
expires: Fri, 21 Jan 2022 20:36:46 GMT

Redirect headers

date: Wed, 22 Dec 2021 20:36:46 GMT
referrer-policy: no-referrer-when-downgrade
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/html
location: https://www.websitepolicies.io/lib/1.0.2/cookieconsent.min.css
x-xss-protection: 1; mode=block
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 178
x-content-type-options: nosniff

GET
H2

200

cookieconsent.min.js Show response
www.websitepolicies.io/lib/1.0.2/
Redirect Chain

https://wpcc.io/lib/1.0.2/cookieconsent.min.js
https://www.wpcc.io/lib/1.0.2/cookieconsent.min.js
https://www.websitepolicies.io/lib/1.0.2/cookieconsent.min.js

9 KB
4 KB

92ms
21ms

Script
application/javascript

159.89.188.8
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.websitepolicies.io/lib/1.0.2/cookieconsent.min.js

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Server

159.89.188.8 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

websitepolicies.io

Software

nginx /

Resource Hash

19a5bc2d205600f87e8e72f1fd400ac9539ddaebe048e68f4dcf6188a485c0ac

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 01 Jun 2021 15:09:17 GMT
server: nginx
etag: W/"60b64d9d-2250"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, no-cache, public, must-revalidate, proxy-revalidate
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
expires: Fri, 21 Jan 2022 20:36:46 GMT

Redirect headers

date: Wed, 22 Dec 2021 20:36:46 GMT
referrer-policy: no-referrer-when-downgrade
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/html
location: https://www.websitepolicies.io/lib/1.0.2/cookieconsent.min.js
x-xss-protection: 1; mode=block
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 178
x-content-type-options: nosniff

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 73 KB
29 KB 106ms
42ms Script
application/javascript 2607:f8b0:4006:81e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-ML9KQJN

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ac496d8a3757ec730557bf9203ca6f461aef4bfe34c7912f505435300698c4f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29654
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 18:00:51 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 22 Dec 2021 20:36:46 GMT

GET
H2 200 pubfig.min.js Show response
a.pub.network/notepad-pw/ 119 KB
46 KB 193ms
137ms Script
application/javascript 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/notepad-pw/pubfig.min.js
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8134e2b10872263593b3a0c0b676f48e09b674a6eaab3fbdd221df3a27d99908

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=VjxADA==, md5=/heK+oQIeDitBrX6CfMEPA==
date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycdv4b5BZ5DMhEnDh2kDqutXQpXkT6w2R-QZAbbFf0ED05PP0NTFrNtYRbNqhLJVeSC4oCkH4FS5I6Gu041lgBHc
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Tue, 21 Dec 2021 17:18:47 GMT
server: cloudflare
etag: W/"fe178afa84087838ad06b5fa09f3043c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y8KRZwv%2BomYHEYYibVewUxmVNp47i4FfQ0d6jG5teYqvDat8ehPxCVdPYO19%2FFehaJZWvJoOwXwnKp8LfZlUOkl7zKhlsJgfNzq8ndDlj69%2FrjXXEs1eKKv0PZPpvtUTYq2tJwAqMMfaGJc%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1639601654710039
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=1800
x-goog-stored-content-length: 121945
cf-ray: 6c1c24ed29e04bca-YUL
expires: Tue, 21 Dec 2021 17:24:28 GMT

GET
H2 200 / Show response
notepad.pw/sbbi/ Frame 0847 25 KB
11 KB 35ms
34ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=KS&sbbgs=h4658aa3bf07105eb04cde79ea3d52a3d218&ddl=0
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: ae8647eb842d5a887f4456eb2c72b32a8831f18d88fb503e76b03eca3157c745

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/23cllfl3

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
access-control-allow-origin: *
x-hw: 1640205406.cds217.tr2.hn,1640205406.cds219.tr2.sc,1640205406.cdn2-wafbe02-yyz1.stackpath.systems.-.i,1640205406.cds219.tr2.p

GET
H2 200 /
notepad.pw/sbbi/ 43 B
176 B 39ms
39ms Image
image/gif 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notepad.pw/sbbi/?sbbpg=utMedia&vii=2hc4061528ea5a432b7f509791e0959edbc0f44c3d2e1729dedab3bdc5422a73udj2l1t8
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/23cllfl3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
x-accel-expires: 0
date: Wed, 22 Dec 2021 20:36:46 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
server: fbs
x-hw: 1640205406.cds217.tr2.hn,1640205406.cds007.tr2.sc,1640205406.cdn2-wafbe04-yyz1.stackpath.systems.-.i,1640205406.cds007.tr2.p
content-type: image/gif

GET
H3 200 ionicons.ttf
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ 184 KB
96 KB 57ms
35ms Font
application/octet-stream 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c5b6bb603a4f7556b94532674f3847b430b9495afbb3a4dcfe5ba718baa59ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
Origin: https://notepad.pw
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1132558
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 97438
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ea8-2e05c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qE3w7TjpBfV2noyVUnctRRV%2BaLEbMwJ38HGMPhwcDvHe%2BLXhGNi95Gp3I6eCszUR9VNh1PGTlTUB0UMvXdSHNotyDKVQbtXJjzdWgnTWgO0M1TCCg54p9XVwN8Ya%2BSJrwYoG7eUNfmdaLYW9j1oDOCu0"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c1c24ed08507138-YUL
expires: Mon, 12 Dec 2022 20:36:46 GMT

GET
H2 200 o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v21/ 16 KB
16 KB 89ms
25ms Font
font/woff2 2607:f8b0:4006:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v21/o-0IIpQlx3QUlC5A4PNr5TRA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a9f53c02752e79270686f1b2a3616b86d3af1ea2a288f2977e34b1141d552ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://notepad.pw
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 17 Dec 2021 13:05:09 GMT
x-content-type-options: nosniff
age: 459097
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16056
x-xss-protection: 0
last-modified: Tue, 14 Sep 2021 16:44:52 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 17 Dec 2022 13:05:09 GMT

GET
H2 200 init Show response
d.pub.network/v2/ 27 KB
5 KB 86ms
46ms XHR
application/json 35.201.71.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/v2/init?siteId=1413&env=PROD
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.71.201.35.bc.googleusercontent.com
Software: /
Resource Hash: fcdaf8a9c355219d541d2bdecd8e21caf9056fedd56c27cf5f81ed0af7aeeb02

Request headers

Accept: application/json, text/plain, */*
Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: gzip
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 86ms
27ms Script
application/javascript 13.225.223.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-81.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 10:12:15 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 37485
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ab95c5a0dcf51f52101ed4d59d15a2a3.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
x-amz-cf-id: Ks8Yho07HQK5F5aH3dA2Am3GqJdbAKCCft-mGxz3hveAWR_cpo2fOQ==

GET
H2 200 pubfig.engine.4.24.5.9076d3e0c419cef84ae3ad23849bbb2204ab48e7.js Show response
a.pub.network/core/pubfig/ 328 KB
99 KB 34ms
34ms Script
application/javascript 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig/pubfig.engine.4.24.5.9076d3e0c419cef84ae3ad23849bbb2204ab48e7.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc98e225fd5128e25682b9054b80370bb45d5ba580e176e14fd674e142f32fa4

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=8+knlA==, md5=nUS7pEP93Iwy2xJ+umKnnQ==
date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycdsz4XvtNzGlfVoRxqremlePTR-QpwQHXhvTScqekeb24INhV9y_7UFsKlHFRaQ0Kr-S07Afz_cTiETleUKmfQY
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
cf-ray: 6c1c24f06df54bca-YUL
last-modified: Mon, 13 Dec 2021 16:39:33 GMT
server: cloudflare
etag: W/"9d44bba443fddc8c32db127eba62a79d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xwjq9kcaVYsQI15qUNuD1G0Smj47tdlBJClmd6f2we4HElTp6lg9aJnaD7Q7RDjToKHh%2BLbHc2m7QvumRzQQPK9hCRCEvAQyyPzDdJRh0uuWIy3EGYOU3TTZIttt18pnCtxgh6HgZ%2BHL%2BOU%3D"}],"group":"cf-nel","max_age":604800}
content-language: en
access-control-allow-origin: *
x-goog-generation: 1639413573274375
access-control-expose-headers: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 335768
content-type: application/javascript
expires: Tue, 21 Dec 2021 18:18:50 GMT

POST
H2 200 / Show response
notepad.pw/sbbi/ Frame 0847 516 B
458 B 23ms
22ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=KS&sbbgs=h4658aa3bf07105eb04cde79ea3d52a3d218&ddl=0
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://notepad.pw
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=KS&sbbgs=h4658aa3bf07105eb04cde79ea3d52a3d218&ddl=0

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
access-control-allow-origin: *
x-hw: 1640205406.cds217.tr2.hn,1640205406.cds211.tr2.sc,1640205406.cdn2-wafbe02-yyz1.stackpath.systems.-.i,1640205406.cds211.tr2.p

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 101 B
652 B 109ms
71ms XHR
application/octet-stream 2606:4700:7::a29f:8a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=NtZt5AL
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ba951a4da45604bc637c14aae3dbfafa23e7af4da399d3ffb082c132eb6ae27

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1uCCGSBQBIsJBLhcjpRiO35yEFnxWDBb5xVoEL7cORTTqYKfiFUCWtEalx9Pi3ibAS%2BbBOFeCQhugWqlLf1Ua1dYt6jDLEGQZEONj17oHBNizaa0JEpEqQpdc%2BjpnK10%2BCQ7r7wvavMGDQARiM4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
cf-ray: 6c1c24f131f17148-YUL
content-length: 101

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ 14 KB
4 KB 44ms
14ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.24.5.9076d3e0c419cef84ae3ad23849bbb2204ab48e7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9cd1b5630bcc34ecc71dbcbdfe45ddb9ed3cb4c0464a2abeb76bcc490635e376

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 19:58:20 GMT
content-encoding: gzip
age: 2306
x-guploader-uploadid: ADPycduhVpTbbaR3kydAcej0y7J8DsmpJX2RkiQvO-wrdnonOcWQhE20RFTSHsXtBBmI3LhUcTzeVxgGviKpRyBGkEaWQ1yGxA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3637
last-modified: Mon, 22 Nov 2021 21:22:46 GMT
server: UploadServer
etag: "9f5012774da47c70284c82ae0ce443d7"
vary: Accept-Encoding
x-goog-hash: crc32c=oAHW2w==, md5=n1ASd02kfHAoTIKuDORD1w==
x-goog-generation: 1637616166247508
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 3637
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 78 KB
27 KB 102ms
36ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.24.5.9076d3e0c419cef84ae3ad23849bbb2204ab48e7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38258a3aa023ee5b5f45a8c149fd28449112dc4bf60411d2c88a4a6e33506df4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1079 / 692 of 1000 / last-modified: 1639397097"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26911
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 22 Dec 2021 20:36:46 GMT

GET
H2

200

tag Show response
btloader.com/
Redirect Chain

https://freestar-io.videoplayerhub.com/gallery.js
https://btloader.com/tag?h=freestar-io&upapi=true

139 KB
28 KB

115ms
38ms

Script
application/javascript

2606:4700:20::681a:78b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?h=freestar-io&upapi=true
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Server: 2606:4700:20::681a:78b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ab8afc2e7f31406d0d311f18da7853dfb57a1c5aecd74b40ff512a768a61703

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c1c24f20d494bc5-YUL
date: Wed, 22 Dec 2021 20:36:47 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3575
etag: W/"d82605b4de3184d8856241ed68f6f2b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eE6IBSxaqa7P%2FGvDSzcSssPEQWeSGT3%2FonjvhwTetEZyk9fi3FBpbBB1LJtMACej51kKc0ggKP5NXsp73quMrpSiVS6peOWqRVify38v0LcL9wQfdYPeySA0tj5pJFmsuVBpfpLwg%2BgCLg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800, must-revalidate
content-encoding: br

Redirect headers

date: Wed, 22 Dec 2021 20:36:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eUSXlS9d1Kd%2FO37Wp8W1nvLapPP16Dsh5j%2B2Cuvq%2FswflE1zpmC%2FetoNfpW788dEetnQGFIeS2vN%2BDN5%2FzwVVoyXu8ny1RTik7eK0EJo%2BK6g%2BINKf1bF46wD4b2LsIFpdNusGCZVbiU3X65R8v2msRfOjMcgvuxKhw3FHw%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://btloader.com/tag?h=freestar-io&upapi=true
cache-control: max-age=3600
cf-ray: 6c1c24f16e367142-YUL
expires: Wed, 22 Dec 2021 21:36:46 GMT

GET
H/1.1 200
OK 184310-82987131453484.js Show response
js-sec.indexww.com/ht/p/ 0
454 B 93ms
31ms Script
text/javascript 23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/184310-82987131453484.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.24.5.9076d3e0c419cef84ae3ad23849bbb2204ab48e7.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 20:36:46 GMT
Content-Encoding: gzip
Last-Modified: Wed, 22 Dec 2021 20:20:58 GMT
Server: Apache
ETag: "760c4c-0-5d3c1dc20596b"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=2908
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 20
Expires: Wed, 22 Dec 2021 21:25:14 GMT

GET
H2 200 prebid-analytics-4.42.8.js Show response
a.pub.network/core/ 461 KB
144 KB 34ms
33ms Script
text/html 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-4.42.8.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.24.5.9076d3e0c419cef84ae3ad23849bbb2204ab48e7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9046a60fdbdb529b6b13861eea59560d2ea9fcf701d302a110b32c76d8d62d9b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=KmV2Hg==, md5=eyD+1aCHft06iq6DgXsolw==
date: Wed, 22 Dec 2021 20:36:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycdtwR07TTqm1JXi8PcNWHE_BxvDIyAfFgyKyYlqKST6VkSjZk1FTrQz8IfQCT2a5p3RZinUVAXIiksCEWP6xae8
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
cf-ray: 6c1c24f13ebb4bca-YUL
last-modified: Mon, 13 Dec 2021 16:32:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d%2B0L46YZFWxvdrzcQHNopRZUHL0BNLo4y9EMKtFtQnrtNIQIPfjhHCkQ1bMCzIVGUg2rSHPOfQbvLyKw0sMFrOtbf0F4gH7wo36z7cKyeYp47MGlL1D%2BEs9sCTO5b2Myht6iMUxXLTXkx0Y%3D"}],"group":"cf-nel","max_age":604800}
content-language: en
access-control-allow-origin: *
x-goog-generation: 1639413132927175
access-control-expose-headers: *
cache-control: private, max-age=86400
x-goog-stored-content-length: 471934
content-type: text/html
expires: Thu, 22 Dec 2022 17:18:56 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1640205406914&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%2023cllfl3%20%7C%20The%20napkin%20of%20the%20internet.&c7=https%3A%2F%2Fnotep...
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1640205406914&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%2023cllfl3%20%7C%20The%20napkin%20of%20the%20internet.&c7=https%3A%2F%2Fnote...

0
224 B

31ms
28ms

Image
text/plain

13.225.223.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1640205406914&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%2023cllfl3%20%7C%20The%20napkin%20of%20the%20internet.&c7=https%3A%2F%2Fnotepad.pw%2F23cllfl3&c9=
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Server: 13.225.223.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-81.jfk51.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
via: 1.1 ab95c5a0dcf51f52101ed4d59d15a2a3.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: ODqXOGHYxSOj9HoSBAN6v4dHJvqEpQZ74tYMeKcx4gRBvJRnNiaYqg==
x-cache: Miss from cloudfront

Redirect headers

date: Wed, 22 Dec 2021 20:36:46 GMT
via: 1.1 ab95c5a0dcf51f52101ed4d59d15a2a3.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1640205406914&ns_c=UTF-8&cv=3.5&c8=notepad.pw%20%2F%2023cllfl3%20%7C%20The%20napkin%20of%20the%20internet.&c7=https%3A%2F%2Fnotepad.pw%2F23cllfl3&c9=
content-length: 240
x-amz-cf-id: ToVumoSVWGMu26D1TbVzh2GBOP5lz7fQ-i3XkOfyJnTseqj0syo_qg==

GET
H2 200 / Show response
notepad.pw/sbbi/ Frame 0847 7 KB
3 KB 27ms
27ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=KS
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: fbs /
Resource Hash: 663c793c399e072d83638848cea4fceea2c4ce8dfb50b95bf3987c0060de5fbc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=KS&sbbgs=h4658aa3bf07105eb04cde79ea3d52a3d218&ddl=0

Response headers

date: Wed, 22 Dec 2021 20:36:46 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
access-control-allow-origin: *
x-hw: 1640205406.cds217.tr2.hn,1640205406.cds203.tr2.sc,1640205406.cdn2-redis02-yyz1.stackpath.systems.-.i,1640205406.cds203.tr2.p

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 5 B
305 B 51ms
51ms XHR
application/octet-stream 2606:4700:7::a29f:8a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=NtZt5CZ&sid=X5rruQU6dRAarVRRAIjH
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NqefLnimukJUfKfq6kkB2mazh4Xvli8QISBoHZiidPwSddaiVOsQRfyDPKfAUzHOLj38JmwqXwfjvNW%2BAyr316poKlHoXFSxkQ4SUKjgp9gtzWGEXKzK%2FADeW5xMeGhhy%2Blpgh0ZbhHgN%2BUQ2Wg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
cf-ray: 6c1c24f1e2317148-YUL
content-length: 5

GET
H2 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 348 KB
117 KB 110ms
48ms Script
text/javascript 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 22 Dec 2021 20:36:47 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 61 B
702 B 95ms
36ms XHR
application/json 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=notepad.pw

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

ba18f19ada04b2a417eb9e6dab156450af307341874489f02cabee8590879f00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66
x-xss-protection: 0
expires: Wed, 22 Dec 2021 20:36:47 GMT

POST
H2 200 / Show response
live.notepad.pw/socket.io/ 2 B
300 B 49ms
48ms XHR
text/html 2606:4700:7::a29f:8a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=NtZt5DP&sid=X5rruQU6dRAarVRRAIjH
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zA%2B2TqsqjJhPGIEFXy58l0x6eI5HvimsAzJqn08owuI9fNq6dL5kDlcdtLvdFBQlf%2BNbmUiAfwOUIoAHBVJj%2BdigWynv2y3C%2BAw%2FDnzV8LoOVnFZVVOsQFOhIrC%2BVX%2BO4o0rKL0rji6zxVph%2BgY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
cf-ray: 6c1c24f232467148-YUL
content-length: 6
via: 1.1 vegur

GET
H2 200 / Show response
live.notepad.pw/socket.io/ 4 B
286 B 164ms
163ms XHR
application/octet-stream 2606:4700:7::a29f:8a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=NtZt5DQ&sid=X5rruQU6dRAarVRRAIjH
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBvxXYwj0xqT9VakIzYYYTCUPrF6GnTAAkzwFD2d9ciM4LL42E5tQKEwXmnh0vOtmD7RXdgUfWRMiXoLOYW%2FgLtsO0agmpKtEqOoubAfW%2FY5cOqmvZ%2BdXYg%2FAC%2BiMP40GuE%2FbaOqZL6%2F77yZkVw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
cf-ray: 6c1c24f232477148-YUL
content-length: 4

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
664 B 94ms
26ms Image
image/x-icon 142.250.64.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 03:48:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60513
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Dec 2021 03:48:14 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
934 B 67ms
22ms Image
image/gif 2606:4700:20::681a:346
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.2123548473807786
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
date: Wed, 22 Dec 2021 20:36:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2978
x-guploader-uploadid: ADPycdupfa7KCtOe0TVtQ1XEXjEqBcYS55h5xltmciWkwyT05QVbX3hl2G6BY1wwXXVxP-9l4WeFTPgHVnUrgCoq0nDtipi3Jg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-type: image/gif
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DvQRDh8jGw4uRYfUS9UMggpXVV8mARLkM5a3Ln7TMH22WNqMKuL2zS5MazWvyYQazdt1OsTsr8K4mFztg7QJgB3Zg6SYSYySRMWf4Ne%2Fncz7pZDs4ShWsL0UrDz8HcnMhtORlDOiTO5rSDRVKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620242732037093
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=86400
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 6c1c24f2bbbb7151-YUL
expires: Wed, 22 Dec 2021 20:47:09 GMT

OPTIONS
H2 200 floors
api.floors.dev/sgw/v1/ Frame 0
0 138ms
104ms Preflight 35.227.238.208
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.floors.dev/sgw/v1/floors

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.238.208 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

208.238.227.35.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload;

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://notepad.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
access-control-allow-methods: ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
access-control-max-age: 3600
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Key, Authorization, x-api-key
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000;includeSubDomains;preload;
content-length: 0
via: 1.1 google
alt-svc: clear

POST
H2 200 floors Show response
api.floors.dev/sgw/v1/ 790 B
867 B 42ms
41ms Fetch
application/json 35.227.238.208
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.floors.dev/sgw/v1/floors

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.238.208 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

208.238.227.35.bc.googleusercontent.com

Software

Resource Hash

c1f3055efe173aa21ac9450810e4bc0a4cd8499603542efa85232b9e1cb53e1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload;

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
x-api-key: 4e799501-b8b6-4ef1-bad5-225b3dd1aa8d
Content-Type: application/json

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
via: 1.1 google
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Key, Authorization, x-api-key
access-control-max-age: 3600
access-control-allow-methods: ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
content-type: application/json
access-control-allow-origin: https://notepad.pw
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
strict-transport-security: max-age=31536000;includeSubDomains;preload;
alt-svc: clear
expires: 0

GET
H2 204 pv Show response
api.btloader.com/ 0
96 B 97ms
46ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=31bqXCnHoW&w=5697845637152768&o=5714937848528896&cv=2.0.2-2-gfdc9054&r=false&pageURL=https%3A%2F%2Fnotepad.pw%2F23cllfl3&upapi=true
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 22 Dec 2021 20:36:47 GMT
cache-control: no-cache, no-store, must-revalidate
vary: Origin
alt-svc: clear
via: 1.1 google

GET
H3 200 o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
fonts.gstatic.com/s/notosans/v21/ 16 KB
16 KB 51ms
21ms Font
font/woff2 2607:f8b0:4006:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v21/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8beec539128cea621e511cd54f21a0d17ff891a16a0ebd7a98a3e4fbc00bd0e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://notepad.pw
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 20 Dec 2021 09:18:27 GMT
x-content-type-options: nosniff
age: 213500
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16180
x-xss-protection: 0
last-modified: Tue, 14 Sep 2021 16:43:44 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 20 Dec 2022 09:18:27 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 118ms
27ms Script
application/javascript 13.225.222.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.24.5.9076d3e0c419cef84ae3ad23849bbb2204ab48e7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.222.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-222-69.jfk51.r.cloudfront.net
Software: Server /
Resource Hash: d8c62b0d4ac621bedd0ca5a4e96b12a77118338d4166f94d65c15bb154d455aa

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 03:49:15 GMT
content-encoding: gzip
age: 60451
x-cache: Hit from cloudfront
timing-allow-origin: *
server: Server
x-amz-rid: 1B4KAJSRDEPPB12E0PCT
etag: 4da12c74ee926b2a11a4e43bfb72b2fd
vary: Accept-Encoding
x-amz-version-id: 4VmutqpMSKe44XUliQiub0_OOWAXoLbl
via: 1.1 9936e6170e9ea67a9517d77d7f053dbb.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: ndEmowePuV76zCzoGCPNuneGqAFFCvMjLjg6Wd-VLl3HQlFWrYpTKg==

GET
H2 200 op.js Show response
tagan.adlightning.com/freestar/ 58 KB
23 KB 110ms
30ms Script
application/javascript 13.225.223.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/freestar/op.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.24.5.9076d3e0c419cef84ae3ad23849bbb2204ab48e7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-101.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bab4ae2ffd9c81b2300fb2007283625b1637d9e96c091ed9d98e386c93ae9545

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 19:45:57 GMT
content-encoding: gzip
age: 3051
x-cache: Hit from cloudfront
content-length: 23591
x-amz-meta-git_commit: 5a99e50
last-modified: Wed, 22 Dec 2021 01:23:24 GMT
server: AmazonS3
etag: "51568c35d328c1dfc7bba0f298f98fa4"
x-amz-version-id: zUI0fKgX.pt5.3VdW.nasiAgjslTkaWP
via: 1.1 74636a0d3b110dc164c7801b27cac3b3.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: dqEwEiAz89W3wSXUYnLH6Vsb7f4_rOUcmGQInhL0h9l2Vqjjkq2j5w==

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 98ms
29ms Preflight
application/json 2620:100:a001::c
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fnotepad.pw%2F&domain=notepad.pw&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://notepad.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://notepad.pw
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1566
date: Wed, 22 Dec 2021 20:36:47 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 117ms
29ms Script
application/javascript 2620:116:800b:21:d7a4:3372:2f4a:f3b0
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.24.5.9076d3e0c419cef84ae3ad23849bbb2204ab48e7.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800b:21:d7a4:3372:2f4a:f3b0 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: gzip
etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Wed, 29 Dec 2021 20:36:47 GMT

GET
H2 200 freestar.js Show response
dggaenaawxe8z.cloudfront.net/ic/audiencesegment/ 8 KB
3 KB 111ms
27ms Script
application/javascript 13.225.231.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dggaenaawxe8z.cloudfront.net/ic/audiencesegment/freestar.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.24.5.9076d3e0c419cef84ae3ad23849bbb2204ab48e7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.231.211 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-231-211.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ace5c7a57a33a8c21d81ff1ab27c6e2fb71d14c98f007bc9e990880063a32b42

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 06:26:48 GMT
content-encoding: gzip
last-modified: Mon, 20 Dec 2021 06:25:02 GMT
server: AmazonS3
age: 51000
etag: W/"069b7e72e08ae247bc61b83397caaea1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b6cc1359c0cd55a8339441d8abb6a450.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
x-amz-cf-id: G4AzZkndLjaenICBUJCF9qiReJ8yJ1SPFcDecRBcuJ-wqlv_4uTZmg==

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fnotepad.pw%2F&domain=notepad.pw&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=mZ2foXwvTDhKaWxTRG54V05nK0JxdTZpZ0ZDakNXYm1jSnUzNFIrb3Q3MTlwczdFOVMwT2ovWkxFelV3NGJPNFBKMDNXRC9zTVdsMmZ5RXFHNndzanlMNFlFSUFZdjFCU3E0aHNEWjRkZ05NR2RyYTdDdGF6L2YyWTV5SC...

350 B
615 B

83ms
27ms

XHR
application/json

74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=mZ2foXwvTDhKaWxTRG54V05nK0JxdTZpZ0ZDakNXYm1jSnUzNFIrb3Q3MTlwczdFOVMwT2ovWkxFelV3NGJPNFBKMDNXRC9zTVdsMmZ5RXFHNndzanlMNFlFSUFZdjFCU3E0aHNEWjRkZ05NR2RyYTdDdGF6L2YyWTV5SCtvM2pPR1dGL2RRTTR3RllLekRrV0tjVk9kemx5YU56M0RHT1FROFVEUGZVVEVvSnNhQ2YxZ3l4OHlYY05aZDdlMlZUcFJpSWtoR1FTbzRtLytMMFgzeVNiZjVITjBjSUNCVGlobGFhSTRBNnpTSTUwYzlnPXw&cppv=2

Protocol

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Resource Hash

32bb2d50093bad0a89035aa39b78361413e934a7830ffd12bc7ec607ead50bb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3487
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
location: https://mug.criteo.com/sid?cpp=mZ2foXwvTDhKaWxTRG54V05nK0JxdTZpZ0ZDakNXYm1jSnUzNFIrb3Q3MTlwczdFOVMwT2ovWkxFelV3NGJPNFBKMDNXRC9zTVdsMmZ5RXFHNndzanlMNFlFSUFZdjFCU3E0aHNEWjRkZ05NR2RyYTdDdGF6L2YyWTV5SCtvM2pPR1dGL2RRTTR3RllLekRrV0tjVk9kemx5YU56M0RHT1FROFVEUGZVVEVvSnNhQ2YxZ3l4OHlYY05aZDdlMlZUcFJpSWtoR1FTbzRtLytMMFgzeVNiZjVITjBjSUNCVGlobGFhSTRBNnpTSTUwYzlnPXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://notepad.pw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2635
content-length: 482
expires: 0

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
330 B 110ms
61ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6c1c24f51bce4bd1-YUL
access-control-allow-headers: origin, content-type

GET
H2 200 display Show response
mantodea.mantisadnetwork.com/prebid/ 56 B
449 B 133ms
43ms XHR
application/javascript 3.214.91.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/display?tz=0&buster=1640205407483&secure=true&version=9&title=notepad.pw%20%2F%2023cllfl3%20%7C%20The%20napkin%20of%20the%20internet.&url=https%3A%2F%2Fnotepad.pw%2F23cllfl3&measurable=true&bids[0][bidId]=571ae2e6cdf5b&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=notepad_970x90_728x90_320x50_Sticky&bids[0][sizes][0][width]=1&bids[0][sizes][0][height]=1&bids[0][sizes][1][width]=728&bids[0][sizes][1][height]=90&bids[0][sizes][2][width]=970&bids[0][sizes][2][height]=90&property=5c3404d83e048a00261ad27f&foo
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.91.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-91-80.compute-1.amazonaws.com
Software: / Express
Resource Hash: 5f1b05bb11c480df4d423688be19d82a2fd842c277c3d7e6329406809a9bb64b

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
x-powered-by: Express
etag: W/"38-Qpg1ul4xNg9K1QU1pLjjrp6OURk"
vary: Origin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://notepad.pw
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 56
expires: -1

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
809 B 159ms
117ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUJ8GUQF
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: d46a6b9cd609975630d6286ea13a48eafe73ef0111e2b310bf29dc335607681d

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://notepad.pw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H/1.1 204
No Content hbjson Show response
grid.bidswitch.net/ 0
244 B 173ms
66ms XHR
text/plain 35.211.165.199
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/hbjson
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.211.165.199 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 199.165.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://notepad.pw
Date: Wed, 22 Dec 2021 20:36:47 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
Server: nginx
Connection: keep-alive

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 6 KB
7 KB 248ms
178ms XHR
application/json 23.39.175.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=538329&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%221210b7ac46cc63c%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fnotepad.pw%2F23cllfl3%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%2249%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22134e9d45b353d8c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%221x1%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_Sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A1%2C%22h%22%3A1%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2214d4e88f158493c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22728x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_Sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2215594e9986763c5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22970x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_Sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.39.175.77 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-39-175-77.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d4699066bf9d1d0178297fcea928b28a9af94f5de1600c188147a34629183db3

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
x-ak-initial-geo: CC:[CA], RC:[QC], CN:[NA], CIP:[37.120.205.173], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://notepad.pw
x-cs-client-geo: 19
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 6616
x-ak-client-geo: 19
expires: Wed, 22 Dec 2021 20:36:47 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 319ms
252ms XHR
application/json 68.67.179.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.89 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

565.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

5534df9a174672ebfbf76e4a3a6b15b366da846198c47306a7187448fb10e54a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:47 GMT
X-Proxy-Origin: 37.120.205.173; 37.120.205.173; 565.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: f4cc8873-3f9e-4632-ad6f-28fada903166
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 118 B
341 B 152ms
101ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=aUEaWOTw8r6QuhaKlId8sQ
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: a277711b8dd022f2c45dd62c99040b9a6236550692f75eeccb64011426b41b03

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 204 / Show response
hb.emxdgt.com/ 0
155 B 123ms
48ms XHR
text/plain 3.211.213.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=1200&ts=1640205407494&src=pbjs
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.213.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-213-135.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://notepad.pw
date: Wed, 22 Dec 2021 20:36:47 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H2 200 auction Show response
c.deployads.com/openrtb2/ 466 B
785 B 323ms
242ms XHR
application/json 3.214.55.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c.deployads.com/openrtb2/auction?src=prebid_prebid_4.42.1&host=notepad.pw
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.55.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-55-34.compute-1.amazonaws.com
Software: SortableCactus/1.0 /
Resource Hash: cb4e3a4802a5a981cc0cd847675ff7f4bcaf0dc243b814c06617491bd85c84da

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
server: SortableCactus/1.0
content-type: application/json
access-control-allow-origin: https://notepad.pw
cache-control: no-cache
access-control-allow-credentials: true
content-length: 466
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 prebid Show response
ads.yieldmo.com/exchange/ 0
220 B 357ms
266ms XHR
text/plain 3.208.119.163
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/exchange/prebid?pbav=4.42.1&p=%5B%7B%22placement_id%22%3A%22notepad_970x90_728x90_320x50_Sticky%22%2C%22callback_id%22%3A%2225ec49296317d7b%22%2C%22sizes%22%3A%5B%5B1%2C1%5D%2C%5B728%2C90%5D%2C%5B970%2C90%5D%5D%2C%22ym_placement_id%22%3A%222652127340879880660%22%7D%5D&page_url=https%3A%2F%2Fnotepad.pw%2F23cllfl3&bust=1640205407497&pr=&scrd=1&dnt=false&description=Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!&title=notepad.pw%20%2F%2023cllfl3%20%7C%20The%20napkin%20of%20the%20internet.&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=c7eddff9-24b8-4cd0-8e8a-090ea67a383b&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%2249%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.119.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-208-119-163.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://notepad.pw
pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
access-control-allow-credentials: true
x-robots-tag: none,NOINDEX,NOFOLLOW
access-control-allow-methods: POST, GET, OPTIONS
access-control-request-headers: Cache-Control, Pragma

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 332ms
267ms XHR
application/json 68.67.179.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.89 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

565.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

1988d6529a7b0ef3380e543a0b49127b91f6af062b1c4bd50db936c8d95c237c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:47 GMT
X-Proxy-Origin: 37.120.205.173; 37.120.205.173; 565.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 88d0da5b-7612-448e-a2d4-a7cf8a7497fa
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
112 B 112ms
49ms XHR
text/plain 104.36.115.98
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.98 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://notepad.pw
date: Wed, 22 Dec 2021 20:36:47 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
191 B 93ms
26ms XHR
text/plain 52.1.218.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.218.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-218-86.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://notepad.pw
Date: Wed, 22 Dec 2021 20:36:47 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
191 B 94ms
27ms XHR
text/plain 52.1.218.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.218.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-218-86.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://notepad.pw
Date: Wed, 22 Dec 2021 20:36:47 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 611 B
2 KB 285ms
144ms XHR
application/json 2602:803:c002:200::43
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1498292&size_id=2&alt_size_ids=55%2C221&rp_schain=1.0,1!freestar.com,49,1,,,&eid_pubcid.org=c7eddff9-24b8-4cd0-8e8a-090ea67a383b%5E1&rf=https%3A%2F%2Fnotepad.pw%2F23cllfl3&tg_i.name=notepad-pw&tg_i.domain=notepad.pw&tg_i.cat=IAB19&tg_i.sectioncat=IAB19&tg_i.pagecat=IAB19&tg_i.page=https%3A%2F%2Fnotepad.pw%2F23cllfl3&tg_i.fs_ad_product=stickyFooter&tg_i.dfp_ad_unit_code=15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_Sticky&tg_i.pbadslot=15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_Sticky%2Fnotepad_970x90_728x90_320x50_Sticky&tk_flint=pbjs_lite_v4.42.1&x_source.tid=2840daf9-58aa-4fe9-8b41-fa7f02971a53&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9600896295459493
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c002:200::43 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: c1668a45a268e8cb564d55cb300584321492fccece5a56dd7a0eb60b21bf6c4a

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:47 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://notepad.pw
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 611
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fslogo-green.svg
a.pub.network/core/imgs/ 1 KB
1 KB 34ms
34ms Image
image/svg+xml 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.pub.network/core/imgs/fslogo-green.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=Jh+rSg==, md5=Mm1svZd2V+EgW9YW0fL6yg==
date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycduCP11--bBEv65y8GGTgZetRkHs97QBiURX9aoLrbIEFcHDcgMKqRVvFo8-ooepS93Ppb40BL_7ddtrf2zAv0k
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: image/svg+xml
last-modified: Tue, 08 Sep 2020 17:04:37 GMT
server: cloudflare
etag: W/"326d6cbd977657e1205bd616d1f2faca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CRKONW1XDwEYgvSAtIG5bzYyzQUY7gSJp%2BnAlKihqxgrIAZtia7i5sgmL1Wyco%2BucBP%2FRlQXW6iwBeEiWa%2FcsYxZX5M9R5ZL%2BO0tbgcaPv2%2Fd%2Fj4JVIEy4LVMZmSAix%2B7EA9Veg%2BET7Lg8E%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1599584677716817
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 1193
cf-ray: 6c1c24f4fae44bca-YUL
expires: Wed, 22 Dec 2021 21:19:56 GMT

GET
H2 200 b-5a99e50-0ef925e1.js Show response
tagan.adlightning.com/freestar/ 78 KB
30 KB 23ms
23ms Script
application/javascript 13.225.223.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/freestar/b-5a99e50-0ef925e1.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-101.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3a2a44d6d645afa6dd329ef0d6e7c92ebf624e49bf20fc301e59d69d9a59c87d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 15:36:41 GMT
content-encoding: gzip
age: 536407
x-cache: Hit from cloudfront
content-length: 30111
x-amz-meta-git_commit: 5a99e50
last-modified: Thu, 21 Oct 2021 14:42:46 GMT
server: AmazonS3
etag: "a5b54d0501be5fa645a46923bf1f6dfe"
x-amz-version-id: tynjFfgXKbXevSX.rzKqYE2SnqrB7ELk
via: 1.1 74636a0d3b110dc164c7801b27cac3b3.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: x4PutY8HYWCohyPsALsNnrZDGykOfNZb9bEXPV2tJ6eP0gCTPhDJFw==

GET
H2 200 bl-0af0356-e4ea5370.js Show response
tagan.adlightning.com/freestar/ 45 KB
19 KB 30ms
30ms Script
application/javascript 13.225.223.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/freestar/bl-0af0356-e4ea5370.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-101.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2fc3a11d9170cfe5b44cd42777ee41395c5c6a86ccb8f46829dd8260a7582609

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 01:45:48 GMT
content-encoding: gzip
age: 67859
x-cache: Hit from cloudfront
content-length: 19084
x-amz-meta-git_commit: 0af0356
last-modified: Wed, 22 Dec 2021 01:22:29 GMT
server: AmazonS3
etag: "841700947080f68d0d665b6fe1830a06"
x-amz-version-id: 6zPfdIKCLM0otpNbrtyJvkP0wAZ7S7E8
via: 1.1 74636a0d3b110dc164c7801b27cac3b3.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: h-1Kd6xfVcIWXpRpGuzJETmYzniubf-iSGxtVK5NF3QX1LOOW0aTGA==

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 92e649098eefaf82db65282d7cbb4e65c738aca33c3fc8073a9c770fbcb0623d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 display Show response
mantodea.mantisadnetwork.com/prebid/ 56 B
449 B 39ms
38ms XHR
application/javascript 3.214.91.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/display?tz=0&buster=1640205407611&secure=true&version=9&title=notepad.pw%20%2F%2023cllfl3%20%7C%20The%20napkin%20of%20the%20internet.&url=https%3A%2F%2Fnotepad.pw%2F23cllfl3&measurable=true&bids[0][bidId]=393ddec7211e783&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=notepad_970x90_728x90_320x50_320x100_ATF&bids[0][sizes][0][width]=468&bids[0][sizes][0][height]=60&bids[0][sizes][1][width]=728&bids[0][sizes][1][height]=90&bids[0][sizes][2][width]=970&bids[0][sizes][2][height]=90&property=5c3404d83e048a00261ad27f&foo
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.91.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-91-80.compute-1.amazonaws.com
Software: / Express
Resource Hash: 0ee931c99737206262900a12a708451d282921cb9e01bfa5a126d290886c84f4

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
x-powered-by: Express
etag: W/"38-IRY21ZrJSFEy0O29/AwXGU9IBgo"
vary: Origin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://notepad.pw
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 56
expires: -1

POST
H2 204 / Show response
hb.emxdgt.com/ 0
154 B 50ms
47ms XHR
text/plain 3.211.213.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=1200&ts=1640205407612&src=pbjs
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.213.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-213-135.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://notepad.pw
date: Wed, 22 Dec 2021 20:36:47 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
191 B 28ms
26ms XHR
text/plain 52.1.218.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.218.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-218-86.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://notepad.pw
Date: Wed, 22 Dec 2021 20:36:47 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
191 B 26ms
25ms XHR
text/plain 52.1.218.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.218.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-218-86.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://notepad.pw
Date: Wed, 22 Dec 2021 20:36:47 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
191 B 142ms
116ms XHR
text/plain 52.1.218.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.218.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-218-86.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://notepad.pw
Date: Wed, 22 Dec 2021 20:36:47 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
38 B 57ms
56ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6c1c24f5ac614bd1-YUL
access-control-allow-headers: origin, content-type

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 622 B
2 KB 401ms
227ms XHR
application/json 2602:803:c002:200::43
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1498292&size_id=2&alt_size_ids=1%2C55&rp_schain=1.0,1!freestar.com,49,1,,,&eid_pubcid.org=c7eddff9-24b8-4cd0-8e8a-090ea67a383b%5E1&rf=https%3A%2F%2Fnotepad.pw%2F23cllfl3&tg_i.name=notepad-pw&tg_i.domain=notepad.pw&tg_i.cat=IAB19&tg_i.sectioncat=IAB19&tg_i.pagecat=IAB19&tg_i.page=https%3A%2F%2Fnotepad.pw%2F23cllfl3&tg_i.fs_ad_product=banner&tg_i.dfp_ad_unit_code=15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_320x100_ATF&tg_i.pbadslot=15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_320x100_ATF%2Fnotepad_970x90_728x90_320x50_320x100_ATF&tk_flint=pbjs_lite_v4.42.1&x_source.tid=e51c0071-9c77-4cab-96db-66839df6a9d1&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.32937589902912645
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c002:200::43 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 3885166c8d7f4aa41d3b902c2cdba8228a464fdb5b6b3d08e88b9a179ffa805a

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://notepad.pw
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 622
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 204 prebid Show response
ads.yieldmo.com/exchange/ 0
221 B 184ms
184ms XHR
text/plain 3.208.119.163
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/exchange/prebid?pbav=4.42.1&p=%5B%7B%22placement_id%22%3A%22notepad_970x90_728x90_320x50_320x100_ATF%22%2C%22callback_id%22%3A%2251fd13039f603cf%22%2C%22sizes%22%3A%5B%5B468%2C60%5D%2C%5B728%2C90%5D%2C%5B970%2C90%5D%5D%2C%22ym_placement_id%22%3A%222652127340879880660%22%7D%5D&page_url=https%3A%2F%2Fnotepad.pw%2F23cllfl3&bust=1640205407620&pr=&scrd=1&dnt=false&description=Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!&title=notepad.pw%20%2F%2023cllfl3%20%7C%20The%20napkin%20of%20the%20internet.&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=c7eddff9-24b8-4cd0-8e8a-090ea67a383b&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%2249%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.119.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-208-119-163.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://notepad.pw
pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
access-control-allow-credentials: true
x-robots-tag: none,NOINDEX,NOFOLLOW
access-control-allow-methods: POST, GET, OPTIONS
access-control-request-headers: Cache-Control, Pragma

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 11 KB
6 KB 201ms
163ms XHR
application/json 68.67.179.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.89 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

565.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

3153b77379efd6827f95d080dcf0a391d72cc205e051c41904fb01a5eb6c5fd9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 22 Dec 2021 20:36:47 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.120.205.173; 37.120.205.173; 565.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 9a61ca07-4004-4826-87d2-1255283c8b4f
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 204
No Content hbjson Show response
grid.bidswitch.net/ 0
244 B 103ms
67ms XHR
text/plain 35.211.165.199
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/hbjson
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.211.165.199 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 199.165.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://notepad.pw
Date: Wed, 22 Dec 2021 20:36:47 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
Server: nginx
Connection: keep-alive

POST
H2 200 auction Show response
c.deployads.com/openrtb2/ 396 B
716 B 173ms
171ms XHR
application/json 3.214.55.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c.deployads.com/openrtb2/auction?src=prebid_prebid_4.42.1&host=notepad.pw
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.55.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-55-34.compute-1.amazonaws.com
Software: SortableCactus/1.0 /
Resource Hash: 36457cf3e8cf61f423cfcf416c073f443c89ad6422a9caa76cff42f1198ca587

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
server: SortableCactus/1.0
content-type: application/json
access-control-allow-origin: https://notepad.pw
cache-control: no-cache
access-control-allow-credentials: true
content-length: 396
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
327 B 142ms
142ms XHR
application/json 23.39.175.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=538329&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%225914448ec9f6b78%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fnotepad.pw%2F23cllfl3%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%2249%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2260e58663d6dfc97%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22468x60%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_320x100_ATF%22%7D%2C%22banner%22%3A%7B%22w%22%3A468%2C%22h%22%3A60%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%226173195705b7858%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22728x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_320x100_ATF%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2262188d931c25d93%22%2C%22ext%22%3A%7B%22siteID%22%3A%22538329%22%2C%22sid%22%3A%22970x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_320x100_ATF%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.39.175.77 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-39-175-77.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 449fedefd600e47f363963f932ad9827dfddf7f71c11b5e54417d9e0f26bc7b2

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
x-ak-initial-geo: CC:[CA], RC:[QC], CN:[NA], CIP:[37.120.205.173], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://notepad.pw
x-cs-client-geo: 19
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 19
expires: Wed, 22 Dec 2021 20:36:47 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 118 B
204 B 120ms
119ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=aUEaWOTw8r6QuhaKlId8sQ
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 823f68faf139468828353498729daf9bba71858857f6f6908009377ce965d2f3

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
56 B 132ms
131ms XHR
text/plain 104.36.115.98
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.98 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://notepad.pw
date: Wed, 22 Dec 2021 20:36:47 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 138 B
814 B 97ms
58ms XHR
application/json 68.67.179.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.89 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

565.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

3d5169349bffcd1b42587a214356cf834f1405c61ef7bbbe7d37273ee59b91c9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:47 GMT
X-Proxy-Origin: 37.120.205.173; 37.120.205.173; 565.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 5738aec1-5ec0-4f7b-946f-718e25477611
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://notepad.pw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 138
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
674 B 253ms
253ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUJ8GUQF
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: b145b654c70f4c8b9ef803427f42f215d2756575ee6a7ad150def673fb1c5838

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://notepad.pw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 662 B
1017 B 25ms
25ms XHR
application/json 13.225.222.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fnotepad.pw&pubid=0ab198dd-b265-462a-ae36-74e163ad6159
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.222.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-222-69.jfk51.r.cloudfront.net
Software: Server /
Resource Hash: a20ccaf6978bd71c43456b6bc78288abdc57c3b6fa987eecb2e9f59b69d384e1

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 17:02:03 GMT
via: 1.1 9936e6170e9ea67a9517d77d7f053dbb.cloudfront.net (CloudFront)
server: Server
age: 12883
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://notepad.pw
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: JFK51-C1
content-length: 662
x-amz-cf-id: -m9_XfXySWHC6B6f4NNvz2gx9vEzLY62nuHcIRd2OJ_NDCtTcjRYLw==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 168 B
635 B 401ms
401ms XHR
text/javascript 13.225.222.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fnotepad.pw%2F23cllfl3&pid=dwCbHN4wOHnQK&cb=0&ws=1600x1200&v=7.71.1&t=1000&slots=%5B%7B%22sd%22%3A%22notepad_970x90_728x90_320x50_Sticky%22%2C%22s%22%3A%5B%221x1%22%2C%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_Sticky%22%7D%5D&schain=1.0%2C1!freestar.com%2C49%2C1%2C%2C%2C&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.222.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-222-69.jfk51.r.cloudfront.net

Software

Server /

Resource Hash

f2280f17308c523be3249ee89cf0595eecf5633719a2b719d48a4e3233c2c861

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
via: 1.1 9936e6170e9ea67a9517d77d7f053dbb.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: JFK51-C1
x-amz-rid: K7GWVQX37V0XWM7YHYNK
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 168
x-amz-cf-id: AUcHzKWHXR6wlOoY7l5kS6K1jxxznLRY1Pm8Fm9OT8g_xvyb4zn-tA==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 168 B
634 B 313ms
312ms XHR
text/javascript 13.225.222.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fnotepad.pw%2F23cllfl3&pid=dwCbHN4wOHnQK&cb=1&ws=1600x1200&v=7.71.1&t=1000&slots=%5B%7B%22sd%22%3A%22notepad_970x90_728x90_320x50_320x100_ATF%22%2C%22s%22%3A%5B%22468x60%22%2C%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_320x100_ATF%22%7D%5D&schain=1.0%2C1!freestar.com%2C49%2C1%2C%2C%2C&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.222.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-222-69.jfk51.r.cloudfront.net

Software

Server /

Resource Hash

49b417c442c43325e0fc852c832695ccaae9cdd26574530f8737722caf26bc5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
via: 1.1 9936e6170e9ea67a9517d77d7f053dbb.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: JFK51-C1
x-amz-rid: 4HK1WFEEA34J7ZBAAD8A
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 168
x-amz-cf-id: W-7NmEnh9-szxRI8p4zN2pyUK4GBcDbvmHOApUPysriMQ7kIszg0bw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 61ms
20ms XHR
application/javascript 13.225.222.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.222.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-222-69.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 04:51:33 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 56715
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Wed, 22 Dec 2021 01:41:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: L2_MRp8KwiUR7xIWXZFooLHRBfnaqY96
via: 1.1 442b92844f344782438a7e0f5132c125.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: JFK51-C1
content-type: application/javascript
x-amz-cf-id: 1s5K9-vv3OkiXkmoSY4JCCsUcBKyZPDbAqnQFKl4hcbuKFYRh33LAg==

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 315ms
29ms Preflight
application/json 74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1267
date: Wed, 22 Dec 2021 20:36:47 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 rules-p-UeXruRVtZz7w6.js Show response
rules.quantcount.com/ 2 KB
1 KB 76ms
19ms Script
application/javascript 2600:9000:21ec:4800:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ec:4800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 19:48:41 GMT
content-encoding: gzip
age: 2887
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Thu, 07 Dec 2017 17:06:25 GMT
server: AmazonS3
etag: W/"cbc97d16c77ea1fcbbf42d246001e982"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 6fcb3966d0deb6baf3867f346443cb9a.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: JFK51-C1
x-amz-cf-id: C-MbZyS-pYDnJv-yZy1u0cZLO4Z-OmhM5epIe7H29a-9gyvYjeH9HQ==

OPTIONS
H2 200 logs
uat5-a.investingchannel.com/ Frame 0
0 124ms
38ms Preflight 18.205.36.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://uat5-a.investingchannel.com/logs?gdprapplicable=false&uspstatus=NOT_APPLICABLE
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.205.36.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-205-36-111.compute-1.amazonaws.com
Software: Jetty(9.4.12.v20180830) /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://notepad.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
content-length: 0
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers Accept-Encoding, User-Agent
access-control-allow-origin: https://notepad.pw
access-control-allow-methods: POST
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
server: Jetty(9.4.12.v20180830)

GET
H2 200 womptv2nm.js Show response
cdn.krxd.net/controltag/ 13 KB
4 KB 85ms
21ms Script
text/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag/womptv2nm.js
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e1023fc5b7b2cb762dd4ad14fcf4787fa945fca4a37518cd0d6b411c248dc201

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date: Wed, 22 Dec 2021 20:36:47 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
age: 190
x-cache: MISS, HIT, HIT, HIT
x-app-cache: HIT
x-age: 0
content-encoding: gzip
content-length: 3716
x-served-by: config-service-a006-ash-prod.krxd.net, cache-bwi5128-BWI, cache-iad-kcgs7200065-IAD, cache-yul12830-YUL
x-response-time: 0
x-do-esi: esi
x-timer: S1640205408.743315,VS0,VE0
etag: "fa213313d0f749c73627133b4ab4942a6489b2c7"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-hits: 0, 1, 1, 124

POST
H2 201 logs Show response
uat5-a.investingchannel.com/ 0
445 B 89ms
29ms XHR
text/plain 18.205.36.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://uat5-a.investingchannel.com/logs?gdprapplicable=false&uspstatus=NOT_APPLICABLE
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.205.36.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-205-36-111.compute-1.amazonaws.com
Software: Jetty(9.4.12.v20180830) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
server: Jetty(9.4.12.v20180830)
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 53 KB
17 KB 94ms
21ms Script
application/javascript 23.73.249.203
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.73.249.203 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-73-249-203.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 17:06:57 GMT
server: Apache
etag: "d398-5c3b75e9ebb41-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17087
expires: Wed, 22 Dec 2021 20:51:47 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 37 KB
10 KB 57ms
17ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

cd22c397f04eb61e3e9ad14b6149f294e4b8ae69b74b2140b237a31b26c99275

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.122.0/26
date: Wed, 22 Dec 2021 20:13:09 GMT
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: bhs
content-disposition: attachment;filename="id5-api.js"
accept-ranges: bytes
content-length: 10430
x-request-id: 824117513

POST
H/1.1 200 882.json Show response
id5-sync.com/g/v2/ 1 KB
2 KB 429ms
110ms XHR
application/json 51.89.20.86
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/882.json

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.20.86 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p18.id5-sync.com

Software

Resource Hash

c18db76995d46e8aa509c40e834c9fc4e6019860352e3c5fd0da7aff5660f90a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 22 Dec 2021 20:36:47 GMT
Vary: Origin
P3P: CP="CAO PSA OUR"
Access-Control-Allow-Origin: https://notepad.pw
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked

GET
H2 200 pixel;r=939242294;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.clou...
pixel.quantserve.com/ 35 B
372 B 47ms
36ms Image
image/gif 2620:116:800b:21:d7a4:3372:2f4a:f3b0
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=939242294;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.cloud%20notepad%2Ckeywords.write%2Ckeywords.note%2Ckeywords.writing%2Ckeywords.publish%2Ckeywords.webpage%2Ckeywords.markdown%2Ctitle.notepad.pw;rf=0;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fnotepad.pw%2F23cllfl3;uht=2;fpan=1;fpa=P0-212646353-1640205407885;pbc=c7eddff9-24b8-4cd0-8e8a-090ea67a383b;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=notepad.pw;je=0;sr=1600x1200x24;dst=0;et=1640205407885;tzo=0;ogl=type.website%2Ctitle.notepad%252Epw%2Cdescription.Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!%2Curl.https%3A%2F%2Fnotepad%252Epw%2Cimage.https%3A%2F%2Fnotepad%252Epw%2Fog-icon%252Epng

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800b:21:d7a4:3372:2f4a:f3b0 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:47 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 controltag.js.a1705c5ac5f06cf0c202ff70908fc042 Show response
cdn.krxd.net/ctjs/ 259 KB
83 KB 22ms
21ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/womptv2nm.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: gzip
age: 12298717
x-amz-server-side-encryption: AES256
x-cache: HIT
x-cache-hits: 2027556
content-length: 84509
x-served-by: cache-yul12830-YUL
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
x-timer: S1640205408.895445,VS0,VE0
etag: "a1705c5ac5f06cf0c202ff70908fc042"
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Jul 2031 12:06:16 GMT

GET
H2 200 pubfig.messaging.2.24.5.9076d3e0c419cef84ae3ad23849bbb2204ab48e7.js Show response
a.pub.network/core/pubfig/ 182 KB
59 KB 35ms
35ms Script
application/javascript 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.24.5.9076d3e0c419cef84ae3ad23849bbb2204ab48e7.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ce1d4f085c339f6a1751b0e6631d5a020378f7be377dd0598f498dc35bf999f

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=mEqSwQ==, md5=8zV/AQDEQ0yezmo6A7Nwng==
date: Wed, 22 Dec 2021 20:36:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycdsKMWZCvPDMkPiCNbjLJpf6uLDbL0QCgud4x9ZTHS5lLb3hqeLPBaTSE6i5Glc8c1_90pGtOKz7VWAIIBvAwG8
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
cf-ray: 6c1c24f77e0b4bca-YUL
last-modified: Mon, 13 Dec 2021 16:39:36 GMT
server: cloudflare
etag: W/"f3357f0100c4434c9ece6a3a03b3709e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RiFxRAzGX5L2UvCglaSvHAqHjSlE5WSKIy9F9VAt%2FywvbZG0%2BYz0rHDZxYb5cwv%2Bx%2BTr6XgIWstW2BhGDptmPdKcZcz7KzKrNRY6aXjuNgk65TuVMjott%2B0TFii453r7%2FFmHyNSq9k8esrs%3D"}],"group":"cf-nel","max_age":604800}
content-language: en
access-control-allow-origin: *
x-goog-generation: 1639413576770144
access-control-expose-headers: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 186081
content-type: application/javascript
expires: Tue, 21 Dec 2021 18:18:55 GMT

GET
H2 200 proxy.3d2100fd7107262ecb55ce6847f01fa5.html Show response
cdn.krxd.net/partnerjs/xdi/ Frame 654F 805 B
827 B 22ms
21ms Document
text/html 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3bcfa04dbc2db44af54bd72a0f7b98912368f16f525729a1b9b673f62ca7e5c9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/

Response headers

last-modified: Tue, 21 Feb 2017 17:50:54 GMT
etag: "3d2100fd7107262ecb55ce6847f01fa5"
cache-control: public, max-age=315360000
expires: Fri, 19 Feb 2027 17:50:50 GMT
content-type: text/html
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Partner_JS_S3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 22 Dec 2021 20:36:47 GMT
via: 1.1 varnish
age: 17055927
x-served-by: cache-yul12830-YUL
x-cache: HIT
x-cache-hits: 621850
x-timer: S1640205408.966751,VS0,VE0
vary: Accept-Encoding
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 525

GET
H2 200 optout_check Show response
beacon.krxd.net/ 73 B
232 B 99ms
28ms Script
text/javascript 34.206.47.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.krxd.net/optout_check?callback=Krux.ns.investingchannelinc.kxjsonp_optOutCheck
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.47.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-47-24.compute-1.amazonaws.com
Software: /
Resource Hash: ac828be9eacb996ccdf11871690f6b8b83aadcb4deac680f260678056051707e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
cache-control: private, max-age=0, s-max-age=0
x-request-time: D=27 t=1640205408
x-served-by: beacon-n031-ash-prod.krxd.net
content-type: text/javascript

POST
H2 200 c Show response
c.pub.network/ 36 B
319 B 90ms
45ms XHR
text/plain 35.201.71.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.71.201.35.bc.googleusercontent.com
Software: /
Resource Hash: 54ad9eb3a11a99d9b79295afb5585f8c096f8b6db3426743974ff350853fbba1

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
via: 1.1 google
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
alt-svc: clear
content-length: 36

GET
H/1.1

200
OK

iu3 Show response
s.amazon-adsystem.com/ Frame 04F2
Redirect Chain

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&dcc=t

290 B
1 KB

51ms
51ms

Document
text/html

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&dcc=t

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

2927d8d86ad0f1ea6fe6b395b6440dd0afd191227620b98f71e557472bfc594a

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/

Response headers

Server: Server
Date: Wed, 22 Dec 2021 20:36:48 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 290
Connection: keep-alive
x-amz-rid: GQ7J94J5FGNSKTGCFSMF
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

Redirect headers

Server: Server
Date: Wed, 22 Dec 2021 20:36:48 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: 170713P9C1EGVJP6ZGFK
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&dcc=t
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

GET
H2 200 9427dd0d-835c-471c-a5db-ab01ae8a681c Show response
consumer.krxd.net/consent/get/ 249 B
437 B 61ms
30ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://consumer.krxd.net/consent/get/9427dd0d-835c-471c-a5db-ab01ae8a681c?idt=device&dt=kxcookie&callback=Krux.ns.investingchannelinc.kxjsonp_consent_get_0
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5195609afbc1fca03f3200b50d97a90a8eb0e4652108db990a1aa9a1c9f7a0af

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a002-ash-prod.krxd.net, cache-yul12822-YUL
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1640205408.052217,VS0,VE15
content-length: 199
x-cache-hits: 0, 0

GET
H2 200 womptv2nm.js Show response
cdn.krxd.net/controltag/ Frame 654F 13 KB
4 KB 13ms
12ms Script
text/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag/womptv2nm.js
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e1023fc5b7b2cb762dd4ad14fcf4787fa945fca4a37518cd0d6b411c248dc201

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date: Wed, 22 Dec 2021 20:36:48 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
age: 191
x-cache: MISS, HIT, HIT, HIT
x-app-cache: HIT
x-age: 0
content-encoding: gzip
content-length: 3716
x-served-by: config-service-a006-ash-prod.krxd.net, cache-bwi5128-BWI, cache-iad-kcgs7200065-IAD, cache-yul12830-YUL
x-response-time: 0
x-do-esi: esi
x-timer: S1640205408.022271,VS0,VE0
etag: "fa213313d0f749c73627133b4ab4942a6489b2c7"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-hits: 0, 1, 1, 125

GET
H2 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
792 B 121ms
38ms Script
application/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=notepad.pw

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 22 Dec 2021 20:36:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 108ms
34ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=notepad.pw

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 22 Dec 2021 20:36:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 45 KB
18 KB 656ms
623ms XHR
text/plain 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1543696118031648&correlator=1408204162224204&output=ldjh&impl=fifs&eid=44756717&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211222&iu_parts=15184186%3A3281838%2Cnotepad_970x90_728x90_320x50_320x100_ATF&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60%7C728x90%7C970x90&prev_scp=fsrefresh%3D0%26fsrebid%3D0%26floors_id%3D3c584d%26floors_hour%3D20%26fs_placementName%3Dnotepad_970x90_728x90_320x50_320x100_ATF%26fs_ad_product%3Dbanner%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%26fspbg%3Dfreestar%26freestar_path%3D%252F23cllfl3%26freestar_domain%3Dnotepad.pw%26custom_bidder_size%3Dappnexus_728x90%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D77a7b4fa40bea58%26hb_bidder%3Dappnexus&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1640205408&dt=1640205408042&dlt=1640205406065&idt=1133&frm=20&biw=1600&bih=1200&oid=2&adxs=566&adys=5&adks=500377054&ucis=1&ifi=1&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fnotepad.pw%2F23cllfl3&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x927&msz=1600x10&ga_vid=1174187411.1640205408&ga_sid=1640205408&ga_hid=1763205184&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

34c7c7f53e96068ecc33e48b2dfc505f16b9ae680ab363a1785b7f63fe821fd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18674
x-xss-protection: 0
google-lineitem-id: 5837808231
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138372003065
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://notepad.pw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 106ms
42ms XHR
application/json 2607:f8b0:4006:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021120601&st=env

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc28644fdd3e975d3a3c801e14d2ea9360ad868ebe66786f14fad18018b57ec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 22 Dec 2021 20:36:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8317
x-xss-protection: 0

GET
H2 200 container.html Show response
ff0dc00be14b6d40e0014b9341cab3e7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E29C 6 KB
4 KB 118ms
41ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ff0dc00be14b6d40e0014b9341cab3e7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 22 Dec 2021 20:36:48 GMT
expires: Thu, 22 Dec 2022 20:36:48 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 controltag.js.a1705c5ac5f06cf0c202ff70908fc042 Show response
cdn.krxd.net/ctjs/ Frame 654F 259 KB
83 KB 18ms
17ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/womptv2nm.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date: Wed, 22 Dec 2021 20:36:48 GMT
content-encoding: gzip
age: 12298718
x-amz-server-side-encryption: AES256
x-cache: HIT
x-cache-hits: 2027557
content-length: 84509
x-served-by: cache-yul12830-YUL
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
x-timer: S1640205408.063349,VS0,VE0
etag: "a1705c5ac5f06cf0c202ff70908fc042"
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Jul 2031 12:06:16 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
9 KB 453ms
434ms XHR
text/plain 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1543696118031648&correlator=1408204162224204&output=ldjh&impl=fifs&eid=44756717&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211222&iu_parts=15184186%3A3281838%2Cnotepad_970x90_728x90_320x50_Sticky&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1%7C728x90%7C970x90&prev_scp=fsrefresh%3D0%26fsrebid%3D0%26floors_id%3Dcontrol%26floors_hour%3D20%26fs_placementName%3Dnotepad_970x90_728x90_320x50_Sticky%26fs_ad_product%3DstickyFooter%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%26fspbg%3Dfreestar%26freestar_path%3D%252F23cllfl3%26freestar_domain%3Dnotepad.pw%26custom_bidder_size%3Dix_728x90%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.12%26hb_adid%3D76fe01c0ecd7d4f%26hb_bidder%3Dix&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1640205408&dt=1640205408061&dlt=1640205406065&idt=1133&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=1110&adks=379936467&ucis=2&ifi=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fnotepad.pw%2F23cllfl3&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x-1&msz=1600x-1&ga_vid=1174187411.1640205408&ga_sid=1640205408&ga_hid=1763205184&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

7df1d780c8e23eb2ddf5ec70e983ace99d050371943d1937082c2f528bd24122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9230
x-xss-protection: 0
google-lineitem-id: 5335226309
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138307163988
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://notepad.pw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 get Show response
cdn.krxd.net/userdata/ 331 B
463 B 30ms
30ms Script
text/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/userdata/get?pub=9427dd0d-835c-471c-a5db-ab01ae8a681c&technographics=1&callback=Krux.ns.investingchannelinc.kxjsonp_userdata
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 361a61a91cc0d1eaf69c11f73c481683808db8bf1b8fb7d18aea5206b01302ea

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_userdata_ash_prod_krxd_net___UserData_Service_V2
date: Wed, 22 Dec 2021 20:36:48 GMT
content-encoding: gzip
age: 0
x-served-by: userdata-a009-ash-prod.krxd.net, cache-yul12830-YUL
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript
via: 1.1 varnish
cache-control: private, max-age=3600
x-age: 0
accept-ranges: bytes
x-timer: S1640205408.093827,VS0,VE15
content-length: 257
x-cache-hits: 0, 0

GET
H2 200 9427dd0d-835c-471c-a5db-ab01ae8a681c Show response
consumer.krxd.net/consent/get/ Frame 654F 234 B
291 B 38ms
38ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://consumer.krxd.net/consent/get/9427dd0d-835c-471c-a5db-ab01ae8a681c?idt=device&dt=kxcookie&callback=Krux.ns.investingchannelinc.kxjsonp_consent_get_0
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 56280c739c9e30552f2d3193bea3224e4f427467dd159fd3eb81abee246e9fed

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a018-ash-prod.krxd.net, cache-yul12822-YUL
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1640205408.117034,VS0,VE23
content-length: 191
x-cache-hits: 0, 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 129ms
44ms Script
text/javascript 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Wed, 22 Dec 2021 20:36:48 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 654F
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=google
https://cm.g.doubleclick.net/pixel?google_cm&google_nid=krux_digital&google_hm=T2pueGwtU2c
https://cm.g.doubleclick.net/pixel?google_cm=&google_nid=krux_digital&google_hm=T2pueGwtU2c&google_tc=
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEBafFHftDSUGkshD22HsiG4&google_cver=1

0
336 B

26ms
25ms

Image
text/plain

34.206.47.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?google_gid=CAESEBafFHftDSUGkshD22HsiG4&google_cver=1
Protocol: H2
Server: 34.206.47.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-47-24.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
cache-control: private, no-cache, no-store
x-request-time: D=31 t=1640205408
x-served-by: beacon-n016-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://beacon.krxd.net/usermatch.gif?google_gid=CAESEBafFHftDSUGkshD22HsiG4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 291
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 654F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm&google_hm=T2pueGwtU2c
https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm=&google_hm=T2pueGwtU2c&google_tc=
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEB-UaQA5Py3GgeouchcPGYo&google_cver=1

0
336 B

26ms
25ms

Image
text/plain

34.206.47.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?google_gid=CAESEB-UaQA5Py3GgeouchcPGYo&google_cver=1
Protocol: H2
Server: 34.206.47.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-47-24.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
cache-control: private, no-cache, no-store
x-request-time: D=22 t=1640205408
x-served-by: beacon-n034-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://beacon.krxd.net/usermatch.gif?google_gid=CAESEB-UaQA5Py3GgeouchcPGYo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 291
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 654F
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=krux&ttd_tpi=1&ttd_puid=Ojnxl-Sg&gdpr=0
https://match.adsrvr.org/track/cmb/generic?ttd_pid=krux&ttd_tpi=1&ttd_puid=Ojnxl-Sg&gdpr=0
https://beacon.krxd.net/usermatch.gif?partner=ttd&partner_uid=c1617644-d9b8-4c1e-9931-3ece56efb0ba

0
336 B

24ms
23ms

Image
text/plain

34.206.47.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=ttd&partner_uid=c1617644-d9b8-4c1e-9931-3ece56efb0ba
Protocol: H2
Server: 34.206.47.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-47-24.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
cache-control: private, no-cache, no-store
x-request-time: D=29 t=1640205408
x-served-by: beacon-n002-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://beacon.krxd.net/usermatch.gif?partner=ttd&partner_uid=c1617644-d9b8-4c1e-9931-3ece56efb0ba
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H2 200 379708.gif
idsync.rlcdn.com/ Frame 654F 42 B
448 B 119ms
49ms Image
image/gif 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/379708.gif?partner_uid=Ojnxl-Sg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 22 Dec 2021 20:36:48 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 654F
Redirect Chain

https://stags.bluekai.com/site/26357?id=Ojnxl-Sg&redir=https://beacon.krxd.net/usermatch.gif?_kuid%3DOjnxl-Sg%26partner%3Dbluekai%26bk_uuid%3D%24_BK_UUID
https://beacon.krxd.net/usermatch.gif?_kuid=Ojnxl-Sg&partner=bluekai&bk_uuid=$_BK_UUID

0
337 B

25ms
24ms

Image
text/plain

34.206.47.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?_kuid=Ojnxl-Sg&partner=bluekai&bk_uuid=$_BK_UUID
Protocol: H2
Server: 34.206.47.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-47-24.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
cache-control: private, no-cache, no-store
x-request-time: D=43 t=1640205408
x-served-by: beacon-n001-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location: https://beacon.krxd.net/usermatch.gif?_kuid=Ojnxl-Sg&partner=bluekai&bk_uuid=$_BK_UUID
Date: Wed, 22 Dec 2021 20:36:48 GMT
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2 200 p
sb.scorecardresearch.com/ Frame 654F 64 B
441 B 110ms
109ms Image
image/gif 13.225.223.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p?c1=9&c2=8188709&cs_xi=Ojnxl-Sg&rn=1640205408
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-81.jfk51.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
via: 1.1 ab95c5a0dcf51f52101ed4d59d15a2a3.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: u0aHe1mH6lxMq3cSLRumTIDlL3SL1reMUsb3eSDCRXcwhInzu1Oatw==

GET
H/1.1 200
OK match
ps.eyeota.net/ Frame 654F 0
344 B 125ms
24ms Image
text/plain 34.231.251.31
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=i0r4o4v&uid=Ojnxl-Sg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.231.251.31 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-231-251-31.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 20:36:48 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 654F
Redirect Chain

https://ib.adnxs.com/getuid?https://beacon.krxd.net/usermatch.gif?adnxs_uid=$UID
https://beacon.krxd.net/usermatch.gif?adnxs_uid=3971102671105818542

0
336 B

28ms
27ms

Image
text/plain

34.206.47.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?adnxs_uid=3971102671105818542
Protocol: H2
Server: 34.206.47.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-47-24.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
cache-control: private, no-cache, no-store
x-request-time: D=29 t=1640205408
x-served-by: beacon-n028-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
X-Proxy-Origin: 37.120.205.173; 37.120.205.173; 565.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: d1651460-b4f8-47a7-b3a8-34f715b89fa7
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://beacon.krxd.net/usermatch.gif?adnxs_uid=3971102671105818542
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

image.sbxx
ib.mookie1.com/ Frame 654F
Redirect Chain

https://global.ib-ibi.com/image.sbxx?go=247532&pid=314&xid=Ojnxl-Sg
https://ib.mookie1.com/image.sbxx?go=247532&pid=314&xid=Ojnxl-Sg

120 B
992 B

587ms
93ms

Image
image/png

64.58.232.177
ASN-VINS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.mookie1.com/image.sbxx?go=247532&pid=314&xid=Ojnxl-Sg
Protocol: HTTP/1.1
Server: 64.58.232.177 , United States, ASN13649 (ASN-VINS, US),
Reverse DNS: be31-199.crrt01.las04.flexential.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
p3p: CP=\"DSP COR ADM DEV PSA PSD OUR\", CP="DSP COR ADM DEV PSA PSD OUR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
X-Server: LAS06
Content-Type: image/png
Content-Length: 120
Expires: -1

Redirect headers

Date: Wed, 22 Dec 2021 20:36:47 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Location: https://ib.mookie1.com:443/image.sbxx?go=247532&pid=314&xid=Ojnxl-Sg
p3p: CP="DSP COR ADM DEV PSA PSD OUR"
Access-Control-Allow-Origin: *
Cache-Control: private
X-Server: NY01
Content-Type: text/html; charset=utf-8
Content-Length: 193

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 654F
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dpubmatic%26partner_uid%3D%23PM_USER_ID
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dpubmatic%26partner_uid%3D%23PM_USER_ID&rdf=1
https://beacon.krxd.net/usermatch.gif?partner=pubmatic&partner_uid=4436ED5F-9339-45AE-94F2-83A750055DCB

0
336 B

25ms
23ms

Image
text/plain

34.206.47.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=pubmatic&partner_uid=4436ED5F-9339-45AE-94F2-83A750055DCB
Protocol: H2
Server: 34.206.47.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-47-24.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
cache-control: private, no-cache, no-store
x-request-time: D=25 t=1640205408
x-served-by: beacon-n015-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=pubmatic&partner_uid=4436ED5F-9339-45AE-94F2-83A750055DCB
date: Wed, 22 Dec 2021 20:36:47 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

398696.gif
idsync.rlcdn.com/ Frame 654F
Redirect Chain

https://fei.pro-market.net/engine?mimetype=img&du=88&csync=Ojnxl-Sg
https://idsync.rlcdn.com/398696.gif?partner_uid=4640143000343888477

42 B
178 B

45ms
45ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/398696.gif?partner_uid=4640143000343888477
Protocol: H2
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 22 Dec 2021 20:36:48 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
via: 1.1 google
server: Apache-Coyote/1.1
access-control-allow-origin: *
anserver: gapp7.us1
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location: https://idsync.rlcdn.com/398696.gif?partner_uid=4640143000343888477
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: clear
content-length: 0
expires: Mon, 1 Jan 1990 0:0:0 GMT

GET
H/1.1 200
OK pr Show response
s.amazon-adsystem.com/v3/ Frame 0DA9 2 KB
2 KB 30ms
30ms Document
text/html 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/v3/pr?exlist=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&dcc=t

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

f07f72ed918a7535e94385d03c5392b4c102aecafc6012021b06c9be5d888541

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&dcc=t

Response headers

Server: Server
Date: Wed, 22 Dec 2021 20:36:48 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 1728
Connection: keep-alive
x-amz-rid: YZAVZH18YHCR5XG1KEJA
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 0DA9
Redirect Chain

https://um.simpli.fi/amazon/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsimpli.fi%26id%3D
https://s.amazon-adsystem.com/ecm3?id=33DE0C0FDB4E49E7BECFA760132BC91E&ex=simpli.fi&status=ok

43 B
556 B

64ms
34ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=33DE0C0FDB4E49E7BECFA760132BC91E&ex=simpli.fi&status=ok

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 9HS3166WYE3Q1W29S660
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Wed, 22 Dec 2021 20:36:48 GMT
x-content-type-options: nosniff
server: nginx
location: https://s.amazon-adsystem.com/ecm3?id=33DE0C0FDB4E49E7BECFA760132BC91E&ex=simpli.fi&status=ok
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Tue, 21 Dec 2021 20:36:48 GMT

GET
H/1.1

200
OK

usermatch Show response
ssum-sec.casalemedia.com/ Frame 1CB4
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

2 KB
3 KB

36ms
36ms

Document
text/html

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f3d3d0adbf8af542a169e97f610922a324ebb0586ad41c53c62c6e8dae8a5cb0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|241|230|45|206|64|221|51
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1636
Expires: Wed, 22 Dec 2021 20:36:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Connection: keep-alive

Redirect headers

Server: Apache
Content-Length: 324
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Wed, 22 Dec 2021 20:36:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Connection: keep-alive

GET
H2 200 / Show response
match.sharethrough.com/jwumXNuB/v1/ Frame 5856 427 B
613 B 92ms
23ms Document
text/html 54.85.17.129
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.85.17.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-17-129.compute-1.amazonaws.com
Software: /
Resource Hash: 8602ca90a071c1d02899e32ce137020bf7dc78db09c020494317d2d9d1aa8d7b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
content-length: 427

GET
H2 200 visitormatch Show response
bh.contextweb.com/ Frame 43A7 828 B
1 KB 86ms
29ms Document
text/html 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL

https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

230ff89be63429d87efa1e887df3ad0e4ec2d811475100f11b43fd9ecc97e080

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-685df6f7b9-h66sn
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-CA
content-type: text/html;charset=iso-8859-1
content-length: 828
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame 9265
Redirect Chain

https://ssbsync-us.smartadserver.com/api/sync?callerId=2
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=1677254204745086207&gdpr=0&gdpr_consent=

43 B
556 B

41ms
32ms

Document
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=1677254204745086207&gdpr=0&gdpr_consent=

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Server: Server
Date: Wed, 22 Dec 2021 20:36:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: BAJ97KQRBC5PXN7MH1F7
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

Redirect headers

date: Wed, 22 Dec 2021 20:36:48 GMT
content-length: 0
location: https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=1677254204745086207&gdpr=0&gdpr_consent=

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame 5B46
Redirect Chain

https://sync.inmobi.com/TAM?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D
https://s.amazon-adsystem.com/ecm3?ex=inmobi.com&id=ID5-ZHMOICMZAbr98f1z0hyTAVYT9BjrzWvI_Bo5UoFWFA

43 B
556 B

36ms
36ms

Document
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=inmobi.com&id=ID5-ZHMOICMZAbr98f1z0hyTAVYT9BjrzWvI_Bo5UoFWFA

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Server: Server
Date: Wed, 22 Dec 2021 20:36:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: B6A1K9RCRNJPKXDBYN54
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

Redirect headers

P3P: CP="CAO PSA OUR"
Location: https://s.amazon-adsystem.com/ecm3?ex=inmobi.com&id=ID5-ZHMOICMZAbr98f1z0hyTAVYT9BjrzWvI_Bo5UoFWFA
Transfer-Encoding: chunked
Date: Wed, 22 Dec 2021 20:36:48 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

GET
H/1.1

200
OK

amazon Show response
ap.lijit.com/beacon/ Frame DB5D
Redirect Chain

https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com
https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1

1 KB
1 KB

58ms
58ms

Document
text/html

23.92.190.68
INTERNAP-BLK

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.92.190.68 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 5e98ecb1a41a611263897592231f26932e06d200cb59a84e1cdb32967e8ad60b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Server: nginx
Date: Wed, 22 Dec 2021 20:36:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap2ewr1

Redirect headers

Server: nginx
Date: Wed, 22 Dec 2021 20:36:48 GMT
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap2ewr1

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame 8387
Redirect Chain

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=14998720294337893219

43 B
556 B

47ms
33ms

Document
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=14998720294337893219

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_n-sharethrough_n-LoopMe_n-simpli.fi_ppt_smrt_n-inmobi_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Server: Server
Date: Wed, 22 Dec 2021 20:36:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: YFWCDTGJMMB7DV59PD16
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

Redirect headers

date: Wed, 22 Dec 2021 20:36:48 GMT
content-length: 0
location: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=14998720294337893219
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DF96 13 KB
5 KB 60ms
24ms Document
text/html 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Wed, 22 Dec 2021 13:52:59 GMT
expires: Thu, 22 Dec 2022 13:52:59 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 24229
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BC0E 783 B
1 KB 127ms
82ms Document
text/html 2607:f8b0:4006:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3f95edf3abd24a9de76c571c48cf199ffa3cd985465a5bc09d1c831569e07e7d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-amHQQz7vhSZXW63PplgFfQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 22 Dec 2021 20:36:48 GMT
date: Wed, 22 Dec 2021 20:36:48 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-amHQQz7vhSZXW63PplgFfQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 403 8.gif
id5-sync.com/i/882/ 79 B
79 B 107ms
107ms Image
text/html 51.89.20.86
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/882/8.gif?id5id=ID5*HSLYOmdJjHT9l2SINLiJ5kY8hoFfgVgej5aPTBXrw2ECmY2WnmKmj75AYtJz-yzDAppeyPv0RYuCMuB7BdtAqAKbhmb7WFtLFxx9vkU3dHYCnJScyTh6JC1M6PmTDuDnAp0th8_mO2QSOCUSmlpScgKeyGlctQOVNZjpCJgFGs0CnwKOYGNAswxLu6mq9ohxAqBB-hcEMffunD5hUaAEPAKh12BHiCLI1ETzy3tJ48UCogy0tF9vPRL_VGsuse-1AqPdwaMP48ZOXKKP-2u8kQKkvxz-UCgVfPIlL82B750CpWrmPFRd9feImePf5h92AqZhYvv86r9f2FHztDYNgwKnhc8qGoQxFEi2YSDYmLUCqCjSXyVaoLJtFydWaCd9AqlliKYk9m3VzW32gnpeXwKqlJp9njibCMuN4v8ERasCqykE3l0JNplpnb3qwxNCAqw_bBGeAW2uHrAIrWoKkQKtJonbA68Tj7s_yXsNM_cCrhrtKOHQgQir1gwynrLJAq8Q20G2JIbmc0UXy-_YEQKyhSIhVFRNCrckTmF3w8A&o=api&gdpr_consent=undefined&gdpr=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.20.86 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p18.id5-sync.com

Software

Resource Hash

06ecc1573d3bd555fe29b67a1f5f9a4f560413c5d3a979eb7ad1960866ddbad8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Date: Wed, 22 Dec 2021 20:36:48 GMT
Transfer-Encoding: chunked
Content-Type: text/html;charset=utf-8

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame 43A7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=ZjhZWXFUVkNPaGVraHFRZS0tTnh4dw&gdpr=0&gdpr_consent=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEMQsz-EVlT9g1uZ7rCfYVm8&google_cver=1

49 B
652 B

20ms
20ms

Image
image/gif

198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEMQsz-EVlT9g1uZ7rCfYVm8&google_cver=1

Requested by

Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint

Protocol

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-CA
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-685df6f7b9-h66sn
expires: -1

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEMQsz-EVlT9g1uZ7rCfYVm8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 335
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame 43A7
Redirect Chain

https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid=
https://pulsepoint-match.dotomi.com/match/bounce/current?DotomiTest=4c841bb25cf51235&is_secure=true&networkId=14200&version=1&nuid=
https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AAAGd_E4wbmtlANNUs3sAAAAAAA&expiration=1640291808&nuid=&is_secure=true

49 B
680 B

26ms
26ms

Image
image/gif

198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AAAGd_E4wbmtlANNUs3sAAAAAAA&expiration=1640291808&nuid=&is_secure=true

Requested by

Protocol

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-CA
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-685df6f7b9-h66sn
expires: -1

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AAAGd_E4wbmtlANNUs3sAAAAAAA&expiration=1640291808&nuid=&is_secure=true
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame 43A7 43 B
556 B 89ms
32ms Image
image/gif 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=Yuu5oRFYdB4Z&ex=Pulsepoint

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: N2RH2PZBA8AB655FZ8QK
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame 5856 43 B
556 B 33ms
33ms Image
image/gif 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=sharethrough.com&id=330e3927-e6fa-4d1f-a57f-3c289bbd1e99

Requested by

Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 9HZR9D2WQC0WM3AMWYTH
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 5856
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1
https://sync.search.spotxchange.com/partner?adv_id=8499&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3Dk1jJghvBi79yX1NZ2sM5fXrm%26source_user_id%3D%24SPOTX_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=8499&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3Dk1jJghvBi79yX1NZ2sM5fXrm%26source_user_id%3D%24SPOTX_USER_ID&__user_chec...
https://match.sharethrough.com/sync/v1?source_id=k1jJghvBi79yX1NZ2sM5fXrm&source_user_id=e2f50e0a-6366-11ec-aeff-1fc5ecda0103

68 B
262 B

26ms
25ms

Image
image/png

54.85.17.129
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=k1jJghvBi79yX1NZ2sM5fXrm&source_user_id=e2f50e0a-6366-11ec-aeff-1fc5ecda0103
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 54.85.17.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-17-129.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:49 GMT
content-length: 68
content-type: image/png

Redirect headers

Date: Wed, 22 Dec 2021 20:36:49 GMT
Server: nginx
Location: https://match.sharethrough.com/sync/v1?source_id=k1jJghvBi79yX1NZ2sM5fXrm&source_user_id=e2f50e0a-6366-11ec-aeff-1fc5ecda0103
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 51
Connection: keep-alive
Content-Length: 0

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 5856
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2
https://b1sync.zemanta.com/usersync/sharethrough/
https://stags.bluekai.com/site/23178?id=t0XQgXMFWDA6XqrQP68F&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS63LBORRWQLTTNBQXEZLUNBZG65LHNAXGG33NF5ZXS3TD...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS63LBORRWQLTTNBQXEZLUNBZG65LHNAXGG33NF5ZXS3TDF53DCP3FPBRWQYLOM5ST243IMFZGK5DIOJXXKZ3IEZZW65LSMNSV62LEHVQTOOJTGUZTANJYGE2GMODDGVSTE...
https://match.sharethrough.com/sync/v1?source_id=a7935305814f8c5e2a34ba54&source_user_id=t0XQgXMFWDA6XqrQP68F

68 B
262 B

26ms
25ms

Image
image/png

54.85.17.129
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=a7935305814f8c5e2a34ba54&source_user_id=t0XQgXMFWDA6XqrQP68F
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 54.85.17.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-17-129.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:49 GMT
content-length: 68
content-type: image/png

Redirect headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:49 GMT
P3p: CP="We do not support P3P header."
Location: https://match.sharethrough.com/sync/v1?source_id=a7935305814f8c5e2a34ba54&source_user_id=t0XQgXMFWDA6XqrQP68F
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 136
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 5856
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=c1617644-d9b8-4c1e-9931-3ece56efb0ba&gdpr=0&gdpr_consent=

68 B
262 B

28ms
28ms

Image
image/png

54.85.17.129
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=c1617644-d9b8-4c1e-9931-3ece56efb0ba&gdpr=0&gdpr_consent=
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 54.85.17.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-17-129.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=c1617644-d9b8-4c1e-9931-3ece56efb0ba&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 323

GET

byN59NcB
sync-tm.everesttech.net/upi/pid/ Frame 5856
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4
https://sync-tm.everesttech.net/upi/pid/byN59NcB?redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DSvWuQHUbMWnhsCDYjeaq81U2%26source_user_id%3D%24%7BTM_USER_ID%7D%0A

0
0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1CB4
Redirect Chain

https://match.adsrvr.org/track/cmf/casale
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c1617644-d9b8-4c1e-9931-3ece56efb0ba&expiration=1642797408&gdpr=0&gdpr_consent=

43 B
1006 B

89ms
35ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c1617644-d9b8-4c1e-9931-3ece56efb0ba&expiration=1642797408&gdpr=0&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 22 Dec 2021 20:36:48 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c1617644-d9b8-4c1e-9931-3ece56efb0ba&expiration=1642797408&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 323

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame 1CB4 43 B
932 B 59ms
30ms Image
image/gif 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 4C2BCTJ8MWR82QD6B4TP
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 1CB4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB&gdpr_consent=&us_privacy=&gdpr=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESENbSg0vyXrxGhOXnNRcsA74&google_cver=1

43 B
315 B

27ms
26ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESENbSg0vyXrxGhOXnNRcsA74&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 22 Dec 2021 20:36:48 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESENbSg0vyXrxGhOXnNRcsA74&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 342
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 1CB4
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YcOMYOGrgeANNsgObvQYOgAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHNIziwEYGq6hWx2ffqBGHY&google_cver=1

43 B
1 KB

35ms
34ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHNIziwEYGq6hWx2ffqBGHY&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 22 Dec 2021 20:36:48 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHNIziwEYGq6hWx2ffqBGHY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 1CB4
Redirect Chain

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB&gdpr_consent=&us_privacy=&gdpr=
https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB&gdpr_consent=&us_privacy=&gdpr=&verify=true
https://pr-bh.ybp.yahoo.com/sync/casale/YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB

43 B
877 B

97ms
33ms

Image
image/gif

2600:1f18:4e9:5a01:d442:ba08:69c2:12fc
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Protocol

Server

2600:1f18:4e9:5a01:d442:ba08:69c2:12fc Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

Redirect headers

location: https://pr-bh.ybp.yahoo.com/sync/casale/YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB
date: Wed, 22 Dec 2021 20:36:48 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1CB4
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=48
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_i...
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_i...
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341&partner_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D64...
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341&partner_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_i...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341&expiration=1642797408

43 B
1 KB

37ms
36ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341&expiration=1642797408
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:49 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 22 Dec 2021 20:36:49 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=42625410-251a-4a94-acb9-4a43701963a2-61c38c60-4341&expiration=1642797408
date: Wed, 22 Dec 2021 20:36:49 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

200

tpid=YcOMYOGrgeANNsgObvQYOgAA%26983
bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/ Frame 1CB4
Redirect Chain

https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YcOMYOGrgeANNsgObvQYOgAA%26983?gdpr_consent=&us_privacy=&gdpr=
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YcOMYOGrgeANNsgObvQYOgAA%26983?gdpr_consent=&us_privacy=&gdpr=

49 B
737 B

40ms
40ms

Image
image/gif

18.204.86.180
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YcOMYOGrgeANNsgObvQYOgAA%26983?gdpr_consent=&us_privacy=&gdpr=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: H2
Server: 18.204.86.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-204-86-180.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.39.109
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YcOMYOGrgeANNsgObvQYOgAA%26983?gdpr_consent=&us_privacy=&gdpr=
cache-control: no-cache
x-server: 10.40.34.156
content-length: 0
expires: 0

GET
H/1.1

200
OK

rum
dsum.casalemedia.com/ Frame 1CB4
Redirect Chain

https://x.bidswitch.net/sync?ssp=index
https://x.bidswitch.net/ul_cb/sync?ssp=index
https://m.fg8dgt.com/sync?ssp=bidswitch&bidswitch_ssp_id=index&ssp_uuid=c99b2155-85c0-446f-b085-dfcd5ce90145
https://m.fg8dgt.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=index&ssp_uuid=c99b2155-85c0-446f-b085-dfcd5ce90145
https://x.bidswitch.net/sync?dsp_id=108&expires=14&ssp=index&user_id=3dd2b990-6459-4f8e-b32c-7b93e5b8d2fc
https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c99b2155-85c0-446f-b085-dfcd5ce90145

43 B
1 KB

85ms
30ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c99b2155-85c0-446f-b085-dfcd5ce90145
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:49 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 22 Dec 2021 20:36:49 GMT

Redirect headers

Location: //dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c99b2155-85c0-446f-b085-dfcd5ce90145
Date: Wed, 22 Dec 2021 20:36:49 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame 1CB4 43 B
556 B 61ms
30ms Image
image/gif 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=index.com&id=YcOMYOGrgeANNsgObvQYOgAAA9cAAAAB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: R3TTZ12ZB6A3T3Y4RZPM
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js Show response
pagead2.googlesyndication.com/bg/ Frame DF96 35 KB
13 KB 108ms
52ms Script
text/javascript 2607:f8b0:4006:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 17 Dec 2021 04:13:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 490995
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13555
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 17 Dec 2022 04:13:33 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BC0E 0
0 90ms
88ms Image
text/html 2607:f8b0:4006:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021120601&jk=1543696118031648&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame DB5D 43 B
556 B 32ms
31ms Image
image/gif 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=a7bdc6ca5a7cbe51d1e8eabd&ex=sovrn.com&gdpr=0&gdpr_consent=

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: M7MNC8P0CKMH4PV6G0R5
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame DB5D
Redirect Chain

https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=
https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1
https://ce.lijit.com/merge?pid=86&3pid=jj4hv0Nfp3z6Tt07oXpt&pi=sovrn&gdpr_consent=&gdpr=0&tc=1

43 B
1 KB

21ms
20ms

Image
image/gif

23.92.190.74
INTERNAP-BLK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=86&3pid=jj4hv0Nfp3z6Tt07oXpt&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Server: 23.92.190.74 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:49 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ewr1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location: https://ce.lijit.com/merge?pid=86&3pid=jj4hv0Nfp3z6Tt07oXpt&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
pragma: no-cache
date: Wed, 22 Dec 2021 20:36:49 GMT, Wed, 22 Dec 2021 20:36:49 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB5D
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=YTdiZGM2Y2E1YTdjYmU1MWQxZThlYWJk&gdpr=0

170 B
188 B

46ms
45ms

Image
image/png

142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=YTdiZGM2Y2E1YTdjYmU1MWQxZThlYWJk&gdpr=0

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1

Protocol

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 22 Dec 2021 20:36:48 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=YTdiZGM2Y2E1YTdjYmU1MWQxZThlYWJk&gdpr=0
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap2ewr1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame DB5D
Redirect Chain

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=lQ7w9JtcpqGOW_XywFy-95oHqvKOB6D2xwxkUfYc

43 B
866 B

77ms
26ms

Image
image/gif

23.92.190.74
INTERNAP-BLK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=lQ7w9JtcpqGOW_XywFy-95oHqvKOB6D2xwxkUfYc
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Server: 23.92.190.74 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ewr1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=lQ7w9JtcpqGOW_XywFy-95oHqvKOB6D2xwxkUfYc
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame DB5D
Redirect Chain

https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=90&3pid=785e9674-5938-442f-b077-984b74b20a8a&gdpr=0&gdpr_consent=

43 B
862 B

75ms
28ms

Image
image/gif

23.92.190.74
INTERNAP-BLK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=90&3pid=785e9674-5938-442f-b077-984b74b20a8a&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Server: 23.92.190.74 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ewr1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
server: nginx/1.12.1
location: https://ce.lijit.com/merge?pid=90&3pid=785e9674-5938-442f-b077-984b74b20a8a&gdpr=0&gdpr_consent=
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame DB5D
Redirect Chain

https://ums.acuityplatform.com/tum?umid=27&uid=a7bdc6ca5a7cbe51d1e8eabd&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=66&3pid=633592634447

43 B
838 B

70ms
22ms

Image
image/gif

23.92.190.74
INTERNAP-BLK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=66&3pid=633592634447
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Server: 23.92.190.74 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ewr1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Access-Control-Allow-Origin: *
Content-Length: 0
Location: https://ce.lijit.com/merge?pid=66&3pid=633592634447

GET
H2 200 bl-0af0356-e4ea5370.js Show response
tagan.adlightning.com/freestar/ Frame CE1E 45 KB
19 KB 24ms
23ms Script
application/javascript 13.225.223.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/freestar/bl-0af0356-e4ea5370.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-101.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2fc3a11d9170cfe5b44cd42777ee41395c5c6a86ccb8f46829dd8260a7582609

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 01:45:48 GMT
content-encoding: gzip
age: 67860
x-cache: Hit from cloudfront
content-length: 19084
x-amz-meta-git_commit: 0af0356
last-modified: Wed, 22 Dec 2021 01:22:29 GMT
server: AmazonS3
etag: "841700947080f68d0d665b6fe1830a06"
x-amz-version-id: 6zPfdIKCLM0otpNbrtyJvkP0wAZ7S7E8
via: 1.1 74636a0d3b110dc164c7801b27cac3b3.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: H1g02Y7UqESyTkwLyV7XaBBAsROypXtiwcnSuo9RwrcEg1Y11rw-oQ==

GET
H2 200 b-5a99e50-0ef925e1.js Show response
tagan.adlightning.com/freestar/ Frame CE1E 78 KB
30 KB 25ms
23ms Script
application/javascript 13.225.223.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/freestar/b-5a99e50-0ef925e1.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-101.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3a2a44d6d645afa6dd329ef0d6e7c92ebf624e49bf20fc301e59d69d9a59c87d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 15:36:41 GMT
content-encoding: gzip
age: 536408
x-cache: Hit from cloudfront
content-length: 30111
x-amz-meta-git_commit: 5a99e50
last-modified: Thu, 21 Oct 2021 14:42:46 GMT
server: AmazonS3
etag: "a5b54d0501be5fa645a46923bf1f6dfe"
x-amz-version-id: tynjFfgXKbXevSX.rzKqYE2SnqrB7ELk
via: 1.1 74636a0d3b110dc164c7801b27cac3b3.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: zSWjlFWL7eXW98hGqnPgAGitsmEoYaXIyzr9jy-RRteydU0IzkxWdg==

GET
H2 200 prebid-universal-creative.js Show response
a.pub.network/core/ Frame CE1E 26 KB
9 KB 44ms
42ms Script
application/javascript 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-universal-creative.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9642f5fbeff6a11fd1e8d29f62481cc23514472fb51d0d1e4ee4f257dbc8af3

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=Mv5J2Q==, md5=qhZ9KavhQaYEZZQvkPC+nQ==
date: Wed, 22 Dec 2021 20:36:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycdtyUlx4tT5b9Hq7OAVkwxplCMa-MwkCWr5ugj8LHjnUui6X0YIEtRgpeWZfbxUWjJFtd7jbz2arlcuYrWUlYbc
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
cf-ray: 6c1c24fc1b394bca-YUL
last-modified: Tue, 28 Sep 2021 15:52:36 GMT
server: cloudflare
etag: W/"aa167d29abe141a60465942f90f0be9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZwDQhGT9TkXbWx6lnpLe99MlczWbl0MHCpDFWju4zSKYKTlUEZd4nXMfR%2Buu7gBuyC4xx5B5t3zfCNzvKWDk%2Bv0%2Ft20Dq93OAnfMHD1xKE7dIJAY%2FRpbybMj1uTzOHwByfrSD1TlEk5F8LM%3D"}],"group":"cf-nel","max_age":604800}
content-language: en
access-control-allow-origin: *
x-goog-generation: 1632844356805025
access-control-expose-headers: *
cache-control: public, max-age=86400
x-goog-stored-content-length: 26661
content-type: application/javascript
expires: Wed, 22 Dec 2021 18:18:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CE1E 119 KB
36 KB 116ms
81ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 22 Dec 2021 20:36:48 GMT

GET
H2 204 pixel.gif
beacon.krxd.net/ 0
336 B 31ms
31ms Image
text/plain 34.206.47.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/pixel.gif?source=smarttag&fired=user_data_timeout&confid=womptv2nm&_kpid=9427dd0d-835c-471c-a5db-ab01ae8a681c&_kcp_s=Freestar&_kcp_d=notepad.pw&_knifr=7&_kua_kx_tz=0&_kua_kx_lang=en-us&_kua_kx_tech_browser_language=en-us&_kua_kx_whistle=0&_kpa_url_path_1=23cllfl3&_kpa_meta_keywords=notepad%20online%2Cnotepad%2Ccloud%2Cfree%20notepad%2Csave%20notes%2Cnotes%2Conline%20notepad%2Ccloud%20notepad%2Cwrite%2Cnote%2Cwriting%2Cpublish%2Cwebpage%2Cmarkdown&_kpa_domain=notepad.pw&t_navigation_type=0&t_dns=0&t_tcp=54&t_http_request=-1&t_http_response=5&t_content_ready=1027&t_window_load=1400&t_redirect=0&interchange_ran=false&userdata_was_requested=true&userdata_did_respond=false&_kurl_=https%3A%2F%2Fnotepad.pw&sview=1&kplt0=39860&kplt1=47346&jsonp_requests=https%3A%2F%2Fbeacon.krxd.net%2Foptout_check%2C100%2Chttps%3A%2F%2Fconsumer.krxd.net%2Fconsent%2Fget%2F9427dd0d-835c-471c-a5db-ab01ae8a681c%2C63%2Chttps%3A%2F%2Fcdn.krxd.net%2Fuserdata%2Fget%2C32
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.47.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-47-24.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:48 GMT
cache-control: private, no-cache, no-store
x-request-time: D=31 t=1640205408
x-served-by: beacon-n006-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CE1E 0
0 50ms
49ms Fetch
image/gif 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssPjjy6B7Fdw_4gRk5qOgL6xOT_6seSCvLpDSKtwbiAoXppVzE8wZOpFuOv_Z3f6rPxOz_JmZ5YOt5zM7mSUJgzd5AumeN7pZCgcdBfiyUW42zX2kPKz8ARQT2ZJXVNDJqBB4TPZjCmqWDZPBcIg1RDY7lthK_u9gWuwalf8iZPzvjO_Y-uvFXA7PFBQBEYnQv1yb6gEYYGu0QbjkVdx-odtP5Au77SZ9HPxC1D5_7e6DVusThrMSyySGb_QjiCQ4bDFe2TxPsBBS4dWKjEZ1ZAauBlZsY_CMlmJiIwJAdudLC4YNFMC5jaSawlHS6dxavc78FGym_kF3Sf&sai=AMfl-YSUHKEhx7o5hMt-qn9FYmjHFGbPVl8uTrgei7sKcJAynI-733BXP0npdEGNNk5pbLLiDCRrGE-BlLE_du7t8L9cKKCEG3EnsR0qntvYMF6G9WzNdsA0XBDNEK7fXsA&sig=Cg0ArKJSzLLLxTwCNiZnEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 22 Dec 2021 20:36:48 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 adfetch Show response
googleads.g.doubleclick.net/pagead/ Frame 0E9B 87 KB
31 KB 162ms
103ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adfetch?adk=1050538303&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=37.120.205.173&output=html&unviewed_position_start=1&url=https://notepad.pw/23cllfl3&sub_client=bidder-538329&hl=en&aceid=MEJePgA61OYA-VU0AeRXNAGxbjQB5W40ARdvNAHCbzQBHnA0AV5wNAGwcDQBtnA0Ad1wNAHucDQB-XA0AQ5xNAFUcTQBVXE0AWZxNAF4cTQBh3E0AZhxNAGgcTQBtXE0AdFxNAHScTQB1nE0AUtzQQFTc0EBAXlBAWAcXAJMHVwCth1cAkD3iAKy94gCc_mIAi76iAInQqoCKEKqAn1HqgL6T6oCbFuqAtBhqgJ-YqoC_XiqAm15qgKOiqoC3JGqAoCbqgKBm6oCgpuqAtueqgKmp6oCoqiqAmOqqgIrrKoC3a2qAhyuqgIdrqoCA6-qApavqgI0sKoCd7CqAnqwqgKAsKoCg7CqAoqwqgLHtaoCLruqAte-qgKoxKoC1MWqAhLHqgImzKoC1cyqAoLNqgKczaoCvc2qArvOqgJw0qoCStaqArvWqgLH1qoCk9eqAhHYqgKE2KoCj9iqAnTaqgLw2qoCHtuqAnTbqgK23KoCS92qAmfdqgIo3qoCVd6qAm7eqgK_3qoCzN6qAjvhqgJH4qoCY-OqAm_kqgKA5KoC4OSqAo3lqgKg5aoCy-WqAs_oqgLt6KoCuOmqAgfqqgIV6qoCN-qqAvnqqgJK66oCueuqAsrrqgJt7KoCk-yqAu7sqgIF7aoCZO6qAuylUANpnFED-HQkBPBC3AmtzmUOj6E1Ec6hNRHNgfsSIcX7Es7R-xK73PsS7Ob7Enrp-xIV6vsSf-r7Eu_r-xIg7PsSBe37Embt-xJ57fsS6e37EvXt-xKy7vsSlmZkE-lb0BPhXNAT91ZrGuq1vWk6HNJ5&awbid_c=AKAmf-BkMS2hilgAIUxqF31MUG7exKUUHz0TH6Psby9ZU_qsXtgJceLlrntpETt4TRhwe_dTbVOlJKoBXVGcCUX5a_lLBWHDSPR5Lb7Mfi1YZJscFIBlVrDneUMX70yBvVUioQupMJNUYJwC34a0acvlyhLGAaA-eCGwd6ZrD1Qry-weNL0f0ieLe66DHQ5rS1nI57lvKWg-p38oqqXXVB2gGXyLza-7-TamlkSx9A0d_z3tQQu9JuDdWl9whSonKYoPtPFjDBV7LVHfzknDk8kaLhT1mUujrXTpq3ciOZORNvKSHwCVlSzu0JmA4xL4Af-NyUaHTlW0Lgz1xUXTbVx3eioStWJgkESQWnANLh08YTYDsX3VaPFaRx3Vnc-QiB2fENRq5OPBF1B0mh7Nw62zGwMSdAtJbYhdsuM6qbc2Fm-Gs-gYyFCHOVCPPzYsBPtDpfdEpgsHwmZWUyRS_mHCADQA-xGSPrlf4F6xPgAHmudSZccKjUZ4oqa94PUlY8LU7C1SSqm_&awbid_d=AKAmf-AUQVJuSGIiz8Pzp9iuTcoXMxc5itgYQtdPteL6iCHFOtFqyhGhy-b8Kz4bIiDQmtjHcG4mQ49JfEr4IKl0FqnzHwvgMG-374UWvvI4bkyh-MWZLq4baLFiE5eMkrRMNKoW-D7GMJ5sKLW-tksPg7b1e4aA8mJ8FTgIRaDDZayhxeBvsmSc1QKIsy_XpuSMH79HRG9osWVOVAPwkoumVAaCOhYo45JbNMBGK7RPo9U5Fi7LHQOHa7_w83pd-1eBEqahBCNDVmdC7y8iXpiuR2_5wgj-kG7vHMVp14OsyOBfOvTv9SC3fEO219uEvYwOQGallTAK67KE-Jw8F3kOrZxzq-L1Dgi47W-rSLBv80L9oR3X_c-HheBE5pSAkfM_NKLOIVWo7iQboBqxLQTI3UuhDIXSLudrKbx-3Ze9NFNhndfSDRZ63E2BMqPJudfMn0hXkbflr7oAH0WbSofsY36UzF390_86xwlDUDQ-H-x6WDcr5fUBN7GLzWeiEywiptddM_6oU8z9gArFUdHwfJFbsPOOpL6mhN2yFcW0akHUKaQaMautrSh_7WUXI6F-FqmLIpLhDg4ImV9gvpBZykI1mQMwZF8nYMuEMb-nHFUOTXUwIIOmPc_IJfT7wlcZfHDBdrQJib2ak7Eblr4dlkMrKvH9x1nj551txqFXfV8MZBY2I0kWAb4z4xwbRPFqwjqe4AL1RHOTVC3Zzt3u_D6l4h-eIjBZYP0rEr7kQWMLsYCH4X73EPm-FWH16FZ7B7gi1ePbVPYVk9iqD8huPrY_1QkwBWOI7Ba7xIWyX7atii4365b9gcTHdzi0JChJ9D-7OjXEiHESucpwSTfbNo_0XtN4Kaf0BFx-dtFWmsMd2CVm-rJ6iejHSkwhRlIwhS-oXrVvJO_kFn_3V3WtUlcgyRU7KICFJ9tLpPGzI-UuwtIXVRzJ2Bl2b56nV8R2IQDUCte2Shnn1bKgPcLcq6nCxo3DYqZ_OZveH1__m3cOmfXLgqxCbd-y5Zlr54tRBGvyX6Iz&cid=CAASBORoE8A&exk=1323703361&rfl=https%3A%2F%2Fnotepad.pw%2F23cllfl3&a_pr=13:YcOMXwAAAAAY9LvoWsbP4SWAXYk5G6Z-ldi9bg

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/b-5a99e50-0ef925e1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54e8eb7a23dcd586f99313f576caffb0be220f40b859e14662a2520eade6ef2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 22 Dec 2021 20:36:49 GMT
server: cafe
content-length: 31391
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 22 Dec 2021 20:36:49 GMT
cache-control: private

GET
H2 200 xbfe_backfill.js Show response
googleads.g.doubleclick.net/pagead/ Frame CE1E 13 KB
6 KB 88ms
27ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/b-5a99e50-0ef925e1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4f31178f3fe6003e606295047fdb9be890c6a9c6c8594576435f86975af582f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:08:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1707
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5713
x-xss-protection: 0
server: cafe
etag: 4841097009533305096
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 22 Dec 2021 21:08:21 GMT

GET
H/1.1 200
OK v1
a3678.casalemedia.com/impression/ Frame CE1E 43 B
303 B 96ms
27ms Image
image/gif 209.204.234.40
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a3678.casalemedia.com/impression/v1?bidID=527096bb-372f-46f0-8466-30417e4aaf0c&traceID=c71oonvmc7vrkoor23m0&dspID=85&userID=&cmpro=0&ap=0.12
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/b-5a99e50-0ef925e1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 209.204.234.40 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Dec 2021 20:36:48 GMT
Server: Apache
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=100
Content-Length: 43
Expires: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CE1E 0
20 B 64ms
64ms Image
image/gif 2607:f8b0:4006:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-BnhYJRQgGvaGKDdur82ZW23ogAIJG86zE8buuFkMO2lnpztaluZYFoy_lm1MYJv1BUabSK1Mg71Cz5YT9klh-yOCqoLg&pr=13:YcOMXwAAAADg9sY_QBZgoz1bBhS8eTsaRxVBDg

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/b-5a99e50-0ef925e1.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bl-0af0356-e4ea5370.js Show response
tagan.adlightning.com/freestar/ Frame 77FC 45 KB
19 KB 22ms
22ms Script
application/javascript 13.225.223.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/freestar/bl-0af0356-e4ea5370.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-101.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2fc3a11d9170cfe5b44cd42777ee41395c5c6a86ccb8f46829dd8260a7582609

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 01:45:48 GMT
content-encoding: gzip
age: 67861
x-cache: Hit from cloudfront
content-length: 19084
x-amz-meta-git_commit: 0af0356
last-modified: Wed, 22 Dec 2021 01:22:29 GMT
server: AmazonS3
etag: "841700947080f68d0d665b6fe1830a06"
x-amz-version-id: 6zPfdIKCLM0otpNbrtyJvkP0wAZ7S7E8
via: 1.1 74636a0d3b110dc164c7801b27cac3b3.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: MHCtVPSFXj18040wJy0X8sIYt0lYrLtwtz_CNHqRPeiMFvuDSjqnWg==

GET
H2 200 b-5a99e50-0ef925e1.js Show response
tagan.adlightning.com/freestar/ Frame 77FC 78 KB
30 KB 22ms
22ms Script
application/javascript 13.225.223.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/freestar/b-5a99e50-0ef925e1.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-101.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3a2a44d6d645afa6dd329ef0d6e7c92ebf624e49bf20fc301e59d69d9a59c87d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 15:36:41 GMT
content-encoding: gzip
age: 536409
x-cache: Hit from cloudfront
content-length: 30111
x-amz-meta-git_commit: 5a99e50
last-modified: Thu, 21 Oct 2021 14:42:46 GMT
server: AmazonS3
etag: "a5b54d0501be5fa645a46923bf1f6dfe"
x-amz-version-id: tynjFfgXKbXevSX.rzKqYE2SnqrB7ELk
via: 1.1 74636a0d3b110dc164c7801b27cac3b3.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: h3c0Dgq5W0cooV_iE5FeBREwLYgdAal2MFDMkIEKpjVkTJBFG_Q8qw==

GET
H3 200 17755421312590161086
tpc.googlesyndication.com/simgad/ Frame 77FC 42 KB
42 KB 29ms
29ms Image
image/png 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17755421312590161086

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d56b6d72f49f62365ace974bc6f35c9d7c8fbbd331852d93600f588c3f1708d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 17 Dec 2021 00:17:39 GMT
x-content-type-options: nosniff
age: 505150
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42581
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 23:56:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 17 Dec 2022 00:17:39 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 77FC 19 KB
8 KB 27ms
27ms Script
text/javascript 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:32:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jan 2022 20:32:49 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 77FC 2 KB
1 KB 28ms
28ms Script
text/javascript 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:34:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jan 2022 20:34:58 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 77FC 119 KB
36 KB 54ms
54ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 22 Dec 2021 20:36:49 GMT

POST
H2 200 c Show response
c.pub.network/ 36 B
98 B 53ms
52ms XHR
text/plain 35.201.71.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.71.201.35.bc.googleusercontent.com
Software: /
Resource Hash: 54ad9eb3a11a99d9b79295afb5585f8c096f8b6db3426743974ff350853fbba1

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 22 Dec 2021 20:36:49 GMT
via: 1.1 google
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
alt-svc: clear
content-length: 36

GET
H3 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame CE1E 73 KB
27 KB 35ms
35ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/b-5a99e50-0ef925e1.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8576ac4fad8d6a2eef6c1a412387cb3e7a6909b0a647f33bb0686d57d300d02e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28114
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461277931444"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 22 Dec 2021 20:36:49 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CE1E 0
0 74ms
42ms Fetch
image/gif 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssdttD9UicCOGajpdv2o3s4AEgjNTBbXV4Ck1zOkCPGPH0WbiPpIpj9CFnmvfA6EuotRuvcLD2ilc91Yntzyg9ygxqhyFwFQ1pqbWQd9aeNTPCK7ITCH_eMCdL81Xs9oED8bC3kVCmpjkJBa-0nMIsy4Ebi9m2zngJolU5Eec1Np_5uP-9-nnoaxnI6FXtSIC5jPizYeLsDeELqAjUQbDvtC1WPE5_Ic1RWHFO4sQwcu8DhoFk2gPLiv-e1EEoy-7daNgNP3NXxni383sazInTZX0iH3ZiVU7OgZ3OLd4fVIKJJFoMWyMT_XIK5rW8klKtj9QDaOj1BXXLx6BQ&sai=AMfl-YRjbHDQJQrmuUPOKZnKus0d5seH3yTlbGDXmfek3hicRunj7i4X9x4EzgO8HGs2lKweGS91wwR9fcdOZPIkbQYGHVKpdivBj6aJ0K_5gNh_advPzbFkQsWDw_ichaM&sig=Cg0ArKJSzIBgBJ7i0npjEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 22 Dec 2021 20:36:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 22 Dec 2021 20:36:49 GMT

GET
DATA 200
OK truncated
/ Frame CE1E 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10f3865cd7911018dcae58c46e1fb94a8987a0f3c7696645f1cdb60469e9a09d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 77FC 0
0 50ms
50ms Fetch
image/gif 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssv1SSKVbIfHnu9H6ABHFyGOk58EuoCjD2WboiAHI9_G657XBcp3vmEtTB1krIUtaZwosTtdSjvf8ibgY95F8oT3rn-Xn_jLiTIdnZfb-PjHjH6lYsHdIZJcIFz7Es3-oBD5vYO9e69cF-INP_nV-k8xVXFOitLS-3J8acnazZhI00XrOTvO-W7liRTYlfhSxCpm1AIVpVROGVMQk7uWsviNdIZzee4A20YaR_8Ey4tTd9BtmZhQRAsqwSMrPWWKOqXAXhthyFViJnr3BOOs7XlrkkdidnjEb65KzkiEUi11UF3L0aVEicy7AhHuAwNmqYPyquorgHPgRwzGvzEito84gjkHgzHtAcMXsE&sai=AMfl-YQYfJOZ6-lBBs-v5WCpILlpY7BI0wFVxidEagC5QEX6kAjxbu-YYTzzDsDT1nND2Bujml-HuPd7X0q2gQGeg0jcPvhZ4M8Xcsiw4zOjFSX_Jt1LVXjgmoPL0L58Cx4&sig=Cg0ArKJSzPRN1_ZDIv3qEAE&uach_m=[UACH]&adurl=

Requested by

Host: notepad.pw
URL: https://notepad.pw/23cllfl3

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 22 Dec 2021 20:36:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 77FC 0
0 51ms
51ms Fetch
image/gif 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssxjsMUrFV3nvzg9dfnSfqPJwYTSSUXRwAhYc-VqSYpjQf-wSgQyStOL0Zp2fVAM4jH7MvOdg0rWu4yKJAMKHwnWzi8np0ZtCQmY3IB67ihi73g1w40VAl8XHg0ql4L_9VlRCeAyd96u-kbudC8LYxUZizNK02aYgNI7SCllq1SzRv-p1Rlt-wypIZEvI8cFo8hfqjbD1QulYLiW79QvtkBYqKPgDtmO-8E-Qn8e50T-VVFU0wPShxRIpR3EihE3vZN4PrsAU8_RmY5PZjzz0vJce40xoBEC0WsgVO8FMrpZpsxLtuSxRQF4sbKPUhkuJkmKf3KCgNUDiRlBiKCub4&sai=AMfl-YRUC5JQABdTDT5RmodKy7X-c-uP44RBr0oPI4M2sMYferAXK5H1IhgaCx8FpGCdvHWdh1SWdouMFm2En5XBOzpZUqmuR1PD__8Wf4hc4vQOl5fu8xsUYQvhtEJ2VhU&sig=Cg0ArKJSzJyIlaqXh6wsEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 22 Dec 2021 20:36:49 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 22 Dec 2021 20:36:49 GMT

GET
DATA 200
OK truncated
/ Frame 77FC 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62a8d5f5092e42f52e45fa3571313cdc742df72c33fbbb3593fc4a65340cbbd0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 optout_check Show response
beacon.krxd.net/ 92 B
250 B 25ms
25ms Script
text/javascript 34.206.47.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.krxd.net/optout_check?callback=Krux.ns.investingchannelinc.kxjsonp_optOutCheck
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.47.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-47-24.compute-1.amazonaws.com
Software: /
Resource Hash: f86ef6a541924431013784460f693fb30f7f15f044e6115d285c632ad3a44d9f

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:49 GMT
cache-control: private, max-age=0, s-max-age=0
x-request-time: D=28 t=1640205409
x-served-by: beacon-n018-ash-prod.krxd.net
content-type: text/javascript

GET
H3 200 css
fonts.googleapis.com/ Frame 0E9B 6 KB
669 B 74ms
40ms Stylesheet
text/css 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=1050538303&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=37.120.205.173&output=html&unviewed_position_start=1&url=https://notepad.pw/23cllfl3&sub_client=bidder-538329&hl=en&aceid=MEJePgA61OYA-VU0AeRXNAGxbjQB5W40ARdvNAHCbzQBHnA0AV5wNAGwcDQBtnA0Ad1wNAHucDQB-XA0AQ5xNAFUcTQBVXE0AWZxNAF4cTQBh3E0AZhxNAGgcTQBtXE0AdFxNAHScTQB1nE0AUtzQQFTc0EBAXlBAWAcXAJMHVwCth1cAkD3iAKy94gCc_mIAi76iAInQqoCKEKqAn1HqgL6T6oCbFuqAtBhqgJ-YqoC_XiqAm15qgKOiqoC3JGqAoCbqgKBm6oCgpuqAtueqgKmp6oCoqiqAmOqqgIrrKoC3a2qAhyuqgIdrqoCA6-qApavqgI0sKoCd7CqAnqwqgKAsKoCg7CqAoqwqgLHtaoCLruqAte-qgKoxKoC1MWqAhLHqgImzKoC1cyqAoLNqgKczaoCvc2qArvOqgJw0qoCStaqArvWqgLH1qoCk9eqAhHYqgKE2KoCj9iqAnTaqgLw2qoCHtuqAnTbqgK23KoCS92qAmfdqgIo3qoCVd6qAm7eqgK_3qoCzN6qAjvhqgJH4qoCY-OqAm_kqgKA5KoC4OSqAo3lqgKg5aoCy-WqAs_oqgLt6KoCuOmqAgfqqgIV6qoCN-qqAvnqqgJK66oCueuqAsrrqgJt7KoCk-yqAu7sqgIF7aoCZO6qAuylUANpnFED-HQkBPBC3AmtzmUOj6E1Ec6hNRHNgfsSIcX7Es7R-xK73PsS7Ob7Enrp-xIV6vsSf-r7Eu_r-xIg7PsSBe37Embt-xJ57fsS6e37EvXt-xKy7vsSlmZkE-lb0BPhXNAT91ZrGuq1vWk6HNJ5&awbid_c=AKAmf-BkMS2hilgAIUxqF31MUG7exKUUHz0TH6Psby9ZU_qsXtgJceLlrntpETt4TRhwe_dTbVOlJKoBXVGcCUX5a_lLBWHDSPR5Lb7Mfi1YZJscFIBlVrDneUMX70yBvVUioQupMJNUYJwC34a0acvlyhLGAaA-eCGwd6ZrD1Qry-weNL0f0ieLe66DHQ5rS1nI57lvKWg-p38oqqXXVB2gGXyLza-7-TamlkSx9A0d_z3tQQu9JuDdWl9whSonKYoPtPFjDBV7LVHfzknDk8kaLhT1mUujrXTpq3ciOZORNvKSHwCVlSzu0JmA4xL4Af-NyUaHTlW0Lgz1xUXTbVx3eioStWJgkESQWnANLh08YTYDsX3VaPFaRx3Vnc-QiB2fENRq5OPBF1B0mh7Nw62zGwMSdAtJbYhdsuM6qbc2Fm-Gs-gYyFCHOVCPPzYsBPtDpfdEpgsHwmZWUyRS_mHCADQA-xGSPrlf4F6xPgAHmudSZccKjUZ4oqa94PUlY8LU7C1SSqm_&awbid_d=AKAmf-AUQVJuSGIiz8Pzp9iuTcoXMxc5itgYQtdPteL6iCHFOtFqyhGhy-b8Kz4bIiDQmtjHcG4mQ49JfEr4IKl0FqnzHwvgMG-374UWvvI4bkyh-MWZLq4baLFiE5eMkrRMNKoW-D7GMJ5sKLW-tksPg7b1e4aA8mJ8FTgIRaDDZayhxeBvsmSc1QKIsy_XpuSMH79HRG9osWVOVAPwkoumVAaCOhYo45JbNMBGK7RPo9U5Fi7LHQOHa7_w83pd-1eBEqahBCNDVmdC7y8iXpiuR2_5wgj-kG7vHMVp14OsyOBfOvTv9SC3fEO219uEvYwOQGallTAK67KE-Jw8F3kOrZxzq-L1Dgi47W-rSLBv80L9oR3X_c-HheBE5pSAkfM_NKLOIVWo7iQboBqxLQTI3UuhDIXSLudrKbx-3Ze9NFNhndfSDRZ63E2BMqPJudfMn0hXkbflr7oAH0WbSofsY36UzF390_86xwlDUDQ-H-x6WDcr5fUBN7GLzWeiEywiptddM_6oU8z9gArFUdHwfJFbsPOOpL6mhN2yFcW0akHUKaQaMautrSh_7WUXI6F-FqmLIpLhDg4ImV9gvpBZykI1mQMwZF8nYMuEMb-nHFUOTXUwIIOmPc_IJfT7wlcZfHDBdrQJib2ak7Eblr4dlkMrKvH9x1nj551txqFXfV8MZBY2I0kWAb4z4xwbRPFqwjqe4AL1RHOTVC3Zzt3u_D6l4h-eIjBZYP0rEr7kQWMLsYCH4X73EPm-FWH16FZ7B7gi1ePbVPYVk9iqD8huPrY_1QkwBWOI7Ba7xIWyX7atii4365b9gcTHdzi0JChJ9D-7OjXEiHESucpwSTfbNo_0XtN4Kaf0BFx-dtFWmsMd2CVm-rJ6iejHSkwhRlIwhS-oXrVvJO_kFn_3V3WtUlcgyRU7KICFJ9tLpPGzI-UuwtIXVRzJ2Bl2b56nV8R2IQDUCte2Shnn1bKgPcLcq6nCxo3DYqZ_OZveH1__m3cOmfXLgqxCbd-y5Zlr54tRBGvyX6Iz&cid=CAASBORoE8A&exk=1323703361&rfl=https%3A%2F%2Fnotepad.pw%2F23cllfl3&a_pr=13:YcOMXwAAAAAY9LvoWsbP4SWAXYk5G6Z-ldi9bg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 18:50:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 22 Dec 2021 20:36:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 22 Dec 2021 20:36:49 GMT

GET
H3 200 m_js_controller.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 0E9B 44 KB
16 KB 26ms
26ms Script
text/javascript 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/m_js_controller.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eeca932a1c0b1548b0e53ae7082258ddf557f04fa49d13ed76b633065f1acb75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 19:23:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4393
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16660
x-xss-protection: 0
server: cafe
etag: 303318654010460680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jan 2022 19:23:36 GMT

GET
H3 200 abg_lite.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 0E9B 24 KB
9 KB 25ms
25ms Script
text/javascript 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:32:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jan 2022 20:32:51 GMT

GET
H3 200 window_focus.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 0E9B 2 KB
1 KB 20ms
20ms Script
text/javascript 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e371c9ea0fd636a3ecd29ae5e8413d144d470f77ca4bdda94b6e61ec3b980eb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:31:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 307
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
server: cafe
etag: 11377196957905752455
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jan 2022 20:31:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0E9B 119 KB
36 KB 81ms
80ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:36:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 22 Dec 2021 20:36:49 GMT

GET
H3 200 qs_click_protection.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 0E9B 18 KB
7 KB 24ms
24ms Script
text/javascript 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51bbe57479b8c393497c12c8a7a3e3db77d4d60751017cbebd63ddc54a328819

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 20:21:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 900
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7337
x-xss-protection: 0
server: cafe
etag: 7465115486436736623
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Jan 2022 20:21:49 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 80ms
79ms Image
image/gif 2607:f8b0:4006:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021120601&jk=1543696118031648&bg=!AQKlAkbNAAZKWFskSlg7ACkAdvg8WrmKSZXqIrsZs_7UxZZ_924YMipDbhlAm7rBvXi1wn1pTozLLwIAAANNUgAAAAloAQeZArHXHymyVG8lNAdLZMLQJjWw6AsFzr6NxyhwICEcStdgKGjmheLl0qAhtmhJRuIFaZq6f74hJZqLATj2HA_TfdA3UgHwwZ7TMDln_VeqjoA3trCdPuJLZLwLU3AoFeITyN0BzMFq8eAfmi6AD5O6yIk8r2-4Qmn4WLuSuXk30j-xoOKAX9He9-A4vWAQ2DLuNM7xta4F14tQY68TEYk5ERuBC3-0iypQd_PeWbnanjccJT0VEcFCgzwBcoOlCgv6G7YMxNudYyPsTHV4GTfFDlQuIkAFV0W5RzIeymH3-kiI5rIVDd9OH19tCQ6n_-QWlN1Dz2jMfdLcCTqc6QwBMl2uqff1UTctN9uYMo-xFbs3gswR4E028bxS0R-J7V1-2GbfXCTMmhnVLB7-2Czx_fXaJ9blPz8f74F_gFU-1CyBrW-q-P7cYcWvlEqxzrTpdPyUeH4qgqBwVIs6abHzhMGeA4UszJOH72OmbbePv-mgTX9XuYieEQ7hv1tmFdDf3IV4LDa2uIDyHWpFtJJQbqXy_98ryzsBO9r32CSk3HfDZ7YYqg3cTWZiTsXlvPrTioEextAF6ZXFX_KPBSnQesr1UcXDzWMiG2SebPpwjY0iLwAZYJgeXA0PS9IQbxHNHeuzwflirKYTETS8Xsac7VCXMt6C0zIXebOg7wP0jUfHAoLrACMHI8XwfKa9wu5Wn8xYfywyH-G0VbzKxdnpAqDH57UIbOuc23jwC4WaMq7lCG2dMTWOpD8T-Jxd4ZK7BThXVVW9MusuiIkN6JTR74YndB0WHgYiYCMM28wxZ4dsBhcNH42rJxF774RogYWQWRT7fNRUBcrHme-AibJOSJ3NzExqXTNRNA9WCQklv-45I2LJ9GyfZ87vWGLfsYcyvu-QkVRrqem9RQnkC0FcuKQtdQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0E9B 0
17 B 75ms
43ms Image
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C8Q78X4zDYZu3JI6GxAOHsLFI9prAoGe84pWEyA6_6KK9wAEQASC35YQhYP3oooHwA6ABr5D71wLIAQGoAwHIA8sEqgS8AU_QXqqHleC7oc_pbEoB5_TN-hqsp3Dmo7AvKeFKgc45wmLJqeKchC4DESKmApAOCYkiCgyCul3QJ1HhJqqXtI2Jki2oJK12bb8Rw0IdbKBMA-hhWNWdgIv2z00AHHyNlQ-07MTInuqNKTAsmB0Rfqu5yh612JZNFmQi0Z7LanMzlV28frI-yVeOXSCWrlnLpuHmIjza-bHfSXZwa12yEaOJyC7fV_1GFT1HkpUacVuuk6yKyl3zc6iATcBKwAT7pdmX3gOSBQQIBBgBkgUECAUYBIAH2P7W8gGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAdIIBwiAYRABGADyCA1iaWRkZXItNTM4MzI5gAoEyAsB2BMMiBQC0BUBgBcBshcICgYIABIAGAA&sigh=wLy6GVfRmGc&uach_m=[UACH]&pr=13:YcOMXwAAAAAY9LvoWsbP4SWAXYk5G6Z-ldi9bg&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/adfetch?adk=1050538303&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=37.120.205.173&output=html&unviewed_position_start=1&url=https://notepad.pw/23cllfl3&sub_client=bidder-538329&hl=en&aceid=MEJePgA61OYA-VU0AeRXNAGxbjQB5W40ARdvNAHCbzQBHnA0AV5wNAGwcDQBtnA0Ad1wNAHucDQB-XA0AQ5xNAFUcTQBVXE0AWZxNAF4cTQBh3E0AZhxNAGgcTQBtXE0AdFxNAHScTQB1nE0AUtzQQFTc0EBAXlBAWAcXAJMHVwCth1cAkD3iAKy94gCc_mIAi76iAInQqoCKEKqAn1HqgL6T6oCbFuqAtBhqgJ-YqoC_XiqAm15qgKOiqoC3JGqAoCbqgKBm6oCgpuqAtueqgKmp6oCoqiqAmOqqgIrrKoC3a2qAhyuqgIdrqoCA6-qApavqgI0sKoCd7CqAnqwqgKAsKoCg7CqAoqwqgLHtaoCLruqAte-qgKoxKoC1MWqAhLHqgImzKoC1cyqAoLNqgKczaoCvc2qArvOqgJw0qoCStaqArvWqgLH1qoCk9eqAhHYqgKE2KoCj9iqAnTaqgLw2qoCHtuqAnTbqgK23KoCS92qAmfdqgIo3qoCVd6qAm7eqgK_3qoCzN6qAjvhqgJH4qoCY-OqAm_kqgKA5KoC4OSqAo3lqgKg5aoCy-WqAs_oqgLt6KoCuOmqAgfqqgIV6qoCN-qqAvnqqgJK66oCueuqAsrrqgJt7KoCk-yqAu7sqgIF7aoCZO6qAuylUANpnFED-HQkBPBC3AmtzmUOj6E1Ec6hNRHNgfsSIcX7Es7R-xK73PsS7Ob7Enrp-xIV6vsSf-r7Eu_r-xIg7PsSBe37Embt-xJ57fsS6e37EvXt-xKy7vsSlmZkE-lb0BPhXNAT91ZrGuq1vWk6HNJ5&awbid_c=AKAmf-BkMS2hilgAIUxqF31MUG7exKUUHz0TH6Psby9ZU_qsXtgJceLlrntpETt4TRhwe_dTbVOlJKoBXVGcCUX5a_lLBWHDSPR5Lb7Mfi1YZJscFIBlVrDneUMX70yBvVUioQupMJNUYJwC34a0acvlyhLGAaA-eCGwd6ZrD1Qry-weNL0f0ieLe66DHQ5rS1nI57lvKWg-p38oqqXXVB2gGXyLza-7-TamlkSx9A0d_z3tQQu9JuDdWl9whSonKYoPtPFjDBV7LVHfzknDk8kaLhT1mUujrXTpq3ciOZORNvKSHwCVlSzu0JmA4xL4Af-NyUaHTlW0Lgz1xUXTbVx3eioStWJgkESQWnANLh08YTYDsX3VaPFaRx3Vnc-QiB2fENRq5OPBF1B0mh7Nw62zGwMSdAtJbYhdsuM6qbc2Fm-Gs-gYyFCHOVCPPzYsBPtDpfdEpgsHwmZWUyRS_mHCADQA-xGSPrlf4F6xPgAHmudSZccKjUZ4oqa94PUlY8LU7C1SSqm_&awbid_d=AKAmf-AUQVJuSGIiz8Pzp9iuTcoXMxc5itgYQtdPteL6iCHFOtFqyhGhy-b8Kz4bIiDQmtjHcG4mQ49JfEr4IKl0FqnzHwvgMG-374UWvvI4bkyh-MWZLq4baLFiE5eMkrRMNKoW-D7GMJ5sKLW-tksPg7b1e4aA8mJ8FTgIRaDDZayhxeBvsmSc1QKIsy_XpuSMH79HRG9osWVOVAPwkoumVAaCOhYo45JbNMBGK7RPo9U5Fi7LHQOHa7_w83pd-1eBEqahBCNDVmdC7y8iXpiuR2_5wgj-kG7vHMVp14OsyOBfOvTv9SC3fEO219uEvYwOQGallTAK67KE-Jw8F3kOrZxzq-L1Dgi47W-rSLBv80L9oR3X_c-HheBE5pSAkfM_NKLOIVWo7iQboBqxLQTI3UuhDIXSLudrKbx-3Ze9NFNhndfSDRZ63E2BMqPJudfMn0hXkbflr7oAH0WbSofsY36UzF390_86xwlDUDQ-H-x6WDcr5fUBN7GLzWeiEywiptddM_6oU8z9gArFUdHwfJFbsPOOpL6mhN2yFcW0akHUKaQaMautrSh_7WUXI6F-FqmLIpLhDg4ImV9gvpBZykI1mQMwZF8nYMuEMb-nHFUOTXUwIIOmPc_IJfT7wlcZfHDBdrQJib2ak7Eblr4dlkMrKvH9x1nj551txqFXfV8MZBY2I0kWAb4z4xwbRPFqwjqe4AL1RHOTVC3Zzt3u_D6l4h-eIjBZYP0rEr7kQWMLsYCH4X73EPm-FWH16FZ7B7gi1ePbVPYVk9iqD8huPrY_1QkwBWOI7Ba7xIWyX7atii4365b9gcTHdzi0JChJ9D-7OjXEiHESucpwSTfbNo_0XtN4Kaf0BFx-dtFWmsMd2CVm-rJ6iejHSkwhRlIwhS-oXrVvJO_kFn_3V3WtUlcgyRU7KICFJ9tLpPGzI-UuwtIXVRzJ2Bl2b56nV8R2IQDUCte2Shnn1bKgPcLcq6nCxo3DYqZ_OZveH1__m3cOmfXLgqxCbd-y5Zlr54tRBGvyX6Iz&cid=CAASBORoE8A&exk=1323703361&rfl=https%3A%2F%2Fnotepad.pw%2F23cllfl3&a_pr=13:YcOMXwAAAAAY9LvoWsbP4SWAXYk5G6Z-ldi9bg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 22 Dec 2021 20:36:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 0E9B 16 KB
16 KB 19ms
19ms Font
font/woff2 2607:f8b0:4006:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Dec 2021 19:45:15 GMT
x-content-type-options: nosniff
age: 3094
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 22 Dec 2022 19:45:15 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 0E9B 15 KB
15 KB 21ms
20ms Font
font/woff2 2607:f8b0:4006:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 07:38:42 GMT
x-content-type-options: nosniff
age: 392287
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 18 Dec 2022 07:38:42 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 61C8 143 B
163 B 34ms
20ms Document
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/adfetch?adk=1050538303&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=37.120.205.173&output=html&unviewed_position_start=1&url=https://notepad.pw/23cllfl3&sub_client=bidder-538329&hl=en&aceid=MEJePgA61OYA-VU0AeRXNAGxbjQB5W40ARdvNAHCbzQBHnA0AV5wNAGwcDQBtnA0Ad1wNAHucDQB-XA0AQ5xNAFUcTQBVXE0AWZxNAF4cTQBh3E0AZhxNAGgcTQBtXE0AdFxNAHScTQB1nE0AUtzQQFTc0EBAXlBAWAcXAJMHVwCth1cAkD3iAKy94gCc_mIAi76iAInQqoCKEKqAn1HqgL6T6oCbFuqAtBhqgJ-YqoC_XiqAm15qgKOiqoC3JGqAoCbqgKBm6oCgpuqAtueqgKmp6oCoqiqAmOqqgIrrKoC3a2qAhyuqgIdrqoCA6-qApavqgI0sKoCd7CqAnqwqgKAsKoCg7CqAoqwqgLHtaoCLruqAte-qgKoxKoC1MWqAhLHqgImzKoC1cyqAoLNqgKczaoCvc2qArvOqgJw0qoCStaqArvWqgLH1qoCk9eqAhHYqgKE2KoCj9iqAnTaqgLw2qoCHtuqAnTbqgK23KoCS92qAmfdqgIo3qoCVd6qAm7eqgK_3qoCzN6qAjvhqgJH4qoCY-OqAm_kqgKA5KoC4OSqAo3lqgKg5aoCy-WqAs_oqgLt6KoCuOmqAgfqqgIV6qoCN-qqAvnqqgJK66oCueuqAsrrqgJt7KoCk-yqAu7sqgIF7aoCZO6qAuylUANpnFED-HQkBPBC3AmtzmUOj6E1Ec6hNRHNgfsSIcX7Es7R-xK73PsS7Ob7Enrp-xIV6vsSf-r7Eu_r-xIg7PsSBe37Embt-xJ57fsS6e37EvXt-xKy7vsSlmZkE-lb0BPhXNAT91ZrGuq1vWk6HNJ5&awbid_c=AKAmf-BkMS2hilgAIUxqF31MUG7exKUUHz0TH6Psby9ZU_qsXtgJceLlrntpETt4TRhwe_dTbVOlJKoBXVGcCUX5a_lLBWHDSPR5Lb7Mfi1YZJscFIBlVrDneUMX70yBvVUioQupMJNUYJwC34a0acvlyhLGAaA-eCGwd6ZrD1Qry-weNL0f0ieLe66DHQ5rS1nI57lvKWg-p38oqqXXVB2gGXyLza-7-TamlkSx9A0d_z3tQQu9JuDdWl9whSonKYoPtPFjDBV7LVHfzknDk8kaLhT1mUujrXTpq3ciOZORNvKSHwCVlSzu0JmA4xL4Af-NyUaHTlW0Lgz1xUXTbVx3eioStWJgkESQWnANLh08YTYDsX3VaPFaRx3Vnc-QiB2fENRq5OPBF1B0mh7Nw62zGwMSdAtJbYhdsuM6qbc2Fm-Gs-gYyFCHOVCPPzYsBPtDpfdEpgsHwmZWUyRS_mHCADQA-xGSPrlf4F6xPgAHmudSZccKjUZ4oqa94PUlY8LU7C1SSqm_&awbid_d=AKAmf-AUQVJuSGIiz8Pzp9iuTcoXMxc5itgYQtdPteL6iCHFOtFqyhGhy-b8Kz4bIiDQmtjHcG4mQ49JfEr4IKl0FqnzHwvgMG-374UWvvI4bkyh-MWZLq4baLFiE5eMkrRMNKoW-D7GMJ5sKLW-tksPg7b1e4aA8mJ8FTgIRaDDZayhxeBvsmSc1QKIsy_XpuSMH79HRG9osWVOVAPwkoumVAaCOhYo45JbNMBGK7RPo9U5Fi7LHQOHa7_w83pd-1eBEqahBCNDVmdC7y8iXpiuR2_5wgj-kG7vHMVp14OsyOBfOvTv9SC3fEO219uEvYwOQGallTAK67KE-Jw8F3kOrZxzq-L1Dgi47W-rSLBv80L9oR3X_c-HheBE5pSAkfM_NKLOIVWo7iQboBqxLQTI3UuhDIXSLudrKbx-3Ze9NFNhndfSDRZ63E2BMqPJudfMn0hXkbflr7oAH0WbSofsY36UzF390_86xwlDUDQ-H-x6WDcr5fUBN7GLzWeiEywiptddM_6oU8z9gArFUdHwfJFbsPOOpL6mhN2yFcW0akHUKaQaMautrSh_7WUXI6F-FqmLIpLhDg4ImV9gvpBZykI1mQMwZF8nYMuEMb-nHFUOTXUwIIOmPc_IJfT7wlcZfHDBdrQJib2ak7Eblr4dlkMrKvH9x1nj551txqFXfV8MZBY2I0kWAb4z4xwbRPFqwjqe4AL1RHOTVC3Zzt3u_D6l4h-eIjBZYP0rEr7kQWMLsYCH4X73EPm-FWH16FZ7B7gi1ePbVPYVk9iqD8huPrY_1QkwBWOI7Ba7xIWyX7atii4365b9gcTHdzi0JChJ9D-7OjXEiHESucpwSTfbNo_0XtN4Kaf0BFx-dtFWmsMd2CVm-rJ6iejHSkwhRlIwhS-oXrVvJO_kFn_3V3WtUlcgyRU7KICFJ9tLpPGzI-UuwtIXVRzJ2Bl2b56nV8R2IQDUCte2Shnn1bKgPcLcq6nCxo3DYqZ_OZveH1__m3cOmfXLgqxCbd-y5Zlr54tRBGvyX6Iz&cid=CAASBORoE8A&exk=1323703361&rfl=https%3A%2F%2Fnotepad.pw%2F23cllfl3&a_pr=13:YcOMXwAAAAAY9LvoWsbP4SWAXYk5G6Z-ldi9bg

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 22 Dec 2021 19:47:00 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2989
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0E9B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f96ed6b1ea46541b0e333630d76ca067e05e5c751031ef33010bae96765472c4

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 61C8
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

36ms
36ms

Document
text/html

2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 22 Dec 2021 20:36:49 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 22 Dec 2021 20:36:49 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 22 Dec 2021 20:36:49 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 c Show response
c.pub.network/ 36 B
98 B 43ms
43ms XHR
text/plain 35.201.71.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.71.201.35.bc.googleusercontent.com
Software: /
Resource Hash: 54ad9eb3a11a99d9b79295afb5585f8c096f8b6db3426743974ff350853fbba1

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 22 Dec 2021 20:36:49 GMT
via: 1.1 google
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
alt-svc: clear
content-length: 36

GET
H3 200 EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js Show response
pagead2.googlesyndication.com/bg/ Frame EC5A 35 KB
13 KB 78ms
78ms Script
text/javascript 2607:f8b0:4006:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 17 Dec 2021 04:13:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 490996
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13555
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 17 Dec 2022 04:13:33 GMT

POST
H2 200 c Show response
c.pub.network/ 36 B
98 B 43ms
42ms XHR
text/plain 35.201.71.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.71.201.35.bc.googleusercontent.com
Software: /
Resource Hash: 54ad9eb3a11a99d9b79295afb5585f8c096f8b6db3426743974ff350853fbba1

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 22 Dec 2021 20:36:50 GMT
via: 1.1 google
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
alt-svc: clear
content-length: 36

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CE1E 42 B
64 B 65ms
36ms Fetch
image/gif 2607:f8b0:4006:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssSqmLdouxbVfbMmgkPhcKZqzawgzCHxqwAftS1ootOAbTjO43HgRnmpi1DvsChN6n-x3I78Rn9VxDfp1V0X4j4uQ0AQI2EflTnIKZsCxWdTrjQA_dk&sig=Cg0ArKJSzIi5p2NO1kK7EAE&id=lidar2&mcvt=1000&p=1110,436,1200,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211202&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=379936467&rs=4&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640205408545&rpt=540&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 77FC 42 B
64 B 40ms
40ms Fetch
image/gif 2607:f8b0:4006:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssx1m-9mIjkhHljXvnpcS6TRz54r26fEj5VqjYR8m0v1lyHLSHcjjxe185bysZDW405RZL5NyJZdOy_wxdoPn8mUsh2nzgsFrn1KfJB78sUH0BQX8RN&sig=Cg0ArKJSzCww88DG-x30EAE&id=lidar2&mcvt=1000&p=5,315,95,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211202&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=500377054&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640205408912&rpt=372&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://notepad.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 c Show response
c.pub.network/ 36 B
98 B 51ms
51ms XHR
text/plain 35.201.71.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: notepad.pw
URL: https://notepad.pw/23cllfl3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.71.201.35.bc.googleusercontent.com
Software: /
Resource Hash: 54ad9eb3a11a99d9b79295afb5585f8c096f8b6db3426743974ff350853fbba1

Request headers

Referer: https://notepad.pw/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 22 Dec 2021 20:36:50 GMT
via: 1.1 google
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://notepad.pw
access-control-allow-credentials: true
alt-svc: clear
content-length: 36

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0E9B 42 B
64 B 60ms
59ms Fetch
image/gif 2607:f8b0:4006:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssHQnTG0Z3GzQnuxNmrnD7L6kS0C7o_6Cot2S_7UcGDftdgvcpWHLyq4T5tT8E-1ekdyrpxbzydhFV1Mt-3_NMllFiuTG2pN5NWx0FTcFVGZxwSXso&sig=Cg0ArKJSzH10EhakqLgKEAE&cid=CAASFeRoAzVx4flAVEK7po6QQiRbYm5sBg&id=lidar2&mcvt=1000&p=1,1,89,727&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=14&adk=1050538303&exk=1323703361&rs=5&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640205408903&rpt=707&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Dec 2021 20:36:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/byN59NcB?redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DSvWuQHUbMWnhsCDYjeaq81U2%26source_user_id%3D%24%7BTM_USER_ID%7D%0A

Verdicts & Comments Add Verdict or Comment

134 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

101 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
live.notepad.pw/socket.io	1969-12-31 23:59:59	Name: io Value: X5rruQU6dRAarVRRAIjH
notepad.pw/	1969-12-31 23:59:59	Name: SPSI Value: 2c012e5427599e99dcf43212ddbbc427
notepad.pw/	1969-12-31 23:59:59	Name: SPSE Value: 22UgzHC9/qSTjHdgRCIvcBRW68IFZA+5dOKO5Kw5VTI/EqBaHBCwwn90VNwRRD9HjeWwuvx4Bm5RzPv82enGJQ==
notepad.pw/	1970-01-19 23:36:52	Name: pad_cookie Value: dcb46024a6adb7f7e46733bf7dcc91e210c23f8a
notepad.pw/	1970-01-19 23:36:52	Name: spcsrf Value: c093d5845d1ff4c7b6a60ee51657bc1f
notepad.pw/	1970-01-19 23:36:45	Name: sp_lit Value: z+VQtitXgGed/U5o4IW2EA==
notepad.pw/	1969-12-31 23:59:59	Name: PRLST Value: KS
notepad.pw/	1970-01-20 03:55:57	Name: UTGv2 Value: h4658aa3bf07105eb04cde79ea3d52a3d218
notepad.pw/	1969-12-31 23:59:59	Name: adOtr Value: 21ce2402557
notepad.pw/	1969-12-31 23:59:59	Name: fsbotchecked Value: true
notepad.pw/	1970-01-19 23:51:09	Name: typography Value: %7B%22sp_class%22%3A%22not-active%22%7D
notepad.pw/	1974-12-24 23:36:45	Name: _fssid Value: 2cd3bf7b-cdde-4c65-92d6-af2b6c371976
.scorecardresearch.com/	1970-01-20 16:53:33	Name: UID Value: 1TOVUMOSVWGMU26D1TBVZHg1640205407
notepad.pw/	1970-01-20 00:19:57	Name: _pbjs_userid_consent_data Value: 3524755945110770
.notepad.pw/	1970-01-20 03:55:57	Name: _pubcid Value: c7eddff9-24b8-4cd0-8e8a-090ea67a383b
.mantisadnetwork.com/	1970-01-23 15:15:38	Name: uuid Value: b1c1f2dc-21f7-4fa6-8f5d-4c18999ec7b6
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: 1\|AIfsdBUH+v3fWCPuzNowDE/cu41hKaStkydRTZb1Pwh3wYWROmqPGcfOdLvaiI/PRhnCqTioDwugFijIXUmqGzTE/2wGlVwK8BMqZcvhERk6pwW1CaJBOKyTTM+KZgD/ANSf
.deployads.com/	1970-01-20 08:22:43	Name: d7s_uid Value: r4jalbh310xw
.adnxs.com/	1970-01-20 01:46:21	Name: icu Value: ChgIodc0EAoYASABKAEw35iOjgY4AUABSAEQ35iOjgYYAA..
.adnxs.com/	1970-01-20 01:46:21	Name: uuid2 Value: 3971102671105818542
.investingchannel.com/	1970-01-20 17:07:57	Name: ic_uid Value: d7ddb23a-6f25-40f7-990e-b8468b1d9fc8
.quantserve.com/	1970-01-20 09:06:59	Name: mc Value: 61c38c5f-df5cc-09895-831d3
.notepad.pw/	1970-01-20 09:01:14	Name: __qca Value: P0-212646353-1640205407885
.rubiconproject.com/	1970-01-20 08:22:21	Name: khaos Value: KXHZY8G1-1Z-LJRG
.rubiconproject.com/	1970-01-20 08:22:21	Name: audit Value: 1\|mFVHqHkj5bHVANLSPrSzX1MG4C6D/t+3W6FWnAiXnYAl+Z85+Xr6Bf7Mu8mwgyhI3uTqrC/RkzbhyoYAJnLYz1pmjsxEH+4y0A+VO7RH1E0=
notepad.pw/	1970-01-20 08:58:21	Name: cto_bidid Value: ZXQx919pSTBpWTFXcTNJcG05Q1ZWcyUyQkclMkYlMkJqYnRtS3FQaGtPcU1obTdBTzl6dzB1R2Q4SDk2eGs0TyUyQmdnQTNEVGQwbm1WSmtBSGVCclVjT0VDaVE2b0M0OEdnJTNEJTNE
notepad.pw/	1970-01-20 08:58:21	Name: cto_bundle Value: vkTO8V9DVUJrT3Jab3Z3Q2dPOTJZVElJbXFpVTFBSDJQJTJCQWFNdjdFbDRYTHdGU0R5R3N6Q0MzRXl0SkI0R3d3RWd0JTJCeHhTdyUyQktSZnE2YjNXVHBpbTBuVFhWNEVJS2ZqdGlTZGRxTHp6eU1FUHRKU3N5aGszbGl2N096VjEzd1VWWXpySg
.pub.network/	1970-01-20 17:08:39	Name: _fsuid Value: 21fb4a06-0e0b-4025-a9b1-3bcd30e927b4
.krxd.net/	1970-01-20 03:55:57	Name: _kuid_ Value: Ojnxl-Sg
.amazon-adsystem.com/	1970-01-20 04:11:47	Name: ad-id Value: A0wwt3PY6E9bsZNY3mGzGNI
.amazon-adsystem.com/	1970-01-21 19:40:35	Name: ad-privacy Value: 0
.adsrvr.org/	1970-01-20 08:22:21	Name: TDID Value: c1617644-d9b8-4c1e-9931-3ece56efb0ba
.pubmatic.com/	1970-01-19 23:38:11	Name: KTPCACOOKIE Value: YES
.rlcdn.com/	1970-01-20 08:22:21	Name: rlas3 Value: RiE828HIzXokfiopP3p+1zuH5xh18sYLnSTIt3ft4OI=
.rlcdn.com/	1970-01-20 01:03:09	Name: pxrc Value: CAA=
.eyeota.net/	1970-01-19 23:36:46	Name: SERVERID Value: 18018~DM
.id5-sync.com/	1970-01-20 01:46:21	Name: 3pi Value:
.pubmatic.com/	1970-01-20 01:46:21	Name: KADUSERCOOKIE Value: 4436ED5F-9339-45AE-94F2-83A750055DCB
.casalemedia.com/	1970-01-20 08:22:21	Name: CMID Value: YcOMYOGrgeANNsgObvQYOgAA
.casalemedia.com/	1970-01-20 01:46:21	Name: CMPS Value: 149
.contextweb.com/	1970-01-20 08:15:09	Name: V Value: Yuu5oRFYdB4Z
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 69847d2cf392a231
.sharethrough.com/	1970-01-20 08:22:21	Name: stx_user_id Value: 330e3927-e6fa-4d1f-a57f-3c289bbd1e99
.3lift.com/	1970-01-20 01:46:21	Name: tluid Value: 14998720294337893219
.casalemedia.com/	1970-01-20 01:46:21	Name: CMPRO Value: 983
.doubleclick.net/	1970-01-20 17:07:57	Name: IDE Value: AHWqTUmDedHHIxI3sWTfRmwRsD0dgeMX9BvCh50DCpC2AXWaDlW6xaJJFg4OhImfOvQ
.simpli.fi/	1970-01-20 08:23:47	Name: suid Value: 33DE0C0FDB4E49E7BECFA760132BC91E
.adsrvr.org/	1970-01-20 08:22:21	Name: TDCPM Value: CAESEwoEa3J1eBILCMCQi_OZ5aI6EAUSFQoGY2FzYWxlEgsIrqyN9JnlojoQBRgFIAIoAjILCLzX55-w5aI6EAU4AQ..
.smartadserver.com/	1970-01-20 09:06:59	Name: pid Value: 1677254204745086207
.lijit.com/	1970-01-20 08:22:21	Name: ljt_reader Value: a7bdc6ca5a7cbe51d1e8eabd
.yahoo.com/	1970-01-20 08:22:43	Name: A3 Value: d=AQABBGCMw2ECEBwQ1gZ0mR1uXpBm4vJaCBQFEgEBAQHdxGHNYQAAAAAA_eMAAA&S=AQAAAj3gOKOyksgckO8l-IKBDGk
.sitescout.com/	1970-01-20 08:22:21	Name: ssi Value: 42625410-251a-4a94-acb9-4a43701963a2#1640205408468
.lijit.com/	1970-01-20 08:22:21	Name: ljtrtbexp Value: eJyrVjIzU7IyNDMxNDE0NTCw0FGyQOMbGaPyLQ1Q%2BSYo8rUAk7YQJA%3D%3D
.analytics.yahoo.com/	1970-01-20 08:23:47	Name: IDSYNC Value: 175w~228k
.sitescout.com/	1970-01-20 00:19:57	Name: _ssuma Value: eyIyNCI6MTY0MDIwNTQwODQ5NCwiNCI6MTY0MDIwNTQwODQ5NCwiMzkiOjE2NDAyMDU0MDg0OTR9
global.ib-ibi.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: ehmy1kt2pokurwi1apyjmsrg
.bidswitch.net/	1970-01-20 08:22:21	Name: tuuid Value: c99b2155-85c0-446f-b085-dfcd5ce90145
.bidswitch.net/	1970-01-20 08:22:21	Name: c Value: 1640205408
.bidswitch.net/	1970-01-20 08:22:21	Name: tuuid_lu Value: 1640205408
.crwdcntrl.net/	1970-01-20 06:05:31	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-20 06:05:31	Name: _cc_id Value: 6bf95af05557eca384a07ded68372410
.crwdcntrl.net/	1970-01-20 06:05:33	Name: _cc_cc Value: "ACZ4XmNQMEtKszRNTDMwNTU1T01ONLYwSTQwT0lNMbMwNjcyMTRgAILEwz0JIBoKAFozCsY%3D"
.crwdcntrl.net/	1970-01-20 06:05:33	Name: _cc_aud Value: "ABR4XmNgYGBIPNyTAKSgAAAZ9wIR"
.id5-sync.com/	1970-01-20 01:46:21	Name: id5 Value: e7c47efd-b90b-39af-ad34-648df8227136#1640205408256#2
.id5-sync.com/	1970-01-19 23:36:45	Name: cf Value:
.id5-sync.com/	1970-01-19 23:36:45	Name: cip Value:
.id5-sync.com/	1970-01-19 23:36:45	Name: cnac Value:
.id5-sync.com/	1970-01-19 23:36:45	Name: car Value:
.id5-sync.com/	1970-01-19 23:36:45	Name: gdpr Value:
.id5-sync.com/	1970-01-19 23:36:45	Name: callback Value:
.zemanta.com/	1970-01-20 08:22:21	Name: zuid Value: t0XQgXMFWDA6XqrQP68F
.quantserve.com/	1970-01-20 01:46:21	Name: d Value: EAwBDQGCJd-owQA
.dotomi.com/	1970-01-19 23:36:45	Name: DotomiTest Value: 4c841bb25cf51235
.postrelease.com/	1970-01-20 08:22:21	Name: visitor Value: 785e9674-5938-442f-b077-984b74b20a8a
.postrelease.com/	1970-01-20 08:22:21	Name: status Value: 1
.acuityplatform.com/	1970-01-20 08:22:21	Name: auid Value: 633592634447
.acuityplatform.com/	1970-01-20 08:22:21	Name: aum Value: OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqBMjf6jXVzZXJNYXRjaGluZ0lkJLaRbGFzdERyb3BUaW1lTWlsbGlzJQE+eHtFSqaYbGFzdFN1Y2Nlc3NmdWxNYXRjaE1pbGxpcyUBPnh7RUqmj3RoaXJkUGFydHlVc2VySWRXYTdiZGM2Y2E1YTdjYmU1MWQxZThlYWJk+/uGdmVyc2lvbsL7
.exelator.com/	1970-01-20 02:29:33	Name: EE Value: "3485e1be0513c846a59402c2765b2037"
.exelator.com/	1970-01-20 02:29:33	Name: ud Value: "eJxrXxzq6XKLQcHYxMI01TAp1cDU0DjZwsQs0dTSxMAo2cjczDTJyMDYfHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq0yNJsSX5RZvoiZ8fFRSlpDItKik8F7%252Fv4DgAuUCoM"
.lijit.com/	1970-01-20 08:22:21	Name: _ljtrtb_43 Value: lQ7w9JtcpqGOW_XywFy-95oHqvKOB6D2xwxkUfYc
.spotxchange.com/	1970-01-20 08:22:25	Name: audience Value: e2f50e0a-6366-11ec-aeff-1fc5ecda0103
.lijit.com/	1970-01-20 08:22:21	Name: _ljtrtb_66 Value: 633592634447
.lijit.com/	1970-01-20 08:22:21	Name: _ljtrtb_90 Value: 785e9674-5938-442f-b077-984b74b20a8a
.creativecdn.com/	1970-01-20 08:22:21	Name: u Value: jj4hv0Nfp3z6Tt07oXpt
.creativecdn.com/	1970-01-20 08:22:21	Name: ts Value: 1640205408
.notepad.pw/	1970-01-20 08:58:21	Name: __gads Value: ID=6244268781c43b33-2268171afcce0030:T=1640205408:S=ALNI_MbdkdSkwZJ5-sjFnDuAIv1QA59yUA
.fg8dgt.com/	1970-01-20 17:07:57	Name: tuuid Value: 3dd2b990-6459-4f8e-b32c-7b93e5b8d2fc
.fg8dgt.com/	1970-01-20 17:07:57	Name: c Value: 1640205408
.contextweb.com/	1970-01-20 08:22:21	Name: pb_rtb_ev Value: 3-1b6f\|2N.0.AAAGd_E4wbmtlANNUs3sAAAAAAA\|3oy.0\|4is.0.CAESEMQsz-EVlT9g1uZ7rCfYVm8\|7TY.0
.fg8dgt.com/	1970-01-20 17:07:57	Name: tuuid_lu Value: 1640205409
.tapad.com/	1970-01-20 01:03:09	Name: TapAd_TS Value: 1640205409059
.tapad.com/	1970-01-20 01:03:09	Name: TapAd_DID Value: 286732ad-e0f8-4e1c-8a6b-b856647a84ad
ib.mookie1.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: bhv3ssc3lwounjskm5ajprlh
.ib.mookie1.com/	1970-01-20 08:22:21	Name: ibkukiuno Value: s=d6b9e6c4-94a6-406f-a4bf-8a469dfa7066&h=&v=90833046011&l=-8585614014764341988&op=&hl=0&vlu=3&tcs=1&dcc=-8585614014764341988
.ib.mookie1.com/	1970-01-20 08:22:21	Name: ibkukinet Value: 628673965=-8585614014764341988
.tapad.com/	1970-01-20 01:03:09	Name: TapAd_3WAY_SYNCS Value:
.lijit.com/	1970-01-20 08:22:21	Name: ljtrtb Value: eJwNysEKwjAMANB%2FydlAadKk8SgyRQ9jh6GeZB3usoEOxG6I%2F26vj%2FcFEdiCEAXzQsyssAFzxTSGh4kyBqOIzH7A5FTRIifl5F0Xu3KZyp0azXZ696%2F5UF%2Fu1zVXK1p4HufPud7J3i95Gdvh1sPvD9vkHe4%3D
.lijit.com/	1970-01-20 08:22:21	Name: _ljtrtb_86 Value: jj4hv0Nfp3z6Tt07oXpt
.casalemedia.com/	1970-01-19 23:38:11	Name: CMST Value: YcOMYGHDjGEA
.casalemedia.com/	1970-01-20 08:22:21	Name: CMRUM3 Value: 2d61c38c602760CAESEHNIziwEYGq6hWx2ffqBGHY&dd61c38c602760&3361c38c612760c99b2155-85c0-446f-b085-dfcd5ce90145&ce61c38c6005a0&2761c38c602760c1617644-d9b8-4c1e-9931-3ece56efb0ba&e661c38c602760&f161c38c6005a0&4061c38c6005a0
.doubleclick.net/	1970-01-19 23:36:49	Name: DSID Value: NO_DATA

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
network	error	URL: https://id5-sync.com/i/882/8.gif?id5id=ID5HSLYOmdJjHT9l2SINLiJ5kY8hoFfgVgej5aPTBXrw2ECmY2WnmKmj75AYtJz-yzDAppeyPv0RYuCMuB7BdtAqAKbhmb7WFtLFxx9vkU3dHYCnJScyTh6JC1M6PmTDuDnAp0th8_mO2QSOCUSmlpScgKeyGlctQOVNZjpCJgFGs0CnwKOYGNAswxLu6mq9ohxAqBB-hcEMffunD5hUaAEPAKh12BHiCLI1ETzy3tJ48UCogy0tF9vPRL_VGsuse-1AqPdwaMP48ZOXKKP-2u8kQKkvxz-UCgVfPIlL82B750CpWrmPFRd9feImePf5h92AqZhYvv86r9f2FHztDYNgwKnhc8qGoQxFEi2YSDYmLUCqCjSXyVaoLJtFydWaCd9AqlliKYk9m3VzW32gnpeXwKqlJp9njibCMuN4v8ERasCqykE3l0JNplpnb3qwxNCAqw_bBGeAW2uHrAIrWoKkQKtJonbA68Tj7s_yXsNM_cCrhrtKOHQgQir1gwynrLJAq8Q20G2JIbmc0UXy-_YEQKyhSIhVFRNCrckTmF3w8A&o=api&gdpr_consent=undefined&gdpr=0 Message*: Failed to load resource: the server responded with a status of 403 ()
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
a3678.casalemedia.com
ad-delivery.net
ad.doubleclick.net
ads.yieldmo.com
adservice.google.ca
adservice.google.com
ap.lijit.com
api.btloader.com
api.floors.dev
b1sync.zemanta.com
bcp.crwdcntrl.net
beacon.krxd.net
bh.contextweb.com
btloader.com
btlr.sharethrough.com
c.amazon-adsystem.com
c.deployads.com
c.pub.network
cdn.id5-sync.com
cdn.krxd.net
cdnjs.cloudflare.com
ce.lijit.com
cm.g.doubleclick.net
consumer.krxd.net
creativecdn.com
d.pub.network
dggaenaawxe8z.cloudfront.net
dmx.districtm.io
dsum-sec.casalemedia.com
dsum.casalemedia.com
eb2.3lift.com
fastlane.rubiconproject.com
fei.pro-market.net
ff0dc00be14b6d40e0014b9341cab3e7.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
freestar-io.videoplayerhub.com
global.ib-ibi.com
googleads.g.doubleclick.net
grid.bidswitch.net
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
ib.mookie1.com
id5-sync.com
idsync.rlcdn.com
image6.pubmatic.com
jadserve.postrelease.com
js-sec.indexww.com
live.notepad.pw
loadm.exelator.com
m.fg8dgt.com
mantodea.mantisadnetwork.com
match.adsrvr.org
match.sharethrough.com
mug.criteo.com
notepad.pw
pagead2.googlesyndication.com
pghub.io
pixel-sync.sitescout.com
pixel.quantserve.com
pixel.tapad.com
pr-bh.ybp.yahoo.com
prebid.media.net
ps.eyeota.net
pulsepoint-match.dotomi.com
rules.quantcount.com
s.amazon-adsystem.com
sb.scorecardresearch.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
ssbsync-us.smartadserver.com
ssc.33across.com
ssum-sec.casalemedia.com
stags.bluekai.com
sync-tm.everesttech.net
sync.inmobi.com
sync.search.spotxchange.com
tagan.adlightning.com
tpc.googlesyndication.com
uat5-a.investingchannel.com
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
usermatch.krxd.net
wpcc.io
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.websitepolicies.io
www.wpcc.io
x.bidswitch.net
sync-tm.everesttech.net
104.16.190.66
104.36.115.98
107.178.246.49
13.225.222.69
13.225.223.101
13.225.223.81
13.225.231.211
130.211.23.194
142.250.64.102
142.250.80.66
142.251.40.98
151.101.194.133
151.101.66.133
151.139.128.11
159.89.188.8
18.204.86.180
18.205.36.111
184.50.205.90
185.184.8.65
192.35.249.120
198.148.27.139
199.187.193.182
20.72.149.136
2001:438:65:13::2360
207.198.113.170
209.204.234.40
209.54.180.144
23.39.175.77
23.52.162.21
23.73.249.203
23.92.190.68
23.92.190.74
2600:1901:0:8eee::
2600:1f18:4e9:5a01:d442:ba08:69c2:12fc
2600:9000:21ec:4800:6:44e3:f8c0:93a1
2602:803:c002:200::43
2606:4700:20::681a:18b
2606:4700:20::681a:346
2606:4700:20::681a:78b
2606:4700:3039::6815:c076
2606:4700:7::a29f:8a55
2606:4700::6810:135e
2607:f8b0:4006:806::2002
2607:f8b0:4006:80b::2004
2607:f8b0:4006:817::2003
2607:f8b0:4006:81c::2002
2607:f8b0:4006:81d::2002
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81e::2008
2607:f8b0:4006:820::2001
2607:f8b0:4006:820::2002
2607:f8b0:4006:821::2001
2607:f8b0:4006:822::200a
2620:100:a001::c
2620:116:800b:21:d7a4:3372:2f4a:f3b0
3.208.119.163
3.211.213.135
3.214.55.34
3.214.91.80
34.107.148.139
34.149.20.76
34.206.47.24
34.231.251.31
35.190.60.146
35.201.71.192
35.211.141.197
35.211.165.199
35.211.178.172
35.227.238.208
35.241.45.217
46.105.202.126
50.19.13.13
50.31.142.127
51.89.20.86
52.0.156.250
52.1.218.86
52.223.22.214
52.223.40.198
52.45.33.138
52.70.197.1
54.85.17.129
64.58.232.176
64.58.232.177
68.183.157.211
68.67.179.89
69.90.254.78
74.119.119.139
75.126.248.142
8.28.7.81
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06ecc1573d3bd555fe29b67a1f5f9a4f560413c5d3a979eb7ad1960866ddbad8
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
0ee931c99737206262900a12a708451d282921cb9e01bfa5a126d290886c84f4
10f3865cd7911018dcae58c46e1fb94a8987a0f3c7696645f1cdb60469e9a09d
119351ced3134718cb42591e513ff063cf04af7c2734b137c666ee62e137e15d
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1988d6529a7b0ef3380e543a0b49127b91f6af062b1c4bd50db936c8d95c237c
19a5bc2d205600f87e8e72f1fd400ac9539ddaebe048e68f4dcf6188a485c0ac
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
230ff89be63429d87efa1e887df3ad0e4ec2d811475100f11b43fd9ecc97e080
25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2927d8d86ad0f1ea6fe6b395b6440dd0afd191227620b98f71e557472bfc594a
2ab8afc2e7f31406d0d311f18da7853dfb57a1c5aecd74b40ff512a768a61703
2b60310189012686567c541c72a40acf74adb416bdc524008822d6c7c73ccd97
2ce1d4f085c339f6a1751b0e6631d5a020378f7be377dd0598f498dc35bf999f
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2fc3a11d9170cfe5b44cd42777ee41395c5c6a86ccb8f46829dd8260a7582609
3153b77379efd6827f95d080dcf0a391d72cc205e051c41904fb01a5eb6c5fd9
32bb2d50093bad0a89035aa39b78361413e934a7830ffd12bc7ec607ead50bb9
34c7c7f53e96068ecc33e48b2dfc505f16b9ae680ab363a1785b7f63fe821fd3
361a61a91cc0d1eaf69c11f73c481683808db8bf1b8fb7d18aea5206b01302ea
36457cf3e8cf61f423cfcf416c073f443c89ad6422a9caa76cff42f1198ca587
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
38258a3aa023ee5b5f45a8c149fd28449112dc4bf60411d2c88a4a6e33506df4
3885166c8d7f4aa41d3b902c2cdba8228a464fdb5b6b3d08e88b9a179ffa805a
3a2a44d6d645afa6dd329ef0d6e7c92ebf624e49bf20fc301e59d69d9a59c87d
3bcfa04dbc2db44af54bd72a0f7b98912368f16f525729a1b9b673f62ca7e5c9
3c5b6bb603a4f7556b94532674f3847b430b9495afbb3a4dcfe5ba718baa59ad
3d5169349bffcd1b42587a214356cf834f1405c61ef7bbbe7d37273ee59b91c9
3d56b6d72f49f62365ace974bc6f35c9d7c8fbbd331852d93600f588c3f1708d
3f95edf3abd24a9de76c571c48cf199ffa3cd985465a5bc09d1c831569e07e7d
42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423
449fedefd600e47f363963f932ad9827dfddf7f71c11b5e54417d9e0f26bc7b2
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49b417c442c43325e0fc852c832695ccaae9cdd26574530f8737722caf26bc5f
4a9f53c02752e79270686f1b2a3616b86d3af1ea2a288f2977e34b1141d552ec
5195609afbc1fca03f3200b50d97a90a8eb0e4652108db990a1aa9a1c9f7a0af
51bbe57479b8c393497c12c8a7a3e3db77d4d60751017cbebd63ddc54a328819
54ad9eb3a11a99d9b79295afb5585f8c096f8b6db3426743974ff350853fbba1
54e8eb7a23dcd586f99313f576caffb0be220f40b859e14662a2520eade6ef2f
5534df9a174672ebfbf76e4a3a6b15b366da846198c47306a7187448fb10e54a
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af
560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda
56280c739c9e30552f2d3193bea3224e4f427467dd159fd3eb81abee246e9fed
58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4
5e98ecb1a41a611263897592231f26932e06d200cb59a84e1cdb32967e8ad60b
5f1b05bb11c480df4d423688be19d82a2fd842c277c3d7e6329406809a9bb64b
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62a8d5f5092e42f52e45fa3571313cdc742df72c33fbbb3593fc4a65340cbbd0
663c793c399e072d83638848cea4fceea2c4ce8dfb50b95bf3987c0060de5fbc
7df1d780c8e23eb2ddf5ec70e983ace99d050371943d1937082c2f528bd24122
8134e2b10872263593b3a0c0b676f48e09b674a6eaab3fbdd221df3a27d99908
823f68faf139468828353498729daf9bba71858857f6f6908009377ce965d2f3
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8576ac4fad8d6a2eef6c1a412387cb3e7a6909b0a647f33bb0686d57d300d02e
8602ca90a071c1d02899e32ce137020bf7dc78db09c020494317d2d9d1aa8d7b
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17
8ba951a4da45604bc637c14aae3dbfafa23e7af4da399d3ffb082c132eb6ae27
8beec539128cea621e511cd54f21a0d17ff891a16a0ebd7a98a3e4fbc00bd0e5
9046a60fdbdb529b6b13861eea59560d2ea9fcf701d302a110b32c76d8d62d9b
92e649098eefaf82db65282d7cbb4e65c738aca33c3fc8073a9c770fbcb0623d
9cd1b5630bcc34ecc71dbcbdfe45ddb9ed3cb4c0464a2abeb76bcc490635e376
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee
a20ccaf6978bd71c43456b6bc78288abdc57c3b6fa987eecb2e9f59b69d384e1
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a277711b8dd022f2c45dd62c99040b9a6236550692f75eeccb64011426b41b03
a34e68796feb650977daf139feb1e1a43101bac68661c830ec12853b483ad4e4
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474
ac496d8a3757ec730557bf9203ca6f461aef4bfe34c7912f505435300698c4f7
ac828be9eacb996ccdf11871690f6b8b83aadcb4deac680f260678056051707e
ace5c7a57a33a8c21d81ff1ab27c6e2fb71d14c98f007bc9e990880063a32b42
ae8647eb842d5a887f4456eb2c72b32a8831f18d88fb503e76b03eca3157c745
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b145b654c70f4c8b9ef803427f42f215d2756575ee6a7ad150def673fb1c5838
b2dd7c12d8971ddba8fee7f0c887c2ff1f4abff5343c16788f35939113ec1e3b
b4f31178f3fe6003e606295047fdb9be890c6a9c6c8594576435f86975af582f
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
ba18f19ada04b2a417eb9e6dab156450af307341874489f02cabee8590879f00
bab4ae2ffd9c81b2300fb2007283625b1637d9e96c091ed9d98e386c93ae9545
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc28644fdd3e975d3a3c801e14d2ea9360ad868ebe66786f14fad18018b57ec7
bc98e225fd5128e25682b9054b80370bb45d5ba580e176e14fd674e142f32fa4
c1668a45a268e8cb564d55cb300584321492fccece5a56dd7a0eb60b21bf6c4a
c18db76995d46e8aa509c40e834c9fc4e6019860352e3c5fd0da7aff5660f90a
c1f3055efe173aa21ac9450810e4bc0a4cd8499603542efa85232b9e1cb53e1c
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e
cb4e3a4802a5a981cc0cd847675ff7f4bcaf0dc243b814c06617491bd85c84da
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cd22c397f04eb61e3e9ad14b6149f294e4b8ae69b74b2140b237a31b26c99275
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b
d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1
d4699066bf9d1d0178297fcea928b28a9af94f5de1600c188147a34629183db3
d46a6b9cd609975630d6286ea13a48eafe73ef0111e2b310bf29dc335607681d
d8c62b0d4ac621bedd0ca5a4e96b12a77118338d4166f94d65c15bb154d455aa
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
e1023fc5b7b2cb762dd4ad14fcf4787fa945fca4a37518cd0d6b411c248dc201
e371c9ea0fd636a3ecd29ae5e8413d144d470f77ca4bdda94b6e61ec3b980eb9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870
e9642f5fbeff6a11fd1e8d29f62481cc23514472fb51d0d1e4ee4f257dbc8af3
ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2
eeca932a1c0b1548b0e53ae7082258ddf557f04fa49d13ed76b633065f1acb75
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f07f72ed918a7535e94385d03c5392b4c102aecafc6012021b06c9be5d888541
f2280f17308c523be3249ee89cf0595eecf5633719a2b719d48a4e3233c2c861
f3d3d0adbf8af542a169e97f610922a324ebb0586ad41c53c62c6e8dae8a5cb0
f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375
f86ef6a541924431013784460f693fb30f7f15f044e6115d285c632ad3a44d9f
f96ed6b1ea46541b0e333630d76ca067e05e5c751031ef33010bae96765472c4
fcdaf8a9c355219d541d2bdecd8e21caf9056fedd56c27cf5f81ed0af7aeeb02

notepad.pw Open in urlscan Pro 151.139.128.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

206 Requests

83 %HTTPS

27 %IPv6

69 Domains

96 Subdomains

66 IPs

6 Countries

1737 kBTransfer

4680 kBSize

101 Cookies

8 Outgoing links

Page URL History

Redirected requests

206 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

notepad.pw Open in urlscan Pro
151.139.128.11 Public Scan

Screenshot
Live screenshot

Full Image

206
Requests

83 %
HTTPS

27 %
IPv6

69
Domains

96
Subdomains

66
IPs

6
Countries

1737 kB
Transfer

4680 kB
Size

101
Cookies

206 HTTP transactions
3 data transactions